At Sat, 18 Jul 2009 08:45:57 +0100,
Matthias Scheler <t...@zhadum.org.uk> wrote:
>
>
> On 17 Jul 2009, at 23:02, Min Sik Kim wrote:
> > Module Name: src
> > Committed By: minskim
> > Date: Fri Jul 17 22:02:54 UTC 2009
> >
> > Modified Files:
> > src/share/man/man4: ip.4
> > src/sys/netinet: in.h in_pcb.h ip_output.c tcp_input.c
> >
> > Log Message:
> > Add the IP_MINTTL socket option.
> >
> > The IP_MINTTL option may be used on SOCK_STREAM sockets to discard
> > packets with a TTL lower than the option value.
>
> Why is the only available on SOCK_STREAM sockets? The BFD draft spec
> suggest similar filtering for UDP as well which would make this
> option very useful for SOCK_DGRAM sockets as well.
I agree. See the patch below. I'll commit it after testing.
diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index 92b6b1a..1e10db3 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/ip.4
@@ -190,7 +190,7 @@ cmsg_type = IP_RECVTTL
The
.Dv IP_MINTTL
option may be used on
-.Dv SOCK_STREAM
+.Dv SOCK_DGRAM or SOCK_STREAM
sockets to discard packets with a TTL lower than the option value.
This can be used to implement the
.Em Generalized TTL Security Mechanism (GTSM)
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 24a6f45..97571ae 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -836,6 +836,12 @@ udp4_realinput(struct sockaddr_in *src, struct sockaddr_in
*dst,
}
#endif
+ /*
+ * Check the minimum TTL for socket.
+ */
+ if (mtod(m, struct ip *)->ip_ttl < inp->inp_ip_minttl)
+ goto bad;
+
udp4_sendup(m, off, (struct sockaddr *)src, inp->inp_socket);
rcvcnt++;
}
--
Min Sik Kim
