From e72fdee732ab55fc784034c81ccedda4b5279816 Mon Sep 17 00:00:00 2001 From: mdodd Date: Tue, 1 Apr 2003 08:21:44 +0000 Subject: Implement support for RFC 3514 (The Security Flag in the IPv4 Header). (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt) This fulfills the host requirements for userland support by way of the setsockopt() IP_EVIL_INTENT message. There are three sysctl tunables provided to govern system behavior. net.inet.ip.rfc3514: Enables support for rfc3514. As this is an Informational RFC and support is not yet widespread this option is disabled by default. net.inet.ip.hear_no_evil If set the host will discard all received evil packets. net.inet.ip.speak_no_evil If set the host will discard all transmitted evil packets. The IP statistics counter 'ips_evil' (available via 'netstat') provides information on the number of 'evil' packets recieved. For reference, the '-E' option to 'ping' has been provided to demonstrate and test the implementation. --- sbin/ping/ping.8 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'sbin/ping/ping.8') diff --git a/sbin/ping/ping.8 b/sbin/ping/ping.8 index 71fa31a..49223e4 100644 --- a/sbin/ping/ping.8 +++ b/sbin/ping/ping.8 @@ -42,7 +42,7 @@ packets to network hosts .Sh SYNOPSIS .Nm -.Op Fl AaDdfnoQqRrv +.Op Fl AaDdEfnoQqRrv .Op Fl c Ar count .Op Fl i Ar wait .Op Fl l Ar preload @@ -56,7 +56,7 @@ packets to network hosts .Op Fl z Ar tos .Ar host .Nm -.Op Fl AaDdfLnoQqRrv +.Op Fl AaDdEfLnoQqRrv .Op Fl c Ar count .Op Fl I Ar iface .Op Fl i Ar wait @@ -122,6 +122,8 @@ If this option is not specified, will operate until interrupted. .It Fl D Set the Don't Fragment bit. +.It Fl E +Set the EVIL bit. .It Fl d Set the .Dv SO_DEBUG -- cgit v1.1