[PATCH] ip_fastfwd forwards directed broadcasts
Bruce M Simpson
bms at incunabulum.net
Sat Feb 3 06:18:12 UTC 2007
Hi,
Attached is a patch which tells our IPv4 fast-forwarding path to drop
directed broadcast packets. The checks originally put in ip_fastfwd.c
can deal only with undirected broadcasts.
Whilst this patch doesn't mitigate the resulting CPU consumption, it
does the right thing by letting the FIB deal with the hard work of
determining whether or not a given destination address is for a
broadcast destination.
Normally, RTF_BROADCAST is set on routes which were added as a result of
a call to arpresolve() to resolve the broadcast address, and thus
in_addroute(). This is fine and covers the case where the directed
broadcast address is known to the router -- which is what we want 99% of
the time.
The fix in PR 98799 is not the right fix: in_broadcast() can potentially
return an IPv4 destination address as not being a broadcast address,
because it only walks the address list hung off the single ifnet pointer
provided.
We perform a route lookup anyway, so let the FIB do the work.
To detect directed broadcasts being propagated beyond a single hop would
require cooperation from a routing daemon which is smart enough to set
RTF_BROADCAST on the routes which it pushes to the kernel FIB for the
network prefixes it learns; the router has to have topology information
before it can do anything, otherwise, it's just another IPv4 address.
Regards,
BMS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dropbroadcasts.diff
Type: text/x-patch
Size: 685 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070203/2a278f11/dropbroadcasts.bin
More information about the freebsd-net
mailing list