OpenBSD-2/2.9-IPv6.diffs - net/ipfilter - Rivoreo Source Code Repositories

 *** ip6_input.c.orig	Sun Sep  2 12:51:02 2001
 --- ip6_input.c	Mon Sep  3 22:25:23 2001
 ***************
 *** 130,135 ****
 --- 130,138 ----
   #ifdef PULLDOWN_TEST
   static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int));
   #endif
 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
 + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
 + #endif

   /*
    * IP6 initialization: fill in IP6 protocol switch table.
 ***************
 *** 274,279 ****
 --- 277,302 ----
   		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
   		goto bad;
   	}
 +
 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
 + 	/*
 + 	 * Check if we want to allow this packet to be processed.
 + 	 * Consider it to be bad if not.
 + 	 */
 + 	if (fr_checkp != NULL) {
 + 		struct mbuf *m0 = m;
 +
 + 		if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6),
 + 				 m->m_pkthdr.rcvif, 0, &m0)) {
 + 			return;
 + 		}
 + 		m = m0;
 + 		if (m == 0) {  /* in case of 'fastroute' */
 + 			return;
 + 		}
 + 		ip6 = mtod(m, struct ip6_hdr *);
 + 	}
 + #endif

   	ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;

 *** ip6_output.c.orig	Sun Sep  2 12:51:21 2001
 --- ip6_output.c	Mon Sep  3 22:27:46 2001
 ***************
 *** 113,118 ****
 --- 113,122 ----
   	struct mbuf *ip6e_dest2;
   };

 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
 + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
 + #endif
 +
   static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *,
   			    struct socket *));
   static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *));
 ***************
 *** 910,915 ****
 --- 914,938 ----
   		m->m_pkthdr.rcvif = NULL;
   	}

 +
 + #if defined(IPFILTER) || defined(IPFILTER_LKM)
 + 	/*
 + 	 * looks like most checking has been done now...do a filter check
 + 	 */
 + 	if (fr_checkp != NULL) {
 + 		struct mbuf *m1 = m;
 + 		if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1)) {
 + 			error = EHOSTUNREACH;
 + 			goto done;
 + 		}
 + 		m = m1;
 + 		if (m1 == 0) { /* in case of 'fastroute' */
 + 			error = 0;
 + 			goto done;
 + 		}
 + 		ip6 = mtod(m, struct ip6_hdr *);
 + 	}
 + #endif
   	/*
   	 * Send the packet to the outgoing interface.
   	 * If necessary, do IPv6 fragmentation before sending.
	*** ip6_input.c.orig Sun Sep 2 12:51:02 2001
	--- ip6_input.c Mon Sep 3 22:25:23 2001
	***************
	* 130,135 **
	--- 130,138 ----
	#ifdef PULLDOWN_TEST
	static struct mbuf ip6_pullexthdr __P((struct mbuf , size_t, int));
	#endif
	+ #if defined(IPFILTER) \|\| defined(IPFILTER_LKM)
	+ extern int (fr_checkp) __P((struct ip , int, struct ifnet , int, struct mbuf *));
	+ #endif

	/*
	* IP6 initialization: fill in IP6 protocol switch table.
	***************
	* 274,279 **
	--- 277,302 ----
	in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
	goto bad;
	}
	+
	+ #if defined(IPFILTER) \|\| defined(IPFILTER_LKM)
	+ /*
	+ * Check if we want to allow this packet to be processed.
	+ * Consider it to be bad if not.
	+ */
	+ if (fr_checkp != NULL) {
	+ struct mbuf *m0 = m;
	+
	+ if ((fr_checkp)((struct ip )ip6, sizeof(*ip6),
	+ m->m_pkthdr.rcvif, 0, &m0)) {
	+ return;
	+ }
	+ m = m0;
	+ if (m == 0) { /* in case of 'fastroute' */
	+ return;
	+ }
	+ ip6 = mtod(m, struct ip6_hdr *);
	+ }
	+ #endif

	ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;

	*** ip6_output.c.orig Sun Sep 2 12:51:21 2001
	--- ip6_output.c Mon Sep 3 22:27:46 2001
	***************
	* 113,118 **
	--- 113,122 ----
	struct mbuf *ip6e_dest2;
	};

	+ #if defined(IPFILTER) \|\| defined(IPFILTER_LKM)
	+ extern int (fr_checkp) __P((struct ip , int, struct ifnet , int, struct mbuf *));
	+ #endif
	+
	static int ip6_pcbopts __P((struct ip6_pktopts *, struct mbuf ,
	struct socket *));
	static int ip6_setmoptions __P((int, struct ip6_moptions *, struct mbuf ));
	***************
	* 910,915 **
	--- 914,938 ----
	m->m_pkthdr.rcvif = NULL;
	}

	+
	+ #if defined(IPFILTER) \|\| defined(IPFILTER_LKM)
	+ /*
	+ * looks like most checking has been done now...do a filter check
	+ */
	+ if (fr_checkp != NULL) {
	+ struct mbuf *m1 = m;
	+ if ((fr_checkp)((struct ip )ip6, sizeof(*ip6), ifp, 1, &m1)) {
	+ error = EHOSTUNREACH;
	+ goto done;
	+ }
	+ m = m1;
	+ if (m1 == 0) { /* in case of 'fastroute' */
	+ error = 0;
	+ goto done;
	+ }
	+ ip6 = mtod(m, struct ip6_hdr *);
	+ }
	+ #endif
	/*
	* Send the packet to the outgoing interface.
	* If necessary, do IPv6 fragmentation before sending.