From 6b7e146b5046259ba9faa9444114b5c4c18070fe Mon Sep 17 00:00:00 2001
From: Kjell Wooding <kjell@cvs.openbsd.org>
Date: Sun, 24 Jun 2001 19:49:00 +0000
Subject: Initial import of pf, an all-new ipf-compatable packet filter. Insane
 amounts of work done my dhartmei. Great work!

---
 sys/netinet/ip_input.c  | 13 ++++++++++++-
 sys/netinet/ip_output.c | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

(limited to 'sys/netinet')

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 78a1e5d2a97..abe015b0fd7 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.83 2001/06/24 18:24:56 provos Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.84 2001/06/24 19:48:58 kjell Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -48,6 +48,7 @@
 #include <net/if.h>
 #include <net/if_dl.h>
 #include <net/route.h>
+#include <net/pfvar.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -376,6 +377,16 @@ ipv4_input(m)
 			m_adj(m, ip->ip_len - m->m_pkthdr.len);
 	}
 
+	/*
+	 * Packet filter
+	 */
+	{
+		struct mbuf *m1 = m;
+		if (pf_test(PF_IN, m->m_pkthdr.rcvif, &m1) != PF_PASS)
+			goto bad;
+		ip = mtod(m = m1, struct ip *);
+	}
+
 	/*
 	 * Process options and, if not destined for us,
 	 * ship it on.  ip_dooptions returns 1 when an
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 3a5b2e85452..73a3d71295f 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_output.c,v 1.113 2001/06/24 18:24:11 provos Exp $	*/
+/*	$OpenBSD: ip_output.c,v 1.114 2001/06/24 19:48:58 kjell Exp $	*/
 /*	$NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $	*/
 
 /*
@@ -47,6 +47,7 @@
 
 #include <net/if.h>
 #include <net/route.h>
+#include <net/pfvar.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -641,6 +642,16 @@ sendit:
 	}
 #endif /* IPSEC */
 
+	/*
+	 * Packet filter
+	 */
+	{
+		struct mbuf *m1 = m;
+		if (pf_test(PF_OUT, ifp, &m1) != PF_PASS)
+			goto done;
+		ip = mtod(m = m1, struct ip *);
+	}
+
 	/* Catch routing changes wrt. hardware checksumming for TCP or UDP. */
 	if (m->m_pkthdr.csum & M_TCPV4_CSUM_OUT &&
 	    !(ifp->if_capabilities & IFCAP_CSUM_TCPv4)) {
-- 
cgit v1.2.3