From owner-freebsd-net Thu Aug 9 8:36:46 2001 Delivered-To: freebsd-net@freebsd.org Received: from enterprise.spock.org (cm-24-29-85-81.nycap.rr.com [24.29.85.81]) by hub.freebsd.org (Postfix) with ESMTP id 9CFD637B407; Thu, 9 Aug 2001 08:36:39 -0700 (PDT) (envelope-from jon@enterprise.spock.org) Received: (from jon@localhost) by enterprise.spock.org serial EF600Q3T-B7F; Thu, 9 Aug 2001 11:36:38 -0400 (EDT) (envelope-from jon)$ Date: Thu, 9 Aug 2001 11:36:38 -0400 From: Jonathan Chen To: net@freebsd.org, hackers@freebsd.org Subject: forwarding broadcast Message-ID: <20010809113638.A9519@enterprise.spock.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: telnet/1.1x Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses are not forwarded. For instance, if I have a FreeBSD router with interfaces 192.168.1.1 and 192.168.2.1, and I send packets from 192.168.1.2 to 192.168.2.255, the packets are dropped to the floor. IMO, this is wrong... but I haven't consulted all the RFC's so I'm not sure if some standard out there calls for it. In any case, the following patch creates a sysctl knob to turn on or off this feature (since it can be considered a security risk by some). I just want to ask around in case I turned out to be doing something incredibly evil. Comments? -Jon Index: in.h =================================================================== RCS file: /export/ncvs/src/sys/netinet/in.h,v retrieving revision 1.55 diff -u -r1.55 in.h --- in.h 2001/06/15 00:37:27 1.55 +++ in.h 2001/08/09 15:12:19 @@ -452,7 +452,8 @@ #define IPCTL_FASTFORWARDING 14 /* use fast IP forwarding code */ #define IPCTL_KEEPFAITH 15 /* FAITH IPv4->IPv6 translater ctl */ #define IPCTL_GIF_TTL 16 /* default TTL for gif encap packet */ -#define IPCTL_MAXID 17 +#define IPCTL_FORWARD_BROADCAST 18 /* forward broadcast packets */ +#define IPCTL_MAXID 18 #define IPCTL_NAMES { \ { 0, 0 }, \ Index: ip_input.c =================================================================== RCS file: /export/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.174 diff -u -r1.174 ip_input.c --- ip_input.c 2001/06/23 17:17:58 1.174 +++ ip_input.c 2001/08/09 15:33:59 @@ -103,6 +103,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, &ipforwarding, 0, "Enable IP forwarding between interfaces"); +int ipforward_broadcast = 0; +SYSCTL_INT(_net_inet_ip, IPCTL_FORWARD_BROADCAST, forward_broadcast, CTLFLAG_RW, + &ipforward_broadcast, 0, "Enable broadcast packets when forwarding IP packets"); + static int ipsendredirects = 1; /* XXX */ SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, &ipsendredirects, 0, "Enable sending IP redirects"); @@ -1684,7 +1688,8 @@ } error = ip_output(m, (struct mbuf *)0, &ipforward_rt, - IP_FORWARDING, 0); + IP_FORWARDING| + (ipforward_broadcast?IP_ALLOWBROADCAST:0), 0); if (error) ipstat.ips_cantforward++; else { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message