d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a6719c82b1
freebsd-dev/sys/netinet
History
Andre Oppermann 55db762b76 Extend versrcreach by checking against the rt_flags for RTF_REJECT and 
RTF_BLACKHOLE as well.

To quote the submitter:

 The uRPF loose-check implementation by the industry vendors, at least on Cisco
 and possibly Juniper, will fail the check if the route of the source address
 is pointed to Null0 (on Juniper, discard or reject route). What this means is,
 even if uRPF Loose-check finds the route, if the route is pointed to blackhole,
 uRPF loose-check must fail. This allows people to utilize uRPF loose-check mode
 as a pseudo-packet-firewall without using any manual filtering configuration --
 one can simply inject a IGP or BGP prefix with next-hop set to a static route
 that directs to null/discard facility. This results in uRPF Loose-check failing
 on all packets with source addresses that are within the range of the nullroute.

Submitted by:	James Jun <james@towardex.com>
2004-07-21 19:55:14 +00:00
..
libalias Push WARNS back up to 6, but define NO_WERROR; I want the warts out in the 2004-07-06 12:15:24 +00:00
accf_data.c
accf_http.c
icmp6.h
icmp_var.h
if_atm.c
if_atm.h
if_ether.c
if_ether.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c
in_gif.h
in_pcb.c
in_pcb.h Remove erroneous semicolons. 2004-07-13 16:06:19 +00:00
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c
in.h
ip6.h
ip_divert.c Rwatson, write 100 times for tomorrow: 2004-06-27 21:54:34 +00:00
ip_divert.h
ip_dummynet.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
ip_dummynet.h
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c
ip_fw2.c Extend versrcreach by checking against the rt_flags for RTF_REJECT and 2004-07-21 19:55:14 +00:00
ip_fw.h
ip_gre.c
ip_gre.h
ip_icmp.c Define semantic of M_SKIP_FIREWALL more precisely, i.e. also pass associated 2004-07-17 05:10:06 +00:00
ip_icmp.h
ip_id.c
ip_input.c Change the following environment variables to kernel options: 2004-07-08 22:35:36 +00:00
ip_mroute.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
ip_mroute.h
ip_output.c
ip_var.h
ip.h
ipprotosw.h
pim_var.h
pim.h
raw_ip.c M_PREPEND() the IP header on to the front of an outgoing raw IP packet 2004-07-20 20:52:30 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c
tcp_input.c After each label in tcp_input(), assert the inpcbinfo and inpcb lock 2004-07-12 19:28:07 +00:00
tcp_output.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_reass.c After each label in tcp_input(), assert the inpcbinfo and inpcb lock 2004-07-12 19:28:07 +00:00
tcp_sack.c
tcp_seq.h
tcp_subr.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_syncache.c Fix the !INET6 build. 2004-07-17 21:40:14 +00:00
tcp_timer.c
tcp_timer.h
tcp_timewait.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_usrreq.c when IN6P_AUTOFLOWLABEL is set, the flowlabel is not set on 2004-07-16 18:08:13 +00:00
tcp_var.h The tcp syncache code was leaving the IPv6 flowlabel uninitialised 2004-07-17 19:44:13 +00:00
tcp.h
tcpip.h
udp_usrreq.c
udp_var.h
udp.h