+
+#ifdef FILTER_PACKETS
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <netinet/tcp.h>
+
+#define MAX_IPHDR 128 /* max TCP/IP header size */
+
+
+/* The following table contains a hard-coded list of protocol/port pairs.
+ * Any matching packets are either discarded unconditionally, or,
+ * if ok_if_link_up is non-zero when a connection does not currently exist
+ * (i.e., they go through if the connection is present, but never initiate
+ * a dial-out).
+ * This idea came from a post by dm@garage.uun.org (David Mazieres)
+ */
+static struct pktfilt_tab {
+ int proto;
+ u_short port;
+ u_short ok_if_link_up;
+} pktfilt_tab[] = {
+ { IPPROTO_UDP, 520, 1 }, /* RIP, ok to pass if link is up */
+ { IPPROTO_UDP, 123, 1 }, /* NTP, don't keep up the link for it */
+ { -1, 0, 0 } /* terminator entry has port == -1 */
+};
+
+
+static int
+ip_hard_filter(us, mp, outbound)
+ upperstr_t *us;
+ mblk_t *mp;
+ int outbound;
+{
+ struct ip *ip;
+ struct pktfilt_tab *pft;
+ mblk_t *temp_mp;
+ int proto;
+ int len, hlen;
+
+
+ /* Note, the PPP header has already been pulled up in all cases */
+ proto = PPP_PROTOCOL(mp->b_rptr);
+ if (us->flags & US_DBGLOG)
+ DPRINT3("ppp/%d: filter, proto=0x%x, out=%d\n", us->mn, proto, outbound);
+
+ switch (proto)
+ {
+ case PPP_IP:
+ if ((mp->b_wptr - mp->b_rptr) == PPP_HDRLEN && mp->b_cont != 0) {
+ temp_mp = mp->b_cont;
+ len = msgdsize(temp_mp);
+ hlen = (len < MAX_IPHDR) ? len : MAX_IPHDR;
+ PULLUP(temp_mp, hlen);
+ if (temp_mp == 0) {
+ DPRINT2("ppp/%d: filter, pullup next failed, len=%d\n",
+ us->mn, hlen);
+ mp->b_cont = 0; /* PULLUP() freed the rest */
+ freemsg(mp);
+ return 0;
+ }
+ ip = (struct ip *)mp->b_cont->b_rptr;
+ }
+ else {
+ len = msgdsize(mp);
+ hlen = (len < (PPP_HDRLEN+MAX_IPHDR)) ? len : (PPP_HDRLEN+MAX_IPHDR);
+ PULLUP(mp, hlen);
+ if (mp == 0) {
+ DPRINT2("ppp/%d: filter, pullup failed, len=%d\n",
+ us->mn, hlen);
+ return 0;
+ }
+ ip = (struct ip *)(mp->b_rptr + PPP_HDRLEN);
+ }
+
+ /* For IP traffic, certain packets (e.g., RIP) may be either
+ * 1. ignored - dropped completely
+ * 2. will not initiate a connection, but
+ * will be passed if a connection is currently up.
+ */
+ for (pft=pktfilt_tab; pft->proto != -1; pft++) {
+ if (ip->ip_p == pft->proto) {
+ switch(pft->proto) {
+ case IPPROTO_UDP:
+ if (((struct udphdr *) &((int *)ip)[ip->ip_hl])->uh_dport
+ == htons(pft->port)) goto endfor;
+ break;
+ case IPPROTO_TCP:
+ if (((struct tcphdr *) &((int *)ip)[ip->ip_hl])->th_dport
+ == htons(pft->port)) goto endfor;
+ break;
+ }
+ }
+ }
+ endfor:
+ if (pft->proto != -1) {
+ if (us->flags & US_DBGLOG)
+ DPRINT3("ppp/%d: found IP pkt, proto=0x%x (%d)\n",
+ us->mn, pft->proto, pft->port);
+ /* Discard if not connected, or if not pass_with_link_up */
+ /* else, if link is up let go by, but don't update time */
+ return pft->ok_if_link_up? -1: 0;
+ }
+ break;
+ } /* end switch (proto) */
+
+ return 1;
+}
+#endif /* FILTER_PACKETS */
+