From owner-freebsd-hackers  Fri Apr  7  8:18:15 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from thorin.hway.ru (thorin.hway.ru [195.170.38.130])
	by hub.freebsd.org (Postfix) with ESMTP id 5056B37BA1D
	for <freebsd-hackers@freebsd.org>; Fri,  7 Apr 2000 08:18:05 -0700 (PDT)
	(envelope-from flash@intech.hway.ru)
Received: from balin.intech.hway.ru (balin.intech.hway.ru [192.168.1.25])
	by thorin.hway.ru (8.9.1/8.9.1) with ESMTP id TAA24715
	for <freebsd-hackers@freebsd.org>; Fri, 7 Apr 2000 19:17:11 +0400 (MSD)
Received: from localhost (flash@localhost)
	by balin.intech.hway.ru (8.8.8/8.8.8) with ESMTP id TAA01376
	for <freebsd-hackers@freebsd.org>; Fri, 7 Apr 2000 19:17:11 +0400 (MSD)
	(envelope-from flash@balin.intech.hway.ru)
Date: Fri, 7 Apr 2000 19:17:11 +0400 (MSD)
From: "Alexander V. Tischenko" <flash@intech.hway.ru>
To: freebsd-hackers@freebsd.org
Subject: Strange issue with directed broadcasts
Message-ID: <Pine.BSF.4.05.10004071856530.1350-100000@balin.intech.hway.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello Hackers,
Recently i stumbled accross strange security feature with ip_input().
The task i was performing required usage of net directed broadcasts
(samba, remote announce, freebsds as routers).
Those broadcasts never reached their subnets. I understand that it is
a security feature nowerdays :) , but probably router should have a
configurable mechanism (as ciscos for example) to forward or not
such beasts into their attached net. The code in question is around
lines 498 of ip_input.c version 1.131. No attempt is made to check
the interface the packet came in nor provisions for duplication.
As a result, clients and servers behind such router never see
announcements from remote, unless they reside on the router itself.
(Yes, i have to use direct ip non-broadcast announcements now, but
would prefer broadcasts for some reasons :)
My solution would be to check rcvif vs ia_ifp and accept the packet
as 'ours' only if those ifs are the same.
Note, that if we will not accept the packet, but forward it instead,
if will get back to us - feature of ethernet.

Any solutions, advice, reasons why not ?

Thank you in advance,
Alexander V. Tischenko
------------------------------------------------------------------------------
Integrated Network Technologies                 | Tel: +7 095 978-47-37
7, Miusskaya sq., Moscow, 125047 Russia         | Fax: +7 095 978-47-37
Internet: flash@hway.ru                         | NIC: AT55-RIPE



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message