From yvan.vanhullebus@netasq.com  Tue Oct  3 15:39:10 2006
Return-Path: <yvan.vanhullebus@netasq.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C79E316A40F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Oct 2006 15:39:10 +0000 (UTC)
	(envelope-from yvan.vanhullebus@netasq.com)
Received: from netasq.netasq.com (netasq.netasq.com [213.30.137.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 62C3643D67
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Oct 2006 15:39:10 +0000 (GMT)
	(envelope-from yvan.vanhullebus@netasq.com)
Received: from [10.2.0.2] (unknown [10.0.0.126])
	by netasq.netasq.com (Postfix) with ESMTP id 65D504DBA7
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  3 Oct 2006 17:39:06 +0200 (CEST)
Received: by darkstar.netasq.com (Postfix, from userid 1001)
	id EA618F74B8; Tue,  3 Oct 2006 17:39:12 +0200 (CEST)
Message-Id: <20061003153912.EA618F74B8@darkstar.netasq.com>
Date: Tue,  3 Oct 2006 17:39:12 +0200 (CEST)
From: DEVILLE Damien <damien.deville@netasq.com>
Reply-To: DEVILLE Damien <damien.deville@netasq.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Broadcast packets are not forwarded
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         103950
>Category:       kern
>Synopsis:       [netinet] [patch] Broadcast packets are not forwarded
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bms
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 03 15:40:22 GMT 2006
>Closed-Date:    Sat Feb 03 06:12:21 GMT 2007
>Last-Modified:  Sat Feb 03 06:12:21 GMT 2007
>Originator:     DEVILLE Damien
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
NETASQ
>Environment:
System: FreeBSD darkstar.netasq.com 6.1-STABLE FreeBSD 6.1-STABLE #1: Thu May 11 11:43:31 CEST 2006 vanhu@darkstar.netasq.com:/home/vanhu/work/FreeBSD/src-RELENG6/sys/i386/compile/GENERIC.IPSEC i386


	
>Description:
On a FreeBSD gate, broadcasts received on an interface with a destination
belonging to another interface are not correctly forwarded because
IP_ALLOWBROADCAST is not set in ip_output() call from ip_forward().

>How-To-Repeat:
Set up a gate with 2 NICs (for example 192.168.1.0/24 and 192.168.2.0/24).

From a host on 192.168.1.0/24, do a ping to 192.168.2.255.

The packet will go through ip_forward(), but will be dropped in
ip_output().


>Fix:
--- sys/netinet/ip_input.c.orig     Fri Sep 29 11:35:14 2006
+++ sys/netinet/ip_input.c  Fri Sep 29 11:35:22 2006
@@ -2006,7 +2006,7 @@
                        RTFREE(rt);
        }

-       error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
+       error = ip_output(m, NULL, NULL, IP_FORWARDING|IP_ALLOWBROADCAST, NULL, NULL);
        if (error)
                ipstat.ips_cantforward++;
        else {

>Release-Note:
>Audit-Trail:

From: Astrodog <astrodog@gmail.com>
To: bug-followup@FreeBSD.org, damien.deville@netasq.com
Cc:  
Subject: Re: kern/103950: Broadcast packets are not forwarded
Date: Sat, 7 Oct 2006 23:30:47 -0500

 ------=_Part_152478_26133337.1160281847644
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 I reworked the included fix to allow for a sysctl tunable. I don't think we
 want to make forwarding broadcast mandatory when forwarding.
 
 --- in.h.old    Sun Oct  8 03:24:55 2006
 +++ in.h        Sun Oct  8 04:29:34 2006
 @@ -542,7 +542,8 @@
  #define        IPCTL_FASTFORWARDING    14      /* use fast IP forwarding
 code */
  #define        IPCTL_KEEPFAITH         15      /* FAITH IPv4->IPv6
 translater ctl */
  #define        IPCTL_GIF_TTL           16      /* default TTL for gif encap
 packet */
 -#define        IPCTL_MAXID             17
 +#define        IPCTL_FORWARDBROADCAST  17      /* may forward broadcast
 packets */
 +#define        IPCTL_MAXID             18
 
  #define        IPCTL_NAMES { \
         { 0, 0 }, \
 @@ -560,6 +561,7 @@
         { "stats", CTLTYPE_STRUCT }, \
         { "accept_sourceroute", CTLTYPE_INT }, \
         { "fastforwarding", CTLTYPE_INT }, \
 +       { "forwardbroadcast", CTLTYPE_INT }, \
  }
 
  #endif /* __BSD_VISIBLE */
 --- ip_input.c.old      Sun Oct  8 03:27:01 2006
 +++ ip_input.c  Sun Oct  8 03:41:09 2006
 @@ -129,6 +129,11 @@
         &ip_do_randomid, 0,
         "Assign random ip_id values");
 
 +int    ip_forwardbroadcast = 0;
 +SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDBROADCAST, forwardbroadcast,
 CTLFLAG_RW,
 +       &ip_forwardbroadcast, 0,
 +       "Allow forwarding of broadcast packets");
 +
  /*
   * XXX - Setting ip_checkinterface mostly implements the receive side of
   * the Strong ES model described in RFC 1122, but since the routing table
 @@ -1896,8 +1901,10 @@
                 if (rt)
                         RTFREE(rt);
         }
 -
 -       error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
 +       if (!ip_forwardbroadcast)
 +               error = ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL);
 +       else
 +               error = ip_output(m, NULL, NULL,
 IP_FORWARDING|IP_ALLOWBROADCAST, NULL, NULL);
         if (error)
                 ipstat.ips_cantforward++;
         else {
 
State-Changed-From-To: open->analyzed 
State-Changed-By: flz 
State-Changed-When: Mon Oct 9 09:24:50 UTC 2006 
State-Changed-Why:  
Change to analyzed at submitter's request. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103950 

From: Yar Tikhiy <yar@comp.chem.msu.su>
To: bug-followup@FreeBSD.org, damien.deville@netasq.com
Cc:  
Subject: Re: kern/103950: [netinet] [patch] Broadcast packets are not forwarded
Date: Wed, 11 Oct 2006 13:06:59 +0400

 This case is well-known as directed broadcasts.  FreeBSD might have
 it disabled on purpose.  See RFC 2644 aka BCP 34.
 
