*** /sys/netinet/ip_output.c.orig	Thu Oct 24 22:27:28 1996
--- /sys/netinet/ip_output.c	Tue Feb 18 21:38:23 1997
***************
*** 65,70 ****
--- 65,74 ----
  static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *));
  static void ip_mloopback
  	__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ extern int fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
  
  /*
   * IP output.  The packet in mbuf chain m contains a skeletal IP
***************
*** 330,335 ****
--- 334,351 ----
  		m->m_flags &= ~M_BCAST;
  
  sendit:
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ 	/*
+ 	 * looks like most checking has been done now...do a filter check
+ 	 */
+ 	if (fr_checkp) {
+ 		struct	mbuf	*m1 = m;
+ 
+ 		if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
+ 			goto done;
+ 		ip = mtod(m = m1, struct ip *);
+ 	    }
+ #endif
  	/*
  	 * Check with the firewall...
  	 */