change IP Filter hooks to match new 3.1.8 patches for FreeBSD

svn path=/head/; revision=22927
2024-11-13 05:41:26 +01:00 · 1997-02-19 14:02:27 +00:00 · 1997-02-19 14:02:27 +00:00 · f1743588c7 · 2020-12-20 02:59:44 +00:00
commit f1743588c7
parent 655c4c9dab
2 changed files with 16 additions and 15 deletions
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@ -348,16 +348,17 @@ tooshort:
 #endif

 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * Check if we want to allow this packet to be processed.
 	 * Consider it to be bad if not.
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
-		goto next;
-	ip = mtod(m = m0, struct ip *);
-    }
+	if (fr_check) {
+		struct	mbuf	*m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+			goto next;
+		ip = mtod(m = m1, struct ip *);
+	}
 #endif

 	/*
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@ -337,21 +337,21 @@ ip_output(m0, opt, ro, flags, imo)
 		m->m_flags &= ~M_BCAST;
 	}

+sendit:
 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * looks like most checking has been done now...do a filter check
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m0))
-	{
-		error = EHOSTUNREACH;
-		goto done;
+	if (fr_checkp) {
+		struct  mbuf    *m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, ifp, 1, &m1))
+			error = EHOSTUNREACH;
+		if (error || !m1)
+			goto done;
+		ip = mtod(m = m1, struct ip *);
 	}
-	ip = mtod(m = m0, struct ip *);
-    }
 #endif
-sendit:
        /*
 	 * IpHack's section.
 	 * - Xlate: translate packet's addr/port (NAT).