 Formerly there was a sysctl for enabling directed broadcasts,
 IPCTL_DIRECTEDBROADCAST aka "directed-broadcast", obtained from
 NetBSD -- see netinet/in.h rev. 1.11 and netinet/ip_input.c rev.
 1.26.  Its definition still is in netinet/in.h but unused.  It can
 be just re-introduced.  See NetBSD's netinet/ip_input.c for example,
 search for "ip_directedbcast".
 
 Apropos, did you test how the fastforward path would handle directed
 broadcasts?
 
 -- 
 Yar

From: Yar Tikhiy <yar@comp.chem.msu.su>
To: bug-followup@FreeBSD.org, damien.deville@netasq.com
Cc:  
Subject: Re: kern/103950: [netinet] [patch] Broadcast packets are not forwarded
Date: Wed, 11 Oct 2006 13:23:26 +0400

 Just for the record: in FreeBSD, directed broadcasts were completely
 disabled on purpose in ip_input rev. 1.32.  Now a positive conclusion
 on an appropriate mailing list is needed to re-introduce the option.
 
 -- 
 Yar

From: Damien Deville <damien.deville@netasq.com>
To: Yar Tikhiy <yar@comp.chem.msu.su>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/103950: [netinet] [patch] Broadcast packets are not forwarded
Date: Wed, 11 Oct 2006 11:52:54 +0200

 Hi,
 
 We did not tested the fast forward path as our setup need it to be disabled.
 
 Damien
 
 Yar Tikhiy wrote:
 > This case is well-known as directed broadcasts.  FreeBSD might have
 > it disabled on purpose.  See RFC 2644 aka BCP 34.
 > 
 > Formerly there was a sysctl for enabling directed broadcasts,
 > IPCTL_DIRECTEDBROADCAST aka "directed-broadcast", obtained from
 > NetBSD -- see netinet/in.h rev. 1.11 and netinet/ip_input.c rev.
 > 1.26.  Its definition still is in netinet/in.h but unused.  It can
 > be just re-introduced.  See NetBSD's netinet/ip_input.c for example,
 > search for "ip_directedbcast".
 > 
 > Apropos, did you test how the fastforward path would handle directed
 > broadcasts?
 > 
 
 
 -- 
 Damien Deville
 R&D engineer
 damien.deville@netasq.com
 http://www.netasq.com

From: Yar Tikhiy <yar@comp.chem.msu.su>
To: Damien Deville <damien.deville@netasq.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/103950: [netinet] [patch] Broadcast packets are not forwarded
Date: Wed, 11 Oct 2006 15:37:53 +0400

 On Wed, Oct 11, 2006 at 11:52:54AM +0200, Damien Deville wrote:
 > 
 > We did not tested the fast forward path as our setup need it to be disabled.
 
 According to my test, fastforward won't route directed broadcasts.
 However, I failed to see exactly why from a quick glance at the code.
 I'll look in detail later.
 
 -- 
 Yar
Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Sat Feb 3 05:40:33 UTC 2007 
Responsible-Changed-Why:  
this is related to other PRs I am looking into 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103950 

From: Bruce M Simpson <bms@incunabulum.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/103950: [netinet] [patch] Broadcast packets are not forwarded
Date: Sat, 03 Feb 2007 06:02:19 +0000

 Hello,
 
 I'm preparing to commit a patch which completely disables forwarding of 
 directed broadcasts in the fast-forwarding path.
 
 Yar: my tests indicate that this still happens, see these PRs:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=99484&cat=kern
     http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/98799
 ...merely checking for RTF_BROADCAST should also be enough if packets 
 destined for the network address are to be dropped, because the cloning 
 logic will set RTF_BROADCAST there too.
 
 The Internet consensus is that forwarding of directed broadcasts is 
 generally a very bad thing. During the mid 1990s there was piracy on the 
 high seas, in the form of 'smurf' attacks; this, together with TCP 
 sequencing attacks, forced ISPs to deploy defences such as this, and 
 TCP-MD5 authentication.
 
 Undirected broadcasts are never forwarded, regardless of the time-to-live.
 
 If you have a specialist application which requires that directed 
 broadcast packets are forwarded, you will have to maintain your own 
 patch to do this.
 Astrodog's patch is a start, however there were hooks left in BSD to do 
 this when the code got pulled (ie IPCTL_DIRECTEDBROADCAST, 
 net.inet.ip.directed-broadcast).
 
 Regards,
 BMS
State-Changed-From-To: analyzed->closed 
State-Changed-By: bms 
State-Changed-When: Sat Feb 3 06:11:54 UTC 2007 
State-Changed-Why:  
There are no plans to restore the routing of directed broadcasts 
in FreeBSD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103950 
>Unformatted:
