diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2006-10-11 09:34:52 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2006-10-11 09:34:52 +0000 |
| commit | a1f52c4fe105fe0514d72d7b8d0d6d4b962bbaab (patch) | |
| tree | cc3a130ec1da228bd893e710f52035b9cdde5441 /sys/netinet/in_pcb.h | |
| parent | 38d0057501a91a9d902cdb4a7ed20385b9613034 (diff) | |
implement IP_MINTTL socket option fo tcp sockets
This is for RFC3682 aka the TTL security hack - sender sets TTL to 255,
receiver checks no router on the way (or, no more than expected) reduced
the TTL. carp uses that technique already.
modeled after FreeBSD implementation.
ok claudio djm deraadt
Diffstat (limited to 'sys/netinet/in_pcb.h')
| -rw-r--r-- | sys/netinet/in_pcb.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/in_pcb.h b/sys/netinet/in_pcb.h index 28614c186c7..ef747a35d47 100644 --- a/sys/netinet/in_pcb.h +++ b/sys/netinet/in_pcb.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.h,v 1.56 2006/10/11 09:29:20 henning Exp $ */ +/* $OpenBSD: in_pcb.h,v 1.57 2006/10/11 09:34:51 henning Exp $ */ /* $NetBSD: in_pcb.h,v 1.14 1996/02/13 23:42:00 christos Exp $ */ /* @@ -132,6 +132,7 @@ struct inpcb { #define SR_FAILED 1 /* Negotiation failed permanently */ #define SR_SUCCESS 2 /* SA successfully established */ #define SR_WAIT 3 /* Waiting for SA */ + u_char inp_ip_minttl; /* minimum TTL or drop */ TAILQ_ENTRY(inpcb) inp_tdb_in_next, inp_tdb_out_next; struct tdb *inp_tdb_in, *inp_tdb_out; struct ipsec_policy *inp_ipo; |