From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Wed, 31 Aug 2022 03:12:21 +0000 (-0700)
Subject: ipfw: remove setting of SO_BROADCAST on the divert(4) socket
X-Git-Tag: suricata-7.0.0-beta1~211
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7110ea75c40d8a4e7eb1ff0c94d828cc73f2e2f7;p=thirdparty%2Fsuricata.git

ipfw: remove setting of SO_BROADCAST on the divert(4) socket

My review of the FreeBSD kernel code reveals that this setting
a) is ignored by the kernel b) is not required.  The sending
side of divert(4) never checks so->so_options, but always gives
IP_ALLOWBROADCAST to ip_output().
---

diff --git a/src/source-ipfw.c b/src/source-ipfw.c
index 1fe8ce0055..58f8c446f4 100644
--- a/src/source-ipfw.c
+++ b/src/source-ipfw.c
@@ -322,7 +322,6 @@ TmEcode ReceiveIPFWLoop(ThreadVars *tv, void *data, void *slot)
 TmEcode ReceiveIPFWThreadInit(ThreadVars *tv, const void *initdata, void **data)
 {
     struct timeval timev;
-    int flag;
     IPFWThreadVars *ntv = (IPFWThreadVars *) initdata;
     IPFWQueueVars *nq = IPFWGetQueue(ntv->ipfw_index);
 
@@ -353,15 +352,6 @@ TmEcode ReceiveIPFWThreadInit(ThreadVars *tv, const void *initdata, void **data)
         SCReturnInt(TM_ECODE_FAILED);
     }
 
-    /* set SO_BROADCAST on the divert socket, otherwise sendto()
-     * returns EACCES when reinjecting broadcast packets. */
-    flag = 1;
-
-    if (setsockopt(nq->fd, SOL_SOCKET, SO_BROADCAST, &flag, sizeof(flag)) == -1) {
-        SCLogError(SC_ERR_IPFW_SETSOCKOPT,"Can't set IPFW divert socket broadcast flag: %s", strerror(errno));
-        SCReturnInt(TM_ECODE_FAILED);
-    }
-
     nq->ipfw_sinlen=sizeof(nq->ipfw_sin);
     memset(&nq->ipfw_sin, 0, nq->ipfw_sinlen);
     nq->ipfw_sin.sin_family = PF_INET;