MFC r282965:

  Add an ability accept encapsulated packets from different sources by one
  gif(4) interface. Add new option "ignore_source" for gif(4) interface.
  When it is enabled, gif's encapcheck function requires match only for
  packet's destination address.

  Differential Revision:	https://reviews.freebsd.org/D2004
  Sponsored by:	Yandex LLC

1 files changed, 9 insertions, 3 deletions

diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c
index c4df3b3..832c233 100644
--- a/sys/netinet/in_gif.c
+++ b/sys/netinet/in_gif.c
@@ -177,13 +177,19 @@ in_gif_input(struct mbuf **mp, int *offp, int proto)
 static int
 gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp)
 {
+	int ret;
 
 	GIF_RLOCK_ASSERT(sc);
 
 	/* check for address match */
-	if (sc->gif_iphdr->ip_src.s_addr != ip->ip_dst.s_addr ||
-	    sc->gif_iphdr->ip_dst.s_addr != ip->ip_src.s_addr)
+	if (sc->gif_iphdr->ip_src.s_addr != ip->ip_dst.s_addr)
 		return (0);
+	ret = 32;
+	if (sc->gif_iphdr->ip_dst.s_addr != ip->ip_src.s_addr) {
+		if ((sc->gif_options & GIF_IGNORE_SOURCE) == 0)
+			return (0);
+	} else
+		ret += 32;
 
 	/* martian filters on outer source - NOT done in ip_input! */
 	if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)))
@@ -214,7 +220,7 @@ gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp)
 		}
 		RTFREE_LOCKED(rt);
 	}
-	return (32 * 2);
+	return (ret);
 }
 
 /*