{"id":3164,"date":"2014-04-01T10:09:02","date_gmt":"2014-04-01T01:09:02","guid":{"rendered":"http:\/\/blog.bitmeister.jp\/?p=3164"},"modified":"2017-02-27T18:22:23","modified_gmt":"2017-02-27T09:22:23","slug":"rfc3514-for-linux","status":"publish","type":"post","link":"https:\/\/blog.bitmeister.jp\/?p=3164","title":{"rendered":"RFC3514 for Linux"},"content":{"rendered":"<p>2003\u5e744\u67081\u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305f<a href=\"http:\/\/tools.ietf.org\/html\/rfc3514\" title=\"IETF - RFC3514\" target=\"_blank\">RFC3514<\/a>\u306e\u5d07\u9ad8\u306a\u601d\u60f3\u306b\u3001\u5f53\u6642\u307e\u306010\u4ee3\u3060\u3063\u305f\u50d5\u306f\u5f37\u3044\u611f\u9298\u3092\u53d7\u3051\u307e\u3057\u305f\u3002\u60aa\u610f\u306e\u30d1\u30b1\u30c3\u30c8\u306b\u306f\u305d\u308c\u3092\u660e\u793a\u3059\u308b\u30d5\u30e9\u30b0\u3092\u7acb\u3066\u308b\u3002\u3053\u308c\u3053\u305d\u9a0e\u58eb\u9053\u3067\u3042\u308a\u3001\u6b66\u58eb\u9053\u3067\u3042\u308a\u3001\u50d5\u306b\u3068\u3063\u3066\u306f\u5e73\u548c\u306e\u8c61\u5fb4\u3067\u3059\u3089\u3042\u308a\u307e\u3057\u305f\u3002\u30ce\u30fc\u30d9\u30eb\u5e73\u548c\u8cde\u306f\u3053\u306eRFC3514\u306b\u3053\u305d\u8d08\u3089\u308c\u308b\u3079\u304d\u3060\u3068\u601d\u3063\u305f\u3057\u3001\u4eca\u3067\u3082\u305d\u306e\u6c17\u6301\u3061\u306f\u5909\u308f\u308a\u307e\u305b\u3093\u3002\u3055\u3089\u306b\u3001\u3053\u308c\u3092\u5177\u73fe\u5316\u3057\u305f<a href=\"http:\/\/svnweb.freebsd.org\/base?view=revision&#038;revision=112929\" title=\"FreeBSD - Revision 112929\" target=\"_blank\">FreeBSD\u3078\u306e\u5b9f\u88c5<\/a>\u3082\u307e\u305f\u3001\u656c\u670d\u306b\u582a\u3048\u305a\u3001\u8cde\u8cdb\u3055\u308c\u308b\u3079\u304d\u5049\u696d\u3067\u3059\u3002<\/p>\n<p>\u305d\u3057\u3066Linux\u306b\u3082\u3001\u3053\u306e\u6c17\u9ad8\u3044\u5fd7\u306e\u3082\u3068\u306b\u751f\u307e\u308c\u305f\u6a5f\u80fd\u306e\u5b9f\u88c5\u304c\u5fc5\u8981\u3060\u3068\u601d\u3044\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3042\u306e\u3053\u308d\u306e\u50d5\u306b\u306f\u3001\u6b8b\u5ff5\u306a\u304c\u3089\u305d\u306e\u305f\u3081\u306e\u77e5\u8b58\u304c\u306a\u304b\u3063\u305f\u3002\u3060\u3051\u3069\u4eca\u306a\u3089\u3067\u304d\u308b\u304b\u3082\u3057\u308c\u306a\u3044\u3002\u305d\u3046\u3060\u3001\u5b9f\u88c5\u3057\u3088\u3046\u3002<br \/>\n<!