Index: sbin/ifconfig/ifconfig.c =================================================================== RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.429 diff -u -p -r1.429 ifconfig.c --- sbin/ifconfig/ifconfig.c 7 Oct 2020 14:38:54 -0000 1.429 +++ sbin/ifconfig/ifconfig.c 20 Oct 2020 00:12:06 -0000 @@ -468,6 +468,8 @@ const struct cmd { { "-autoconfprivacy", IFXF_INET6_NOPRIVACY, 0, setifxflags }, { "soii", -IFXF_INET6_NOSOII, 0, setifxflags }, { "-soii", IFXF_INET6_NOSOII, 0, setifxflags }, + { "global", IFXF_GLOBAL, 0, setifxflags }, + { "-global", -IFXF_GLOBAL, 0, setifxflags }, #ifndef SMALL { "hwfeatures", NEXTARG0, 0, printifhwfeatures }, { "metric", NEXTARG, 0, setifmetric }, @@ -675,7 +677,7 @@ const struct cmd { "\7RUNNING\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX" \ "\15LINK0\16LINK1\17LINK2\20MULTICAST" \ "\23INET6_NOPRIVACY\24MPLS\25WOL\26AUTOCONF6\27INET6_NOSOII" \ - "\30AUTOCONF4" + "\30AUTOCONF4" "\031GLOBAL" int getinfo(struct ifreq *, int); void getsock(int); Index: sys/netinet/ip_input.c =================================================================== RCS file: /cvs/src/sys/netinet/ip_input.c,v retrieving revision 1.351 diff -u -p -r1.351 ip_input.c --- sys/netinet/ip_input.c 22 Aug 2020 17:55:30 -0000 1.351 +++ sys/netinet/ip_input.c 20 Oct 2020 00:12:06 -0000 @@ -753,29 +753,42 @@ in_ouraddr(struct mbuf *m, struct ifnet break; } } - } else if (ipforwarding == 0 && rt->rt_ifidx != ifp->if_index && - !((ifp->if_flags & IFF_LOOPBACK) || (ifp->if_type == IFT_ENC) || - (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST))) { - /* received on wrong interface. */ -#if NCARP > 0 - struct ifnet *out_if; + } else if (ipforwarding == 0 && !ip_laddr(ifp, m, rt)) { + ipstat_inc(ips_wrongif); + match = 2; + } + + return (match); +} +int +ip_laddr(struct ifnet *ifp, struct mbuf *m, struct rtentry *rt) +{ + struct ifnet *rtifp; + int match = 0; + + if (rt->rt_ifidx == ifp->if_index || + ifp->if_type == IFT_ENC || + ISSET(ifp->if_flags, IFF_LOOPBACK) || + ISSET(m->m_pkthdr.pf.flags, PF_TAG_TRANSLATE_LOCALHOST)) + return (1); + + /* received on a different interface. */ + rtifp = if_get(rt->rt_ifidx); + if (rtifp != NULL) { + if (ISSET(rtifp->if_xflags, IFXF_GLOBAL)) + match = 1; +#if NCARP > 0 /* * Virtual IPs on carp interfaces need to be checked also * against the parent interface and other carp interfaces * sharing the same parent. */ - out_if = if_get(rt->rt_ifidx); - if (!(out_if && carp_strict_addr_chk(out_if, ifp))) { - ipstat_inc(ips_wrongif); - match = 2; - } - if_put(out_if); -#else - ipstat_inc(ips_wrongif); - match = 2; + else if (carp_strict_addr_chk(rtifp, ifp)) + match = 1; #endif } + if_put(rtifp); return (match); } Index: sys/netinet/ip_var.h =================================================================== RCS file: /cvs/src/sys/netinet/ip_var.h,v retrieving revision 1.86 diff -u -p -r1.86 ip_var.h --- sys/netinet/ip_var.h 8 Dec 2019 11:08:22 -0000 1.86 +++ sys/netinet/ip_var.h 20 Oct 2020 00:12:06 -0000 @@ -244,6 +244,7 @@ void ip_savecontrol(struct inpcb *, str void ipintr(void); int ip_input_if(struct mbuf **, int *, int, int, struct ifnet *); int ip_deliver(struct mbuf **, int *, int, int); +int ip_laddr(struct ifnet *, struct mbuf *, struct rtentry *); void ip_forward(struct mbuf *, struct ifnet *, struct rtentry *, int); int rip_ctloutput(int, struct socket *, int, int, struct mbuf *); void rip_init(void); Index: sys/netinet6/ip6_input.c =================================================================== RCS file: /cvs/src/sys/netinet6/ip6_input.c,v retrieving revision 1.229 diff -u -p -r1.229 ip6_input.c --- sys/netinet6/ip6_input.c 24 Aug 2020 16:40:07 -0000 1.229 +++ sys/netinet6/ip6_input.c 20 Oct 2020 00:12:06 -0000 @@ -425,30 +425,9 @@ ip6_input_if(struct mbuf **mp, int *offp if (rtisvalid(rt) && ISSET(rt->rt_flags, RTF_LOCAL)) { struct in6_ifaddr *ia6 = ifatoia6(rt->rt_ifa); - if (ip6_forwarding == 0 && rt->rt_ifidx != ifp->if_index && - !((ifp->if_flags & IFF_LOOPBACK) || - (ifp->if_type == IFT_ENC) || - (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST))) { - /* received on wrong interface */ -#if NCARP > 0 - struct ifnet *out_if; - - /* - * Virtual IPs on carp interfaces need to be checked - * also against the parent interface and other carp - * interfaces sharing the same parent. - */ - out_if = if_get(rt->rt_ifidx); - if (!(out_if && carp_strict_addr_chk(out_if, ifp))) { - ip6stat_inc(ip6s_wrongif); - if_put(out_if); - goto bad; - } - if_put(out_if); -#else + if (ip6_forwarding == 0 && !ip_laddr(ifp, m, rt)) { ip6stat_inc(ip6s_wrongif); goto bad; -#endif } /* * packets to a tentative, duplicated, or somehow invalid