X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=dummynet%2Fip_fw_pfil.c;h=368192ad5862a7eb2940a294f9ccaeab8a78ebc6;hb=31b969263c34f46f398eec33c0b0e95947842cda;hp=3fa643c78db93e9f7e66352bb790bcacf2446219;hpb=79be4ffd486038576b91307260b98c0ff9b203a0;p=ipfw.git

diff --git a/dummynet/ip_fw_pfil.c b/dummynet/ip_fw_pfil.c
index 3fa643c..368192a 100644
--- a/dummynet/ip_fw_pfil.c
+++ b/dummynet/ip_fw_pfil.c
@@ -126,10 +126,14 @@ again:
 
 	args.m = *m0;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 
@@ -256,10 +260,14 @@ again:
 	args.m = *m0;
 	args.oif = ifp;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 
@@ -504,38 +512,54 @@ ipfw6_unhook(void)
 int
 ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
 {
-	int enable = *(int *)arg1;
+	int enable;
+	int oldenable;
 	int error;
 
+	if (arg1 == &VNET_NAME(fw_enable)) {
+		enable = V_fw_enable;
+	}
+#ifdef INET6
+	else if (arg1 == &VNET_NAME(fw6_enable)) {
+		enable = V_fw6_enable;
+	}
+#endif
+	else
+		return (EINVAL);
+
+	oldenable = enable;
+
 	error = sysctl_handle_int(oidp, &enable, 0, req);
+
 	if (error)
 		return (error);
 
 	enable = (enable) ? 1 : 0;
 
-	if (enable == *(int *)arg1)
+	if (enable == oldenable)
 		return (0);
 
-	if (arg1 == &fw_enable) {
+	if (arg1 == &VNET_NAME(fw_enable)) {
 		if (enable)
 			error = ipfw_hook();
 		else
 			error = ipfw_unhook();
+		if (error)
+			return (error);
+		V_fw_enable = enable;
 	}
 #ifdef INET6
-	if (arg1 == &fw6_enable) {
+	else if (arg1 == &VNET_NAME(fw6_enable)) {
 		if (enable)
 			error = ipfw6_hook();
 		else
 			error = ipfw6_unhook();
+		if (error)
+			return (error);
+		V_fw6_enable = enable;
 	}
 #endif
 
-	if (error)
-		return (error);
-
-	*(int *)arg1 = enable;
-
 	return (0);
 }