GTSM (TTL security)/RFC 5082 support?

Alexander V. Chernikov melifaro at ipfw.ru
Sun Aug 14 12:47:27 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Henrique de Moraes Holschuh wrote:
> Is anyone currently working on adding GTSM support to bird?
> 
> It should be possible to support it for both Linux and FreeBSD where
> available as a kernel-level supported socket option, and I am considering
> trying my hand at it as a way to get to know the bird codebase a bit better
> before we decide to deploy it at work...
> 

Review/comments are welcome

Patch adds:

* new sk_set_min_ttl() function to set minimum received TTL
* new BGP (cisco-like) config option: ttl_secutity hops <value>

Tested on FreeBSD, however linux part should work too.

Kernel support required:

Linux:
IP_MINTTL is supported on 2.6.34+
IPV6_MINHOPCNT is supported on 2.6.35+

*BSD:
IP_MINTTL is supported since long time ago
IPV6_MINHOPCNT is not supported (at least on FreeBSD at the moment)

Btw, FreeBSD IP_MINTTL support was broken somewhere between 8.1 and 8.2,
8.2-R+ should work


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5Hp74ACgkQwcJ4iSZ1q2nyJwCfZBEdpVuwDypVoyvldOUYEPrA
T3wAoKDE22Xtm7KkRJ+PC7jhgUdr/uvh
=i4l8
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bird_ttlsec_20110814.diff
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20110814/a4b4ff3e/attachment-0001.diff>


More information about the Bird-users mailing list