mirror/labs-bird
1
0
Fork 0
mirror of https://gitlab.labs.nic.cz/labs/bird.git synced 2024-05-11 16:54:54 +00:00
Code Releases Activity

The generalized TTL security mechanism (RFC 5082) support.

Browse Source 
Thanks to Alexander V. Chernikov for the patch.
This commit is contained in:
Ondrej Zajicek
2011-08-16 23:05:35 +02:00
parent a52d52fa91
commit b1b1943360
9 changed files with 174 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
sysdep/linux/sysio.h
View File

@@ -309,3 +309,51 @@ sysio_prepare_tx_cmsgs(sock *s, struct msghdr *msg, void *cbuf, size_t cbuflen)
*/
#endif
#ifndef IP_MINTTL
#define IP_MINTTL 21
#endif
#ifndef IPV6_MINHOPCOUNT
#define IPV6_MINHOPCOUNT 73
#endif
#ifndef IPV6
static int
sk_set_min_ttl4(sock *s, int ttl)
{
if (setsockopt(s->fd, IPPROTO_IP, IP_MINTTL, &ttl, sizeof(ttl)) < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support IPv4 TTL security");
else
log(L_ERR "sk_set_min_ttl4: setsockopt: %m");
return -1;
}
return 0;
}
#else
static int
sk_set_min_ttl6(sock *s, int ttl)
{
if (setsockopt(s->fd, IPPROTO_IPV6, IPV6_MINHOPCOUNT, &ttl, sizeof(ttl)) < 0)
{
if (errno == ENOPROTOOPT)
log(L_ERR "Kernel does not support IPv6 TTL security");
else
log(L_ERR "sk_set_min_ttl4: setsockopt: %m");
return -1;
}
return 0;
}
#endif