IPV6_MINHOPCOUNT on UDP sockets

Mon, 27 Jun 2016 11:51:06 -0700 

Renato would like to implement GTSM in ldpd(8), the first step would be
to support IPV6_MINHOPCOUNT on SOCK_DGRAM sockets.  The following diff
seems to work fine for him.

I did not go down all possible *_input() methods, only regular TCP and
UDP sockets.  Is that enough to deserve the associated manpage diff?

Thoughts / oks?  I'll admit that the code is getting a big ugly...


Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.213
diff -u -p -r1.213 udp_usrreq.c
--- sys/netinet/udp_usrreq.c    18 Jun 2016 10:36:13 -0000      1.213
+++ sys/netinet/udp_usrreq.c    27 Jun 2016 17:19:35 -0000
@@ -425,15 +425,25 @@ udp_input(struct mbuf *m, ...)
                                continue;
 #ifdef INET6
                        if (ip6) {
+                               if (inp->inp_ip6_minhlim &&
+                                   inp->inp_ip6_minhlim > ip6->ip6_hlim)
+                                       continue;
                                if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6))
                                        if 
(!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
                                            &ip6->ip6_dst))
                                                continue;
                        } else
 #endif /* INET6 */
-                       if (inp->inp_laddr.s_addr != INADDR_ANY) {
-                               if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
+                       {
+                               if (inp->inp_ip_minttl &&
+                                   inp->inp_ip_minttl > ip->ip_ttl)
                                        continue;
+
+                               if (inp->inp_laddr.s_addr != INADDR_ANY) {
+                                       if (inp->inp_laddr.s_addr !=
+                                           ip->ip_dst.s_addr)
+                                               continue;
+                               }
                        }
 #ifdef INET6
                        if (ip6) {
@@ -580,6 +590,17 @@ udp_input(struct mbuf *m, ...)
        }
        KASSERT(sotoinpcb(inp->inp_socket) == inp);
 
+#ifdef INET6
+       if (ip6 && inp->inp_ip6_minhlim &&
+           inp->inp_ip6_minhlim > ip6->ip6_hlim) {
+               goto bad;
+       } else
+#endif
+       if (ip && inp->inp_ip_minttl &&
+           inp->inp_ip_minttl > ip->ip_ttl) {
+               goto bad;
+       }
+
 #if NPF > 0
        if (inp->inp_socket->so_state & SS_ISCONNECTED)
                pf_inp_link(m, inp);
Index: share/man/man4/ip6.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip6.4,v
retrieving revision 1.38
diff -u -p -r1.38 ip6.4
--- share/man/man4/ip6.4        27 Jun 2016 16:33:48 -0000      1.38
+++ share/man/man4/ip6.4        27 Jun 2016 18:36:53 -0000
@@ -146,9 +146,7 @@ datagrams sent on this socket.
 A value of \-1 resets to the default value.
 .It Dv IPV6_MINHOPCOUNT Fa "int *"
 Get or set the minimum hop limit header field for incoming unicast
-datagrams received on this
-.Dv SOCK_STREAM
-socket.
+datagrams received on this socket.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.


-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to