Date: Wed, 12 Nov 2003 22:30:12 -0500 From: Damian Gerow <dgerow@afflictions.org> To: current@freebsd.org Subject: Re: tcp hostcache and ip fastforward for review Message-ID: <20031112223012.2aec54be.dgerow@afflictions.org> In-Reply-To: <mailman.1068677700.28876.fcurrent-l@lists.sentex.ca> References: <3FAE68FB.64D262FF@pipeline.ch> <mailman.1068677700.28876.fcurrent-l@lists.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been thinking about this all day... Thus spake Jesper Skriver <jesper@freebsd.org> [23:53:26 11/12/03: : > + /* : > + * Only unicast IP, not from loopback, no L2 or IP broadcast, : > + * no multicast, no INADDR_ANY : > + */ : > + if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) || : > + (ntohl(ip->ip_src.s_addr) == (u_long)INADDR_BROADCAST) || : : #jesper : You will never see packets with a multicast source address. Do you mean: Any packets with a multicast source address will be dropped by the kernel before this point, or that no host will ever send a packet with a multicast source address? In the former, that's fine. In the latter, how does one guarantee that there isn't a malicious host out there sending spoofed multicast-source packets? - Damian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031112223012.2aec54be.dgerow>