--more--><strong><\/p>\n<li>RFC3514 Implementation for Linux Kernel 3.14<\/li>\n<p><\/strong>\u3068\u3044\u3046\u3053\u3068\u3067\u3001\u524d\u7f6e\u304d\u304c\u9577\u304b\u3063\u305f\u3067\u3059\u304c\u3001\u3053\u308c\u304c\u30d1\u30c3\u30c1\u3067\u3059\u3002<br \/>\n&#8212;<br \/>\nPatch   &#8211; <a href=\"http:\/\/labs.bitmeister.jp\/RFC3514_for_linux-3.14.patch\" title=\"RFC3514 - patch\" target=\"_blank\">RFC3514_for_linux-3.14.patch<\/a><br \/>\nLicense &#8211; GPLv2<br \/>\n&#8212;<\/p>\n<p><strong><\/p>\n<li>\u60aa\u610f\u306e\u30d1\u30b1\u30c3\u30c8\u9001\u4fe1<\/li>\n<p><\/strong>\u3053\u306e\u5b9f\u88c5\u3067\u306fFreeBSD\u5b9f\u88c5\u306e\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u3092\u307b\u307c\u305d\u306e\u307e\u307e\u79fb\u690d\u3057\u3066\u3044\u307e\u3059\u3002\u307e\u305a\u30bd\u30b1\u30c3\u30c8\u30aa\u30d7\u30b7\u30e7\u30f3\u306b\u3088\u308b\u60aa\u610f\u306e\u30d1\u30b1\u30c3\u30c8\u9001\u4fe1\u6a5f\u80fd\u3092\u6709\u52b9\u306b\u3059\u308b\u305f\u3081\u306b\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<pre><code class=\"Bash\">\r\n# echo 1 > \/proc\/sys\/net\/ipv4\/rfc3514\r\n<\/code><\/pre>\n<p>\u305d\u3057\u3066\u3042\u306a\u305f\u306e\u4f5c\u3063\u305f\u30bd\u30b1\u30c3\u30c8\u901a\u4fe1\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30bd\u30b1\u30c3\u30c8\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u306b\u3001\u4ee5\u4e0b\u306e\u30bd\u30b1\u30c3\u30c8\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n<pre><code class=\"C\">\r\n#define IP_EVIL_INTENT  666\r\nint evil_intent = 1;\r\n\r\nsetsockopt(sockfd, SOL_IP, IP_EVIL_INTENT, &evil_intent, sizeof(evil_intent));\r\n<\/code><\/pre>\n<p>\u3053\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u304c\u8a2d\u5b9a\u3055\u308c\u305f\u30bd\u30b1\u30c3\u30c8\u30c7\u30a3\u30b9\u30af\u30ea\u30d7\u30bf\u304b\u3089\u9001\u4fe1\u3055\u308c\u308bIPv4\u30d1\u30b1\u30c3\u30c8\u306f\u3001RFC3514\u3067\u898f\u5b9a\u3055\u308c\u305fIPv4\u30d8\u30c3\u30c0\u306eevil\u30d5\u30a3\u30fc\u30eb\u30c9\u30d3\u30c3\u30c8\u306b\u30d5\u30e9\u30b0\u304c\u7acb\u3061\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u3001\u3042\u306a\u305f\u306f\u9001\u4fe1\u30d1\u30b1\u30c3\u30c8\u306b\u660e\u78ba\u306a\u60aa\u610f\u3092\u8868\u660e\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u308f\u3051\u3067\u3059\u3002<\/p>\n<p><strong><\/p>\n<li>\u9001\u4fe1\u62d2\u5426<\/li>\n<p><\/strong>\u3057\u304b\u3057\u3001\u5927\u591a\u6570\u306e\u5584\u610f\u306e\u30b7\u30b9\u30c6\u30e0\u7ba1\u7406\u8005\u306f\u3001\u3053\u3093\u306a\u30d1\u30b1\u30c3\u30c8\u3092\u9001\u4fe1\u3055\u308c\u305f\u304f\u306a\u3044\u306f\u305a\u3067\u3059\u3002\u3067\u3059\u304b\u3089\u3001\u5148\u307b\u3069\u306e\u30bd\u30b1\u30c3\u30c8\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u6709\u52b9\u306b\u3057\u306a\u3044\u3053\u3068\u306f\u3082\u3061\u308d\u3093\u3001Raw\u30bd\u30b1\u30c3\u30c8\u304b\u3089\u306e\u9001\u4fe1\u3082\u62d2\u5426\u3059\u308b\u305f\u3081\u306b\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<pre><code