From f1743588c70b2942d7ea7c31e87b03069f20c1d1 Mon Sep 17 00:00:00 2001
From: Darren Reed <darrenr@FreeBSD.org>
Date: Wed, 19 Feb 1997 14:02:27 +0000
Subject: [PATCH] change IP Filter hooks to match new 3.1.8 patches for FreeBSD

---
 sys/netinet/ip_input.c  | 13 +++++++------
 sys/netinet/ip_output.c | 18 +++++++++---------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index 1fc5299ec97a..6a38e409a5fc 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -348,16 +348,17 @@ tooshort:
 #endif
 
 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * Check if we want to allow this packet to be processed.
 	 * Consider it to be bad if not.
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
-		goto next;
-	ip = mtod(m = m0, struct ip *);
-    }
+	if (fr_check) {
+		struct	mbuf	*m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+			goto next;
+		ip = mtod(m = m1, struct ip *);
+	}
 #endif
 
 	/*
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 186598b4af37..4ec8d77a1e6a 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -337,21 +337,21 @@ ip_output(m0, opt, ro, flags, imo)
 		m->m_flags &= ~M_BCAST;
 	}
 
+sendit:
 #if defined(IPFILTER) || defined(IPFILTER_LKM)
-    {
-	struct	mbuf	*m0 = m;
 	/*
 	 * looks like most checking has been done now...do a filter check
 	 */
-	if (fr_checkp && (*fr_checkp)(ip, hlen, ifp, 1, &m0))
-	{
-		error = EHOSTUNREACH;
-		goto done;
+	if (fr_checkp) {
+		struct  mbuf    *m1 = m;
+
+		if ((*fr_checkp)(ip, hlen, ifp, 1, &m1))
+			error = EHOSTUNREACH;
+		if (error || !m1)
+			goto done;
+		ip = mtod(m = m1, struct ip *);
 	}
-	ip = mtod(m = m0, struct ip *);
-    }
 #endif
-sendit:
         /*
 	 * IpHack's section.
 	 * - Xlate: translate packet's addr/port (NAT).