Move fw_one_pass from ip_fw2.c to ip_input.c so that neither
bridge.c nor if_ethersubr.c depend on IPFIREWALL. Restore the use of fw_one_pass in if_ethersubr.c ipfw.8 will be updated with a separate commit. Approved by: re
This commit is contained in:
@@ -437,7 +437,7 @@ ether_ipfw_chk(struct mbuf **m0, struct ifnet *dst,
|
||||
int i;
|
||||
struct ip_fw_args args;
|
||||
|
||||
if (*rule != NULL /*&& fw_one_pass*/) /* HACK! need to obey fw_one_pass */
|
||||
if (*rule != NULL && fw_one_pass)
|
||||
return 1; /* dummynet packet, already partially processed */
|
||||
|
||||
/*
|
||||
|
||||
@@ -107,7 +107,6 @@ static struct ip_fw *layer3_chain;
|
||||
MALLOC_DEFINE(M_IPFW, "IpFw/IpAcct", "IpFw/IpAcct chain's");
|
||||
|
||||
static int fw_debug = 1;
|
||||
int fw_one_pass = 1;
|
||||
static int autoinc_step = 100; /* bounded to 1..1000 in add_rule() */
|
||||
|
||||
#ifdef SYSCTL_NODE
|
||||
|
||||
@@ -195,6 +195,7 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
|
||||
/* Firewall hooks */
|
||||
ip_fw_chk_t *ip_fw_chk_ptr;
|
||||
int fw_enable = 1 ;
|
||||
int fw_one_pass = 1;
|
||||
|
||||
/* Dummynet hooks */
|
||||
ip_dn_io_t *ip_dn_io_ptr;
|
||||
|
||||
Reference in New Issue
Block a user