freebsd-nq/sys/netinet
Andre Oppermann 55db762b76 Extend versrcreach by checking against the rt_flags for RTF_REJECT and
RTF_BLACKHOLE as well.

To quote the submitter:

 The uRPF loose-check implementation by the industry vendors, at least on Cisco
 and possibly Juniper, will fail the check if the route of the source address
 is pointed to Null0 (on Juniper, discard or reject route). What this means is,
 even if uRPF Loose-check finds the route, if the route is pointed to blackhole,
 uRPF loose-check must fail. This allows people to utilize uRPF loose-check mode
 as a pseudo-packet-firewall without using any manual filtering configuration --
 one can simply inject a IGP or BGP prefix with next-hop set to a static route
 that directs to null/discard facility. This results in uRPF Loose-check failing
 on all packets with source addresses that are within the range of the nullroute.

Submitted by:	James Jun <james@towardex.com>
2004-07-21 19:55:14 +00:00
..
libalias Push WARNS back up to 6, but define NO_WERROR; I want the warts out in the 2004-07-06 12:15:24 +00:00
accf_data.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
accf_http.c The socket field so_state is used to hold a variety of socket related 2004-06-14 18:16:22 +00:00
icmp6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
icmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_atm.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
if_atm.h
if_ether.c Add a new driver to support IP over firewire. This driver is intended to 2004-06-13 10:54:36 +00:00
if_ether.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp.c Lock down parallel router_info list for tracking multicast IGMP 2004-06-11 03:42:37 +00:00
igmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_cksum.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_gif.c Ensure that dst is bzeroed before calling rtalloc_ign(), to avoid possible 2004-06-18 02:04:07 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c o connect(2): if there is no a route to the destination 2004-06-16 10:02:36 +00:00
in_pcb.h Remove erroneous semicolons. 2004-07-13 16:06:19 +00:00
in_proto.c Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16 23:24:02 +00:00
in_rmx.c Introduce tcp_hostcache and remove the tcp specific metrics from 2003-11-20 20:07:39 +00:00
in_systm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.h Prepare for pf 3.5 import: 2004-06-16 22:59:06 +00:00
ip6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_divert.c Rwatson, write 100 times for tomorrow: 2004-06-27 21:54:34 +00:00
ip_divert.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_dummynet.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
ip_dummynet.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Lock down IP-layer encapsulation library: 2004-03-10 02:48:50 +00:00
ip_encap.h
ip_fastfwd.c Those are unneeded too. 2004-06-27 09:06:10 +00:00
ip_fw2.c Extend versrcreach by checking against the rt_flags for RTF_REJECT and 2004-07-21 19:55:14 +00:00
ip_fw.h Introduce a new feature to IPFW2: lookup tables. These are useful 2004-06-09 20:10:38 +00:00
ip_gre.c Lock down global variables in if_gre: 2004-03-22 16:04:43 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Define semantic of M_SKIP_FIREWALL more precisely, i.e. also pass associated 2004-07-17 05:10:06 +00:00
ip_icmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_id.c Tweak existing header and other build infrastructure to be able to build 2004-02-26 03:53:54 +00:00
ip_input.c Change the following environment variables to kernel options: 2004-07-08 22:35:36 +00:00
ip_mroute.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
ip_mroute.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_output.c In ip_ctloutput(), acquire the inpcb lock around some of the basic 2004-06-24 02:05:47 +00:00
ip_var.h Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ipprotosw.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h Include <sys/types.h> for autoconf/automake detection. 2004-03-08 07:45:32 +00:00
raw_ip.c M_PREPEND() the IP header on to the front of an outgoing raw IP packet 2004-07-20 20:52:30 +00:00
tcp_debug.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_debug.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_fsm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_hostcache.c Fix a potential race when purging expired hostcache entries. 2004-04-23 13:54:28 +00:00
tcp_input.c After each label in tcp_input(), assert the inpcbinfo and inpcb lock 2004-07-12 19:28:07 +00:00
tcp_output.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_reass.c After each label in tcp_input(), assert the inpcbinfo and inpcb lock 2004-07-12 19:28:07 +00:00
tcp_sack.c Add support for TCP Selective Acknowledgements. The work for this 2004-06-23 21:04:37 +00:00
tcp_seq.h Add support for TCP Selective Acknowledgements. The work for this 2004-06-23 21:04:37 +00:00
tcp_subr.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_syncache.c Fix the !INET6 build. 2004-07-17 21:40:14 +00:00
tcp_timer.c Add support for TCP Selective Acknowledgements. The work for this 2004-06-23 21:04:37 +00:00
tcp_timer.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_timewait.c Let IN_FASTREOCOVERY macro decide if we are in recovery mode. 2004-07-19 22:37:33 +00:00
tcp_usrreq.c when IN6P_AUTOFLOWLABEL is set, the flowlabel is not set on 2004-07-16 18:08:13 +00:00
tcp_var.h The tcp syncache code was leaving the IPv6 flowlabel uninitialised 2004-07-17 19:44:13 +00:00
tcp.h Add support for TCP Selective Acknowledgements. The work for this 2004-06-23 21:04:37 +00:00
tcpip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp_usrreq.c Reduce the number of unnecessary unlock-relocks on socket buffer mutexes 2004-06-26 19:10:39 +00:00
udp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00