diff options
author | George V. Neville-Neil <gnn@FreeBSD.org> | 2020-11-12 21:58:47 +0000 |
---|---|---|
committer | George V. Neville-Neil <gnn@FreeBSD.org> | 2020-11-12 21:58:47 +0000 |
commit | 8ad114c082a159c0dde95aa35d2e3e108aa30a75 (patch) | |
tree | b0a8c03ccb119a7ee684b5f01ffe4ad54992a1c6 /sys/netinet/ip_input.c | |
parent | 9aa6d792b54934b896e3b4a1c21a2cfaa5f88e9d (diff) | |
download | src-8ad114c082a159c0dde95aa35d2e3e108aa30a75.tar.gz src-8ad114c082a159c0dde95aa35d2e3e108aa30a75.zip |
An earlier commit effectively turned out the fast forwading path
due to its lack of support for ICMP redirects. The following commit
adds redirects to the fastforward path, again allowing for decent
forwarding performance in the kernel.
Reviewed by: ae, melifaro
Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate")
Notes
Notes:
svn path=/head/; revision=367628
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r-- | sys/netinet/ip_input.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index bbc81977ccef..7d6c4a378b4d 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -111,8 +111,11 @@ SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_VNET | CTLFLAG_RW &VNET_NAME(ipforwarding), 0, "Enable IP forwarding between interfaces"); -VNET_DEFINE_STATIC(int, ipsendredirects) = 1; /* XXX */ -#define V_ipsendredirects VNET(ipsendredirects) +/* + * Respond with an ICMP host redirect when we forward a packet out of + * the same interface on which it was received. See RFC 792. + */ +VNET_DEFINE(int, ipsendredirects) = 1; SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsendredirects), 0, "Enable sending IP redirects"); @@ -571,7 +574,7 @@ tooshort: * case skip another inbound firewall processing and update * ip pointer. */ - if (V_ipforwarding != 0 && V_ipsendredirects == 0 + if (V_ipforwarding != 0 #if defined(IPSEC) || defined(IPSEC_SUPPORT) && (!IPSEC_ENABLED(ipv4) || IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0) |