summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_output.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/ip_output.c')
-rw-r--r--sys/netinet/ip_output.c31
1 files changed, 1 insertions, 30 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 3b71516..c00ac4c 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -101,13 +101,6 @@ int mbuf_frag_size = 0;
SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
&mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
#endif
-static int ip_do_rfc3514 = 0;
-SYSCTL_INT(_net_inet_ip, OID_AUTO, rfc3514, CTLFLAG_RW,
- &ip_do_rfc3514, 0, "IPv4 Header Security Flag Support");
-
-static int speak_no_evil = 0;
-SYSCTL_INT(_net_inet_ip, OID_AUTO, speak_no_evil, CTLFLAG_RW,
- &speak_no_evil, 0, "Drop all EVIL packets before output.");
static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *);
static struct ifnet *ip_multicast_if(struct in_addr *, int *);
@@ -235,7 +228,7 @@ ip_output(m0, opt, ro, flags, imo, inp)
if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
ip->ip_v = IPVERSION;
ip->ip_hl = hlen >> 2;
- ip->ip_off &= IP_DF|IP_EF;
+ ip->ip_off &= IP_DF;
#ifdef RANDOM_IP_ID
ip->ip_id = ip_randomid();
#else
@@ -246,17 +239,6 @@ ip_output(m0, opt, ro, flags, imo, inp)
hlen = ip->ip_hl << 2;
}
- /* RFC3514 */
- if ((inp != NULL) && /* Originated */
- ip_do_rfc3514 && /* Supported */
- ((inp->inp_flags & INP_EVIL) == INP_EVIL)) /* Optioned */
- ip->ip_off |= IP_EF;
-
- if (speak_no_evil && (ip->ip_off & IP_EF)) {
- error = EACCES;
- goto bad;
- }
-
#ifdef FAST_IPSEC
if (ro == NULL) {
ro = &iproute;
@@ -1444,7 +1426,6 @@ ip_ctloutput(so, sopt)
case IP_RECVDSTADDR:
case IP_RECVIF:
case IP_FAITH:
- case IP_EVIL_INTENT:
error = sooptcopyin(sopt, &optval, sizeof optval,
sizeof optval);
if (error)
@@ -1483,12 +1464,6 @@ ip_ctloutput(so, sopt)
case IP_FAITH:
OPTSET(INP_FAITH);
break;
- case IP_EVIL_INTENT:
- if (ip_do_rfc3514) {
- OPTSET(INP_EVIL);
- } else
- error = EINVAL;
- break;
}
break;
#undef OPTSET
@@ -1581,7 +1556,6 @@ ip_ctloutput(so, sopt)
case IP_RECVIF:
case IP_PORTRANGE:
case IP_FAITH:
- case IP_EVIL_INTENT:
switch (sopt->sopt_name) {
case IP_TOS:
@@ -1622,9 +1596,6 @@ ip_ctloutput(so, sopt)
case IP_FAITH:
optval = OPTBIT(INP_FAITH);
break;
- case IP_EVIL_INTENT:
- optval = OPTBIT(INP_EVIL);
- break;
}
error = sooptcopyout(sopt, &optval, sizeof optval);
break;
OpenPOWER on IntegriCloud