git: 392150e6ca66 - main - extend description of net.inet.ip.fw.one_pass

Tue, 22 Jul 2025 05:38:28 -0700 

The branch main has been updated by marck:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=392150e6ca6662f1d74c1c1fcff94945c875f966

commit 392150e6ca6662f1d74c1c1fcff94945c875f966
Author:     Dmitry Morozovsky <ma...@freebsd.org>
AuthorDate: 2025-07-22 12:32:34 +0000
Commit:     Dmitry Morozovsky <ma...@freebsd.org>
CommitDate: 2025-07-22 12:37:18 +0000

    extend description of net.inet.ip.fw.one_pass
    
    Description of net.inet.ip.fw.one_pass tunable refers only to dummynet(4),
    while in reality is applicable on any divert-like packet action like
    in-kernel nat, netgraph, reass, or similar.
    
    Reviewed by:    ae
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D51436
---
 sys/netpfil/ipfw/ip_fw2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c
index 923633d76df7..c129c8c49921 100644
--- a/sys/netpfil/ipfw/ip_fw2.c
+++ b/sys/netpfil/ipfw/ip_fw2.c
@@ -196,7 +196,7 @@ SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW | 
CTLFLAG_MPSAFE, 0,
     "Firewall");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, one_pass,
     CTLFLAG_VNET | CTLFLAG_RW | CTLFLAG_SECURE3, &VNET_NAME(fw_one_pass), 0,
-    "Only do a single pass through ipfw when using dummynet(4)");
+    "Only do a single pass through ipfw when using dummynet(4), ipfw_nat or 
other divert(4)-like interfaces");
 SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, autoinc_step,
     CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(autoinc_step), 0,
     "Rule number auto-increment step");

Reply via email to