diff options
author | darrenr <darrenr@FreeBSD.org> | 1997-02-10 11:45:37 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 1997-02-10 11:45:37 +0000 |
commit | 020383fe0676ad7422f5f3e9fd360f42bfffcf40 (patch) | |
tree | afeaa162945fd8fd95c0fb0bb60426423a271404 /sys/netinet/ip_input.c | |
parent | d70a4d38b31d6e8adac50d4213af0eaf60c8251b (diff) | |
download | FreeBSD-src-020383fe0676ad7422f5f3e9fd360f42bfffcf40.zip FreeBSD-src-020383fe0676ad7422f5f3e9fd360f42bfffcf40.tar.gz |
Add IP Filter hooks (from patches).
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r-- | sys/netinet/ip_input.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index b1c8165..1fc5299 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -134,6 +134,12 @@ ip_nat_t *ip_nat_ptr; ip_nat_ctl_t *ip_nat_ctl_ptr; #endif +#if defined(IPFILTER_LKM) || defined(IPFILTER) +int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); +int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL; +#endif + + /* * We need to save the IP options in case a protocol wants to respond * to an incoming packet over the same route if the packet got here @@ -341,6 +347,19 @@ tooshort: return; #endif +#if defined(IPFILTER) || defined(IPFILTER_LKM) + { + struct mbuf *m0 = m; + /* + * Check if we want to allow this packet to be processed. + * Consider it to be bad if not. + */ + if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) + goto next; + ip = mtod(m = m0, struct ip *); + } +#endif + /* * Process options and, if not destined for us, * ship it on. ip_dooptions returns 1 when an |