cvs commit: src/sys/netinet ip_fw2.c src/sys/sys mbuf.h
Juli Mallett
jmallett at FreeBSD.org
Fri Jul 16 19:40:14 PDT 2004
jmallett 2004-07-17 02:40:14 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
sys/sys mbuf.h
Log:
Make M_SKIP_FIREWALL a global (and semantic) flag, preventing anything from
using M_PROTO6 and possibly shooting someone's foot, as well as allowing the
firewall to be used in multiple passes, or with a packet classifier frontend,
that may need to explicitly allow a certain packet. Presently this is handled
in the ipfw_chk code as before, though I have run with it moved to upper
layers, and possibly it should apply to ipfilter and pf as well, though this
has not been investigated.
Discussed with: luigi, rwatson
Revision Changes Path
1.65 +0 -12 src/sys/netinet/ip_fw2.c
1.151 +2 -2 src/sys/sys/mbuf.h
More information about the cvs-src
mailing list