From owner-freebsd-hackers Fri Apr 12 13:51:24 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id NAA18870 for hackers-outgoing; Fri, 12 Apr 1996 13:51:24 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id NAA18850 for ; Fri, 12 Apr 1996 13:51:19 -0700 (PDT) Received: from uuneo.neosoft.com (root@uuneo.neosoft.com [206.109.1.3]) by who.cdrom.com (8.6.12/8.6.11) with ESMTP id NAA07562 for ; Fri, 12 Apr 1996 13:51:10 -0700 Received: from nmti.com (ficc@localhost) by uuneo.neosoft.com (8.7.5/8.7.4) with UUCP id IAA20360; Fri, 12 Apr 1996 08:46:16 -0500 (CDT) Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id IAA02911; Fri, 12 Apr 1996 08:32:26 -0500 Received: by sonic.nmti.com; id AA11459; Fri, 12 Apr 1996 08:32:24 -0500 From: peter@nmti.com (Peter da Silva) Message-Id: <9604121332.AA11459@sonic.nmti.com.nmti.com> Subject: Re: Solaris2.5 and BSD* - Facts To: j@uriah.heep.sax.de (J Wunsch) Date: Fri, 12 Apr 1996 08:32:24 -0500 (CDT) Cc: djr@saa-cons.co.uk, Firewalls@GreatCircle.COM, freebsd-hackers@freebsd.org In-Reply-To: <199604111317.PAA05057@uriah.heep.sax.de> from "J Wunsch" at Apr 11, 96 03:17:21 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > source is also interesting to have. You can remove all the security > related ``extras'' in the kernel (IP forwarding, IP source routing, > log connection attempts, ...) if you've got the source. Starting with sys/netinet/ip_input.c:866 if (forward) { ip_forward(m, 1); return (1); } We've got a BSDI box here as well, and the same code uses a different approach to turn off these options. It took me a while to assure myself that the code was really doing the same thing in both cases. In the course of which I found myself sitting up in bed with my 10 year old son going over the code explaining IP option handling. Nothing like a code review to help you clarify your understanding of a program, and he seemed to be following the code better than some professional programmers I've worked with.