diff options
| -rw-r--r-- | server/sockopt.go | 4 | ||||
| -rw-r--r-- | server/sockopt_bsd.go | 33 | ||||
| -rw-r--r-- | server/sockopt_linux.go | 33 | ||||
| -rw-r--r-- | server/sockopt_openbsd.go | 33 |
4 files changed, 76 insertions, 27 deletions
diff --git a/server/sockopt.go b/server/sockopt.go index 34d9ed5e..2f6a8bb6 100644 --- a/server/sockopt.go +++ b/server/sockopt.go @@ -29,6 +29,10 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { return fmt.Errorf("setting ttl is not supported") } +func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error { + return fmt.Errorf("setting min ttl is not supported") +} + func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) { return nil, fmt.Errorf("md5 active connection unsupported") } diff --git a/server/sockopt_bsd.go b/server/sockopt_bsd.go index 62514edb..a9f9d61f 100644 --- a/server/sockopt_bsd.go +++ b/server/sockopt_bsd.go @@ -25,7 +25,8 @@ import ( ) const ( - TCP_MD5SIG = 0x10 + TCP_MD5SIG = 0x10 // TCP MD5 Signature (RFC2385) + IPV6_MINHOPCOUNT = 73 // Generalized TTL Security Mechanism (RFC5082) ) func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error { @@ -49,13 +50,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error return nil } -func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { - level := syscall.IPPROTO_IP - name := syscall.IP_TTL - if strings.Contains(conn.RemoteAddr().String(), "[") { - level = syscall.IPPROTO_IPV6 - name = syscall.IPV6_UNICAST_HOPS - } +func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error { fi, err := conn.File() defer fi.Close() if err != nil { @@ -64,7 +59,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { if conn, err := net.FileConn(fi); err == nil { defer conn.Close() } - return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl)) + return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value)) +} + +func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_TTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = syscall.IPV6_UNICAST_HOPS + } + return setTcpSockoptInt(conn, level, name, ttl) +} + +func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_MINTTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = IPV6_MINHOPCOUNT + } + return setTcpSockoptInt(conn, level, name, ttl) } func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) { diff --git a/server/sockopt_linux.go b/server/sockopt_linux.go index 1db559b5..0dc4cd5f 100644 --- a/server/sockopt_linux.go +++ b/server/sockopt_linux.go @@ -26,7 +26,8 @@ import ( ) const ( - TCP_MD5SIG = 14 + TCP_MD5SIG = 14 // TCP MD5 Signature (RFC2385) + IPV6_MINHOPCOUNT = 73 // Generalized TTL Security Mechanism (RFC5082) ) type tcpmd5sig struct { @@ -74,13 +75,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error return nil } -func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { - level := syscall.IPPROTO_IP - name := syscall.IP_TTL - if strings.Contains(conn.RemoteAddr().String(), "[") { - level = syscall.IPPROTO_IPV6 - name = syscall.IPV6_UNICAST_HOPS - } +func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error { fi, err := conn.File() defer fi.Close() if err != nil { @@ -89,7 +84,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { if conn, err := net.FileConn(fi); err == nil { defer conn.Close() } - return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl)) + return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value)) +} + +func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_TTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = syscall.IPV6_UNICAST_HOPS + } + return setTcpSockoptInt(conn, level, name, ttl) +} + +func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_MINTTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = IPV6_MINHOPCOUNT + } + return setTcpSockoptInt(conn, level, name, ttl) } func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) { diff --git a/server/sockopt_openbsd.go b/server/sockopt_openbsd.go index 90eb7490..6dd26e59 100644 --- a/server/sockopt_openbsd.go +++ b/server/sockopt_openbsd.go @@ -348,7 +348,8 @@ func saDelete(address string) error { } const ( - TCP_MD5SIG = 0x4 + TCP_MD5SIG = 0x4 // TCP MD5 Signature (RFC2385) + IPV6_MINHOPCOUNT = 73 // Generalized TTL Security Mechanism (RFC5082) ) func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error { @@ -373,13 +374,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error return saDelete(address) } -func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { - level := syscall.IPPROTO_IP - name := syscall.IP_TTL - if strings.Contains(conn.RemoteAddr().String(), "[") { - level = syscall.IPPROTO_IPV6 - name = syscall.IPV6_UNICAST_HOPS - } +func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error { fi, err := conn.File() defer fi.Close() if err != nil { @@ -388,7 +383,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { if conn, err := net.FileConn(fi); err == nil { defer conn.Close() } - return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl)) + return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value)) +} + +func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_TTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = syscall.IPV6_UNICAST_HOPS + } + return setTcpSockoptInt(conn, level, name, ttl) +} + +func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error { + level := syscall.IPPROTO_IP + name := syscall.IP_MINTTL + if strings.Contains(conn.RemoteAddr().String(), "[") { + level = syscall.IPPROTO_IPV6 + name = IPV6_MINHOPCOUNT + } + return setTcpSockoptInt(conn, level, name, ttl) } func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) { |