Bug #1304

Bug in IP_MINTTL setsockopt() implementation

Added by nick over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:hasso% Done:


Target version:-


The IP_MINTTL socket option allows implementation of GTSM - RFC 5082. This
is useful for BGP session security, and is implemented in OpenBGPD 4.3.

From perusing the kernel code, you can set inp->inp_ip_minttl to any value
between 1 and MAXTTL (i.e. 255). These are permissable TTL values.
However, when setting up the inp structure, inp_ip_minttl will be
initialised to zero. Also, there are various checks in
/sys/netinet/raw_ip.c, /sys/netinet/tcp_input.c and
/sys/netinet/udp_usrreq.c which only perform a MINTTL check if
inp->inp_ip_minttl is set to nonzero. This suggests that zero is a valid
value for inp_ip_minttl.

However, there is a bug in the implementation on {free,open,dragonfly}bsd
which prevents a programmer from calling the setsockopt() IP_MINTTL with a
value of zero.

Patch attached to fix this behaviour. Please also see FreeBSD PR: kern/128790,
which was committed to -current and -stable a couple of weeks ago.

ip_output.c.diff Magnifier (344 Bytes) nick, 03/02/2009 12:38 PM


#1 Updated by hasso over 7 years ago

I'll take it.

#2 Updated by hasso over 7 years ago

Committed to both - master and 2.2 branch. Thanks for the report.

Also available in: Atom PDF