#include <net/pfil.h>
#include <net/vnet.h>
+#include "missing.h"
+
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_var.h>
#include <machine/in_cksum.h>
-#include "missing.h"
-
-int fw_enable = 1;
+VNET_DEFINE(int, fw_enable) = 1;
#ifdef INET6
-int fw6_enable = 1;
+VNET_DEFINE(int, fw6_enable) = 1;
#endif
int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
args.m = *m0;
args.inp = inp;
ipfw = ipfw_chk(&args);
- *m0 = args.m; /* args.m can be modified by ipfw_chk */
+ *m0 = args.m;
tee = 0;
KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
goto drop;
break; /* not reached */
- /* here packets come after the ipfw classification */
case IP_FW_DUMMYNET:
if (ip_dn_io_ptr == NULL)
goto drop;
args.oif = ifp;
args.inp = inp;
ipfw = ipfw_chk(&args);
- *m0 = args.m; /* args.m can be modified by ipfw_chk */
+ *m0 = args.m;
tee = 0;
KASSERT(*m0 != NULL || ipfw == IP_FW_DENY, ("%s: m0 is NULL",
return 1;
}
-static int
+int
ipfw_hook(void)
{
struct pfil_head *pfh_inet;
return 0;
}
-static int
+int
ipfw_unhook(void)
{
struct pfil_head *pfh_inet;
}
#ifdef INET6
-static int
+int
ipfw6_hook(void)
{
struct pfil_head *pfh_inet6;
return 0;
}
-static int
+int
ipfw6_unhook(void)
{
struct pfil_head *pfh_inet6;
git://git.onelab.eu / ipfw.git / blobdiff