The generalized TTL security mechanism (RFC 5082) support.

Thanks to Alexander V. Chernikov for the patch.
author: Ondrej Zajicek <santiago@crfreenet.org> 2011-08-16 23:05:35 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2011-08-16 23:13:05 +0200
commit: b1b19433602f2a2ff58cfe2c1858ff883eee7b20 (patch)
tree: 29e8961d52b59a6023f21bcdc70b7c1932428cd3 /sysdep/bsd
parent: a52d52fa91ffcbcea58326fc2de476ce5644256f (diff)
download: bird-b1b19433602f2a2ff58cfe2c1858ff883eee7b20.tar
bird-b1b19433602f2a2ff58cfe2c1858ff883eee7b20.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h
index 847ce26..95f7dcf 100644
--- a/sysdep/bsd/sysio.h
+++ b/sysdep/bsd/sysio.h
@@ -237,3 +237,34 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
 
   return rv;
 }
+
+
+#ifndef IPV6
+
+static int
+sk_set_min_ttl4(sock *s, int ttl)
+{
+  if (setsockopt(s->fd, IPPROTO_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0)
+  {
+    if (errno == ENOPROTOOPT)
+      log(L_ERR "Kernel does not support IPv4 TTL security");
+    else
+      log(L_ERR "sk_set_min_ttl4: setsockopt: %m");
+
+    return -1;
+  }
+
+  return 0;
+}
+
+#else
+
+static int
+sk_set_min_ttl6(sock *s, int ttl)
+{
+  log(L_ERR "IPv6 TTL security not supported");
+  return -1;
+}
+
+#endif
+
author	Ondrej Zajicek <santiago@crfreenet.org>	2011-08-16 23:05:35 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2011-08-16 23:13:05 +0200
commit	b1b19433602f2a2ff58cfe2c1858ff883eee7b20 (patch)
tree	29e8961d52b59a6023f21bcdc70b7c1932428cd3 /sysdep/bsd
parent	a52d52fa91ffcbcea58326fc2de476ce5644256f (diff)
download	bird-b1b19433602f2a2ff58cfe2c1858ff883eee7b20.tar bird-b1b19433602f2a2ff58cfe2c1858ff883eee7b20.zip