Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.77
retrieving revision 1.87
diff -u -p -r1.77 -r1.87
--- src/sys/netinet/ip_input.c	1999/01/11 22:35:06	1.77
+++ src/sys/netinet/ip_input.c	1999/05/04 20:13:09	1.87
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.77 1999/01/11 22:35:06 thorpej Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.87 1999/05/04 20:13:09 hwr Exp $	*/
 
 /*-
  * Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -340,7 +340,15 @@ next:
 		}
 		ip = mtod(m, struct ip *);
 	}
-	if ((ip->ip_sum = in_cksum(m, hlen)) != 0) {
+	/*
+	 * we drop packets that have a multicast address as source
+	 * as wanted by rfc 1112
+	 */
+	if (IN_MULTICAST(ip->ip_src.s_addr)) {
+		goto bad;
+	}
+
+	if (in_cksum(m, hlen) != 0) {
 		ipstat.ips_badsum++;
 		goto bad;
 	}
@@ -349,11 +357,18 @@ next:
 	 * Convert fields to host representation.
 	 */
 	NTOHS(ip->ip_len);
-	NTOHS(ip->ip_id);
 	NTOHS(ip->ip_off);
 	len = ip->ip_len;
 
 	/*
+	 * Check for additional length bogosity
+	 */
+	if (len < hlen) {
+	 	ipstat.ips_badlen++;
+		goto bad;
+	}
+
+	/*
 	 * Check that the amount of data in the buffers
 	 * is as at least much as the IP header would have us expect.
 	 * Trim mbufs if longer than we expect.
@@ -412,7 +427,8 @@ next:
 	 * Check our list of addresses, to see if the packet is for us.
 	 */
 	INADDR_TO_IA(ip->ip_dst, ia);
-	if (ia != NULL) goto ours;
+	if (ia != NULL)
+		goto ours;
 	if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
 		for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
 		    ifa != NULL; ifa = ifa->ifa_list.tqe_next) {
@@ -461,13 +477,11 @@ next:
 			 * as expected when ip_mforward() is called from
 			 * ip_output().)
 			 */
-			ip->ip_id = htons(ip->ip_id);
 			if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) {
 				ipstat.ips_cantforward++;
 				m_freem(m);
 				goto next;
 			}
-			ip->ip_id = ntohs(ip->ip_id);
 
 			/*
 			 * The process-level routing demon needs to receive
@@ -572,16 +586,19 @@ found:
 			ipstat.ips_reassembled++;
 			ip = mtod(m, struct ip *);
 			hlen = ip->ip_hl << 2;
+			ip->ip_len += hlen;
 		} else
 			if (fp)
 				ip_freef(fp);
 		IPQ_UNLOCK();
-	} else
-		ip->ip_len -= hlen;
+	}
 
 	/*
 	 * Switch out to protocol's input routine.
 	 */
+#if IFA_STATS
+	ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len;
+#endif
 	ipstat.ips_delivered++;
 	(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
 	goto next;
@@ -1021,7 +1038,6 @@ ip_dooptions(m)
 	}
 	return (0);
 bad:
-	ip->ip_len -= ip->ip_hl << 2;   /* XXX icmp_error adds in hdr length */
 	icmp_error(m, type, code, 0, 0);
 	ipstat.ips_badoptions++;
 	return (1);
@@ -1164,14 +1180,15 @@ ip_stripoptions(m, mopt)
 	register caddr_t opts;
 	int olen;
 
-	olen = (ip->ip_hl<<2) - sizeof (struct ip);
+	olen = (ip->ip_hl << 2) - sizeof (struct ip);
 	opts = (caddr_t)(ip + 1);
 	i = m->m_len - (sizeof (struct ip) + olen);
 	bcopy(opts  + olen, opts, (unsigned)i);
 	m->m_len -= olen;
 	if (m->m_flags & M_PKTHDR)
 		m->m_pkthdr.len -= olen;
-	ip->ip_hl = sizeof(struct ip) >> 2;
+	ip->ip_len -= olen;
+	ip->ip_hl = sizeof (struct ip) >> 2;
 }
 
 int inetctlerrmap[PRC_NCMDS] = {