d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
868f939e2e
freebsd-skq/sys/netinet
History
csjp 3006bc70da Add a super-user check to ipfw_ctl() to make sure that the calling 
process is a non-prison root. The security.jail.allow_raw_sockets
sysctl variable is disabled by default, however if the user enables
raw sockets in prisons, prison-root should not be able to interact
with firewall rule sets.

Approved by:	rwatson, bmilekic (mentor)
2004-05-25 15:02:12 +00:00
..
libalias
accf_data.c
accf_http.c
icmp6.h
icmp_var.h
if_atm.c
if_atm.h
if_ether.c Another small set of changes to reduce diffs with the new arp code. 2004-04-25 15:00:17 +00:00
if_ether.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_gif.c
in_gif.h
in_pcb.c When checking for possible port theft, skip over a TCP inpcb 2004-05-20 06:35:02 +00:00
in_pcb.h
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c
in.h
ip6.h
ip_divert.c
ip_divert.h
ip_dummynet.c
ip_dummynet.h
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fastfwd.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_fw2.c Add a super-user check to ipfw_ctl() to make sure that the calling 2004-05-25 15:02:12 +00:00
ip_fw.h Add the option versrcreach to verify that a valid route to the 2004-04-23 14:28:38 +00:00
ip_gre.c Lock down global variables in if_gre: 2004-03-22 16:04:43 +00:00
ip_gre.h
ip_icmp.c o IFNAMSIZ does include the trailing \0. 2004-05-07 01:24:53 +00:00
ip_icmp.h
ip_id.c
ip_input.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_mroute.c
ip_mroute.h
ip_output.c o Calculate a number of bytes to copy (cnt) correctly: 2004-05-11 19:14:44 +00:00
ip_var.h Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip.h
ipprotosw.h
pim_var.h
pim.h
raw_ip.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Fix a potential race when purging expired hostcache entries. 2004-04-23 13:54:28 +00:00
tcp_input.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_output.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_reass.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_seq.h
tcp_subr.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_syncache.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_timer.c
tcp_timer.h
tcp_timewait.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_usrreq.c
tcp_var.h Tighten up reset handling in order to make reset attacks as difficult as 2004-04-26 02:56:31 +00:00
tcp.h
tcpip.h
udp_usrreq.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
udp_var.h
udp.h