When fast-forwarding is enabled, do not forward directed IPv4 broadcasts

to locally attached broadcast networks. Note well: This relies on the layer 2 route cloning behaviour in BSD. PR: 98799 Tested by: Dmitry Sergienko MFC after: 1 week
2007-02-05 00:15:40 +00:00 · 2007-02-05 00:15:40 +00:00 · 64e740a352
commit 64e740a352
parent 0d86a7f7c2
1 changed files with 4 additions and 2 deletions
--- a/sys/netinet/ip_fastfwd.c
+++ b/sys/netinet/ip_fastfwd.c
@ -420,9 +420,11 @@ passin:
 	ifp = ro.ro_rt->rt_ifp;

 	/*
-	 * Immediately drop blackholed traffic.
+	 * Immediately drop blackholed traffic, and directed broadcasts
+	 * for either the all-ones or all-zero subnet addresses on
+	 * locally attached networks.
 	 */
-	if (ro.ro_rt->rt_flags & RTF_BLACKHOLE)
+	if ((ro.ro_rt->rt_flags & (RTF_BLACKHOLE|RTF_BROADCAST)) != 0)
 		goto drop;

 	/*