X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=dummynet%2Fip_fw_pfil.c;h=b3fcba639d2acde251f48ed9d9d4c512c6fedd63;hb=4e189c94aef3d3e9a4e8edfd2bb989feeb5d5e26;hp=3fa643c78db93e9f7e66352bb790bcacf2446219;hpb=5ad9fec40da13c449d50def12f9cea6e24b6a708;p=ipfw.git

diff --git a/dummynet/ip_fw_pfil.c b/dummynet/ip_fw_pfil.c
index 3fa643c..b3fcba6 100644
--- a/dummynet/ip_fw_pfil.c
+++ b/dummynet/ip_fw_pfil.c
@@ -43,17 +43,20 @@ __FBSDID("$FreeBSD: src/sys/netinet/ip_fw_pfil.c,v 1.25.2.2 2008/04/25 10:26:30
 #include <sys/mbuf.h>
 #include <sys/module.h>
 #include <sys/kernel.h>
+#include <sys/lock.h>
+#include <sys/rwlock.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
+#include <sys/ucred.h>
 
 #include <net/if.h>
+#include <net/route.h>
 #include <net/pfil.h>
 #include <net/vnet.h>
 
-#include "missing.h"
-
 #include <netinet/in.h>
+#include <netinet/in_systm.h>
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip_fw.h>
@@ -126,10 +129,14 @@ again:
 
 	args.m = *m0;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 
@@ -256,10 +263,14 @@ again:
 	args.m = *m0;
 	args.oif = ifp;
 	args.inp = inp;
-	ipfw = ipfw_chk(&args);
-	*m0 = args.m;
 	tee = 0;
 
+	if (V_fw_one_pass == 0 || args.rule == NULL) {
+		ipfw = ipfw_chk(&args);
+		*m0 = args.m;
+	} else
+		ipfw = IP_FW_PASS;
+
 	KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
 	    __func__));
 
@@ -504,38 +515,54 @@ ipfw6_unhook(void)
 int
 ipfw_chg_hook(SYSCTL_HANDLER_ARGS)
 {
-	int enable = *(int *)arg1;
+	int enable;
+	int oldenable;
 	int error;
 
+	if (arg1 == &VNET_NAME(fw_enable)) {
+		enable = V_fw_enable;
+	}
+#ifdef INET6
+	else if (arg1 == &VNET_NAME(fw6_enable)) {
+		enable = V_fw6_enable;
+	}
+#endif
+	else
+		return (EINVAL);
+
+	oldenable = enable;
+
 	error = sysctl_handle_int(oidp, &enable, 0, req);
+
 	if (error)
 		return (error);
 
 	enable = (enable) ? 1 : 0;
 
-	if (enable == *(int *)arg1)
+	if (enable == oldenable)
 		return (0);
 
-	if (arg1 == &fw_enable) {
+	if (arg1 == &VNET_NAME(fw_enable)) {
 		if (enable)
 			error = ipfw_hook();
 		else
 			error = ipfw_unhook();
+		if (error)
+			return (error);
+		V_fw_enable = enable;
 	}
 #ifdef INET6
-	if (arg1 == &fw6_enable) {
+	else if (arg1 == &VNET_NAME(fw6_enable)) {
 		if (enable)
 			error = ipfw6_hook();
 		else
 			error = ipfw6_unhook();
+		if (error)
+			return (error);
+		V_fw6_enable = enable;
 	}
 #endif
 
-	if (error)
-		return (error);
-
-	*(int *)arg1 = enable;
-
 	return (0);
 }