git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Stephen Hemminger <shemminger@vyatta.com>
	Tue, 12 Jan 2010 00:28:01 +0000 (16:28 -0800)
committer	David S. Miller <davem@davemloft.net>
	Tue, 12 Jan 2010 00:28:01 +0000 (16:28 -0800)
commit	d218d11133d888f9745802146a50255a4781d37a
tree	3b4b163238e19c48f37f3d8a77eb27f3a18691a0	tree \| snapshot
parent	c8e000604bce02a87742240a9b716a0f1b680c0b	commit \| diff

tcp: Generalized TTL Security Mechanism

This patch adds the kernel portions needed to implement
RFC 5082 Generalized TTL Security Mechanism (GTSM).
It is a lightweight security measure against forged
packets causing DoS attacks (for BGP).

This is already implemented the same way in BSD kernels.
For the necessary Quagga patch
  http://www.gossamer-threads.com/lists/quagga/dev/17389

Description from Cisco
  http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html

It does add one byte to each socket structure, but I did
a little rearrangement to reuse a hole (on 64 bit), but it
does grow the structure on 32 bit

This should be documented on ip(4) man page and the Glibc in.h
file also needs update.  IPV6_MINHOPLIMIT should also be added
(although BSD doesn't support that).

Only TCP is supported, but could also be added to UDP, DCCP, SCTP
if desired.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/in.h		diff \| blob \| history
include/net/inet_sock.h		diff \| blob \| history
net/ipv4/ip_sockglue.c		diff \| blob \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| history