[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: L2 broadcast and NAT state



On Fri, Mar 28, 2003 at 01:37:10AM -0800, Trevor Talbot wrote:
> >Are you running a bridge, or just IP forwarding?
> 
> Just IP forwarding.
> 
> The device does IP forwarding as well.  It has been configured to
> forward a set of IPs ($problem_addr among them) to the ethernet link
> connected to the OpenBSD box's $ext_if.  It doesn't make use of any
> of them itself, though it does own an address on the same subnet.
The frame arrives at $ext_if, and enters if_ethersubr.c ether_input().
Since the destination mac address is ff:ff:ff:ff:ff:ff, the mbuf gets an
M_BCAST flag attached. Due to this flag, the destination mac address is
not compared to the local interfaces' mac addresses, but passed on
anyway. The mbuf gets passed to ipv4_input(), which calls pf_test() and
then ip_forward().
And this is where your packet gets dropped, due to the M_BCAST flag:
        if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) {
                ipstat.ips_cantforward++;
                m_freem(m);
                return;
        }
You should see the counter increase in netstat -p ip output:
        323 packets not forwardable
I'll have to check, but it looks like M_BCAST has distinct meanings on
both ethernet and ip level. The check in ip_forward() is meant to
prevent forwarding of packets with _ip_ broadcast destinations, I think.
Possibly, the M_BCAST flag should be cleared when the frame gets passed
from ethernet to ip level.
If you're running a recent snapshot, you could try a patch, as soon as I
got one.
Daniel