From 092884edb94d20afeb55374c816221978fee2d1b Mon Sep 17 00:00:00 2001 From: dm Date: Sat, 9 Mar 1996 21:30:22 +0000 Subject: [PATCH] restored IP filtering --- sys/netinet/ip_input.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 8d07f8897b2..4f4d14ede60 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.9 1996/03/03 22:30:37 niklas Exp $ */ +/* $OpenBSD: ip_input.c,v 1.10 1996/03/09 21:30:22 dm Exp $ */ /* $NetBSD: ip_input.c,v 1.28 1996/02/13 23:42:37 christos Exp $ */ /* @@ -99,6 +99,11 @@ u_char ip_protox[IPPROTO_MAX]; int ipqmaxlen = IFQ_MAXLEN; struct in_ifaddrhead in_ifaddr; struct ifqueue ipintrq; +#if defined(IPFILTER) || defined(IPFILTER_LKM) +int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **) +); +#endif + char * inet_ntoa(ina) @@ -248,6 +253,20 @@ next: m_adj(m, ip->ip_len - m->m_pkthdr.len); } +#if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * Check if we want to allow this packet to be processed. + * Consider it to be bad if not. + */ + { + struct mbuf *m0 = m; + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) + goto next; + else + ip = mtod(m = m0, struct ip *); + } +#endif + /* * Process options and, if not destined for us, * ship it on. ip_dooptions returns 1 when an -- 2.20.1