tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src



At Sat, 18 Jul 2009 08:45:57 +0100,
Matthias Scheler <tron%zhadum.org.uk@localhost> wrote:
> 
> 
> On 17 Jul 2009, at 23:02, Min Sik Kim wrote:
> > Module Name:        src
> > Committed By:       minskim
> > Date:               Fri Jul 17 22:02:54 UTC 2009
> >
> > Modified Files:
> >     src/share/man/man4: ip.4
> >     src/sys/netinet: in.h in_pcb.h ip_output.c tcp_input.c
> >
> > Log Message:
> > Add the IP_MINTTL socket option.
> >
> > The IP_MINTTL option may be used on SOCK_STREAM sockets to discard
> > packets with a TTL lower than the option value.
> 
> Why is the only available on SOCK_STREAM sockets? The BFD draft spec
> suggest similar filtering for UDP as well which would make this
> option very useful for SOCK_DGRAM sockets as well.

I agree.  See the patch below.  I'll commit it after testing.

diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index 92b6b1a..1e10db3 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/ip.4
@@ -190,7 +190,7 @@ cmsg_type = IP_RECVTTL
 The
 .Dv IP_MINTTL
 option may be used on
-.Dv SOCK_STREAM
+.Dv SOCK_DGRAM or SOCK_STREAM
 sockets to discard packets with a TTL lower than the option value.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 24a6f45..97571ae 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -836,6 +836,12 @@ udp4_realinput(struct sockaddr_in *src, struct sockaddr_in 
*dst,
                }
 #endif
 
+               /*
+                * Check the minimum TTL for socket.
+                */
+               if (mtod(m, struct ip *)->ip_ttl < inp->inp_ip_minttl)
+                       goto bad;
+
                udp4_sendup(m, off, (struct sockaddr *)src, inp->inp_socket);
                rcvcnt++;
        }


-- 
Min Sik Kim


Home | Main Index | Thread Index | Old Index