1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-16 15:11:52 +00:00
freebsd/sys/netinet
Matthew N. Dodd 09139a4537 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
..
libalias Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 2003-01-01 18:49:04 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
if_ether.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
igmp.h
in_cksum.c
in_gif.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in_gif.h last arg of in6?_gif_output() is not used any more. 2002-10-17 17:47:55 +00:00
in_pcb.c The ancient and outdated concept of "privileged ports" in UNIX-type 2003-02-21 05:28:27 +00:00
in_pcb.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
in_proto.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
in_rmx.c Get cosmetic changes out of the way before I add routing table SMP locks. 2003-02-10 22:01:34 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
in.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
in.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
ip_divert.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_dummynet.c Fix indentation. 2003-03-27 15:00:10 +00:00
ip_dummynet.h o Protect set_fs_param() by splimp(9). 2003-03-27 14:56:36 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c correct two more flag misuses; m_tag* use malloc flags 2003-03-12 14:45:22 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw2.c Add a 'verrevpath' option that verifies the interface that a packet 2003-03-15 01:13:00 +00:00
ip_fw.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
ip_fw.h Add a 'verrevpath' option that verifies the interface that a packet 2003-03-15 01:13:00 +00:00
ip_gre.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Add a sysctl node allowing the specification of an address mask to use 2003-03-21 15:43:06 +00:00
ip_icmp.h Add comments regarding the ICMP timestamp fields. 2003-03-21 15:28:10 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip_mroute.c Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
ip_mroute.h Massive cleanup of the ip_mroute code. 2002-11-15 22:53:53 +00:00
ip_output.c Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip_var.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ip.h Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 2003-04-01 08:21:44 +00:00
ipprotosw.h KSE Milestone 2 2001-09-12 08:38:13 +00:00
raw_ip.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
tcp_debug.c It's now sufficient to rely on a nested include of _label.h to make sure 2002-08-15 14:34:45 +00:00
tcp_debug.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_fsm.h WARNS=n and lint(1) silencer. Declare an array of (const) strings 2002-02-03 11:57:32 +00:00
tcp_input.c Greatly simplify the unlocking logic by holding the TCP protocol lock until 2003-03-13 11:46:57 +00:00
tcp_output.c Convert tcp_fillheaders(tp, ...) -> tcpip_fillheaders(inp, ...) so the 2003-02-19 22:18:06 +00:00
tcp_reass.c Greatly simplify the unlocking logic by holding the TCP protocol lock until 2003-03-13 11:46:57 +00:00
tcp_seq.h Fix NewReno. 2003-01-13 11:01:20 +00:00
tcp_subr.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_syncache.c Fix a comment which didn't match the new cookie behavior. 2003-02-24 03:15:48 +00:00
tcp_timer.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timer.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timewait.c Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_usrreq.c Remove check for t_state == TCPS_TIME_WAIT and introduce the tw structure. 2003-03-08 22:07:52 +00:00
tcp_var.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp.h Include <sys/cdefs.h> so the visibility conditionals are available. 2002-10-02 04:22:34 +00:00
tcpip.h
udp_usrreq.c Back out M_* changes, per decision of the TRB. 2003-02-19 05:47:46 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h