From: Stephen Hemminger <[email protected]> Date: Sun, 10 Jan 2010 22:00:34 -0800
> This patch adds the kernel portions needed to implement > RFC 5082 Generalized TTL Security Mechanism (GTSM). > It is a lightweight security measure against forged > packets causing DoS attacks (for BGP). > > This is already implemented the same way in BSD kernels. > For the necessary Quagga patch > http://www.gossamer-threads.com/lists/quagga/dev/17389 > > Description from Cisco > http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html > > It does add one byte to each socket structure, but I did > a little rearrangement to reuse a hole (on 64 bit), but it > does grow the structure on 32 bit > > This should be documented on ip(4) man page and the Glibc in.h > file also needs update. IPV6_MINHOPLIMIT should also be added > (although BSD doesn't support that). > > Only TCP is supported, but could also be added to UDP, DCCP, SCTP > if desired. > > Signed-off-by: Stephen Hemminger <[email protected]> Applied to net-next-2.6, thanks Stephen. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
