Renato Westphal <[email protected]> writes:
> 2016-06-27 19:01 GMT-03:00 Alexander Bluhm <[email protected]>:
>> On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
>>> Alexander Bluhm <[email protected]> writes:
>>> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
>>> > The ugly part of the code is dealing with multicast packets.
>>>
>>> IIUC Renato also needs multicast support. I thought it wouldn't be
>>> a problem to extend the IPV6_MINHOPCOUNT scope.
>>
>> If he needs it, just remove the word "unicast" from the man page.
>> Then it is OK bluhm@
Ack, thanks.
> Yes, I need this to implement support for RFC 7552, which says: "(...)
> the LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
> be checked for the same upon receipt (before any LDP-specific
> processing)". And LDP Link Hello packets are multicast UDP packets...
>
> Also, besides removing the word "unicast" from the man page, I'd go
> further and rename "datagrams" to "packets", which is a more generic
> term.
Makes sense. Updated diff below, I'll probably commit it tomorrow
(tuesday CEST): let me know if this is enough for ldpd.
Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.213
diff -u -p -r1.213 udp_usrreq.c
--- sys/netinet/udp_usrreq.c 18 Jun 2016 10:36:13 -0000 1.213
+++ sys/netinet/udp_usrreq.c 27 Jun 2016 17:19:35 -0000
@@ -425,15 +425,25 @@ udp_input(struct mbuf *m, ...)
continue;
#ifdef INET6
if (ip6) {
+ if (inp->inp_ip6_minhlim &&
+ inp->inp_ip6_minhlim > ip6->ip6_hlim)
+ continue;
if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6))
if
(!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
&ip6->ip6_dst))
continue;
} else
#endif /* INET6 */
- if (inp->inp_laddr.s_addr != INADDR_ANY) {
- if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
+ {
+ if (inp->inp_ip_minttl &&
+ inp->inp_ip_minttl > ip->ip_ttl)
continue;
+
+ if (inp->inp_laddr.s_addr != INADDR_ANY) {
+ if (inp->inp_laddr.s_addr !=
+ ip->ip_dst.s_addr)
+ continue;
+ }
}
#ifdef INET6
if (ip6) {
@@ -580,6 +590,17 @@ udp_input(struct mbuf *m, ...)
}
KASSERT(sotoinpcb(inp->inp_socket) == inp);
+#ifdef INET6
+ if (ip6 && inp->inp_ip6_minhlim &&
+ inp->inp_ip6_minhlim > ip6->ip6_hlim) {
+ goto bad;
+ } else
+#endif
+ if (ip && inp->inp_ip_minttl &&
+ inp->inp_ip_minttl > ip->ip_ttl) {
+ goto bad;
+ }
+
#if NPF > 0
if (inp->inp_socket->so_state & SS_ISCONNECTED)
pf_inp_link(m, inp);
Index: share/man/man4/ip6.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip6.4,v
retrieving revision 1.38
diff -u -p -r1.38 ip6.4
--- share/man/man4/ip6.4 27 Jun 2016 16:33:48 -0000 1.38
+++ share/man/man4/ip6.4 27 Jun 2016 23:24:37 -0000
@@ -145,10 +145,8 @@ Get or set the default hop limit header
datagrams sent on this socket.
A value of \-1 resets to the default value.
.It Dv IPV6_MINHOPCOUNT Fa "int *"
-Get or set the minimum hop limit header field for incoming unicast
-datagrams received on this
-.Dv SOCK_STREAM
-socket.
+Get or set the minimum hop limit header field for incoming
+packets received on this socket.
This can be used to implement the
.Em Generalized TTL Security Mechanism (GTSM)
according to RFC 5082.
--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
