From owner-freebsd-net@FreeBSD.ORG  Wed Oct 11 13:08:27 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3F7A916A4AB
	for <freebsd-net@freebsd.org>; Wed, 11 Oct 2006 13:08:27 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4A68343D94
	for <freebsd-net@freebsd.org>; Wed, 11 Oct 2006 13:08:11 +0000 (GMT)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.4) with SMTP id XAA11211;
	Wed, 11 Oct 2006 23:07:36 +1000 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Wed, 11 Oct 2006 23:07:36 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Yar Tikhiy <yar@comp.chem.msu.su>
In-Reply-To: <20061011123403.GC47124@comp.chem.msu.su>
Message-ID: <Pine.BSF.3.96.1061011225059.9930B-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-net@freebsd.org
Subject: Re: A way to disable reception of broadcast UDP?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Oct 2006 13:08:27 -0000

On Wed, 11 Oct 2006, Yar Tikhiy wrote:

 > Is there a well-known way for a UDP application to tell to the
 > system that it doesn't want to receive broadcast datagrams?  E.g.,
 > it would be very good for TFTP as required by RFC 1123.  In general,
 > accepting broadcast UDP is a security flaw unless the higher proto
 > was specifically designed to work with broadcast.

I know this doesn't address your question regarding the stack, but you
could immediately benefit by having a firewall rule dropping all IP
traffic on the broadcast address (and the network address) via the
outside interface.  Working here since '98, counting plenty of them.

If you also wanted to limit UDP on the inside, that's just as easy.

Cheers, Ian

 > SO_BROADCAST affects sending only, and not reception.  Dropping
 > broadcast datagrams in the application is not an option because
 > they can't be told without bogus system-dependent hacks.  I found
 > that our network stack would stop passing broadcast datagrams to
 > the application as soon as it bound the socket to a particular
 > address, but the status of this feature is unclear to me.  By the
 > way, it's the reason for a funny problem: Samba's nmbd won't work
 > if started from inetd bound to a single IP.
 > 
 > I can remember that, when T/TCP was there, the respective option
 > must have been enabled on a socket for reception and transmission,
 > for security reasons.  (IIRC there was even a security incident
 > related to that.)  Perhaps SO_BROADCAST should be given similar
 > semantics?  It could improve security of many UDP applications.
 > 
 > Any ideas?  Thanks!
 > 
 > -- 
 > Yar