diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-03-13 12:04:53 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-03-13 12:04:53 +0000 |
| commit | a5adf7f49230a5dcc00c9842fb6419ec480c9ad7 (patch) | |
| tree | 6bd642ee9e54887be7be9be75951e24437430f6b /usr.sbin/relayd/relay.c | |
| parent | 8645b1d1654ad6598b00d7ec956a30e89be3584a (diff) | |
allow to specify the IP_TTL and IP_MINTTL options for the relays to
support the Generalized TTL Security Mechanism (GTSM) according to RFC
3682. this is especially useful with inbound connections and a fixed
distance to the backend servers.
ok pyr@
Diffstat (limited to 'usr.sbin/relayd/relay.c')
| -rw-r--r-- | usr.sbin/relayd/relay.c | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/usr.sbin/relayd/relay.c b/usr.sbin/relayd/relay.c index 1ccc1680eae..f19078a69a6 100644 --- a/usr.sbin/relayd/relay.c +++ b/usr.sbin/relayd/relay.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay.c,v 1.18 2007/03/07 17:40:32 reyk Exp $ */ +/* $OpenBSD: relay.c,v 1.19 2007/03/13 12:04:52 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> @@ -517,6 +517,10 @@ relay_socket(struct sockaddr_storage *ss, in_port_t port, if ((s = socket(ss->ss_family, SOCK_STREAM, IPPROTO_TCP)) == -1) goto bad; + + /* + * Socket options + */ bzero(&lng, sizeof(lng)); if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1) goto bad; @@ -525,7 +529,36 @@ relay_socket(struct sockaddr_storage *ss, in_port_t port, goto bad; if (fcntl(s, F_SETFL, O_NONBLOCK) == -1) goto bad; + if (proto->tcpflags & TCPFLAG_BUFSIZ) { + val = proto->tcpbufsiz; + if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, + &val, sizeof(val)) == -1) + goto bad; + val = proto->tcpbufsiz; + if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, + &val, sizeof(val)) == -1) + goto bad; + } + + /* + * IP options + */ + if (proto->tcpflags & TCPFLAG_IPTTL) { + val = (int)proto->tcpipttl; + if (setsockopt(s, IPPROTO_IP, IP_TTL, + &val, sizeof(val)) == -1) + goto bad; + } + if (proto->tcpflags & TCPFLAG_IPMINTTL) { + val = (int)proto->tcpipminttl; + if (setsockopt(s, IPPROTO_IP, IP_MINTTL, + &val, sizeof(val)) == -1) + goto bad; + } + /* + * TCP options + */ if (proto->tcpflags & (TCPFLAG_NODELAY|TCPFLAG_NNODELAY)) { if (proto->tcpflags & TCPFLAG_NNODELAY) val = 0; @@ -544,16 +577,6 @@ relay_socket(struct sockaddr_storage *ss, in_port_t port, &val, sizeof(val)) == -1) goto bad; } - if (proto->tcpflags & TCPFLAG_BUFSIZ) { - val = proto->tcpbufsiz; - if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, - &val, sizeof(val)) == -1) - goto bad; - val = proto->tcpbufsiz; - if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, - &val, sizeof(val)) == -1) - goto bad; - } return (s); |