From 3ea420e391ccd6f6b9a1d778adfc2b8a7f8e0285 Mon Sep 17 00:00:00 2001 From: Ruslan Ermilov Date: Fri, 29 Sep 2000 08:39:06 +0000 Subject: [PATCH] Document that net.inet.ip.fw.one_pass only affects dummynet(4). Noticed by: Peter Jeremy --- sbin/ipfw/ipfw.8 | 8 +++++--- share/man/man4/dummynet.4 | 2 +- sys/netinet/ip_fw.c | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 9c74c00f560..df4532d64cd 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1043,9 +1043,11 @@ meaning: Controls debugging messages produced by .Nm ipfw . .It Em net.inet.ip.fw.one_pass : No 1 -When set, permits only one pass through the firewall. -Otherwise, after a pipe or divert action, the packet is -reinjected in the firewall starting from the next rule. +When set, the packet exiting from the +.Xr dummynet 4 +pipe is not passed though the firewall again. +Otherwise, after a pipe action, the packet is +reinjected into the firewall at the next rule. .It Em net.inet.ip.fw.verbose : No 1 Enables verbose messages. .It Em net.inet.ip.fw.enable : No 1 diff --git a/share/man/man4/dummynet.4 b/share/man/man4/dummynet.4 index b0f6d352647..707fc7f497c 100644 --- a/share/man/man4/dummynet.4 +++ b/share/man/man4/dummynet.4 @@ -91,7 +91,7 @@ At the output from the second queue packets are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable -.Ql net.inet.ipfw.one_pass , +.Ql net.inet.ip.fw.one_pass , packets coming from a pipe can be either forwarded to their destination, or passed again through the .Nm ipfw diff --git a/sys/netinet/ip_fw.c b/sys/netinet/ip_fw.c index ab12178b080..4c73a898d5c 100644 --- a/sys/netinet/ip_fw.c +++ b/sys/netinet/ip_fw.c @@ -95,7 +95,7 @@ SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, enable, CTLFLAG_RW, &fw_enable, 0, "Enable ipfw"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO,one_pass,CTLFLAG_RW, &fw_one_pass, 0, - "Only do a single pass through ipfw when using divert(4)/dummynet(4)"); + "Only do a single pass through ipfw when using dummynet(4)"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, debug, CTLFLAG_RW, &fw_debug, 0, "Enable printing of debug ip_fw statements"); SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, verbose, CTLFLAG_RW,