xnu-792.18.15.tar.gz

[apple/xnu.git] / bsd / netinet / ip_output.c

diff --git a/bsd/netinet/ip_output.c b/bsd/netinet/ip_output.c
index e3c2b862d4ba7ace402f6238855e640a517d5c07..e95d54b919d57982b2ebd5f8621e8f7579d6e090 100644 (file)
--- a/bsd/netinet/ip_output.c
+++ b/bsd/netinet/ip_output.c
@@ -483,6 +483,11 @@ loopit:
                                
                                lck_mtx_unlock(ip_mutex);
                                ipf_ref();
+                               
+                               /* 4135317 - always pass network byte order to filter */
+                               HTONS(ip->ip_len);
+                               HTONS(ip->ip_off);
+                               
                                TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
                                        if (seen == 0) {
                                                if ((struct ipfilter *)inject_filter_ref == filter)
@@ -501,6 +506,11 @@ loopit:
                                                }
                                        }
                                }
+                               
+                               /* set back to host byte order */
+                               NTOHS(ip->ip_len);
+                               NTOHS(ip->ip_off);
+                               
                                lck_mtx_lock(ip_mutex);
                                ipf_unref();
                                didfilter = 1;
@@ -614,6 +624,11 @@ injectit:
                
                lck_mtx_unlock(ip_mutex);
                ipf_ref();
+               
+               /* 4135317 - always pass network byte order to filter */
+               HTONS(ip->ip_len);
+               HTONS(ip->ip_off);
+               
                TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
                        if (seen == 0) {
                                if ((struct ipfilter *)inject_filter_ref == filter)
@@ -632,6 +647,11 @@ injectit:
                                }
                        }
                }
+               
+               /* set back to host byte order */
+               NTOHS(ip->ip_len);
+               NTOHS(ip->ip_off);
+               
                ipf_unref();
                lck_mtx_lock(ip_mutex);
        }
@@ -809,6 +829,11 @@ injectit:
                
                lck_mtx_unlock(ip_mutex);
                ipf_ref();
+               
+               /* 4135317 - always pass network byte order to filter */
+               HTONS(ip->ip_len);
+               HTONS(ip->ip_off);
+               
                TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
                        if (filter->ipf_filter.ipf_output) {
                                errno_t result;
@@ -824,6 +849,11 @@ injectit:
                                }
                        }
                }
+               
+               /* set back to host byte order */
+               NTOHS(ip->ip_len);
+               NTOHS(ip->ip_off);
+               
                ipf_unref();
                lck_mtx_lock(ip_mutex);
        }