Some fixes for TTL security.

author: Ondrej Zajicek <santiago@crfreenet.org> 2013-07-11 13:50:44 +0200
committer: Ondrej Zajicek <santiago@crfreenet.org> 2013-07-11 13:50:44 +0200
commit: 354496ace87341428e6005fbc073fbe57b4e6c0e (patch)
tree: 3dae3a53b6e45cd7cb144296d54fda90fff7cc14 /sysdep
parent: cc31b75a8fd7949533c12db2c3e9d67eeaf46d10 (diff)
2 files changed, 16 insertions, 16 deletions
diff --git a/sysdep/bsd/sysio.h b/sysdep/bsd/sysio.h
index 031eac9a..cf049a0b 100644
--- a/sysdep/bsd/sysio.h
+++ b/sysdep/bsd/sysio.h
@@ -6,9 +6,22 @@
  *	Can be freely distributed and used under the terms of the GNU GPL.
  */
 
+#ifdef __NetBSD__
+
+#ifndef IP_RECVTTL
+#define IP_RECVTTL 23
+#endif
+
+#ifndef IP_MINTTL
+#define IP_MINTTL 24
+#endif
+
+#endif
+
 #ifdef __DragonFly__
 #define TCP_MD5SIG	TCP_SIGNATURE_ENABLE
 #endif
+
 #ifdef IPV6
 
 static inline void
@@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
 
 #ifndef IPV6
 
-#ifdef IP_MINTTL
-
 static int
 sk_set_min_ttl4(sock *s, int ttl)
 {
@@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
   return 0;
 }
 
-#else /* no IP_MINTTL */
-
-static int
-sk_set_min_ttl4(sock *s, int ttl)
-{
-  log(L_ERR "IPv4 TTL security not supported");
-  return -1;
-}
-
-#endif
-
 #else /* IPv6 */
 
 static int
diff --git a/sysdep/unix/io.c b/sysdep/unix/io.c
index 93863885..4fee10e7 100644
--- a/sysdep/unix/io.c
+++ b/sysdep/unix/io.c
@@ -821,10 +821,10 @@ sk_setup(sock *s)
     WARN("IPV6_V6ONLY");
 #endif
 
-  if (s->ttl >= 0)
-    err = sk_set_ttl_int(s);
+  if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
+    goto bad;
 
-  sysio_register_cmsgs(s);
+  err = sysio_register_cmsgs(s);
 bad:
   return err;
 }
author	Ondrej Zajicek <santiago@crfreenet.org>	2013-07-11 13:50:44 +0200
committer	Ondrej Zajicek <santiago@crfreenet.org>	2013-07-11 13:50:44 +0200
commit	354496ace87341428e6005fbc073fbe57b4e6c0e (patch)
tree	3dae3a53b6e45cd7cb144296d54fda90fff7cc14 /sysdep
parent	cc31b75a8fd7949533c12db2c3e9d67eeaf46d10 (diff)