From f51d989644b3566d5b14fe4d8f07af5dac3332cb Mon Sep 17 00:00:00 2001 From: luigi Date: Wed, 20 Nov 2002 19:07:27 +0000 Subject: Move fw_one_pass from ip_fw2.c to ip_input.c so that neither bridge.c nor if_ethersubr.c depend on IPFIREWALL. Restore the use of fw_one_pass in if_ethersubr.c ipfw.8 will be updated with a separate commit. Approved by: re --- sys/net/if_ethersubr.c | 2 +- sys/netinet/ip_fw2.c | 1 - sys/netinet/ip_input.c | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index dd1dba1..4273f0e 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -437,7 +437,7 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst, int i; struct ip_fw_args args; - if (*rule != NULL /*&& fw_one_pass*/) /* HACK! need to obey fw_one_pass */ + if (*rule != NULL && fw_one_pass) return 1; /* dummynet packet, already partially processed */ /* diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c index 6241d2b..46b8ba8 100644 --- a/sys/netinet/ip_fw2.c +++ b/sys/netinet/ip_fw2.c @@ -107,7 +107,6 @@ static struct ip_fw *layer3_chain; MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's"); static int fw_debug = 1; -int fw_one_pass = 1; static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */ #ifdef SYSCTL_NODE diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1c2863b..90f54e0 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -195,6 +195,7 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, /* Firewall hooks */ ip_fw_chk_t *ip_fw_chk_ptr; int fw_enable = 1 ; +int fw_one_pass = 1; /* Dummynet hooks */ ip_dn_io_t *ip_dn_io_ptr; -- cgit v1.1