d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/netinet
History
mdodd e72fdee732 Implement support for RFC 3514 (The Security Flag in the IPv4 Header). 
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
..
libalias
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
2003-01-01 18:49:04 +00:00
accf_data.c
Remove so*_locked(), which were backed out by mistake.
2002-06-18 07:42:02 +00:00
accf_http.c
Remove so*_locked(), which were backed out by mistake.
2002-06-18 07:42:02 +00:00
icmp6.h
s/__attribute__((__packed__))/__packed/g
2002-09-23 06:25:08 +00:00
icmp_var.h
Remove __P.
2002-03-19 21:25:46 +00:00
if_atm.c
- Change the newly turned INVARIANTS #ifdef blocks (they were changed from
2002-05-21 18:52:24 +00:00
if_atm.h
Remove __P.
2002-03-19 21:25:46 +00:00
if_ether.c
Update netisr handling; Each SWI now registers its queue, and all queue
2003-03-04 23:19:55 +00:00
if_ether.h
Update netisr handling; Each SWI now registers its queue, and all queue
2003-03-04 23:19:55 +00:00
igmp_var.h
Remove __P.
2002-03-19 21:25:46 +00:00
igmp.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
igmp.h
in_cksum.c
in_gif.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
in_gif.h
last arg of in6?_gif_output() is not used any more.
2002-10-17 17:47:55 +00:00
in_pcb.c
The ancient and outdated concept of "privileged ports" in UNIX-type
2003-02-21 05:28:27 +00:00
in_pcb.h
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
in_proto.c
Finish driving a stake through the heart of netns and the associated
2003-03-05 19:24:24 +00:00
in_rmx.c
Get cosmetic changes out of the way before I add routing table SMP locks.
2003-02-10 22:01:34 +00:00
in_systm.h
Remove __P.
2002-03-19 21:25:46 +00:00
in_var.h
Update netisr handling; Each SWI now registers its queue, and all queue
2003-03-04 23:19:55 +00:00
in.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
in.h
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
ip6.h
s/__attribute__((__packed__))/__packed/g
2002-09-23 06:25:08 +00:00
ip_divert.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
ip_dummynet.c
Fix indentation.
2003-03-27 15:00:10 +00:00
ip_dummynet.h
o Protect set_fs_param() by splimp(9).
2003-03-27 14:56:36 +00:00
ip_ecn.c
initialize local variable explicitly
2002-04-11 02:14:21 +00:00
ip_ecn.h
Remove __P.
2002-03-19 21:25:46 +00:00
ip_encap.c
correct two more flag misuses; m_tag* use malloc flags
2003-03-12 14:45:22 +00:00
ip_encap.h
Remove __P.
2002-03-19 21:25:46 +00:00
ip_flow.c
s/FREE/free/
2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw2.c
Add a 'verrevpath' option that verifies the interface that a packet
2003-03-15 01:13:00 +00:00
ip_fw.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
ip_fw.h
Add a 'verrevpath' option that verifies the interface that a packet
2003-03-15 01:13:00 +00:00
ip_gre.c
Finish driving a stake through the heart of netns and the associated
2003-03-05 19:24:24 +00:00
ip_gre.h
de-__P().
2002-10-16 22:27:27 +00:00
ip_icmp.c
Add a sysctl node allowing the specification of an address mask to use
2003-03-21 15:43:06 +00:00
ip_icmp.h
Add comments regarding the ICMP timestamp fields.
2003-03-21 15:28:10 +00:00
ip_id.c
Remove __P.
2002-03-19 21:25:46 +00:00
ip_input.c
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
ip_mroute.c
Update netisr handling; Each SWI now registers its queue, and all queue
2003-03-04 23:19:55 +00:00
ip_mroute.h
Massive cleanup of the ip_mroute code.
2002-11-15 22:53:53 +00:00
ip_output.c
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
ip_var.h
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
ip.h
Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
2003-04-01 08:21:44 +00:00
ipprotosw.h
raw_ip.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
tcp_debug.c
It's now sufficient to rely on a nested include of _label.h to make sure
2002-08-15 14:34:45 +00:00
tcp_debug.h
make the strings for tcptimers, tanames and prurequests const to silence
2002-08-16 09:07:59 +00:00
tcp_fsm.h
WARNS=n and lint(1) silencer. Declare an array of (const) strings
2002-02-03 11:57:32 +00:00
tcp_input.c
Greatly simplify the unlocking logic by holding the TCP protocol lock until
2003-03-13 11:46:57 +00:00
tcp_output.c
Convert tcp_fillheaders(tp, ...) -> tcpip_fillheaders(inp, ...) so the
2003-02-19 22:18:06 +00:00
tcp_reass.c
Greatly simplify the unlocking logic by holding the TCP protocol lock until
2003-03-13 11:46:57 +00:00
tcp_seq.h
Fix NewReno.
2003-01-13 11:01:20 +00:00
tcp_subr.c
Remove a panic(); if the zone allocator can't provide more timewait
2003-03-08 22:06:20 +00:00
tcp_syncache.c
Fix a comment which didn't match the new cookie behavior.
2003-02-24 03:15:48 +00:00
tcp_timer.c
Remove a panic(); if the zone allocator can't provide more timewait
2003-03-08 22:06:20 +00:00
tcp_timer.h
Remove a panic(); if the zone allocator can't provide more timewait
2003-03-08 22:06:20 +00:00
tcp_timewait.c
Remove a panic(); if the zone allocator can't provide more timewait
2003-03-08 22:06:20 +00:00
tcp_usrreq.c
Remove check for t_state == TCPS_TIME_WAIT and introduce the tw structure.
2003-03-08 22:07:52 +00:00
tcp_var.h
Remove a panic(); if the zone allocator can't provide more timewait
2003-03-08 22:06:20 +00:00
tcp.h
Include <sys/cdefs.h> so the visibility conditionals are available.
2002-10-02 04:22:34 +00:00
tcpip.h
udp_usrreq.c
Back out M_* changes, per decision of the TRB.
2003-02-19 05:47:46 +00:00
udp_var.h
Notify functions can destroy the pcb, so they have to return an
2002-06-14 08:35:21 +00:00
udp.h