aboutsummaryrefslogtreecommitdiff
path: root/sys/netpfil/ipfw/ip_fw2.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netpfil/ipfw/ip_fw2.c')
-rw-r--r--sys/netpfil/ipfw/ip_fw2.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index c129c8c49921..b59d8d08bf80 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -67,6 +67,7 @@
#include <net/route/nhop.h>
#include <net/pfil.h>
#include <net/vnet.h>
+#include <net/if_gif.h>
#include <net/if_pfsync.h>
#include <netpfil/pf/pf_mtag.h>
@@ -1757,6 +1758,12 @@ do { \
PULLUP_TO(hlen, ulp, struct ip);
break;
+ case IPPROTO_ETHERIP: /* RFC 3378 */
+ PULLUP_LEN(hlen, ulp,
+ sizeof(struct etherip_header) +
+ sizeof(struct ether_header));
+ break;
+
case IPPROTO_PFSYNC:
PULLUP_TO(hlen, ulp, struct pfsync_header);
break;
@@ -3680,6 +3687,7 @@ vnet_ipfw_init(const void *unused)
IPFW_LOCK_INIT(chain);
+ ipfw_dyn_init(chain);
/* fill and insert the default rule */
rule = ipfw_alloc_rule(chain, sizeof(struct ip_fw));
rule->flags |= IPFW_RULE_NOOPT;
@@ -3689,7 +3697,6 @@ vnet_ipfw_init(const void *unused)
chain->default_rule = rule;
ipfw_add_protected_rule(chain, rule, 0);
- ipfw_dyn_init(chain);
ipfw_eaction_init(chain, first);
ipfw_init_skipto_cache(chain);
ipfw_bpf_init(first);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-13 08:36:09 +0000