Date: Sat, 17 Jul 2004 02:40:14 +0000 (UTC) From: Juli Mallett <jmallett@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c src/sys/sys mbuf.h Message-ID: <200407170240.i6H2eEHO021683@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jmallett 2004-07-17 02:40:14 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
sys/sys mbuf.h
Log:
Make M_SKIP_FIREWALL a global (and semantic) flag, preventing anything from
using M_PROTO6 and possibly shooting someone's foot, as well as allowing the
firewall to be used in multiple passes, or with a packet classifier frontend,
that may need to explicitly allow a certain packet. Presently this is handled
in the ipfw_chk code as before, though I have run with it moved to upper
layers, and possibly it should apply to ipfilter and pf as well, though this
has not been investigated.
Discussed with: luigi, rwatson
Revision Changes Path
1.65 +0 -12 src/sys/netinet/ip_fw2.c
1.151 +2 -2 src/sys/sys/mbuf.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407170240.i6H2eEHO021683>