change IP Filter hooks to match new 3.1.8 patches for FreeBSD

2 files changed, 16 insertions, 15 deletions

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 1fc5299..6a38e40 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -348,16 +348,17 @@ tooshort:
 #endif
 
 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * Check if we want to allow this packet to be processed.
 	 * Consider it to be bad if not.
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
-		goto next;
-	ip = mtod(m = m0, struct ip *);
-    }
+	if (fr_check) {
+		struct	mbuf	*m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+			goto next;
+		ip = mtod(m = m1, struct ip *);
+	}
 #endif
 
 	/*
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 186598b..4ec8d77 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -337,21 +337,21 @@ ip_output(m0, opt, ro, flags, imo)
 		m->m_flags &= ~M_BCAST;
 	}
 
+sendit:
 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * looks like most checking has been done now...do a filter check
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m0))
-	{
-		error = EHOSTUNREACH;
-		goto done;
+	if (fr_checkp) {
+		struct  mbuf    *m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, ifp, 1, &m1))
+			error = EHOSTUNREACH;
+		if (error || !m1)
+			goto done;
+		ip = mtod(m = m1, struct ip *);
 	}
-	ip = mtod(m = m0, struct ip *);
-    }
 #endif
-sendit:
         /*
 	 * IpHack's section.
 	 * - Xlate: translate packet's addr/port (NAT).