*** /sys/netinet/ip_input.c.orig	Thu Oct 24 22:27:27 1996
--- /sys/netinet/ip_input.c	Tue Feb 18 21:18:19 1997
***************
*** 93,98 ****
--- 93,102 ----
  int	ipqmaxlen = IFQ_MAXLEN;
  struct	in_ifaddr *in_ifaddr;			/* first inet address */
  struct	ifqueue ipintrq;
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ int	fr_check __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ int	(*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
  
  struct ipstat ipstat;
  struct ipq ipq;
***************
*** 219,226 ****
  		}
  		ip = mtod(m, struct ip *);
  	}
! 	ip->ip_sum = in_cksum(m, hlen);
! 	if (ip->ip_sum) {
  		ipstat.ips_badsum++;
  		goto bad;
  	}
--- 223,229 ----
  		}
  		ip = mtod(m, struct ip *);
  	}
! 	if (in_cksum(m, hlen)) {
  		ipstat.ips_badsum++;
  		goto bad;
  	}
***************
*** 267,272 ****
--- 270,288 ----
  	       goto next;
  	}
  
+ #if defined(IPFILTER) || defined(IPFILTER_LKM)
+ 	/*
+ 	 * Check if we want to allow this packet to be processed.
+ 	 * Consider it to be bad if not.
+ 	 */
+ 	if (fr_checkp) {
+ 		struct	mbuf	*m1 = m;
+ 
+ 		if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1)
+ 			goto next;
+ 		ip = mtod(m = m1, struct ip *);
+ 	}
+ #endif
  	/*
  	 * Process options and, if not destined for us,
  	 * ship it on.  ip_dooptions returns 1 when an
***************
*** 527,532 ****
--- 533,540 ----
       * if they are completely covered, dequeue them.
       */
      while (q != (struct ipasfrag *)fp && ip->ip_off + ip->ip_len > q->ip_off) {
+             struct mbuf *m0;
+ 
              i = (ip->ip_off + ip->ip_len) - q->ip_off;
              if (i < q->ip_len) {
                      q->ip_len -= i;
***************
*** 526,534 ****
  			m_adj(dtom(q), i);
  			break;
  		}
  		q = q->ipf_next;
- 		m_freem(dtom(q->ipf_prev));
  		ip_deq(q->ipf_prev);
  	}
  
  insert:
--- 542,551 ----
  			m_adj(dtom(q), i);
  			break;
  		}
+ 		m0 = dtom(q);
  		q = q->ipf_next;
  		ip_deq(q->ipf_prev);
+ 		m_freem(m0);
  	}
  
  insert: