Recover normal behavior: return EINVAL to attempt to add a divert rule

when module is built without IPDIVERT. Silence from: andre Approved by: julian (mentor)
svn path=/head/; revision=134823
2004-09-05 20:06:50 +00:00 · 2004-09-05 20:06:50 +00:00 · f46a6aac29 · 2020-12-20 02:59:44 +00:00
commit f46a6aac29
parent 690be704f3
1 changed files with 5 additions and 2 deletions
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@ -2959,6 +2959,11 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 				goto bad_size;
 			goto check_action;

+		case O_DIVERT:
+		case O_TEE:
+#ifndef	IPDIVERT
+			return EINVAL;
+#endif
 		case O_FORWARD_MAC: /* XXX not implemented yet */
 		case O_CHECK_STATE:
 		case O_COUNT:
@ -2966,8 +2971,6 @@ check_ipfw_struct(struct ip_fw *rule, int size)
 		case O_DENY:
 		case O_REJECT:
 		case O_SKIPTO:
-		case O_DIVERT:
-		case O_TEE:
 			if (cmdlen != F_INSN_SIZE(ipfw_insn))
 				goto bad_size;
 check_action: