2 files changed, 13 insertions, 11 deletions

diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index 2210bb8a995..c83aaa350f6 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.c,v 1.24 2012/01/18 02:02:53 yasuoka Exp $	*/
+/*	$OpenBSD: pipex.c,v 1.25 2012/01/23 03:36:21 yasuoka Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -1124,15 +1124,16 @@ pipex_ip_input(struct mbuf *m0, struct pipex_session *session)
 			goto drop;
 	}
 #endif
-
-	/* ingress filter */
-	ip = mtod(m0, struct ip *);
-	if ((ip->ip_src.s_addr & session->ip_netmask.sin_addr.s_addr) !=
-	    session->ip_address.sin_addr.s_addr) {
-		pipex_session_log(session, LOG_DEBUG,
-		    "ip packet discarded by ingress filter (src %s)",
-		    inet_ntoa(ip->ip_src));
-		goto drop;
+	if (ISSET(session->ppp_flags, PIPEX_PPP_INGRESS_FILTER)) {
+		/* ingress filter */
+		ip = mtod(m0, struct ip *);
+		if ((ip->ip_src.s_addr & session->ip_netmask.sin_addr.s_addr) !=
+		    session->ip_address.sin_addr.s_addr) {
+			pipex_session_log(session, LOG_DEBUG,
+			    "ip packet discarded by ingress filter (src %s)",
+			    inet_ntoa(ip->ip_src));
+			goto drop;
+		}
 	}
 
 	/* idle timer */
diff --git a/sys/net/pipex.h b/sys/net/pipex.h
index cddbbefc893..8b9a69f0abd 100644
--- a/sys/net/pipex.h
+++ b/sys/net/pipex.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.h,v 1.10 2011/10/15 03:24:11 yasuoka Exp $	*/
+/*	$OpenBSD: pipex.h,v 1.11 2012/01/23 03:36:21 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -89,6 +89,7 @@ struct pipex_session_req {
 #define	PIPEX_PPP_MPPE_REQUIRED		0x00000040
 #define	PIPEX_PPP_HAS_ACF		0x00000080
 #define	PIPEX_PPP_ADJUST_TCPMSS		0x00000100
+#define	PIPEX_PPP_INGRESS_FILTER	0x00000200
 	int8_t		pr_ccp_id;		/* CCP current packet id */
 	int		pr_ppp_id;		/* PPP Id. */
 	uint16_t	pr_peer_mru; 		/* Peer's MRU */