From: YASUOKA Masahiko Subject: diff: setting M_BCAST flag To: tech@openbsd.org Date: Sat, 08 Mar 2025 12:54:35 +0900 Hello, Our ip_input() doesn't set M_BCAST flag for 0.0.0.0 or 255.255.255.255 if it's not set by the lower layer. The flag must be set since it is used by the upper layers. (eg. TCP use the flag to drop the packet.) The modification on in_ouraddr() is to set M_BCAST flag consistently if the packet is for directed broadcast. Previous the flag isn't set if the packet is diverted by pf(4). (eg. on the host that runs a transparent proxy for 80/tcp, when it receives a packet for directed broadcast but its destination mac address is not ff:ff:ff:ff:ff:ff (eg. wrong netmask), TCP wil not drop it and the connection will be established.) ok? comments? Index: sys/netinet/ip_input.c =================================================================== RCS file: /cvs/src/sys/netinet/ip_input.c,v diff -u -p -r1.404 ip_input.c --- sys/netinet/ip_input.c 2 Mar 2025 21:28:32 -0000 1.404 +++ sys/netinet/ip_input.c 8 Mar 2025 03:51:45 -0000 @@ -508,6 +508,7 @@ ip_input_if(struct mbuf **mp, int *offp, if (ip->ip_dst.s_addr == INADDR_BROADCAST || ip->ip_dst.s_addr == INADDR_ANY) { + m->m_flags |= M_BCAST; /* Make sure M_BCAST is set */ nxt = ip_ours(mp, offp, nxt, af, ns); goto out; } @@ -518,7 +519,7 @@ ip_input_if(struct mbuf **mp, int *offp, } else { ro = &ns->ns_route; } - switch(in_ouraddr(m, ifp, ro, flags)) { + switch (in_ouraddr(m, ifp, ro, flags)) { case 2: goto bad; case 1: @@ -851,18 +852,6 @@ in_ouraddr(struct mbuf *m, struct ifnet struct ip *ip; int match = 0; -#if NPF > 0 - switch (pf_ouraddr(m)) { - case 0: - return (0); - case 1: - return (1); - default: - /* pf does not know it */ - break; - } -#endif - ip = mtod(m, struct ip *); rt = route_mpath(ro, &ip->ip_dst, &ip->ip_src, m->m_pkthdr.ph_rtableid); @@ -883,6 +872,18 @@ in_ouraddr(struct mbuf *m, struct ifnet m->m_flags |= M_BCAST; } } + +#if NPF > 0 + switch (pf_ouraddr(m)) { + case 0: + return (0); + case 1: + return (1); + default: + /* pf does not know it */ + break; + } +#endif if (!match) { struct ifaddr *ifa;