class=\"Bash\">\r\n# echo 1 > \/proc\/sys\/net\/ipv4\/ip_speak_no_evil\r\n<\/code><\/pre>\n<p>RFC\u306e\u3068\u304a\u308a\u3001\u3053\u306e\u8a2d\u5b9a\u3067\u9001\u4fe1\u62d2\u5426\u304c\u767a\u751f\u3059\u308b\u3068\u7d71\u8a08\u60c5\u5831\u3092\u52a0\u7b97\u3057\u307e\u3059\u3002<\/p>\n<pre><code class=\"Bash\">\r\n$ netstat -s | grep \"outgoing packets dropped\"\r\n<\/code><\/pre>\n<p>iptables\uff1fnetfilter\uff1f\u306a\u3093\u3067\u3059\u304b\u305d\u308c\u306f\uff1f\u7f8e\u5473\u3057\u3085\u3046\u3054\u3056\u3044\u307e\u3059\u304b\uff1f<\/p>\n<p><strong><\/p>\n<li>\u53d7\u4fe1\u62d2\u5426<\/li>\n<p><\/strong>\u3053\u306e\u30d1\u30c3\u30c1\u3092\u516c\u958b\u3057\u305f\u3053\u3068\u306b\u3088\u3063\u3066\u3001\u8fd1\u3044\u5c06\u6765\u3001\u3059\u3079\u3066\u306e\u653b\u6483\u8005\u306f\u660e\u793a\u7684\u306bevil\u30d3\u30c3\u30c8\u3092\u7acb\u3066\u308b\u65e5\u304c\u3084\u3063\u3066\u6765\u308b\u306e\u3067\u3001\u653b\u6483\u304b\u3089\u30b7\u30b9\u30c6\u30e0\u3092\u5b88\u308b\u305f\u3081\u306b\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3060\u3051\u3067\u5341\u5206\u3067\u3059\u3002<\/p>\n<pre><code class=\"Bash\">\r\n# echo 1 > \/proc\/sys\/net\/ipv4\/ip_hear_no_evil\r\n<\/code><\/pre>\n<p>\u306d\u3001\u7c21\u5358\u3067\u3057\u3087\uff1f\u3082\u3061\u308d\u3093\u7d71\u8a08\u60c5\u5831\u3082\u3057\u3063\u304b\u308a\u52a0\u7b97\u3057\u307e\u3059\u3002<\/p>\n<pre><code class=\"Bash\">\r\n$ netstat -s | grep \"incoming packets discarded\"\r\n<\/code><\/pre>\n<p><strong><\/p>\n<li>\u30d0\u30b0<\/li>\n<p><\/strong>\u50d5\u304c\u66f8\u3044\u305f\u30bd\u30fc\u30b9\u306b\u30d0\u30b0\u306a\u3069\u3068\u3044\u3046\u3082\u306e\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u3053\u306e\u6a5f\u80fd\u304c\u3042\u308c\u3070\u3082\u3046\u5b89\u5fc3\u3067\u3059\u3002\u611b\u3068\u5e73\u548c\u306b\u6e80\u305f\u3055\u308c\u305f\u4e16\u754c\u304c\u3084\u3063\u3066\u304f\u308b\u306e\u3067\u3059\u3002\u3046\u3093\u3002\u5fc5\u305a\u3057\u3082\u30cf\u30c3\u30ab\u30fc\u304c\u60aa\u3044\u3068\u306fRMS\u3082\u8a00\u308f\u306a\u304b\u3063\u305f\u3002Linux\u306eiptables\u3088\u308a\u3001\u6d41\u51fa\u3057\u305f\u60c5\u5831\u306e\u56de\u53ce\u306b\u6f15\u304e\u51fa\u3059\u3053\u3068\u304c\u5e78\u305b\u306e\u79e9\u5e8f\u3067\u3059\u3002\u4e94\u4eba\u5b98\u5973\u3060\u3063\u3066\u3067\u3059\uff01\u30ab\u30a8\u30eb\u305f\u3061\u306e\u7b1b\u3084\u592a\u9f13\u306b\u5408\u308f\u305b\u3066\u56de\u53ce\u4e2d\u306e\u4e0d\u71c3\u30b4\u30df\u304c\u5439\u304d\u51fa\u3057\u3066\u304f\u308b\u69d8\u306f\u5727\u5dfb\u3067\u3001\u307e\u308b\u3067\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u30fc\u30fb\u30b0\u30e9\u30d5\u30a3\u30c3