summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_output.c
diff options
context:
space:
mode:
authorKjell Wooding <kjell@cvs.openbsd.org>2001-06-24 19:49:00 +0000
committerKjell Wooding <kjell@cvs.openbsd.org>2001-06-24 19:49:00 +0000
commit6b7e146b5046259ba9faa9444114b5c4c18070fe (patch)
tree6769ac6a79b4a0c4a79698115a952bc6f6a41909 /sys/netinet/ip_output.c
parent4d339188d7d3d36098d08968a138bb031f00562d (diff)
Initial import of pf, an all-new ipf-compatable packet filter.
Insane amounts of work done my dhartmei. Great work!
Diffstat (limited to 'sys/netinet/ip_output.c')
-rw-r--r--sys/netinet/ip_output.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 3a5b2e85452..73a3d71295f 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.113 2001/06/24 18:24:11 provos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.114 2001/06/24 19:48:58 kjell Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -47,6 +47,7 @@
#include <net/if.h>
#include <net/route.h>
+#include <net/pfvar.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -641,6 +642,16 @@ sendit:
}
#endif /* IPSEC */
+ /*
+ * Packet filter
+ */
+ {
+ struct mbuf *m1 = m;
+ if (pf_test(PF_OUT, ifp, &m1) != PF_PASS)
+ goto done;
+ ip = mtod(m = m1, struct ip *);
+ }
+
/* Catch routing changes wrt. hardware checksumming for TCP or UDP. */
if (m->m_pkthdr.csum & M_TCPV4_CSUM_OUT &&
!(ifp->if_capabilities & IFCAP_CSUM_TCPv4)) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 04:37:43 +0000