diff options
| author | dm <dm@cvs.openbsd.org> | 1996-03-09 21:30:23 +0000 |
|---|---|---|
| committer | dm <dm@cvs.openbsd.org> | 1996-03-09 21:30:23 +0000 |
| commit | d83c03a702c429bef269d9f3a914dc749aa394d6 (patch) | |
| tree | 8991b388b682a110da603e4c10eebf1a1543d903 | |
| parent | 4e2edb374ead1271a847e11f302f56b561c4707d (diff) | |
restored IP filtering
| -rw-r--r-- | sys/netinet/ip_input.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 8d07f8897b2..4f4d14ede60 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.9 1996/03/03 22:30:37 niklas Exp $ */ +/* $OpenBSD: ip_input.c,v 1.10 1996/03/09 21:30:22 dm Exp $ */ /* $NetBSD: ip_input.c,v 1.28 1996/02/13 23:42:37 christos Exp $ */ /* @@ -99,6 +99,11 @@ u_char ip_protox[IPPROTO_MAX]; int ipqmaxlen = IFQ_MAXLEN; struct in_ifaddrhead in_ifaddr; struct ifqueue ipintrq; +#if defined(IPFILTER) || defined(IPFILTER_LKM) +int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **) +); +#endif + char * inet_ntoa(ina) @@ -248,6 +253,20 @@ next: m_adj(m, ip->ip_len - m->m_pkthdr.len); } +#if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * Check if we want to allow this packet to be processed. + * Consider it to be bad if not. + */ + { + struct mbuf *m0 = m; + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) + goto next; + else + ip = mtod(m = m0, struct ip *); + } +#endif + /* * Process options and, if not destined for us, * ship it on. ip_dooptions returns 1 when an |