freebsd-skq/sys
Andre Oppermann 936cd18dad Add socketoption IP_MINTTL. May be used to set the minimum acceptable
TTL a packet must have when received on a socket.  All packets with a
lower TTL are silently dropped.  Works on already connected/connecting
and listening sockets for RAW/UDP/TCP.

This option is only really useful when set to 255 preventing packets
from outside the directly connected networks reaching local listeners
on sockets.

Allows userland implementation of 'The Generalized TTL Security Mechanism
(GTSM)' according to RFC3682.  Examples of such use include the Cisco IOS
BGP implementation command "neighbor ttl-security".

MFC after:	2 weeks
Sponsored by:	TCP/IP Optimization Fundraise 2005
2005-08-22 16:13:08 +00:00
..
alpha Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
amd64 Change pmap_extract() and pmap_extract_and_hold() to use PG_FRAME rather 2005-08-22 07:23:51 +00:00
arm Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
boot Add a "comconsole_speed" loader variable that can be used to change 2005-08-18 01:39:43 +00:00
bsm For consistency with more system include files, add a trailing '_' to 2005-05-29 16:11:34 +00:00
cam Merge the dev_clone and dev_clone_cred event handlers into a single 2005-08-08 19:55:32 +00:00
coda Merge the dev_clone and dev_clone_cred event handlers into a single 2005-08-08 19:55:32 +00:00
compat Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and 2005-08-09 10:20:02 +00:00
conf Pad the strings sccs[], version[], and osrelease[] up to a minimum of 2005-08-19 01:49:15 +00:00
contrib Wrap the new world order in __FreeBSD__ to ease future imports. 2005-08-09 11:59:02 +00:00
crypto Add VIA/ACE "PadLock" support as a crypto(9) driver. 2005-08-18 00:30:22 +00:00
ddb Remove the need to forward declare statics by moving them around. 2005-08-10 07:08:14 +00:00
dev Fix problem on Promise "mio" controllers and 48bit mode caused by last commit 2005-08-22 11:38:53 +00:00
doc
fs Handle device drivers with D_NEEDGIANT in a way which does not 2005-08-17 08:19:52 +00:00
gdb check return value of gdb_rx_varhex 2005-03-28 18:31:18 +00:00
geom By default, when doing crypto work in software, start as many threads 2005-08-21 18:12:51 +00:00
gnu Repair this: 2005-07-09 18:30:31 +00:00
i4b Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and 2005-08-09 10:20:02 +00:00
i386 Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
ia64 Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
isa Add pnp and location info for the ISA bus. The pnp info is the 2005-08-01 07:03:10 +00:00
isofs/cd9660 - restore the ability to mount cd9660 filesystems as root by inverting 2005-08-14 04:19:36 +00:00
kern mp_ncpus is always (properly) initialized, even on UP kernels, so just use it. 2005-08-21 18:03:31 +00:00
libkern Ha! This is a very interesting bug. 2005-08-08 19:38:00 +00:00
modules Define the target for opt_compat.h only if KERNBUILDDIR 2005-08-18 14:50:08 +00:00
net Add missing braces around bpf_filter which were missed when I 2005-08-18 22:30:52 +00:00
net80211 revert 1.64: we cannot use the channel characteristics to decide when to 2005-08-13 17:50:21 +00:00
netatalk Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is 2005-07-05 23:39:51 +00:00
netatm Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and 2005-08-09 10:20:02 +00:00
netgraph In ng_callout() assert that supplied arguments are non-NULL. 2005-08-21 19:48:51 +00:00
netinet Add socketoption IP_MINTTL. May be used to set the minimum acceptable 2005-08-22 16:13:08 +00:00
netinet6 added a missing unlock (just do the same thing as in netinet/raw_ip.c) 2005-08-18 11:11:27 +00:00
netipsec Correct typo in a comment describing vshiftl(). 2005-06-02 23:56:10 +00:00
netipx Stop embedding struct ifnet at the top of driver softcs. Instead the 2005-06-10 16:49:24 +00:00
netkey SADB_UPDATE did not return an error when key length is invalid. 2005-08-22 07:05:14 +00:00
netnatm Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and 2005-08-09 10:20:02 +00:00
netncp Change API of mb_copy_t in libmchain so that netsmb can handle 2005-07-29 13:22:37 +00:00
netsmb Merge the dev_clone and dev_clone_cred event handlers into a single 2005-08-08 19:55:32 +00:00
nfs Fixes for NFS crashes on architectures that require strict alignment. 2005-07-14 20:08:27 +00:00
nfs4client - We want if (mrep != NULL) not if (m_freem != NULL). m_freem will never 2005-04-25 05:11:19 +00:00
nfsclient FIx for a bug in the change that made nfs_timer() MPSAFE. We need to 2005-07-27 15:06:26 +00:00
nfsserver NFS write gathering defers execution of NFS server write requests to wait 2005-04-17 16:25:36 +00:00
opencrypto Fix bogus check. It was possible to panic the kernel by giving 0 length. 2005-08-18 11:58:03 +00:00
pc98 MFi386: revision 1.1204. 2005-07-21 11:13:12 +00:00
pccard Change a directory layout for pc98. 2005-05-10 12:02:18 +00:00
pci Various fixups to locking: 2005-08-18 19:24:30 +00:00
posix4 Introduce MAC Framework and MAC Policy entry points to label and control 2005-05-04 10:39:15 +00:00
powerpc Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
rpc - Don't call rpcclnt_realign() if we don't have any mbufs to realign. 2005-03-19 01:16:25 +00:00
security Insert a series of place-holder function pointers in mac_policy.h for 2005-08-08 16:09:33 +00:00
sparc64 Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
sys Move MINSIGSTKSZ from <machine/signal.h> to <machine/_limits.h> and rename 2005-08-20 16:44:41 +00:00
tools Allow EVFILT_VNODE events to work on every filesystem type, not just 2005-06-09 20:20:31 +00:00
ufs Set the mountpoint path in the superblock (fs_fsmnt) at mount-time 2005-08-21 22:06:41 +00:00
vm Do not use vm_pager_init() to initialize vnode_pbuf_freecnt variable. 2005-08-13 20:21:33 +00:00
Makefile When building cscopnamefile, default architecture to ${MACHINE}, not i386. 2005-03-08 00:09:41 +00:00