From d876bdf4a84f40ac3f9bec8d5040858b3725db3e Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Thu, 5 Aug 2010 10:26:27 -0700
Subject: lib: Add support for IPv6 ttl security

* sockunion.c: (sockopt_minttl) Add IPv6 support for min hop count.
  The kernel support is Linux kernel 2.6.35 or later.
---
 lib/sockunion.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

(limited to 'lib')

diff --git a/lib/sockunion.c b/lib/sockunion.c
index df05acb3..a5382a72 100644
--- a/lib/sockunion.c
+++ b/lib/sockunion.c
@@ -541,22 +541,30 @@ int
 sockopt_minttl (int family, int sock, int minttl)
 {
 #ifdef IP_MINTTL
-  int ret;
-  
-  ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
-  if (ret < 0)
+  if (family == AF_INET)
     {
-      zlog (NULL, LOG_WARNING,
-            "can't set sockopt IP_MINTTL to %d on socket %d: %s",
-            minttl, sock, safe_strerror (errno));
-      return -1;
+      int ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
+      if (ret < 0)
+	  zlog (NULL, LOG_WARNING,
+		"can't set sockopt IP_MINTTL to %d on socket %d: %s",
+		minttl, sock, safe_strerror (errno));
+      return ret;
     }
+#endif /* IP_MINTTL */
+#ifdef IPV6_MINHOPCNT
+  if (family == AF_INET6)
+    {
+      int ret = setsockopt (sock, IPPROTO_IPV6, IPV6_MINHOPCNT, &minttl, sizeof(minttl));
+      if (ret < 0)
+	  zlog (NULL, LOG_WARNING,
+		"can't set sockopt IPV6_MINHOPCNT to %d on socket %d: %s",
+		minttl, sock, safe_strerror (errno));
+      return ret;
+    }
+#endif
 
-  return 0;
-#else
   errno = EOPNOTSUPP;
   return -1;
-#endif /* IP_MINTTL */
 }
 
 /* If same family and same prefix return 1. */
-- 
cgit v1.2.1