--- src/sys/net/ipfw/ip_fw2.c	2005/06/17 19:12:19	1.17
+++ src/sys/net/ipfw/ip_fw2.c	2006/06/20 13:28:47	1.17.2.1
@@ -78,14 +78,6 @@
 #include <netinet/if_ether.h> /* XXX for ETHERTYPE_IP */
 
 /*
- * XXX This one should go in sys/mbuf.h. It is used to avoid that
- * a firewall-generated packet loops forever through the firewall.
- */
-#ifndef	M_SKIP_FIREWALL
-#define M_SKIP_FIREWALL         0x4000
-#endif
-
-/*
  * set_disable contains one bit per set value (0..31).
  * If the bit is set, all rules with the corresponding set
  * are disabled. Set 31 is reserved for the default rule
@@ -1120,7 +1112,7 @@ send_pkt(struct ipfw_flow_id *id, u_int3
 	ip->ip_len = m->m_pkthdr.len;
 	bzero (&sro, sizeof (sro));
 	ip_rtaddr(ip->ip_dst, &sro);
-	m->m_flags |= M_SKIP_FIREWALL;
+	m->m_pkthdr.fw_flags |= IPFW_MBUF_SKIP_FIREWALL;
 	ip_output(m, NULL, &sro, 0, NULL, NULL);
 	if (sro.ro_rt)
 		RTFREE(sro.ro_rt);
@@ -1296,7 +1288,7 @@ ipfw_chk(struct ip_fw_args *args)
 	int dyn_dir = MATCH_UNKNOWN;
 	ipfw_dyn_rule *q = NULL;
 
-	if (m->m_flags & M_SKIP_FIREWALL)
+	if (m->m_pkthdr.fw_flags & IPFW_MBUF_SKIP_FIREWALL)
 		return 0;	/* accept */
 	/*
 	 * dyn_dir = MATCH_UNKNOWN when rules unchecked,