From 092884edb94d20afeb55374c816221978fee2d1b Mon Sep 17 00:00:00 2001
From: dm <dm@openbsd.org>
Date: Sat, 9 Mar 1996 21:30:22 +0000
Subject: [PATCH] restored IP filtering

---
 sys/netinet/ip_input.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 8d07f8897b2..4f4d14ede60 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.9 1996/03/03 22:30:37 niklas Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.10 1996/03/09 21:30:22 dm Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.28 1996/02/13 23:42:37 christos Exp $	*/
 
 /*
@@ -99,6 +99,11 @@ u_char	ip_protox[IPPROTO_MAX];
 int	ipqmaxlen = IFQ_MAXLEN;
 struct	in_ifaddrhead in_ifaddr;
 struct	ifqueue ipintrq;
+#if defined(IPFILTER) || defined(IPFILTER_LKM)
+int	(*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)
+);
+#endif
+
 
 char *
 inet_ntoa(ina)
@@ -248,6 +253,20 @@ next:
 			m_adj(m, ip->ip_len - m->m_pkthdr.len);
 	}
 
+#if defined(IPFILTER) || defined(IPFILTER_LKM)
+       /*
+	* Check if we want to allow this packet to be processed.
+	* Consider it to be bad if not.
+	*/
+	{
+		struct mbuf *m0 = m;
+		if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
+			goto next;
+		else
+			ip = mtod(m = m0, struct ip *);
+	}
+#endif
+
 	/*
 	 * Process options and, if not destined for us,
 	 * ship it on.  ip_dooptions returns 1 when an
-- 
2.20.1