cvs commit: src/sys/netinet in.h in_pcb.h ip_output.c raw_ip.c
tcp_input.c udp_usrreq.c
Andre Oppermann
andre at FreeBSD.org
Mon Aug 22 16:13:10 GMT 2005
andre 2005-08-22 16:13:09 UTC
FreeBSD src repository
Modified files:
sys/netinet in.h in_pcb.h ip_output.c raw_ip.c
tcp_input.c udp_usrreq.c
Log:
Add socketoption IP_MINTTL. May be used to set the minimum acceptable
TTL a packet must have when received on a socket. All packets with a
lower TTL are silently dropped. Works on already connected/connecting
and listening sockets for RAW/UDP/TCP.
This option is only really useful when set to 255 preventing packets
from outside the directly connected networks reaching local listeners
on sockets.
Allows userland implementation of 'The Generalized TTL Security Mechanism
(GTSM)' according to RFC3682. Examples of such use include the Cisco IOS
BGP implementation command "neighbor ttl-security".
MFC after: 2 weeks
Sponsored by: TCP/IP Optimization Fundraise 2005
Revision Changes Path
1.91 +1 -0 src/sys/netinet/in.h
1.81 +1 -0 src/sys/netinet/in_pcb.h
1.245 +14 -0 src/sys/netinet/ip_output.c
1.151 +3 -0 src/sys/netinet/raw_ip.c
1.282 +5 -0 src/sys/netinet/tcp_input.c
1.176 +3 -0 src/sys/netinet/udp_usrreq.c
More information about the cvs-src
mailing list