Hi!
Please test with and without this patch.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
Index: ip_output.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.99.2.25
diff -u -p -r1.99.2.25 ip_output.c
--- ip_output.c 2002/02/01 10:42:09 1.99.2.25
+++ ip_output.c 2002/02/13 08:49:04
@@ -403,16 +403,6 @@ ip_output(m0, opt, ro, flags, imo)
goto bad;
}
- /* 127/8 must not appear on wire - RFC1122. */
- if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
- (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
- if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
- ipstat.ips_badaddr++;
- error = EADDRNOTAVAIL;
- goto bad;
- }
- }
-
/*
* Look for broadcast address and
* verify user is allowed to send
@@ -775,6 +765,16 @@ skip_ipsec:
}
pass:
+ /* 127/8 must not appear on wire - RFC1122. */
+ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
+ (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
+ if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
+ ipstat.ips_badaddr++;
+ error = EADDRNOTAVAIL;
+ goto bad;
+ }
+ }
+
m->m_pkthdr.csum_flags |= CSUM_IP;
sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
if (sw_csum & CSUM_DELAY_DATA) {