\u30af\u30b9\u306a\u3093\u3060\u305d\u308c\u304c\uff01\u7dcf\u5929\u7136\u8272\u306e\u9752\u6625\u30b0\u30e9\u30d5\u30a3\u30c6\u30a3\u3084\u4e00\u5104\u7dcf\u30d7\u30c1\u30d6\u30eb\u3092\u79c1\u304c\u8a31\u3055\u306a\u3044\u3053\u3068\u304f\u3089\u3044\u3086\u304b\u308a\u738b\u56fd\u3058\u3083\u3042\u5e38\u8b58\u306a\u3093\u3060\u3088\uff01\u4eca\u3053\u305d\u9752\u7a7a\u306b\u5411\u304b\u3063\u3066\u51f1\u65cb\u3060\uff01\u7d62\u721b\u305f\u308b\u7d19\u5439\u96ea\u306f\u9ce5\u5c45\u3092\u304f\u3050\u308a\u3001\u5468\u6ce2\u6570\u3092\u540c\u3058\u304f\u3059\u308b\u30dd\u30b9\u30c8\u3068\u51b7\u8535\u5eab\u306f\u5148\u92d2\u3092\u3064\u304b\u3055\u3069\u308c\uff01\u8cde\u5473\u671f\u9650\u3092\u6c17\u306b\u3059\u308b\u7121\u983c\u306e\u8f29\u306f\u82b1\u96fb\u8eca\u306e\u9032\u3080\u9053\u306b\u3055\u306a\u304c\u3089\u30b7\u30df\u3068\u306a\u3063\u3066\u306f\u3070\u304b\u308b\u3053\u3068\u306f\u306a\u3044\uff01\u601d\u3044\u77e5\u308b\u304c\u3044\u3044\uff01\u4e09\u89d2\u5b9a\u898f\u305f\u3061\u306e\u809d\u81d3\u3092\uff01\u3055\u3041\uff01\u3053\u306e\u796d\u5178\u3053\u305d\u5185\u306a\u308b\u5c0f\u5b66\uff13\u5e74\u751f\u304c\u6c7a\u3081\u305f\u9059\u304b\u306a\u308b\u671b\u9060\u30ab\u30e1\u30e9\uff01\u9032\u3081\uff01\u96c6\u307e\u308c\uff01\u79c1\u3053\u305d\u304c\uff01\u30ab\u30fc\u30c9\u30ad\u30e3\u30d7\u30bf\u30fc\uff01\u3059\u3050\u3060\uff01\u3059\u3050\u306b\u3082\u3060\uff01\u79c1\u3092\u8fce\u3048\u5165\u308c\u308b\u306e\u3060\uff01\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"<p>2003\u5e744\u67081\u65e5\u306b\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u305fRFC3514\u306e\u5d07\u9ad8\u306a\u601d\u60f3\u306b\u3001\u5f53\u6642\u307e\u306010\u4ee3\u3060\u3063\u305f\u50d5\u306f\u5f37\u3044\u611f\u9298\u3092\u53d7\u3051\u307e\u3057\u305f\u3002\u60aa\u610f\u306e\u30d1\u30b1\u30c3\u30c8\u306b\u306f\u305d\u308c\u3092\u660e\u793a\u3059\u308b\u30d5\u30e9\u30b0\u3092\u7acb\u3066\u308b\u3002\u3053\u308c\u3053\u305d\u9a0e\u58eb\u9053\u3067\u3042\u308a\u3001\u6b66\u58eb\u9053\u3067\u3042\u308a\u3001\u50d5\u306b\u3068\u3063\u3066\u306f\u5e73\u548c\u306e\u8c61\u5fb4\u3067\u3059 [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3164","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/3164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3164"}],"version-history":[{"count":50,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/3164\/revisions"}],"predecessor-version":[{"id":4332,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=\/wp\/v2\/posts\/3164\/revisions\/4332"}],"wp:attachment":[{"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bitmeister.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}