From owner-freebsd-hackers Thu Aug 9 10:27:16 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from amc.isi.edu (amc.isi.edu [128.9.160.102]) by hub.freebsd.org (Postfix) with ESMTP id 9D85B37B405; Thu, 9 Aug 2001 10:27:06 -0700 (PDT) (envelope-from yushunwa@amc.isi.edu) Received: from localhost (yushunwa@localhost) by amc.isi.edu (8.11.1/8.11.1) with ESMTP id f79HR5n42812; Thu, 9 Aug 2001 10:27:06 -0700 (PDT) (envelope-from yushunwa@amc.isi.edu) Date: Thu, 9 Aug 2001 10:27:05 -0700 (PDT) From: Yu-Shun Wang To: Jonathan Chen Cc: , Subject: Re: forwarding broadcast In-Reply-To: <20010809113638.A9519@enterprise.spock.org> Message-ID: <20010809102555.Y42772-100000@amc.isi.edu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I think it's specified in RFC 2644. It might be useful to site it in the comments of the code. Regards, yushun. ____________________________________________________________________________ Yu-Shun Wang Information Sciences Institute University of Southern California On Thu, 9 Aug 2001, Jonathan Chen wrote: > On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses are not > forwarded. For instance, if I have a FreeBSD router with interfaces > 192.168.1.1 and 192.168.2.1, and I send packets from 192.168.1.2 to > 192.168.2.255, the packets are dropped to the floor. IMO, this is wrong... > but I haven't consulted all the RFC's so I'm not sure if some standard out > there calls for it. In any case, the following patch creates a sysctl knob > to turn on or off this feature (since it can be considered a security risk > by some). I just want to ask around in case I turned out to be doing > something incredibly evil. Comments? > > -Jon > > Index: in.h > =================================================================== > RCS file: /export/ncvs/src/sys/netinet/in.h,v > retrieving revision 1.55 > diff -u -r1.55 in.h > --- in.h 2001/06/15 00:37:27 1.55 > +++ in.h 2001/08/09 15:12:19 > @@ -452,7 +452,8 @@ > #define IPCTL_FASTFORWARDING 14 /* use fast IP forwarding code */ > #define IPCTL_KEEPFAITH 15 /* FAITH IPv4->IPv6 translater ctl */ > #define IPCTL_GIF_TTL 16 /* default TTL for gif encap packet */ > -#define IPCTL_MAXID 17 > +#define IPCTL_FORWARD_BROADCAST 18 /* forward broadcast packets */ > +#define IPCTL_MAXID 18 > > #define IPCTL_NAMES { \ > { 0, 0 }, \ > Index: ip_input.c > =================================================================== > RCS file: /export/ncvs/src/sys/netinet/ip_input.c,v > retrieving revision 1.174 > diff -u -r1.174 ip_input.c > --- ip_input.c 2001/06/23 17:17:58 1.174 > +++ ip_input.c 2001/08/09 15:33:59 > @@ -103,6 +103,10 @@ > SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, > &ipforwarding, 0, "Enable IP forwarding between interfaces"); > > +int ipforward_broadcast = 0; > +SYSCTL_INT(_net_inet_ip, IPCTL_FORWARD_BROADCAST, forward_broadcast, CTLFLAG_RW, > + &ipforward_broadcast, 0, "Enable broadcast packets when forwarding IP packets"); > + > static int ipsendredirects = 1; /* XXX */ > SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, > &ipsendredirects, 0, "Enable sending IP redirects"); > @@ -1684,7 +1688,8 @@ > } > > error = ip_output(m, (struct mbuf *)0, &ipforward_rt, > - IP_FORWARDING, 0); > + IP_FORWARDING| > + (ipforward_broadcast?IP_ALLOWBROADCAST:0), 0); > if (error) > ipstat.ips_cantforward++; > else { > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message