GTSM (TTL security)/RFC 5082 support?
Alexander V. Chernikov
melifaro at ipfw.ru
Sun Aug 14 12:47:27 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Henrique de Moraes Holschuh wrote:
> Is anyone currently working on adding GTSM support to bird?
>
> It should be possible to support it for both Linux and FreeBSD where
> available as a kernel-level supported socket option, and I am considering
> trying my hand at it as a way to get to know the bird codebase a bit better
> before we decide to deploy it at work...
>
Review/comments are welcome
Patch adds:
* new sk_set_min_ttl() function to set minimum received TTL
* new BGP (cisco-like) config option: ttl_secutity hops <value>
Tested on FreeBSD, however linux part should work too.
Kernel support required:
Linux:
IP_MINTTL is supported on 2.6.34+
IPV6_MINHOPCNT is supported on 2.6.35+
*BSD:
IP_MINTTL is supported since long time ago
IPV6_MINHOPCNT is not supported (at least on FreeBSD at the moment)
Btw, FreeBSD IP_MINTTL support was broken somewhere between 8.1 and 8.2,
8.2-R+ should work
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5Hp74ACgkQwcJ4iSZ1q2nyJwCfZBEdpVuwDypVoyvldOUYEPrA
T3wAoKDE22Xtm7KkRJ+PC7jhgUdr/uvh
=i4l8
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bird_ttlsec_20110814.diff
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20110814/a4b4ff3e/attachment-0001.diff>
More information about the Bird-users
mailing list