Some fixes for TTL security.

2024-05-11 16:54:54 +00:00 · 2013-07-11 13:50:44 +02:00
parent cc31b75a8f
commit 354496ace8
3 changed files with 19 additions and 17 deletions
--- a/sysdep/bsd/sysio.h
+++ b/sysdep/bsd/sysio.h
@@ -6,9 +6,22 @@
 *	Can be freely distributed and used under the terms of the GNU GPL.
 */

+#ifdef __NetBSD__
+
+#ifndef IP_RECVTTL
+#define IP_RECVTTL 23
+#endif
+
+#ifndef IP_MINTTL
+#define IP_MINTTL 24
+#endif
+
+#endif
+
 #ifdef __DragonFly__
 #define TCP_MD5SIG	TCP_SIGNATURE_ENABLE
 #endif
+
 #ifdef IPV6

 static inline void
@@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)

 #ifndef IPV6

-#ifdef IP_MINTTL
-
 static int
 sk_set_min_ttl4(sock *s, int ttl)
 {
@@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
  return 0;
 }

-#else /* no IP_MINTTL */
-
-static int
-sk_set_min_ttl4(sock *s, int ttl)
-{
-  log(L_ERR "IPv4 TTL security not supported");
-  return -1;
-}
-
-#endif
-
 #else /* IPv6 */

 static int
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -821,10 +821,10 @@ sk_setup(sock *s)
    WARN("IPV6_V6ONLY");
 #endif

-  if (s->ttl >= 0)
-    err = sk_set_ttl_int(s);
+  if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
+    goto bad;

-  sysio_register_cmsgs(s);
+  err = sysio_register_cmsgs(s);
 bad:
  return err;
 }