diff options
| author | dm <dm@cvs.openbsd.org> | 1996-01-07 02:34:41 +0000 |
|---|---|---|
| committer | dm <dm@cvs.openbsd.org> | 1996-01-07 02:34:41 +0000 |
| commit | 01b9b71d86a5edcc543a88b2d407927fa52c042d (patch) | |
| tree | 878168b4effcec4e50c243cfd1095656af14f4db /sys/netinet/ip_output.c | |
| parent | 2defc765aa92d65e239f5b4d36582850fd58b7da (diff) | |
from beurton@fnet.fr: Darren Reed's IP filter
Diffstat (limited to 'sys/netinet/ip_output.c')
| -rw-r--r-- | sys/netinet/ip_output.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 2362ebe3f07..7e7d7097b37 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -60,6 +60,9 @@ static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); static void ip_mloopback __P((struct ifnet *, struct mbuf *, struct sockaddr_in *)); +#if defined(IPFILTER) || defined(IPFILTER_LKM) +extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int)); +#endif /* * IP output. The packet in mbuf chain m contains a skeletal IP @@ -276,6 +279,16 @@ ip_output(m0, opt, ro, flags, imo) } else m->m_flags &= ~M_BCAST; +#if defined(IPFILTER) || defined(IPFILTER_LKM) + /* + * looks like most checking has been done now...do a filter check + */ + if ((*fr_checkp)(ip, hlen, ifp, 1)) + { + error = EHOSTUNREACH; + goto bad; + } +#endif sendit: /* * If small enough for interface, can just send directly. |