Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v
retrieving revision 1.82
retrieving revision 1.82.2.4
diff -u -p -r1.82 -r1.82.2.4
--- src/sys/netinet/ip_input.c	1999/03/27 01:24:49	1.82
+++ src/sys/netinet/ip_input.c	2000/02/12 18:10:24	1.82.2.4
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.82 1999/03/27 01:24:49 aidan Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.82.2.4 2000/02/12 18:10:24 he Exp $	*/
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -340,6 +340,16 @@ next:
 		}
 		ip = mtod(m, struct ip *);
 	}
+
+	/*
+	 * RFC1122: packets with a multicast source address are
+	 * not allowed.
+	 */
+	if (IN_MULTICAST(ip->ip_src.s_addr)) {
+		/* XXX stat */
+		goto bad;
+	}
+
 	if (in_cksum(m, hlen) != 0) {
 		ipstat.ips_badsum++;
 		goto bad;
@@ -420,7 +430,8 @@ next:
 	 * Check our list of addresses, to see if the packet is for us.
 	 */
 	INADDR_TO_IA(ip->ip_dst, ia);
-	if (ia != NULL) goto ours;
+	if (ia != NULL)
+		goto ours;
 	if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
 		for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
 		    ifa != NULL; ifa = ifa->ifa_list.tqe_next) {
@@ -1226,7 +1237,7 @@ ip_forward(m, srcrt)
 		    ntohl(ip->ip_src.s_addr),
 		    ntohl(ip->ip_dst.s_addr), ip->ip_ttl);
 #endif
-	if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) {
+	if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) {
 		ipstat.ips_cantforward++;
 		m_freem(m);
 		return;