svn commit: r210537 - in head/sys: netgraph netinet/ipfw
Gleb Smirnoff
glebius at FreeBSD.org
Tue Jul 27 14:26:35 UTC 2010
Author: glebius
Date: Tue Jul 27 14:26:34 2010
New Revision: 210537
URL: http://svn.freebsd.org/changeset/base/210537
Log:
Fix operation of "netgraph" action in conjunction with the
net.inet.ip.fw.one_pass sysctl.
The "ngtee" action is still broken.
PR: kern/148885
Submitted by: Nickolay Dudorov <nnd mail.nsk.ru>
Modified:
head/sys/netgraph/ng_ipfw.c
head/sys/netinet/ipfw/ip_fw2.c
Modified: head/sys/netgraph/ng_ipfw.c
==============================================================================
--- head/sys/netgraph/ng_ipfw.c Tue Jul 27 13:06:18 2010 (r210536)
+++ head/sys/netgraph/ng_ipfw.c Tue Jul 27 14:26:34 2010 (r210537)
@@ -287,7 +287,8 @@ ng_ipfw_input(struct mbuf **m0, int dir,
}
r = (struct ipfw_rule_ref *)(tag + 1);
*r = fwa->rule;
- r->info = dir ? IPFW_INFO_IN : IPFW_INFO_OUT;
+ r->info &= IPFW_ONEPASS; /* keep this info */
+ r->info |= dir ? IPFW_INFO_IN : IPFW_INFO_OUT;
m_tag_prepend(m, tag);
} else
Modified: head/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- head/sys/netinet/ipfw/ip_fw2.c Tue Jul 27 13:06:18 2010 (r210536)
+++ head/sys/netinet/ipfw/ip_fw2.c Tue Jul 27 14:26:34 2010 (r210537)
@@ -2084,6 +2084,8 @@ do { \
set_match(args, f_pos, chain);
args->rule.info = (cmd->arg1 == IP_FW_TABLEARG) ?
tablearg : cmd->arg1;
+ if (V_fw_one_pass)
+ args->rule.info |= IPFW_ONEPASS;
retval = (cmd->opcode == O_NETGRAPH) ?
IP_FW_NETGRAPH : IP_FW_NGTEE;
l = 0; /* exit inner loop */
More information about the svn-src-head
mailing list