diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-06-28 16:59:15 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2016-06-28 16:59:15 +0000 |
| commit | 998357421f5797b5d4580a685f1935a7c54f1267 (patch) | |
| tree | fd25a8c40e75c133561706a0da82ed5c760a9946 /usr.sbin/bgpd/session.c | |
| parent | c7f832e365623f6e1d88c64e950787ff86b4f54c (diff) | |
Use IPV6_MINHOPCOUNT to finish implementing ttl-security for IPv6.
ok renato@ deraadt@
Diffstat (limited to 'usr.sbin/bgpd/session.c')
| -rw-r--r-- | usr.sbin/bgpd/session.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index a71339e8da2..545347a546d 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.348 2016/06/06 15:59:10 benno Exp $ */ +/* $OpenBSD: session.c,v 1.349 2016/06/28 16:59:14 jca Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -1201,12 +1201,15 @@ session_setup_socket(struct peer *p) /* set hoplimit to foreign router's distance 1=direct n=multihop with ttlsec, we always use 255 */ if (p->conf.ttlsec) { - /* - * XXX Kernel has no ip6 equivalent of MINTTL yet so - * we can't check incoming packets, but we can at least - * set the outgoing TTL to allow sessions configured - * with ttl-security to come up. - */ + ttl = 256 - p->conf.distance; + if (setsockopt(p->fd, IPPROTO_IPV6, + IPV6_MINHOPCOUNT, &ttl, sizeof(ttl)) + == -1) { + log_peer_warn(&p->conf, + "session_setup_socket: " + "setsockopt MINHOPCOUNT"); + return (-1); + } ttl = 255; } if (setsockopt(p->fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, |