current-users: FreeBSD RFC3514 support

Subject: FreeBSD RFC3514 support
To: None <current-users@netbsd.org>
From: William Allen Simpson <wsimpson@greendragon.com>
List: current-users
Date: 04/01/2003 14:26:30
-------- Original Message
Subject: Re: RFC3514
Date: Tue, 1 Apr 2003 09:40:26 -0800 (PST)
From: bmanning@karoshi.com
To: nanog@nanog.org


-------- Forwarded Message
Subject: cvs commit: src/sbin/ping ping.8 ping.c src/share/man/man4
         inet.4 ip.4 src/sys/netinet in.h in_pcb.h ip.h ip_input.c
         ip_output.c ip_var.h src/usr.bin/netstat inet.c
Date: Tue, 1 Apr 2003 00:21:44 -0800 (PST)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
    cvs-all@FreeBSD.org

mdodd       2003/04/01 00:21:44 PST

  FreeBSD src repository

  Modified files:
    sbin/ping            ping.8 ping.c 
    share/man/man4       inet.4 ip.4 
    sys/netinet          in.h in_pcb.h ip.h ip_input.c ip_output.c 
                         ip_var.h 
    usr.bin/netstat      inet.c 
  Log:
  Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
  (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
  
  This fulfills the host requirements for userland support by
  way of the setsockopt() IP_EVIL_INTENT message.
  
  There are three sysctl tunables provided to govern system behavior.
  
          net.inet.ip.rfc3514:
  
                  Enables support for rfc3514.  As this is an
                  Informational RFC and support is not yet widespread
                  this option is disabled by default.
  
          net.inet.ip.hear_no_evil
  
                   If set the host will discard all received evil packets.
  
          net.inet.ip.speak_no_evil
  
                  If set the host will discard all transmitted evil packets.
  
  The IP statistics counter 'ips_evil' (available via 'netstat') provides
  information on the number of 'evil' packets recieved.
  
  For reference, the '-E' option to 'ping' has been provided to demonstrate
  and test the implementation.
  
  Revision  Changes    Path
  1.47      +4 -2      src/sbin/ping/ping.8
  1.92      +13 -1     src/sbin/ping/ping.c
  1.21      +11 -0     src/share/man/man4/inet.4
  1.29      +9 -0      src/share/man/man4/ip.4
  1.75      +2 -0      src/sys/netinet/in.h
  1.59      +1 -0      src/sys/netinet/in_pcb.h
  1.22      +1 -0      src/sys/netinet/ip.h
  1.232     +14 -0     src/sys/netinet/ip_input.c
  1.181     +28 -1     src/sys/netinet/ip_output.c
  1.72      +1 -0      src/sys/netinet/ip_var.h
  1.57      +1 -0      src/usr.bin/netstat/inet.c


----- End forwarded message: