patch-1.3.61 linux/net/ipv4/ip_input.c

Next file: linux/net/ipv4/ip_output.c
Previous file: linux/net/ipv4/ip_fw.c
Back to the patch index
Back to the overall index

Lines: 46
Date: Thu Feb 8 12:51:25 1996
Orig file: v1.3.60/linux/net/ipv4/ip_input.c
Orig date: Wed Feb 7 15:11:42 1996


diff -u --recursive --new-file v1.3.60/linux/net/ipv4/ip_input.c linux/net/ipv4/ip_input.c
@@ -95,6 +95,7 @@
  *		Alan Cox	:	Outgoing firewall on build_xmit
  *		A.N.Kuznetsov	:	IP_OPTIONS support throughout the kernel
  *		Alan Cox	:	Multicast routing hooks
+ *		Jos Vos		:	Do accounting *before* call_in_firewall
  *
  *  
  *
@@ -286,11 +287,20 @@
 #endif
 
 	/*
-	 *	See if the firewall wants to dispose of the packet. 
+	 *	Account for the packet (even if the packet is
+	 *	not accepted by the firewall!).
 	 */
 
-#ifdef	CONFIG_FIREWALL
+#ifdef CONFIG_IP_ACCT
+	ip_fw_chk(iph,dev,ip_acct_chain,IP_FW_F_ACCEPT,1);
+#endif	
+
+	/*
+	 *	See if the firewall wants to dispose of the packet. 
+	 */
 	
+#ifdef	CONFIG_FIREWALL
+
 	if ((err=call_in_firewall(PF_INET, skb, iph))<FW_ACCEPT)
 	{
 		if(err==FW_REJECT)
@@ -421,14 +431,6 @@
 			return(0);
 		}
 #endif
-
-		/*
-		 *	Account for the packet
-		 */
- 
-#ifdef CONFIG_IP_ACCT
-		ip_fw_chk(iph,dev,ip_acct_chain,IP_FW_F_ACCEPT,1);
-#endif	
 
 		/*
 		 *	Reassemble IP fragments.

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi

TCL-scripts by Sam Shen, slshen@lbl.gov with Sam's (original) version

of this