| *** sys/netinet/ip_input.c-ORIG Sun Mar 17 07:29:08 1996 |
| --- sys/netinet/ip_input.c Wed Apr 24 22:45:05 1996 |
| *************** |
| *** 100,105 **** |
| --- 100,109 ---- |
| int ipqmaxlen = IFQ_MAXLEN; |
| struct in_ifaddrhead in_ifaddr; |
| struct ifqueue ipintrq; |
| + #if defined(IPFILTER_LKM) || defined(IPFILTER) |
| + int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *)); |
| + int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL; |
| + #endif |
| |
| /* |
| * We need to save the IP options in case a protocol wants to respond |
| *************** |
| *** 237,242 **** |
| --- 241,259 ---- |
| m_adj(m, ip->ip_len - m->m_pkthdr.len); |
| } |
| |
| + #if defined(IPFILTER) || defined(IPFILTER_LKM) |
| + /* |
| + * Check if we want to allow this packet to be processed. |
| + * Consider it to be bad if not. |
| + */ |
| + { |
| + struct mbuf *m0 = m; |
| + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) |
| + goto next; |
| + else |
| + ip = mtod(m = m0, struct ip *); |
| + } |
| + #endif |
| /* |
| * Process options and, if not destined for us, |
| * ship it on. ip_dooptions returns 1 when an |