svn commit: r273909 - head/sys/netinet

[Andrey V. Elsukov]

Author: ae
Date: Fri Oct 31 15:23:24 2014
New Revision: 273909
URL: https://svnweb.freebsd.org/changeset/base/273909

Log:
  Remove the check for packets with broadcast source from if_gif's encapcheck.
  
  The check was recommened in the draft-ietf-ngtrans-mech-05.txt. But it isn't
  clear, should it compare the source with all direct broadcast addresses in the
  system or not.
  RFC 4213 says it is enough to verify that the source address is the address
  of the encapsulator, as configured on the decapsulator. And this verification
  can be extended by administrator with any other forms of IPv4 ingress filtering.
  
  Discussed with:	glebius, melifaro
  Sponsored by:	Yandex LLC

Modified:
  head/sys/netinet/in_gif.c

Modified: head/sys/netinet/in_gif.c
==============================================================================
--- head/sys/netinet/in_gif.c	Fri Oct 31 15:07:51 2014	(r273908)
+++ head/sys/netinet/in_gif.c	Fri Oct 31 15:23:24 2014	(r273909)
@@ -167,7 +167,6 @@ in_gif_input(struct mbuf **mp, int *offp
 static int
 gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp)
 {
-	struct in_ifaddr *ia4;
 
 	GIF_RLOCK_ASSERT(sc);
 
@@ -186,19 +185,6 @@ gif_validate4(const struct ip *ip, struc
 		return (0);
 	}
 
-	/* reject packets with broadcast on source */
-	/* XXXRW: should use hash lists? */
-	IN_IFADDR_RLOCK();
-	TAILQ_FOREACH(ia4, &V_in_ifaddrhead, ia_link) {
-		if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
-			continue;
-		if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
-			IN_IFADDR_RUNLOCK();
-			return (0);
-		}
-	}
-	IN_IFADDR_RUNLOCK();
-
 	/* ingress filters on outer source */
 	if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0 && ifp) {
 		struct sockaddr_in sin;