| *** /sys/netinet/ip_output.c.orig Sat Oct 14 12:51:15 1995 |
| --- /sys/netinet/ip_output.c Tue Feb 18 21:36:10 1997 |
| *************** |
| *** 60,65 **** |
| --- 60,69 ---- |
| static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); |
| static void ip_mloopback |
| __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); |
| + #if defined(IPFILTER_LKM) || defined(IPFILTER) |
| + extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *)); |
| + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); |
| + #endif |
| |
| /* |
| * IP output. The packet in mbuf chain m contains a skeletal IP |
| *************** |
| *** 277,282 **** |
| --- 281,298 ---- |
| m->m_flags &= ~M_BCAST; |
| |
| sendit: |
| + #if defined(IPFILTER) || defined(IPFILTER_LKM) |
| + /* |
| + * looks like most checking has been done now...do a filter check |
| + */ |
| + if (fr_checkp) { |
| + struct mbuf *m1 = m; |
| + |
| + if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1) |
| + goto done; |
| + ip = mtod(m = m1, struct ip *); |
| + } |
| + #endif |
| /* |
| * If small enough for interface, can just send directly. |
| */ |