debian/changelog | 6 ++++++ include/linux/in.h | 2 ++ include/net/inet_sock.h | 3 ++- net/ipv4/ip_sockglue.c | 14 +++++++++++++- net/ipv4/tcp_ipv4.c | 3 +++ 5 files changed, 26 insertions(+), 2 deletions(-)
New commits: commit 1b48a3562cdf685ec6b9802b9da24881b3912f32 Author: Stephen Hemminger <[email protected]> Date: Tue Mar 9 20:09:28 2010 -0800 2.6.32-1+vyatta+6 commit 3680366d322b8a5a9dca2b9fb0a9dc88e750de0f Author: Stephen Hemminger <[email protected]> Date: Tue Mar 9 19:48:31 2010 -0800 tcp: Generalized TTL Security Mechanism This patch adds the kernel portions needed to implement RFC 5082 Generalized TTL Security Mechanism (GTSM). It is a lightweight security measure against forged packets causing DoS attacks (for BGP). This is already implemented the same way in BSD kernels. For the necessary Quagga patch http://www.gossamer-threads.com/lists/quagga/dev/17389 Description from Cisco http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html It does add one byte to each socket structure, but I did a little rearrangement to reuse a hole (on 64 bit), but it does grow the structure on 32 bit This should be documented on ip(4) man page and the Glibc in.h file also needs update. IPV6_MINHOPLIMIT should also be added (although BSD doesn't support that). Only TCP is supported, but could also be added to UDP, DCCP, SCTP if desired. Signed-off-by: Stephen Hemminger <[email protected]> Signed-off-by: David S. Miller <[email protected]> http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=1b48a3562cdf685ec6b9802b9da24881b3912f32 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=3680366d322b8a5a9dca2b9fb0a9dc88e750de0f _______________________________________________ svn mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/svn
