From: Stephen Hemminger <shemminger@vyatta.com>
To: davem@davemloft.net
Cc: Pekka Savola <pekkas@netcore.fi>,
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>,
Nick Hilliard <nick@inex.ie>,
netdev@vger.kernel.org
Subject: Re: [PATCH 1/3] IPv6: Generic TTL Security Mechanism (original version)
Date: Thu, 22 Apr 2010 09:23:05 -0700 [thread overview]
Message-ID: <20100422092305.0e45f547@nehalam> (raw)
In-Reply-To: <20100403232922.489187907@vyatta.com>
On Sat, 03 Apr 2010 16:21:04 -0700
Stephen Hemminger <shemminger@vyatta.com> wrote:
> This patch adds IPv6 support for RFC5082 Generalized TTL
> Security Mechanism.
>
> The original proposed code; the IPV6 and IPV4 socket options are seperate.
> With this method, the server does have to deal with both IPv4 and IPv6
> socket options and the client has to handle the different for each
> family.
>
> On client:
> int ttl = 255;
> getaddrinfo(argv[1], argv[2], &hint, &result);
>
> for (rp = result; rp != NULL; rp = rp->ai_next) {
> s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
> if (s < 0) continue;
>
> if (rp->ai_family == AF_INET) {
> setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));
> } else if (rp->ai_family == AF_INET6) {
> setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
> &ttl, sizeof(ttl)))
> }
>
> if (connect(s, rp->ai_addr, rp->ai_addrlen) == 0) {
> ...
>
> On server:
> int minttl = 255 - maxhops;
>
> getaddrinfo(NULL, port, &hints, &result);
> for (rp = result; rp != NULL; rp = rp->ai_next) {
> s = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
> if (s < 0) continue;
>
> if (rp->ai_family == AF_INET6)
> setsockopt(s, IPPROTO_IPV6, IPV6_MINHOPCOUNT,
> &minttl, sizeof(minttl));
> setsockopt(s, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
>
> if (bind(s, rp->ai_addr, rp->ai_addrlen) == 0)
> break
> ..
>
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Dave: Yoshifuji and I agree this is the best solution, how come the patch
hasn't been applied?
next prev parent reply other threads:[~2010-04-22 16:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-03 23:21 [PATCH 0/3] GTSM support for IPv6 three alternatives Stephen Hemminger
2010-04-03 23:21 ` [PATCH 1/3] IPv6: Generic TTL Security Mechanism (original version) Stephen Hemminger
2010-04-05 4:48 ` YOSHIFUJI Hideaki
2010-04-05 19:06 ` Nick Hilliard
2010-04-22 16:23 ` Stephen Hemminger [this message]
2010-04-22 21:38 ` David Miller
2010-04-22 22:18 ` [PATCH] IPv6: Generic TTL Security Mechanism (final version) Stephen Hemminger
2010-04-22 22:27 ` David Miller
2010-04-03 23:21 ` [PATCH 2/3] IPv6: Generic TTL Security Mechanism (alternate version) Stephen Hemminger
2010-04-03 23:21 ` [PATCH 3/3] IPv6: Generic TTL Security Mechanism (unified version) Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100422092305.0e45f547@nehalam \
--to=shemminger@vyatta.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=nick@inex.ie \
--cc=pekkas@netcore.fi \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.