--- sys/netgraph/ng_ksocket.c.orig	Sun May 30 03:41:01 2004
+++ sys/netgraph/ng_ksocket.c	Wed Jan  4 20:15:00 2006
@@ -80,6 +80,8 @@ struct ng_ksocket_private {
 	u_int32_t	flags;
 	u_int32_t	response_token;
 	char		response_addr[NG_PATHLEN+1];
+	struct sockaddr_in peer;
+	int		have_peer;
 };
 typedef struct ng_ksocket_private *priv_p;
 
@@ -726,6 +728,14 @@ ng_ksocket_rcvmsg(node_p node, struct ng
 			if (so == NULL)
 				ERROUT(ENXIO);
 
+			if (sa->sa_family == AF_INET &&
+			    ((struct sockaddr_in *)sa)->sin_port == 0) {
+				bcopy(sa, &priv->peer,
+				    sizeof(struct sockaddr_in));
+				priv->have_peer = TRUE;
+				break;
+			}
+
 			/* Do connect */
 			if ((so->so_state & SS_ISCONNECTING) != 0)
 				ERROUT(EALREADY);
@@ -912,6 +922,8 @@ ng_ksocket_rcvdata(hook_p hook, struct m
 			break;
 		}
 	}
+	else if (priv->have_peer && priv->peer.sin_port != 0)
+		sa = (struct sockaddr *)&priv->peer;
 
 	/* Send packet */
 	priv->flags |= KSF_SENDING;
@@ -1068,6 +1080,19 @@ ng_ksocket_incoming(struct socket *so, v
 			if (sa != NULL)
 				FREE(sa, M_SONAME);
 			break;
+		}
+
+		if (priv->have_peer) {
+			if (sa->sa_family != AF_INET ||
+			    ((struct sockaddr_in *)sa)->sin_addr.s_addr !=
+			    priv->peer.sin_addr.s_addr) {
+				FREE(sa, M_SONAME);
+				m_freem(m);
+				splx(s);
+				return;
+			}
+			priv->peer.sin_port =
+			    ((struct sockaddr_in *)sa)->sin_port;
 		}
 
 		/* Don't trust the various socket layers to get the