xnu-517.9.5.tar.gz

[apple/xnu.git] / bsd / netinet / ip_output.c

diff --git a/bsd/netinet/ip_output.c b/bsd/netinet/ip_output.c
index ec096591dfb0c80f3df16d4c02172adcc826b190..377bf2b08fe86f42974855c4e421f5fe78c3081f 100644 (file)
--- a/bsd/netinet/ip_output.c
+++ b/bsd/netinet/ip_output.c
@@ -3,22 +3,19 @@
  *
  * @APPLE_LICENSE_HEADER_START@
  * 
- * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
+ * The contents of this file constitute Original Code as defined in and
+ * are subject to the Apple Public Source License Version 1.1 (the
+ * "License").  You may not use this file except in compliance with the
+ * License.  Please obtain a copy of the License at
+ * http://www.apple.com/publicsource and read it before using this file.
  * 
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- * 
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * This Original Code and all software distributed under the License are
+ * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
+ * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
+ * License for the specific language governing rights and limitations
+ * under the License.
  * 
  * @APPLE_LICENSE_HEADER_END@
  */
@@ -881,8 +878,26 @@ skip_ipsec:
        }
 
 pass:
+#if __APPLE__
+       /* Do not allow loopback address to wind up on a wire */
+       if ((ifp->if_flags & IFF_LOOPBACK) == 0 &&
+                ((ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
+                 (ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)) {
+               ipstat.ips_badaddr++;
+               m_freem(m);
+               /*
+                * Simply drop the packet just like a firewall -- we do not want the
+                * the application to feel the pain, not yet...
+                * Returning ENETUNREACH like ip6_output does in some similar cases  
+                * could startle the otherwise clueless process that specifies
+                * loopback as the source address.
+                */
+               goto done;
+       }
+#endif
        m->m_pkthdr.csum_flags |= CSUM_IP;
-       sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
+       sw_csum = m->m_pkthdr.csum_flags 
+               & ~IF_HWASSIST_CSUM_FLAGS(ifp->if_hwassist);
 
        if ((ifp->if_hwassist & CSUM_TCP_SUM16) != 0) {
                /*
@@ -912,7 +927,7 @@ pass:
                m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
        }
        
-       m->m_pkthdr.csum_flags &= ifp->if_hwassist;
+       m->m_pkthdr.csum_flags &= IF_HWASSIST_CSUM_FLAGS(ifp->if_hwassist);
 
        /*
         * If small enough for interface, or the interface will take
@@ -2165,7 +2180,7 @@ ip_mloopback(ifp, m, dst, hlen)
         * The UDP checksum has not been calculated yet.
         */
         if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
-            if (ifp->if_hwassist) {
+            if (IF_HWASSIST_CSUM_FLAGS(ifp->if_hwassist)) {
                 copym->m_pkthdr.csum_flags |=
                     CSUM_DATA_VALID | CSUM_PSEUDO_HDR |
                     CSUM_IP_CHECKED | CSUM_IP_VALID;