RFC3514

Tomas Daniska tomas at tronet.com
Wed Apr 2 06:36:16 UTC 2003



now that we have first implementation i think it's time for rob thomas to start monitoring who has deployed it and who not :)))))

--

deejay 

> -----Original Message-----
> From: bmanning at karoshi.com [mailto:bmanning at karoshi.com] 
> Sent: 1. apríla 2003 19:40
> To: nanog at nanog.org
> Subject: Re: RFC3514
> 
> 
> 
> > 
> > Well, you weren't taking it seriously, I hope. lol
> > 
> > 
> > -Jack
> 
> -------------------------
> get it while its hot....
> 	-----------------
> 
> Subject: cvs commit: src/sbin/ping ping.8 ping.c src/share/man/man4
>          inet.4 ip.4 src/sys/netinet in.h in_pcb.h ip.h ip_input.c
>          ip_output.c ip_var.h src/usr.bin/netstat inet.c
> Date: Tue, 1 Apr 2003 00:21:44 -0800 (PST)
> To: src-committers at FreeBSD.org, cvs-src at FreeBSD.org,
>     cvs-all at FreeBSD.org
> 
> mdodd       2003/04/01 00:21:44 PST
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sbin/ping            ping.8 ping.c 
>     share/man/man4       inet.4 ip.4 
>     sys/netinet          in.h in_pcb.h ip.h ip_input.c ip_output.c 
>                          ip_var.h 
>     usr.bin/netstat      inet.c 
>   Log:
>   Implement support for RFC 3514 (The Security Flag in the 
> IPv4 Header).
>   (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)
>   
>   This fulfills the host requirements for userland support by
>   way of the setsockopt() IP_EVIL_INTENT message.
>   
>   There are three sysctl tunables provided to govern system behavior.
>   
>           net.inet.ip.rfc3514:
>   
>                   Enables support for rfc3514.  As this is an
>                   Informational RFC and support is not yet widespread
>                   this option is disabled by default.
>   
>           net.inet.ip.hear_no_evil
>   
>                    If set the host will discard all received 
> evil packets.
>   
>           net.inet.ip.speak_no_evil
>   
>                   If set the host will discard all 
> transmitted evil packets.
>   
>   The IP statistics counter 'ips_evil' (available via 
> 'netstat') provides
>   information on the number of 'evil' packets recieved.
>   
>   For reference, the '-E' option to 'ping' has been provided 
> to demonstrate
>   and test the implementation.
>   
>   Revision  Changes    Path
>   1.47      +4 -2      src/sbin/ping/ping.8
>   1.92      +13 -1     src/sbin/ping/ping.c
>   1.21      +11 -0     src/share/man/man4/inet.4
>   1.29      +9 -0      src/share/man/man4/ip.4
>   1.75      +2 -0      src/sys/netinet/in.h
>   1.59      +1 -0      src/sys/netinet/in_pcb.h
>   1.22      +1 -0      src/sys/netinet/ip.h
>   1.232     +14 -0     src/sys/netinet/ip_input.c
>   1.181     +28 -1     src/sys/netinet/ip_output.c
>   1.72      +1 -0      src/sys/netinet/ip_var.h
>   1.57      +1 -0      src/usr.bin/netstat/inet.c
> 
> 
> ----- End forwarded message:
> 



More information about the NANOG mailing list