on input, check the unicast address before the multicast handling.

if the mac address is not for the interface, it must be multicast
or broadcast. this is instead of if the packet is not
multicast/broadcast, it must be for the interface.

this allows ethernet interfaces to have multicast mac addresses
without having to special case it themselves. eg, carp load balancing
should become easier with this.

ok mpi@

1 files changed, 8 insertions, 12 deletions

diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 00c506bd343..76f6c3147e0 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_ethersubr.c,v 1.252 2018/02/27 09:24:56 benno Exp $	*/
+/*	$OpenBSD: if_ethersubr.c,v 1.253 2018/03/13 01:31:48 dlg Exp $	*/
 /*	$NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $	*/
 
 /*
@@ -328,7 +328,13 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
 	ac = (struct arpcom *)ifp;
 	eh = mtod(m, struct ether_header *);
 
-	if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
+	/* Is the packet for us? */
+	if (memcmp(ac->ac_enaddr, eh->ether_dhost, ETHER_ADDR_LEN) != 0) {
+
+		/* If not, it must be multicast or broadcast to go further */
+		if (!ETHER_IS_MULTICAST(eh->ether_dhost))
+			goto dropanyway;
+
 		/*
 		 * If this is not a simplex interface, drop the packet
 		 * if it came from us.
@@ -354,16 +360,6 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie)
 	if (m->m_flags & M_VLANTAG)
 		goto dropanyway;
 
-	/*
-	 * If packet is unicast, make sure it is for us.  Drop otherwise.
-	 * This check is required in promiscous mode, and for some hypervisors
-	 * where the MAC filter is 'best effort' only.
-	 */
-	if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
-		if (memcmp(ac->ac_enaddr, eh->ether_dhost, ETHER_ADDR_LEN))
-			goto dropanyway;
-	}
-
 	etype = ntohs(eh->ether_type);
 
 	switch (etype) {