[src/trunk]: src/lib/libc/gen Document ip.checkinterface

[dogcow <dogcow%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8db6eb1df0a7
branches:  trunk
changeset: 545625:8db6eb1df0a7
user:      dogcow <dogcow%NetBSD.org@localhost>
date:      Sat Apr 12 07:41:12 2003 +0000

description:
Document ip.checkinterface

diffstat:

 lib/libc/gen/sysctl.3 |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r 70be51478bd7 -r 8db6eb1df0a7 lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3     Sat Apr 12 07:39:39 2003 +0000
+++ b/lib/libc/gen/sysctl.3     Sat Apr 12 07:41:12 2003 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.3,v 1.113 2003/04/11 08:44:16 salo Exp $
+.\"    $NetBSD: sysctl.3,v 1.114 2003/04/12 07:41:12 dogcow Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -812,6 +812,7 @@
 .It ip lowportmin      integer yes
 .It ip lowportmax      integer yes
 .It ip maxfragpacket   integer yes
+.It ip checkinterface  integer yes
 .It icmp       maskrepl        integer yes
 .It icmp       errppslimit     integer yes
 .It icmp       rediraccept     integer yes
@@ -906,6 +907,12 @@
 0 means that the node will not accept any fragmented packets.
 \-1 means that the node will accept as many fragmented packets as it receives.
 The flag is provided basically for avoiding possible DoS attacks.
+.It Li ip.checkinterface
+If set to non-zero, the host will reject packets addressed to it that arrive
+on an interface not bound to that address. Currently, this must be disabled
+if ipnat is used to translate the destination address to another local
+interface, or if addresses are added to the loopback interface instead of
+the interface where the packets for those packets are received.
 .It Li icmp.maskrepl
 Returns 1 if ICMP network mask requests are to be answered.
 .It Li icmp.errppslimit