d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2bde81acd6
freebsd-dev/sys/netinet
History
Andre Oppermann 2bde81acd6 Provide the sysctl net.inet.ip.process_options to control the processing 
of IP options.

 net.inet.ip.process_options=0  Ignore IP options and pass packets unmodified.
 net.inet.ip.process_options=1  Process all IP options (default).
 net.inet.ip.process_options=2  Reject all packets with IP options with ICMP
  filter prohibited message.

This sysctl affects packets destined for the local host as well as those
only transiting through the host (routing).

IP options do not have any legitimate purpose anymore and are only used
to circumvent firewalls or to exploit certain behaviours or bugs in TCP/IP
stacks.

Reviewed by:	sam (mentor)
2004-05-06 18:46:03 +00:00
..
libalias Unbreak natd. 2004-04-02 17:57:57 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
icmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_atm.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Another small set of changes to reduce diffs with the new arp code. 2004-04-25 15:00:17 +00:00
if_ether.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_cksum.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_gif.c In an effort to simplify the routing code, try to deprecate rtalloc() 2004-04-14 01:13:14 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c Wrap two long lines in the previous commit. 2004-04-23 23:29:49 +00:00
in_pcb.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_proto.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_rmx.c Introduce tcp_hostcache and remove the tcp specific metrics from 2003-11-20 20:07:39 +00:00
in_systm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_divert.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_divert.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_dummynet.c Add some missing DUMMYNET_UNLOCK() in config_pipe(). 2004-03-03 01:33:22 +00:00
ip_dummynet.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Lock down IP-layer encapsulation library: 2004-03-10 02:48:50 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_fastfwd.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_fw2.c Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
ip_fw.h Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
ip_gre.c Lock down global variables in if_gre: 2004-03-22 16:04:43 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_icmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_id.c Tweak existing header and other build infrastructure to be able to build 2004-02-26 03:53:54 +00:00
ip_input.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_mroute.c To comply with the spec, do not copy the TOS from the outer IP 2004-03-08 07:47:27 +00:00
ip_mroute.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_output.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
ip_var.h Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ipprotosw.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h Include <sys/types.h> for autoconf/automake detection. 2004-03-08 07:45:32 +00:00
raw_ip.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_debug.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_debug.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_fsm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_hostcache.c Fix a potential race when purging expired hostcache entries. 2004-04-23 13:54:28 +00:00
tcp_input.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_output.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_reass.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_seq.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_subr.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_syncache.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_timer.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_timer.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_timewait.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_usrreq.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_var.h Tighten up reset handling in order to make reset attacks as difficult as 2004-04-26 02:56:31 +00:00
tcp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcpip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp_usrreq.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
udp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00