summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r--sys/netinet/ip_input.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 1eefadc..5adc173 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -99,6 +99,11 @@ SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW,
&VNET_NAME(ipforwarding), 0,
"Enable IP forwarding between interfaces");
+static VNET_DEFINE(int, ipfastforward) = 1;
+#define V_ipfastforward VNET(ipfastforward)
+SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fastforwarding, CTLFLAG_RW,
+ &VNET_NAME(ipfastforward), 0, "Enable fast IP forwarding");
+
static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */
#define V_ipsendredirects VNET(ipsendredirects)
SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
@@ -473,7 +478,7 @@ tooshort:
#ifdef IPSEC
/* For now we do not handle IPSEC in tryforward. */
if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) &&
- (V_ipforwarding == 1))
+ (V_ipforwarding == 1 && V_ipfastforward == 1))
if (ip_tryforward(m) == NULL)
return;
/*
@@ -482,7 +487,7 @@ tooshort:
if (ip_ipsec_filtertunnel(m))
goto passin;
#else
- if (V_ipforwarding == 1)
+ if (V_ipforwarding == 1 && V_ipfastforward == 1)
if (ip_tryforward(m) == NULL)
return;
#endif /* IPSEC */
OpenPOWER on IntegriCloud