diff options
author | darrenr <darrenr@FreeBSD.org> | 1997-02-19 14:02:27 +0000 |
---|---|---|
committer | darrenr <darrenr@FreeBSD.org> | 1997-02-19 14:02:27 +0000 |
commit | 9b267ed0138212856ee01f9311d3fd02f0f6e270 (patch) | |
tree | 5624565042cd0f02bf972bedba1469f82a794a30 /sys | |
parent | 712f3a716aa919c0b2807c55415b3e8cf231c769 (diff) | |
download | FreeBSD-src-9b267ed0138212856ee01f9311d3fd02f0f6e270.zip FreeBSD-src-9b267ed0138212856ee01f9311d3fd02f0f6e270.tar.gz |
change IP Filter hooks to match new 3.1.8 patches for FreeBSD
Diffstat (limited to 'sys')
-rw-r--r-- | sys/netinet/ip_input.c | 13 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 18 |
2 files changed, 16 insertions, 15 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1fc5299..6a38e40 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -348,16 +348,17 @@ tooshort: #endif #if defined(IPFILTER) || defined(IPFILTER_LKM) - { - struct mbuf *m0 = m; /* * Check if we want to allow this packet to be processed. * Consider it to be bad if not. */ - if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) - goto next; - ip = mtod(m = m0, struct ip *); - } + if (fr_check) { + struct mbuf *m1 = m; + + if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) + goto next; + ip = mtod(m = m1, struct ip *); + } #endif /* diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 186598b..4ec8d77 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -337,21 +337,21 @@ ip_output(m0, opt, ro, flags, imo) m->m_flags &= ~M_BCAST; } +sendit: #if defined(IPFILTER) || defined(IPFILTER_LKM) - { - struct mbuf *m0 = m; /* * looks like most checking has been done now...do a filter check */ - if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m0)) - { - error = EHOSTUNREACH; - goto done; + if (fr_checkp) { + struct mbuf *m1 = m; + + if ((*fr_checkp)(ip, hlen, ifp, 1, &m1)) + error = EHOSTUNREACH; + if (error || !m1) + goto done; + ip = mtod(m = m1, struct ip *); } - ip = mtod(m = m0, struct ip *); - } #endif -sendit: /* * IpHack's section. * - Xlate: translate packet's addr/port (NAT). |