Back out support for RFC3514.

RFC3514 poses an unacceptale risk to compliant systems.
author: mdodd <mdodd@FreeBSD.org> 2003-04-02 20:14:44 +0000
committer: mdodd <mdodd@FreeBSD.org> 2003-04-02 20:14:44 +0000
commit: ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d (patch)
tree: 2e9681302fc88cc051f2afb4ca92612f8833c409 /sys/netinet/ip_input.c
parent: b6e2a1dccdce92b4fa014a9ca9dd2ab1697ce9aa (diff)
download: FreeBSD-src-ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d.zip
FreeBSD-src-ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d.tar.gz
1 files changed, 0 insertions, 14 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index e80ea2d..e26cc8d 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -134,11 +134,6 @@ SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW,
 	&ip_sendsourcequench, 0,
 	"Enable the transmission of source quench packets");
 
-static int	hear_no_evil = 0;
-SYSCTL_INT(_net_inet_ip, OID_AUTO, hear_no_evil, CTLFLAG_RW,
-	&hear_no_evil, 0,
-	"Drop all received EVIL packets.");
-
 /*
  * XXX - Setting ip_checkinterface mostly implements the receive side of
  * the Strong ES model described in RFC 1122, but since the routing table
@@ -412,15 +407,6 @@ ip_input(struct mbuf *m)
 	ip->ip_off = ntohs(ip->ip_off);
 
 	/*
-	 * Check for RFC3514 (EVIL) packets.
-	 */
-	if (ip->ip_off & IP_EF) {
-		ipstat.ips_evil++;
-		if (hear_no_evil)
-			goto bad;
-	}
-
-	/*
 	 * Check that the amount of data in the buffers
 	 * is as at least much as the IP header would have us expect.
 	 * Trim mbufs if longer than we expect.
author	mdodd <mdodd@FreeBSD.org>	2003-04-02 20:14:44 +0000
committer	mdodd <mdodd@FreeBSD.org>	2003-04-02 20:14:44 +0000
commit	ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d (patch)
tree	2e9681302fc88cc051f2afb4ca92612f8833c409 /sys/netinet/ip_input.c
parent	b6e2a1dccdce92b4fa014a9ca9dd2ab1697ce9aa (diff)
download	FreeBSD-src-ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d.zip FreeBSD-src-ccc6071f7ea7e2ba54dfcf45ff8afda2e395aa3d.tar.gz