patch-2.1.30 linux/net/ipx/af_ipx.c

• Lines: 74
• Date: Thu Mar 20 18:17:15 1997
• Orig file: v2.1.29/linux/net/ipx/af_ipx.c
• Orig date: Thu Feb 27 10:57:32 1997

diff -u --recursive --new-file v2.1.29/linux/net/ipx/af_ipx.c linux/net/ipx/af_ipx.c
@@ -714,19 +714,16 @@
 	struct ipxhdr	*ipx = skb->nh.ipxh;
 	ipx_interface	*i;
 
-#ifdef CONFIG_FIREWALL
 	/*
 	 *	We firewall first, ask questions later.
 	 */
 
-	if (call_in_firewall(PF_IPX, skb->dev, ipx, NULL)!=FW_ACCEPT)
+	if (call_in_firewall(PF_IPX, skb->dev, ipx, NULL, &skb)!=FW_ACCEPT)
 	{
 		kfree_skb(skb, FREE_READ);
 		return 0;
 	}
 
-#endif
-
 	/* See if we should update our network number */
 	if ((intrfc->if_netnum == 0L) &&
 		(ipx->ipx_source.net == ipx->ipx_dest.net) &&
@@ -818,16 +815,15 @@
 					printk( "IPX: Forward PPROP onto net num %08x\n", (unsigned int) htonl(ifcs->if_netnum) );
 #endif
 					skb2 = skb_clone(skb, GFP_ATOMIC);
-#ifdef CONFIG_FIREWALL
+
 					/*
 					 *	See if we are allowed to firewall forward
 					 */
-					if (call_fw_firewall(PF_IPX, skb2->dev, ipx, NULL)!=FW_ACCEPT)
+					if (call_fw_firewall(PF_IPX, skb2->dev, ipx, NULL, &skb)!=FW_ACCEPT)
 					{
 						kfree_skb(skb, FREE_READ);
 						return 0;
 					}
-#endif
 					ipxrtr_route_skb(skb2);
 				}
 #ifdef DEBUG_IPX_PPROP_ROUTING
@@ -851,16 +847,15 @@
 
 	if (intrfc->if_netnum != ipx->ipx_dest.net)
 	{
-#ifdef CONFIG_FIREWALL
 		/*
 		 *	See if we are allowed to firewall forward
 		 */
-		if (call_fw_firewall(PF_IPX, skb->dev, ipx, NULL)!=FW_ACCEPT)
+		if (call_fw_firewall(PF_IPX, skb->dev, ipx, NULL, &skb)!=FW_ACCEPT)
 		{
 			kfree_skb(skb, FREE_READ);
 			return 0;
 		}
-#endif
+
 		/* We only route point-to-point packets. */
 		if (skb->pkt_type == PACKET_HOST)
 		{
@@ -1451,13 +1446,11 @@
 	else
 		ipx->ipx_checksum=ipx_set_checksum(ipx, len+sizeof(struct ipxhdr));
 
-#ifdef CONFIG_FIREWALL	
-	if(call_out_firewall(PF_IPX, skb->dev, ipx, NULL)!=FW_ACCEPT)
+	if(call_out_firewall(PF_IPX, skb->dev, ipx, NULL, &skb)!=FW_ACCEPT)
 	{
 		kfree_skb(skb, FREE_WRITE);
 		return -EPERM;
 	}
-#endif
 	
 	return ipxitf_send(intrfc, skb, (rt && rt->ir_routed) ? 
 				rt->ir_router_node : ipx->ipx_dest.node);