| *** sys/netinet/ip_output.c-ORIG Tue Feb 27 07:27:02 1996 |
| --- sys/netinet/ip_output.c Wed Apr 24 22:45:05 1996 |
| *************** |
| *** 63,68 **** |
| --- 63,72 ---- |
| static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); |
| static void ip_mloopback |
| __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); |
| + #if defined(IPFILTER_LKM) || defined(IPFILTER) |
| + extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *)); |
| + extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); |
| + #endif |
| |
| /* |
| * IP output. The packet in mbuf chain m contains a skeletal IP |
| *************** |
| *** 293,298 **** |
| --- 297,315 ---- |
| } else |
| m->m_flags &= ~M_BCAST; |
| |
| sendit: |
| + #if defined(IPFILTER) || defined(IPFILTER_LKM) |
| + { |
| + struct mbuf *m0 = m; |
| + /* |
| + * looks like most checking has been done now...do a filter check |
| + */ |
| + if (fr_checkp && (error = (*fr_checkp)(ip, hlen, ifp, 1, &m0)) || !m0) |
| + { |
| + goto done; |
| + } else |
| + ip = mtod(m = m0, struct ip *); |
| + } |
| + #endif |
| /* |
| * If small enough for interface, can just send directly. |