add fileter broadcast/multicast

src/routing.c

@@ -107,6 +107,23 @@ static void route_pkt(struct UTUN_INSTANCE* instance, struct ll_entry* entry, ui
         return;
     }
 
+    // Silently drop broadcast/multicast - these should not be sent over tunnel
+    uint8_t first_octet = (dst_ip >> 24) & 0xFF;
+
+    // Multicast: 224.0.0.0 - 239.255.255.255
+    if (first_octet >= 224 && first_octet <= 239) {
+        queue_entry_free(entry);
+        queue_dgram_free(entry);
+        return;
+    }
+
+    // Broadcast: only 255.255.255.255 (limited broadcast)
+    if (dst_ip == 0xFFFFFFFF) {
+        queue_entry_free(entry);
+        queue_dgram_free(entry);
+        return;
+    }
+
     struct in_addr addr;
     addr.s_addr = htonl(dst_ip);
     DEBUG_TRACE(DEBUG_CATEGORY_ROUTING, "route_pkt: dst=%s len=%zu", ip_to_str(&addr, AF_INET).str, ip_len);