diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2012-10-25 09:39:14 +0000 |
| commit | c1de64a495cec0352bc9110bf6ac280f9e2b2189 (patch) | |
| tree | 74b574e44bf5e980b33dbec1477301fa3513db78 /sys/netinet/ip_fastfwd.c | |
| parent | 1da7bb41ede1165cf766e3b4d8a1adbc46a6cb18 (diff) | |
| download | src-c1de64a495cec0352bc9110bf6ac280f9e2b2189.tar.gz src-c1de64a495cec0352bc9110bf6ac280f9e2b2189.zip | |
Remove the IPFIREWALL_FORWARD kernel option and make possible to turn
on the related functionality in the runtime via the sysctl variable
net.pfil.forward. It is turned off by default.
Sponsored by: Yandex LLC
Discussed with: net@
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=242079
Diffstat (limited to 'sys/netinet/ip_fastfwd.c')
| -rw-r--r-- | sys/netinet/ip_fastfwd.c | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/sys/netinet/ip_fastfwd.c b/sys/netinet/ip_fastfwd.c index 0eaaafe871a7..b8d04ecf11d4 100644 --- a/sys/netinet/ip_fastfwd.c +++ b/sys/netinet/ip_fastfwd.c @@ -167,9 +167,7 @@ ip_fastforward(struct mbuf *m) uint16_t sum, ip_len, ip_off; int error = 0; int hlen, mtu; -#ifdef IPFIREWALL_FORWARD - struct m_tag *fwd_tag; -#endif + struct m_tag *fwd_tag = NULL; /* * Are we active and forwarding packets? @@ -372,14 +370,13 @@ ip_fastforward(struct mbuf *m) * Go on with new destination address */ } -#ifdef IPFIREWALL_FORWARD + if (m->m_flags & M_FASTFWD_OURS) { /* * ipfw changed it for a local address on this host. */ goto forwardlocal; } -#endif /* IPFIREWALL_FORWARD */ passin: /* @@ -449,20 +446,13 @@ passin: /* * Destination address changed? */ -#ifndef IPFIREWALL_FORWARD - if (odest.s_addr != dest.s_addr) { -#else - fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); + if (V_pfilforward != 0) + fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); if (odest.s_addr != dest.s_addr || fwd_tag != NULL) { -#endif /* IPFIREWALL_FORWARD */ /* * Is it now for a local address on this host? */ -#ifndef IPFIREWALL_FORWARD - if (in_localip(dest)) { -#else if (m->m_flags & M_FASTFWD_OURS || in_localip(dest)) { -#endif /* IPFIREWALL_FORWARD */ forwardlocal: /* * Return packet for processing by ip_input(). @@ -475,13 +465,11 @@ forwardlocal: /* * Redo route lookup with new destination address */ -#ifdef IPFIREWALL_FORWARD if (fwd_tag) { dest.s_addr = ((struct sockaddr_in *) (fwd_tag + 1))->sin_addr.s_addr; m_tag_delete(m, fwd_tag); } -#endif /* IPFIREWALL_FORWARD */ RTFREE(ro.ro_rt); if ((dst = ip_findroute(&ro, dest, m)) == NULL) return NULL; /* icmp unreach already sent */ |