Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!ncar!csn!boulder!daemon
From: warner@ucscc.UCSC.EDU (Jim Warner - UCSC Computer Center)
Newsgroups: comp.dcom.sys.cisco
Subject: broadcast leakage
Message-ID: <34652@boulder.Colorado.EDU>
Date: 30 Apr 91 02:45:05 GMT
Sender: daemon@boulder.Colorado.EDU
Lines: 22

There's a bug in gateway software versions 8.2(1) thru ..(3) that can
cause what looks like broadcast leakage between subnets.  The symptoms
are a little mysterious since the problem appears to be intermittant,
depending on the life time of arp-cache entries in your hosts.

If an AGS recieves a IP subnet broadcast that is Ethernet-mac-layer
addressed to the interface (i.e. not an all 1's broadcast) and if
a helper address is defined on that interface, then *all* such
packets will be forwarded to the helper address.  If your helper
address is itself a subnet broadcast address, you'll have what looks
like inter-subnet broadcast leakage.

The bug is that all such packets are supposed to be checked against
a list of UDP ports to see if they qualify for helper-forwarding.
When the packets are received unicast, this check doesn't take place.
In our case, a 4.2BSD host occaisionally mis-resolves the subnet 
broadcast address to the e-net address of the AGS. This results in
both RIP and rwhod broadcasts appearing on our helper subnet.

This has been reported to cs@cisco.com (bug CSCdi01107).  As usual,
cisco was prompt and responsive in acknowleging the problem.  It
is scheduled to be fixed in 8.2(4), I'm told.