Date: Wed, 20 Jul 2016 19:57:39 -0400 From: Ryan Stone <rysto32@gmail.com> To: Adrian Chadd <adrian.chadd@gmail.com> Cc: Andrew Gallatin <gallatin@netflix.com>, "<freebsd-transport@freebsd.org>" <freebsd-transport@freebsd.org> Subject: Re: in_broadcast() called for almost every packet in ip_output() Message-ID: <CAFMmRNzJNxqKavW9TgawnU-EVPpHn146d8ZDUkN-88Mn2hx94Q@mail.gmail.com> In-Reply-To: <CAJ-Vmo=xU9dmsf0=Sx5wWTqmgpx_eLiSG-_aj=VAdEdW-VOV%2BA@mail.gmail.com> References: <CAFMmRNx%2Bx9GNDgDHO5oyoj-S%2BCK9bRvJhpNNFf3%2BPk0p2SQeSQ@mail.gmail.com> <CADLQ3sLyytm0HMsSChhWD108t6iPpquXH2E2R7Wc42FpaAP1Rw@mail.gmail.com> <CAFMmRNyi1-K%2BKX6bY2bx7_hiq2PDPJa-QJatBf0QdtriGnJ5fw@mail.gmail.com> <559f1d0e-9d35-f458-bff5-b69a03297cf0@netflix.com> <CAFMmRNxjpZMVbRLv-xqYNTXjCUh6=oDPfqK_cM47i64bRs51eA@mail.gmail.com> <CAFMmRNyeUiru=t3i5ymhQiCnNivV9-=PYK6F0ak0swZo2M969A@mail.gmail.com> <CAJ-Vmo=xU9dmsf0=Sx5wWTqmgpx_eLiSG-_aj=VAdEdW-VOV%2BA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, this should address the issue in ip_output() for everything: TCP, UDP, forwarded packets, raw sockets. I've tested UDP and icmp traffic with both broadcast and unicast addresses and everything seems correct. https://reviews.freebsd.org/D7266 Unfortunately, I also notice that udp_input() calls in_broadcast() on every input UDP packet: https://svnweb.freebsd.org/base/head/sys/netinet/udp_usrreq.c?revision=301717&view=markup#l524 Would it be correct to check for M_BCAST on the packet before checking for for a broadcast IP address? I don't believe that there would be any security concerns with that approach. If somebody injected a UDP packet with a broadcast IP address but a unicast MAC address, we would try to look up a pcb that matched, fail to find anything, and then drop the packet.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNzJNxqKavW9TgawnU-EVPpHn146d8ZDUkN-88Mn2hx94Q>