+
+ /*
+ * Quoth RFC 1122 (Requirements for Internet Hosts):
+ *
+ * An ICMP error message MUST NOT be sent as the result of
+ * receiving:
+ * - an ICMP error message, or
+ * - a datagram destined to an IP broadcast or IP multicast
+ * address, or
+ * - a datagram sent as a link-layer broadcast, or
+ * - a non-initial fragment, or
+ * - a datagram whose source address does not define a single
+ * host -- e.g., a zero address, a loopback address, a
+ * broadcast address, a multicast address, or a Class E
+ * address.
+ *
+ * NOTE: THESE RESTRICTIONS TAKE PRECEDENCE OVER ANY REQUIREMENT
+ * ELSEWHERE IN THIS DOCUMENT FOR SENDING ICMP ERROR MESSAGES.
+ */
+
+ oaddr = ntohl(oip->ip_src.s_addr);
+
+ /*
+ * Don't send error messages to multicast or broadcast addresses.
+ */
+ if (IN_MULTICAST(oaddr)
+ || oaddr == INADDR_BROADCAST
+ || n->m_flags & (M_BCAST | M_MCAST)) {
+ icmpstat.icps_oldmcast++;
+ goto freeit;
+ }
+
+ /*
+ * Don't send error messages to zero addresses or class E's.
+ */
+ if (IN_EXPERIMENTAL(oaddr)
+ || ! in_lnaof(oip->ip_src)
+ || ! in_netof(oip->ip_src)) {
+ icmpstat.icps_oldbadaddr++;
+ goto freeit;
+ }
+
+ /*
+ * Don't send error messages to loopback addresses.
+ * As a special (unauthorized) exception, we check to see
+ * if the packet came from the loopback interface. If it
+ * did, then we should allow the errors through, because
+ * the upper layers rely on them.
+ */
+ if(in_netof(oip->ip_src) == IN_LOOPBACKNET
+ && !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) {
+ icmpstat.icps_oldbadaddr++;
+ goto freeit;
+ }
+