Date: Thu, 9 Aug 2001 12:02:21 -0400 From: Jonathan Chen <jon@FreeBSD.ORG> To: Luigi Rizzo <luigi@info.iet.unipi.it> Cc: net@FreeBSD.ORG Subject: Re: forwarding broadcast Message-ID: <20010809120221.D9519@enterprise.spock.org> In-Reply-To: <200108091542.RAA06984@info.iet.unipi.it>; from luigi@info.iet.unipi.it on Thu, Aug 09, 2001 at 05:42:32PM %2B0200 References: <20010809113638.A9519@enterprise.spock.org> <200108091542.RAA06984@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 09, 2001 at 05:42:32PM +0200, Luigi Rizzo wrote: > > On FreeBSD -CURRENT and -STABLE, packets to broadcast addresses are not > > forwarded. For instance, if I have a FreeBSD router with interfaces > > I think it is correct NOT to forward local or subnet broadcasts -- > it would be evil to let let an external node flood a subnet > with broadcast traffic. > Plus, a node has no good way (other than guessing) to know what > netmask is used on an external subnet. Yes, it would be evil to let an external node flood a subnet with broadcast traffic. However, there are legitimate uses for it. For instance, hosts in a DMZ may wish to broadcast snmp traps to hosts in the secure network. ipfw and ipf provide excellent ways to enable broadcast forwarding while preventing broadcast flood attempts. As for the external subnet, freebsd lets it pass because it isn't technically a broadcast till it reaches the last router. One more thing, -CURRENT will stuff two copies of any broadcast into bpf, it seems. tcpdump shows two packets being sent for every broadcast, and in actualilty only one is sent. I might look at this when I get some time -- unless someone else wants to take a shot at this. -Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010809120221.D9519>