git: f5f6da90597c - stable/14 - ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Oct 2023 00:50:45 UTC
The branch stable/14 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=f5f6da90597cb65ce55c4f17718a200097f6f78f commit f5f6da90597cb65ce55c4f17718a200097f6f78f Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2023-09-25 10:10:47 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2023-10-02 00:49:37 +0000 ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables The following sysctl variables are actually loader tunables. Add sysctl flag CTLFLAG_TUN to them so that `sysctl -T` will report them correctly. 1. net.inet.ip.fw.enable 2. net.inet6.ip6.fw.enable 3. net.link.ether.ipfw No functional change intended. Reviewed by: glebius MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D41928 (cherry picked from commit 49197c391b3d49a33bcd08471bf64d533cd10f9d) --- sys/netpfil/ipfw/ip_fw_pfil.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c index 1cfff1870d7f..4dae28aa0544 100644 --- a/sys/netpfil/ipfw/ip_fw_pfil.c +++ b/sys/netpfil/ipfw/ip_fw_pfil.c @@ -91,20 +91,20 @@ SYSBEGIN(f1) SYSCTL_DECL(_net_inet_ip_fw); SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable, - CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3 | + CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_SECURE3 | CTLFLAG_NEEDGIANT, &VNET_NAME(fw_enable), 0, ipfw_chg_hook, "I", "Enable ipfw"); #ifdef INET6 SYSCTL_DECL(_net_inet6_ip6_fw); SYSCTL_PROC(_net_inet6_ip6_fw, OID_AUTO, enable, - CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3 | + CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_SECURE3 | CTLFLAG_NEEDGIANT, &VNET_NAME(fw6_enable), 0, ipfw_chg_hook, "I", "Enable ipfw+6"); #endif /* INET6 */ SYSCTL_DECL(_net_link_ether); SYSCTL_PROC(_net_link_ether, OID_AUTO, ipfw, - CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE3 | + CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_SECURE3 | CTLFLAG_NEEDGIANT, &VNET_NAME(fwlink_enable), 0, ipfw_chg_hook, "I", "Pass ether pkts through firewall");