6d237ab99a
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt) This fulfills the host requirements for userland support by way of the setsockopt() IP_EVIL_INTENT message. There are three sysctl tunables provided to govern system behavior. net.inet.ip.rfc3514: Enables support for rfc3514. As this is an Informational RFC and support is not yet widespread this option is disabled by default. net.inet.ip.hear_no_evil If set the host will discard all received evil packets. net.inet.ip.speak_no_evil If set the host will discard all transmitted evil packets. The IP statistics counter 'ips_evil' (available via 'netstat') provides information on the number of 'evil' packets recieved. For reference, the '-E' option to 'ping' has been provided to demonstrate and test the implementation. |
||
|---|---|---|
| .. | ||
| atalk.c | ||
| if.c | ||
| inet6.c | ||
| inet.c | ||
| ipsec.c | ||
| ipx.c | ||
| main.c | ||
| Makefile | ||
| mbuf.c | ||
| mroute6.c | ||
| mroute.c | ||
| netgraph.c | ||
| netstat.1 | ||
| netstat.h | ||
| route.c | ||
| unix.c | ||