bgpd: RFC 5082 Generalized TTL Security Mechanism support

* bgpd: Add support for RFC 5082 GTSM, which allows the TTL field to be used
  to verify that incoming packets have been sent from neighbours no more
  than X IP hops away. In other words, this allows packets that were sent from
  further away (i.e. not by the neighbour with known distance, and so possibly
  a miscreant) to be filtered out.
* lib/sockunion.{c,h}: (sockopt_minttl) new function, to set a minimum TTL
  using the IP_MINTTL socket opt.
* bgpd.h: (BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK) define for command
  error for minttl.
  (struct peer) add a config variable, to store the configured minttl.
  (peer_ttl_security_hops_{set,unset}) configuration handlers
* bgpd.c: (peer_group_get) init gtsm_hops
  (peer_ebgp_multihop_{un,}set) check for conflicts with GTSM. Multihop and
  GTSM can't both be active for a peer at the same time.
  (peer_ttl_security_hops_set) set minttl, taking care to avoid conflicts with
  ebgp_multihop.
  (bgp_config_write_peer) write out minttl as "neighbor .. ttl-security hops X".
* bgp_vty.c: (bgp_vty_return) message for
  BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK
  (peer_ebgp_multihop_{un,}set_vty)
* bgp_network.c: (bgp_accept) set minttl on accepted sockets if appropriate.
  (bgp_connect) ditto for outbound.

1 files changed, 1 insertions, 0 deletions

diff --git a/lib/sockunion.h b/lib/sockunion.h
index 91bfbc7f..0ee2d63b 100644
--- a/lib/sockunion.h
+++ b/lib/sockunion.h
@@ -102,6 +102,7 @@ extern int sockopt_reuseport (int);
 extern int sockunion_bind (int sock, union sockunion *, 
                            unsigned short, union sockunion *);
 extern int sockopt_ttl (int family, int sock, int ttl);
+extern int sockopt_minttl (int family, int sock, int minttl);
 extern int sockopt_cork (int sock, int onoff);
 extern int sockunion_socket (union sockunion *su);
 extern const char *inet_sutop (union sockunion *su, char *str);