in_broadcast() called for almost every packet in ip_output()
Ryan Stone
rysto32 at gmail.com
Mon Jul 25 18:09:54 UTC 2016
On Wed, Jul 20, 2016 at 7:57 PM, Ryan Stone <rysto32 at gmail.com> wrote:
> Would it be correct to check for M_BCAST on the packet before checking for
> for a broadcast IP address? I don't believe that there would be any
> security concerns with that approach. If somebody injected a UDP packet
> with a broadcast IP address but a unicast MAC address, we would try to look
> up a pcb that matched, fail to find anything, and then drop the packet.
>
Ok, I've put this up for review, along with a fix for the 802.11 stack to
have it set M_BCAST properly:
https://reviews.freebsd.org/D7309
Are there any other L2 protocols that we support other than Ethernet and
802.11 that I should audit to ensure it sets M_BCAST properly.
More information about the freebsd-transport
mailing list