From owner-freebsd-net  Thu Aug  9  9: 2:30 2001
Delivered-To: freebsd-net@freebsd.org
Received: from enterprise.spock.org (cm-24-29-85-81.nycap.rr.com [24.29.85.81])
	by hub.freebsd.org (Postfix) with ESMTP id 2C0FA37B401
	for <net@FreeBSD.ORG>; Thu,  9 Aug 2001 09:02:25 -0700 (PDT)
	(envelope-from jon@enterprise.spock.org)
Received: (from jon@localhost)
	by enterprise.spock.org  serial EF600Q3T-B7F;
	Thu, 9 Aug 2001 12:02:21 -0400 (EDT)
	(envelope-from jon)$
Date: Thu, 9 Aug 2001 12:02:21 -0400
From: Jonathan Chen <jon@FreeBSD.ORG>
To: Luigi Rizzo <luigi@info.iet.unipi.it>
Cc: net@FreeBSD.ORG
Subject: Re: forwarding broadcast
Message-ID: <20010809120221.D9519@enterprise.spock.org>
References: <20010809113638.A9519@enterprise.spock.org> <200108091542.RAA06984@info.iet.unipi.it>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: telnet/1.1x
In-Reply-To: <200108091542.RAA06984@info.iet.unipi.it>; from luigi@info.iet.unipi.it on Thu, Aug 09, 2001 at 05:42:32PM +0200
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Thu, Aug 09, 2001 at 05:42:32PM +0200, Luigi Rizzo wrote:
> > On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses are not 
> > forwarded.  For instance, if I have a FreeBSD router with interfaces 
> 
> I think it is correct NOT to forward local or subnet broadcasts --
> it would be evil to let let an external node flood a subnet
> with broadcast traffic.
> Plus, a node has no good way (other than guessing) to know what
> netmask is used on an external subnet.

Yes, it would be evil to let an external node flood a subnet with broadcast 
traffic.  However, there are legitimate uses for it.  For instance, hosts 
in a DMZ may wish to broadcast snmp traps to hosts in the secure network.
ipfw and ipf provide excellent ways to enable broadcast forwarding while 
preventing broadcast flood attempts.

As for the external subnet, freebsd lets it pass because it isn't 
technically a broadcast till it reaches the last router.

One more thing, -CURRENT will stuff two copies of any broadcast into bpf, 
it seems.  tcpdump shows two packets being sent for every broadcast, and in 
actualilty only one is sent.  I might look at this when I get some time -- 
unless someone else wants to take a shot at this.

-Jon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message