Subject: FreeBSD RFC3514 support
To: None <>
From: William Allen Simpson <>
List: current-users
Date: 04/01/2003 14:26:30
-------- Original Message
Subject: Re: RFC3514
Date: Tue, 1 Apr 2003 09:40:26 -0800 (PST)

-------- Forwarded Message
Subject: cvs commit: src/sbin/ping ping.8 ping.c src/share/man/man4
         inet.4 ip.4 src/sys/netinet in.h in_pcb.h ip.h ip_input.c
         ip_output.c ip_var.h src/usr.bin/netstat inet.c
Date: Tue, 1 Apr 2003 00:21:44 -0800 (PST)

mdodd       2003/04/01 00:21:44 PST

  FreeBSD src repository

  Modified files:
    sbin/ping            ping.8 ping.c 
    share/man/man4       inet.4 ip.4 
    sys/netinet          in.h in_pcb.h ip.h ip_input.c ip_output.c 
    usr.bin/netstat      inet.c 
  Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
  This fulfills the host requirements for userland support by
  way of the setsockopt() IP_EVIL_INTENT message.
  There are three sysctl tunables provided to govern system behavior.
                  Enables support for rfc3514.  As this is an
                  Informational RFC and support is not yet widespread
                  this option is disabled by default.
                   If set the host will discard all received evil packets.
                  If set the host will discard all transmitted evil packets.
  The IP statistics counter 'ips_evil' (available via 'netstat') provides
  information on the number of 'evil' packets recieved.
  For reference, the '-E' option to 'ping' has been provided to demonstrate
  and test the implementation.
  Revision  Changes    Path
  1.47      +4 -2      src/sbin/ping/ping.8
  1.92      +13 -1     src/sbin/ping/ping.c
  1.21      +11 -0     src/share/man/man4/inet.4
  1.29      +9 -0      src/share/man/man4/ip.4
  1.75      +2 -0      src/sys/netinet/in.h
  1.59      +1 -0      src/sys/netinet/in_pcb.h
  1.22      +1 -0      src/sys/netinet/ip.h
  1.232     +14 -0     src/sys/netinet/ip_input.c
  1.181     +28 -1     src/sys/netinet/ip_output.c
  1.72      +1 -0      src/sys/netinet/ip_var.h
  1.57      +1 -0      src/usr.bin/netstat/inet.c

----- End forwarded message: