A way to disable reception of broadcast UDP?
yar at comp.chem.msu.su
Wed Oct 11 05:35:44 PDT 2006
Is there a well-known way for a UDP application to tell to the
system that it doesn't want to receive broadcast datagrams? E.g.,
it would be very good for TFTP as required by RFC 1123. In general,
accepting broadcast UDP is a security flaw unless the higher proto
was specifically designed to work with broadcast.
SO_BROADCAST affects sending only, and not reception. Dropping
broadcast datagrams in the application is not an option because
they can't be told without bogus system-dependent hacks. I found
that our network stack would stop passing broadcast datagrams to
the application as soon as it bound the socket to a particular
address, but the status of this feature is unclear to me. By the
way, it's the reason for a funny problem: Samba's nmbd won't work
if started from inetd bound to a single IP.
I can remember that, when T/TCP was there, the respective option
must have been enabled on a socket for reception and transmission,
for security reasons. (IIRC there was even a security incident
related to that.) Perhaps SO_BROADCAST should be given similar
semantics? It could improve security of many UDP applications.
Any ideas? Thanks!
More information about the freebsd-net