Date: Fri, 12 Apr 1996 08:32:24 -0500 (CDT) From: peter@nmti.com (Peter da Silva) To: j@uriah.heep.sax.de (J Wunsch) Cc: djr@saa-cons.co.uk, Firewalls@GreatCircle.COM, freebsd-hackers@freebsd.org Subject: Re: Solaris2.5 and BSD* - Facts Message-ID: <9604121332.AA11459@sonic.nmti.com.nmti.com> In-Reply-To: <199604111317.PAA05057@uriah.heep.sax.de> from "J Wunsch" at Apr 11, 96 03:17:21 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> source is also interesting to have. You can remove all the security
> related ``extras'' in the kernel (IP forwarding, IP source routing,
> log connection attempts, ...) if you've got the source.
Starting with sys/netinet/ip_input.c:866
if (forward) {
ip_forward(m, 1);
return (1);
}
We've got a BSDI box here as well, and the same code uses a different
approach to turn off these options. It took me a while to assure myself
that the code was really doing the same thing in both cases. In the course
of which I found myself sitting up in bed with my 10 year old son going
over the code explaining IP option handling. Nothing like a code review
to help you clarify your understanding of a program, and he seemed to be
following the code better than some professional programmers I've worked
with.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9604121332.AA11459>