From 8d3eaf171b8426e26b2c400ab0af8e9100e9793f Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Mon, 21 Jan 2002 13:59:42 +0000
Subject: RFC1122 requires that addresses of the form { 127, <any> } MUST NOT
 appear outside a host.

PR:		30792, 33996
Obtained from:	ip_input.c
MFC after:	1 week
---
 sys/netinet/ip_output.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 6185db0..af06486 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -422,9 +422,19 @@ ip_output(m0, opt, ro, flags, imo)
 			goto bad;
 	}
 
+	/* 127/8 must not appear on wire - RFC1122. */
+	if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
+	    (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
+		if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
+			ipstat.ips_badaddr++;
+			error = EADDRNOTAVAIL;
+			goto bad;
+		}
+	}
+
 	/*
 	 * Look for broadcast address and
-	 * and verify user is allowed to send
+	 * verify user is allowed to send
 	 * such a packet.
 	 */
 	if (isbroadcast) {
-- 
cgit v1.1