Remove debug message.

[ipfw.git] / dummynet / ip_fw_pfil.c

diff --git a/dummynet/ip_fw_pfil.c b/dummynet/ip_fw_pfil.c
index 4e3568a..368192a 100644 (file)
--- a/dummynet/ip_fw_pfil.c
+++ b/dummynet/ip_fw_pfil.c
@@ -51,6 +51,8 @@ __FBSDID("$FreeBSD: src/sys/netinet/ip_fw_pfil.c,v 1.25.2.2 2008/04/25 10:26:30
 #include <net/pfil.h>
 #include <net/vnet.h>
 
+#include "missing.h"
+
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
@@ -62,11 +64,9 @@ __FBSDID("$FreeBSD: src/sys/netinet/ip_fw_pfil.c,v 1.25.2.2 2008/04/25 10:26:30
 
 #include <machine/in_cksum.h>
 
-#include "missing.h"
-
-int fw_enable = 1;
+VNET_DEFINE(int, fw_enable) = 1;
 #ifdef INET6
-int fw6_enable = 1;
+VNET_DEFINE(int, fw6_enable) = 1;
 #endif
 
 int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
@@ -126,10 +126,14 @@ again:
 
        args.m = *m0;
        args.inp = inp;
-       ipfw = ipfw_chk(&args);
-       *m0 = args.m;   /* args.m can be modified by ipfw_chk */
        tee = 0;
 
+       if (V_fw_one_pass == 0 || args.rule == NULL) {
+               ipfw = ipfw_chk(&args);
+               *m0 = args.m;
+       } else
+               ipfw = IP_FW_PASS;
+
        KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
            __func__));
 
@@ -156,7 +160,6 @@ again:
                goto drop;
                break;                  /* not reached */
 
-       /* here packets come after the ipfw classification */
        case IP_FW_DUMMYNET:
                if (ip_dn_io_ptr == NULL)
                        goto drop;
@@ -257,10 +260,14 @@ again:
        args.m = *m0;
        args.oif = ifp;
        args.inp = inp;
-       ipfw = ipfw_chk(&args);
-       *m0 = args.m;   /* args.m can be modified by ipfw_chk */
        tee = 0;
 
+       if (V_fw_one_pass == 0 || args.rule == NULL) {
+               ipfw = ipfw_chk(&args);
+               *m0 = args.m;
+       } else
+               ipfw = IP_FW_PASS;
+
        KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
            __func__));
 
@@ -432,7 +439,7 @@ nodivert:
        return 1;
 }
 
-static int
+int
 ipfw_hook(void)
 {
        struct pfil_head *pfh_inet;
@@ -449,7 +456,7 @@ ipfw_hook(void)
        return 0;
 }
 
-static int
+int
 ipfw_unhook(void)
 {
        struct pfil_head *pfh_inet;
@@ -467,7 +474,7 @@ ipfw_unhook(void)
 }
 
 #ifdef INET6
-static int
+int
 ipfw6_hook(void)
 {
        struct pfil_head *pfh_inet6;
@@ -484,7 +491,7 @@ ipfw6_hook(void)
        return 0;
 }
 
-static int
+int
 ipfw6_unhook(void)
 {
        struct pfil_head *pfh_inet6;
@@ -505,38 +512,54 @@ ipfw6_unhook(void)
 int
 ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
 {
-       int enable = *(int *)arg1;
+       int enable;
+       int oldenable;
        int error;
 
+       if (arg1 == &VNET_NAME(fw_enable)) {
+               enable = V_fw_enable;
+       }
+#ifdef INET6
+       else if (arg1 == &VNET_NAME(fw6_enable)) {
+               enable = V_fw6_enable;
+       }
+#endif
+       else
+               return (EINVAL);
+
+       oldenable = enable;
+
        error = sysctl_handle_int(oidp, &enable, 0, req);
+
        if (error)
                return (error);
 
        enable = (enable) ? 1 : 0;
 
-       if (enable == *(int *)arg1)
+       if (enable == oldenable)
                return (0);
 
-       if (arg1 == &fw_enable) {
+       if (arg1 == &VNET_NAME(fw_enable)) {
                if (enable)
                        error = ipfw_hook();
                else
                        error = ipfw_unhook();
+               if (error)
+                       return (error);
+               V_fw_enable = enable;
        }
 #ifdef INET6
-       if (arg1 == &fw6_enable) {
+       else if (arg1 == &VNET_NAME(fw6_enable)) {
                if (enable)
                        error = ipfw6_hook();
                else
                        error = ipfw6_unhook();
+               if (error)
+                       return (error);
+               V_fw6_enable = enable;
        }
 #endif
 
-       if (error)
-               return (error);
-
-       *(int *)arg1 = enable;
-
        return (0);
 }