summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r--sys/netinet/ip_input.c19
1 files changed, 8 insertions, 11 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 897583fcfb4..6b446c2780f 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -83,8 +83,7 @@ int ipqmaxlen = IFQ_MAXLEN;
struct in_ifaddrhead in_ifaddr;
struct ifqueue ipintrq;
#if defined(IPFILTER) || defined(IPFILTER_LKM)
-int fr_nullcheck();
-int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int)) = fr_nullcheck;
+int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
#endif
char *
@@ -240,8 +239,13 @@ next:
* Check if we want to allow this packet to be processed.
* Consider it to be bad if not.
*/
- if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0))
- goto bad;
+ {
+ struct mbuf *m0 = m;
+ if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
+ goto next;
+ else
+ ip = mtod(m = m0, struct ip *);
+ }
#endif
/*
* Process options and, if not destined for us,
@@ -1185,10 +1189,3 @@ ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
}
/* NOTREACHED */
}
-
-#if defined(IPFILTER) || defined(IPFILTER_LKM)
-int fr_nullcheck()
-{
- return 0;
-}
-#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 10:22:48 +0000