document IP_RECVTTL and IP_MINTTL

1 files changed, 44 insertions, 1 deletions

diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index 72a689f2ead..12c6ef907e4 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/ip.4
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ip.4,v 1.23 2004/12/18 20:33:11 jaredy Exp $
+.\"	$OpenBSD: ip.4,v 1.24 2006/10/11 09:50:44 henning Exp $
 .\"	$NetBSD: ip.4,v 1.3 1994/11/30 16:22:19 jtc Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -138,6 +138,49 @@ cmsg_level = IPPROTO_IP
 cmsg_type = IP_RECVDSTADDR
 .Ed
 .Pp
+If the
+.Dv IP_RECVTTL
+option is enabled on a
+.Dv SOCK_DGRAM
+or
+.Dv SOCK_RAW
+socket, the
+.Xr recvmsg 2
+call will return the
+.Tn TTL
+of the received datagram.
+The
+.Va msg_control
+field in the
+.Vt msghdr
+structure points to a buffer that contains a
+.Vt cmsghdr
+structure followed by the
+.Tn TTL
+value.
+The
+.Vt cmsghdr
+fields have the following values:
+.Bd -literal -offset indent
+cmsg_len = CMSG_LEN(sizeof(struct in_addr))
+cmsg_level = IPPROTO_IP
+cmsg_type = IP_RECVTTL
+.Ed
+.Pp
+The
+.Dv IP_MINTTL
+option may be used on
+.Dv SOCK_STREAM
+sockets to discard packets with a TTL lower than the option value.
+This can be used to implement the
+.Em Generalized TTL Security Mechanism (GTSM)
+according to RFC 3682.
+To discard all packets with a ttl lower than 255, 
+.Bd -literal -offset indent
+int minttl = 255;
+setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
+.Ed
+.Pp
 The
 .Dv IP_PORTRANGE
 option causes the default allocation policy for when the kernel is asked