From b1b19433602f2a2ff58cfe2c1858ff883eee7b20 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Tue, 16 Aug 2011 23:05:35 +0200 Subject: The generalized TTL security mechanism (RFC 5082) support. Thanks to Alexander V. Chernikov for the patch. --- sysdep/bsd/sysio.h | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'sysdep/bsd') diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h index 847ce26..95f7dcf 100644 --- a/sysdep/bsd/sysio.h +++ b/sysdep/bsd/sysio.h @@ -237,3 +237,34 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd) return rv; } + + +#ifndef IPV6 + +static int +sk_set_min_ttl4(sock *s, int ttl) +{ + if (setsockopt(s->fd, IPPROTO_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0) + { + if (errno == ENOPROTOOPT) + log(L_ERR "Kernel does not support IPv4 TTL security"); + else + log(L_ERR "sk_set_min_ttl4: setsockopt: %m"); + + return -1; + } + + return 0; +} + +#else + +static int +sk_set_min_ttl6(sock *s, int ttl) +{ + log(L_ERR "IPv6 TTL security not supported"); + return -1; +} + +#endif + -- cgit v1.2.3