[57274] in North American Network Operators' Group
RE: RFC3514
daemon@ATHENA.MIT.EDU (Tomas Daniska)
Wed Apr 2 01:36:54 2003
Date: Wed, 2 Apr 2003 08:36:16 +0200
From: "Tomas Daniska" <tomas@tronet.com>
To: <bmanning@karoshi.com>, <nanog@nanog.org>
Errors-To: owner-nanog-outgoing@merit.edu
now that we have first implementation i think it's time for rob thomas =
to start monitoring who has deployed it and who not :)))))
--
deejay=20
> -----Original Message-----
> From: bmanning@karoshi.com [mailto:bmanning@karoshi.com]=20
> Sent: 1. apr=EDla 2003 19:40
> To: nanog@nanog.org
> Subject: Re: RFC3514
>=20
>=20
>=20
> >=20
> > Well, you weren't taking it seriously, I hope. lol
> >=20
> >=20
> > -Jack
>=20
> -------------------------
> get it while its hot....
> -----------------
>=20
> Subject: cvs commit: src/sbin/ping ping.8 ping.c src/share/man/man4
> inet.4 ip.4 src/sys/netinet in.h in_pcb.h ip.h ip_input.c
> ip_output.c ip_var.h src/usr.bin/netstat inet.c
> Date: Tue, 1 Apr 2003 00:21:44 -0800 (PST)
> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
> cvs-all@FreeBSD.org
>=20
> mdodd 2003/04/01 00:21:44 PST
>=20
> FreeBSD src repository
>=20
> Modified files:
> sbin/ping ping.8 ping.c=20
> share/man/man4 inet.4 ip.4=20
> sys/netinet in.h in_pcb.h ip.h ip_input.c ip_output.c=20
> ip_var.h=20
> usr.bin/netstat inet.c=20
> Log:
> Implement support for RFC 3514 (The Security Flag in the=20
> IPv4 Header).
> (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
> =20
> This fulfills the host requirements for userland support by
> way of the setsockopt() IP_EVIL_INTENT message.
> =20
> There are three sysctl tunables provided to govern system behavior.
> =20
> net.inet.ip.rfc3514:
> =20
> Enables support for rfc3514. As this is an
> Informational RFC and support is not yet widespread
> this option is disabled by default.
> =20
> net.inet.ip.hear_no_evil
> =20
> If set the host will discard all received=20
> evil packets.
> =20
> net.inet.ip.speak_no_evil
> =20
> If set the host will discard all=20
> transmitted evil packets.
> =20
> The IP statistics counter 'ips_evil' (available via=20
> 'netstat') provides
> information on the number of 'evil' packets recieved.
> =20
> For reference, the '-E' option to 'ping' has been provided=20
> to demonstrate
> and test the implementation.
> =20
> Revision Changes Path
> 1.47 +4 -2 src/sbin/ping/ping.8
> 1.92 +13 -1 src/sbin/ping/ping.c
> 1.21 +11 -0 src/share/man/man4/inet.4
> 1.29 +9 -0 src/share/man/man4/ip.4
> 1.75 +2 -0 src/sys/netinet/in.h
> 1.59 +1 -0 src/sys/netinet/in_pcb.h
> 1.22 +1 -0 src/sys/netinet/ip.h
> 1.232 +14 -0 src/sys/netinet/ip_input.c
> 1.181 +28 -1 src/sys/netinet/ip_output.c
> 1.72 +1 -0 src/sys/netinet/ip_var.h
> 1.57 +1 -0 src/usr.bin/netstat/inet.c
>=20
>=20
> ----- End forwarded message:
>=20
