matt@oddjob.UUCP (Matt Crawford) (04/14/85)
At this university we have several class C networks connected by
gateways. I modified our rwho daemon to send packets to selected
other networks with a local-address-portion of zero. My intent
was to get the gateway to perform a broadcast on an adjacent net.
It didn't work, and the reason seems to be an accidental side effect
of the kernel's internet output code. The gateway is actually a
SUN, but we don't have source so I quote the VAX 4.2bsd code below.
In netinet/ip_input.c, if a packet is to be forwarded the routine
ip_forward does:
error = ip_output(dtom(ip), mopt, (struct route *)0, IP_FORWARDING);
while ip_output has:
ip_output(m, opt, ro, flags)
. . .
{
:
:
/*
* Look for broadcast address and
* and verify user is allowed to send
* such a packet.
*/
if (in_lnaof(((struct sockaddr_in *)dst)->sin_addr) == INADDR_ANY) {
:
:
if ((flags & IP_ALLOWBROADCAST) == 0) {
error = EACCES;
goto bad;
}
}
:
:
}
So the gateway's refusal to forward my packet seems to be a by-product
of the restriction that only the super-user can broadcast and the need
not to repeat broadcasts endlessly. Can someone out there give a good
reason not to allow what I am trying to do? I would like to change the
last test above to:
if ((flags & (IP_ALLOWBROADCAST|IP_FORWARDING) == 0) {
(If I had source for the gateways!) ipintr() would also have to be
changed to forward broadcast packets whose source address is not on
the destination network. This would mean that certain packets are
both forwarded and passed on to the next protocol level. Comments?
_____________________________________________________
Matt University crawford@anl-mcs.arpa
Crawford of Chicago ihnp4!oddjob!mattsylvain@lvbull.UUCP (Sylvain Langlois RCG-ARS) (04/19/85)
In article <674@oddjob.UUCP>, matt@oddjob.UUCP (Matt Crawford) says: >...My intent was to get the gateway to perform a broadcast >on an adjacent net. I don't really understand that, if the segment is forwarded to the gateway, how does this one know he will have to broadcast it? But, that is not the reason of my answer... >So the gateway's refusal to forward my packet seems to be >a by-product of the restriction that only the super-user >can broadcast and the need not to repeat broadcasts endlessly. I think, allowing only suto broadcast packets is a good idea. You don't really want to see everybody broadcasting junk all over the world, especially if you have a strongly interconnected set of networks (LANs and WANs). The broadcasting facility is to be used only by networks administrators (who may not be real su's, but it helps!!) or some special deamons, such as ARP for example. >ipintr() would also have to be changed to forward broadcast >packets whose source address is not on the destination network. >This would mean that certain packets are both forwarded and >passed on to the next protocol level. This suppose copying the packet for local use and forwarding to packet to the next host. But it also means you are entering an infinite loop. Each host receiving this packet will broadcast it back to where it comes from, and so on. When do you stop it ( it seems only possible with token rings, where packets are destroyed when seen too often!). -- Sylvain "Panic Trap" Langlois UUCP Address: (...!mcvax!vmucnam!lvbull!sylvain) Postal Address: BULL, PC 33/05, 68 route de Versailles, F-78430 Louveciennes, France.