*** /sys/netinet/ip_output.c.orig	Sat May 24 14:07:24 1997
--- /sys/netinet/ip_output.c	Sat May 24 15:00:29 1997
***************
*** 67,72 ****
--- 67,76 ----
  #else
  #undef COMPAT_IPFW
  #endif
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ extern	int	(*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
+ #endif
+ 
  
  u_short ip_id;
  
***************
*** 75,81 ****
  	__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
  static int	ip_getmoptions
  	__P((int, struct ip_moptions *, struct mbuf **));
! static int	ip_optcopy __P((struct ip *, struct ip *));
  static int	ip_pcbopts __P((struct mbuf **, struct mbuf *));
  static int	ip_setmoptions
  	__P((int, struct ip_moptions **, struct mbuf *));
--- 79,85 ----
  	__P((struct ifnet *, struct mbuf *, struct sockaddr_in *));
  static int	ip_getmoptions
  	__P((int, struct ip_moptions *, struct mbuf **));
! int	ip_optcopy __P((struct ip *, struct ip *));
  static int	ip_pcbopts __P((struct mbuf **, struct mbuf *));
  static int	ip_setmoptions
  	__P((int, struct ip_moptions **, struct mbuf *));
***************
*** 338,343 ****
--- 342,356 ----
  	 * - Wrap: fake packet's addr/port <unimpl.>
  	 * - Encapsulate: put it in another IP and send out. <unimp.>
  	 */ 
+ #if defined(IPFILTER_LKM) || defined(IPFILTER)
+ 	if (fr_checkp) {
+ 		struct mbuf *m1 = m;
+ 
+ 		if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1)
+ 			goto done;
+ 		ip = mtod(m = m1, struct ip *);
+ 	}
+ #endif
  
  #ifdef COMPAT_IPFW
          if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) {
***************
*** 559,565 ****
   * Copy options from ip to jp,
   * omitting those not copied during fragmentation.
   */
! static int
  ip_optcopy(ip, jp)
  	struct ip *ip, *jp;
  {
--- 574,580 ----
   * Copy options from ip to jp,
   * omitting those not copied during fragmentation.
   */
! int
  ip_optcopy(ip, jp)
  	struct ip *ip, *jp;
  {