*** ip_input.c.orig	Sun Apr 23 17:17:05 1995
--- ip_input.c	Sun Apr 23 17:30:03 1995
***************
*** 80,85 ****
--- 80,90 ----
  int	ipqmaxlen = IFQ_MAXLEN;
  struct	in_ifaddr *in_ifaddr;			/* first inet address */
  struct	ifqueue ipintrq;
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ int	fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
+ int	(*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf *));
+ #endif
  
  /*
   * We need to save the IP options in case a protocol wants to respond
***************
*** 225,231 ****
--- 233,252 ----
  			m_adj(m, ip->ip_len - m->m_pkthdr.len);
  	}
  
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
  	/*
+ 	 * Check if we want to allow this packet to be processed.
+ 	 * Consider it to be bad if not.
+ 	 */
+ 	if (fr_checkp) {
+ 		struct mbuf *m1 = m;
+ 
+ 		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+ 			goto next;
+ 		ip = mtod(m = m1, struct ip *);
+ 	}
+ #endif
+ 	/*
  	 * Process options and, if not destined for us,
  	 * ship it on.  ip_dooptions returns 1 when an
  	 * error was detected (causing an icmp message