Date: Thu, 6 May 2004 11:46:03 -0700 (PDT) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h Message-ID: <200405061846.i46Ik3Jc060969@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
andre 2004/05/06 11:46:03 PDT
FreeBSD src repository
Modified files:
sys/netinet ip_fastfwd.c ip_input.c ip_var.h
Log:
Provide the sysctl net.inet.ip.process_options to control the processing
of IP options.
net.inet.ip.process_options=0 Ignore IP options and pass packets unmodified.
net.inet.ip.process_options=1 Process all IP options (default).
net.inet.ip.process_options=2 Reject all packets with IP options with ICMP
filter prohibited message.
This sysctl affects packets destined for the local host as well as those
only transiting through the host (routing).
IP options do not have any legitimate purpose anymore and are only used
to circumvent firewalls or to exploit certain behaviours or bugs in TCP/IP
stacks.
Reviewed by: sam (mentor)
Revision Changes Path
1.11 +10 -2 src/sys/netinet/ip_fastfwd.c
1.271 +13 -0 src/sys/netinet/ip_input.c
1.87 +1 -0 src/sys/netinet/ip_var.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405061846.i46Ik3Jc060969>