summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_input.c')
-rw-r--r--sys/netinet/ip_input.c16
1 files changed, 4 insertions, 12 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index b720bdd90575..79d5123bf3e8 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -450,22 +450,14 @@ iphack:
* See the comment in ip_output for the return values
* produced by the firewall.
*/
- i = ip_fw_chk_ptr(&ip, hlen, NULL,
- &divert_cookie, &m, &rule, &ip_fw_fwd_addr);
- if (i & IP_FW_PORT_DENY_FLAG) { /* XXX new interface-denied */
+ i = ip_fw_chk_ptr(&m, NULL /* oif */, &divert_cookie,
+ &rule, &ip_fw_fwd_addr);
+ if ( (i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */
if (m)
m_freem(m);
return;
}
- if (m == NULL) { /* Packet discarded by firewall */
- static int __debug=10;
- if (__debug > 0) {
- printf(
- "firewall returns NULL, please update!\n");
- __debug--;
- }
- return;
- }
+ ip = mtod(m, struct ip *); /* just in case m changed */
if (i == 0 && ip_fw_fwd_addr == NULL) /* common case */
goto pass;
if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG) != 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-30 22:48:00 +0000