d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
55db762b76
freebsd-nq/sys
History
Andre Oppermann 55db762b76 Extend versrcreach by checking against the rt_flags for RTF_REJECT and 
RTF_BLACKHOLE as well.

To quote the submitter:

 The uRPF loose-check implementation by the industry vendors, at least on Cisco
 and possibly Juniper, will fail the check if the route of the source address
 is pointed to Null0 (on Juniper, discard or reject route). What this means is,
 even if uRPF Loose-check finds the route, if the route is pointed to blackhole,
 uRPF loose-check must fail. This allows people to utilize uRPF loose-check mode
 as a pseudo-packet-firewall without using any manual filtering configuration --
 one can simply inject a IGP or BGP prefix with next-hop set to a static route
 that directs to null/discard facility. This results in uRPF Loose-check failing
 on all packets with source addresses that are within the range of the nullroute.

Submitted by:	James Jun <james@towardex.com>
2004-07-21 19:55:14 +00:00
..
alpha Unify db_stack_trace_cmd(). All it did was look up the thread given 2004-07-21 05:07:09 +00:00
amd64 Unify db_stack_trace_cmd(). All it did was look up the thread given 2004-07-21 05:07:09 +00:00
arm Do not use NULL as a malloc type for contigmalloc(). 2004-07-21 15:18:45 +00:00
boot o Support the REL32LSB relocation. It's in the ELF file from which 2004-07-20 07:11:14 +00:00
cam Quirk for SEGRAND NP-900 USB MP3Player 2004-07-18 05:39:14 +00:00
coda Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
compat *sigh* Fix source code compatibility with 5.2.1-RELEASE _again_. 2004-07-20 20:28:57 +00:00
conf Add the ACPI Panasonic extras driver. 2004-07-21 14:47:54 +00:00
contrib Fix a stupid attemp to apply host arithmetics to network byte ordered data. 2004-07-18 14:25:48 +00:00
crypto Use __FBSDID(). 2004-06-14 00:38:54 +00:00
ddb Oops... Add the CS_OWN flag to the trace and where commands so that 2004-07-21 05:55:51 +00:00
dev Add the ACPI Panasonic extras driver. 2004-07-21 14:47:54 +00:00
doc Experimental support for using doxygen to generate kernel documentation. 2004-07-11 16:13:57 +00:00
fs Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
gdb Introduce the GDB debugger backend for the new KDB framework. The 2004-07-10 17:47:22 +00:00
geom MFp4: Add two options for gnop(8)'s 'create' command: 2004-07-19 07:52:56 +00:00
gnu Make VFS_ROOT() and vflush() take a thread argument. 2004-07-12 08:14:09 +00:00
i4b Fix a possible hang which apparently occurs during a warm boot (cold boot 2004-07-18 20:13:31 +00:00
i386 Using NULL as a malloc type when calling contigmalloc() is wrong, so introduce 2004-07-21 15:52:34 +00:00
ia64 Additional pmap locking 2004-07-21 07:01:48 +00:00
isa Ignore more strange return values of the test_aux_port() function, 2004-07-16 22:04:29 +00:00
isofs/cd9660 Make VFS_ROOT() and vflush() take a thread argument. 2004-07-12 08:14:09 +00:00
kern Don't sync the file system on panic by default. This seems to basically 2004-07-21 16:04:46 +00:00
libkern Copy qsort_r(3) from libc to libkern. 2004-07-15 23:58:23 +00:00
modules Add the ACPI Panasonic extras driver. 2004-07-21 14:47:54 +00:00
net When removing the last reference to a cloner, do not try to unlock twice - 2004-07-20 21:44:28 +00:00
net80211 Link ALTQ to the build and break with ABI for struct ifnet. Please recompile 2004-06-13 17:29:10 +00:00
netatalk Further function forward declaration white space tweaks. 2004-07-19 17:18:58 +00:00
netatm Fix a typo that could provoke a panic or access to random memory. 2004-07-19 12:54:00 +00:00
netgraph Slight cosmetic changes. 2004-07-20 17:15:38 +00:00
netinet Extend versrcreach by checking against the rt_flags for RTF_REJECT and 2004-07-21 19:55:14 +00:00
netinet6 Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
netipsec Add required includes for post-sorwakeup() change to fix FAST_IPSEC 2004-06-23 01:58:22 +00:00
netipx Constify 'spx_backoff'. 2004-07-12 19:35:29 +00:00
netkey Merge next step in socket buffer locking: 2004-06-21 00:20:43 +00:00
netnatm Constify send and receive space constants in natm. 2004-06-24 03:11:29 +00:00
netncp Do the dreaded s/dev_t/struct cdev */ 2004-06-16 09:47:26 +00:00
netsmb Merge additional socket buffer locking from rwatson_netperf: 2004-06-17 22:48:11 +00:00
nfs Remove advertising clause from University of California Regent's 2004-04-07 05:00:01 +00:00
nfs4client Make VFS_ROOT() and vflush() take a thread argument. 2004-07-12 08:14:09 +00:00
nfsclient Turn off SO_REUSEADDR and SO_REUSEPORT, they were causing EADDRINUSE 2004-07-13 05:42:59 +00:00
nfsserver Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
opencrypto Do the dreaded s/dev_t/struct cdev */ 2004-06-16 09:47:26 +00:00
pc98 MFi386: revision 1.596. 2004-07-19 11:17:57 +00:00
pccard Do the dreaded s/dev_t/struct cdev */ 2004-06-16 09:47:26 +00:00
pci Update for the KDB framework: 2004-07-10 21:47:53 +00:00
posix4
powerpc Unify db_stack_trace_cmd(). All it did was look up the thread given 2004-07-21 05:07:09 +00:00
rpc fix array index out of bounds in rpc->rc_srtt[], rpc->rc_sdrtt[] 2004-07-15 22:21:25 +00:00
security Rename Biba and MLS _single label elements to _effective, which more 2004-07-16 02:03:50 +00:00
sparc64 Unify db_stack_trace_cmd(). All it did was look up the thread given 2004-07-21 05:07:09 +00:00
sys unbreak !WITNESS. 2004-07-21 15:42:02 +00:00
tools Pass doxygen doc comments through to the output. 2004-07-11 16:14:24 +00:00
ufs Make sure to update the mnt_stats before UFS1 extattr tried to 2004-07-14 14:19:32 +00:00
vm Semi-gratuitous change. Move two refcount operations to their own lines 2004-07-21 05:08:10 +00:00
Makefile Try harder not to compile anything in sys/boot for arm. 2004-05-16 00:19:12 +00:00