Summary: When pinging the ip address 255.255.255.255, the MAC address should be set to the broadcast address. Description: I narrowed this down to sys/netinet/ip_output.c where it looks like the decision about whether to set M_BCAST is happening on line 505 for this case: isbroadcast = in_ifaddr_broadcast(gw->sin_addr, ia); It looks like in_ifaddr_broadcast is only checking whether the address is the same as the interface broadcast (e.g. 192.168.122.255), but not 255.255.255.255. If I ping 192.168.122.255, then I get the expected MAC broadcast address. Actual results: -------------- tcpdump -vvvv -xx -ni em0 icmp & ping -nc 1 255.255.255.255 root@bsd-vbox:/home/jcaplan # tcpdump -vvvv -xx -ni em0 icmp & [1] 5429 root@bsd-vbox:/home/jcaplan # tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes root@bsd-vbox:/home/jcaplan # ping -nc 1 255.255.255.255 PING 255.255.255.255 (255.255.255.255): 56 data bytes 02:01:55.895257 IP (tos 0x0, ttl 64, id 46687, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.32 > 255.255.255.255: ICMP echo request, id 13845, seq 0, length 64 0x0000: 3c37 862c 1f63 0800 27b8 57c0 0800 4500 Note the first six bytes are not 0xff. Expected Results: ---------------- root@bsd-vbox:/home/jcaplan # tcpdump -vvvv -xx -ni em0 icmp & [1] 5429 root@bsd-vbox:/home/jcaplan # tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes root@bsd-vbox:/home/jcaplan # ping -nc 1 255.255.255.255 PING 255.255.255.255 (255.255.255.255): 56 data bytes 02:01:55.895257 IP (tos 0x0, ttl 64, id 46687, offset 0, flags [none], proto ICMP (1), length 84) 192.168.1.32 > 255.255.255.255: ICMP echo request, id 13845, seq 0, length 64 0x0000: ffff ffff ffff 0800 27b8 57c0 0800 4500 Note the first 6 bytes are 0xff.
Created attachment 221503 [details] proposed patch
Note that FreeBSD 13.0 added a swap of the dst to the gw just before this check for broadcast. That swap needs to be moved to after the check for broadcast.