1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-21 15:45:02 +00:00
freebsd/sys/netinet
Matthew N. Dodd 09139a4537 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
..
libalias
accf_data.c
accf_http.c
icmp6.h
icmp_var.h
if_atm.c
if_atm.h
if_ether.c Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
if_ether.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
igmp_var.h
igmp.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
igmp.h
in_cksum.c
in_gif.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in_gif.h
in_pcb.c The ancient and outdated concept of "privileged ports" in UNIX-type 2003-02-21 05:28:27 +00:00
in_pcb.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
in_proto.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
in_rmx.c Get cosmetic changes out of the way before I add routing table SMP locks. 2003-02-10 22:01:34 +00:00
in_systm.h
in_var.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
in.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip6.h
ip_divert.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_dummynet.c Fix indentation. 2003-03-27 15:00:10 +00:00
ip_dummynet.h o Protect set_fs_param() by splimp(9). 2003-03-27 14:56:36 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c correct two more flag misuses; m_tag* use malloc flags 2003-03-12 14:45:22 +00:00
ip_encap.h
ip_flow.c
ip_flow.h
ip_fw2.c Add a 'verrevpath' option that verifies the interface that a packet 2003-03-15 01:13:00 +00:00
ip_fw.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_fw.h Add a 'verrevpath' option that verifies the interface that a packet 2003-03-15 01:13:00 +00:00
ip_gre.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
ip_gre.h
ip_icmp.c Add a sysctl node allowing the specification of an address mask to use 2003-03-21 15:43:06 +00:00
ip_icmp.h Add comments regarding the ICMP timestamp fields. 2003-03-21 15:28:10 +00:00
ip_id.c
ip_input.c Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip_mroute.c Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
ip_mroute.h
ip_output.c Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip_var.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ipprotosw.h
raw_ip.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c Greatly simplify the unlocking logic by holding the TCP protocol lock until 2003-03-13 11:46:57 +00:00
tcp_output.c Convert tcp_fillheaders(tp, ...) -> tcpip_fillheaders(inp, ...) so the 2003-02-19 22:18:06 +00:00
tcp_reass.c Greatly simplify the unlocking logic by holding the TCP protocol lock until 2003-03-13 11:46:57 +00:00
tcp_seq.h
tcp_subr.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_syncache.c Fix a comment which didn't match the new cookie behavior. 2003-02-24 03:15:48 +00:00
tcp_timer.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timer.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timewait.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_usrreq.c Remove check for t_state == TCPS_TIME_WAIT and introduce the tw structure. 2003-03-08 22:07:52 +00:00
tcp_var.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp.h
tcpip.h
udp_usrreq.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
udp_var.h
udp.h