Some fixes for TTL security.

proto/ospf/iface.c

@@ -87,6 +87,7 @@ ospf_sk_open(struct ospf_iface *ifa)
   sk->tbsize = rxbufsize(ifa);
   sk->data = (void *) ifa;
   sk->flags = SKF_LADDR_RX | (ifa->check_ttl ? SKF_TTL_RX : 0);
+  sk->ttl = ifa->cf->ttl_security ? 255 : -1;
 
   if (sk_open(sk) != 0)
     goto err;
@@ -664,7 +665,8 @@ ospf_iface_reconfigure(struct ospf_iface *ifa, struct ospf_iface_patt *new)
   /* Change of these options would require to reset the iface socket */
   if ((new->real_bcast != ifa->cf->real_bcast) ||
       (new->tx_tos != ifa->cf->tx_tos) ||
-      (new->tx_priority != ifa->cf->tx_priority))
+      (new->tx_priority != ifa->cf->tx_priority) ||
+      (new->ttl_security != ifa->cf->ttl_security))
     return 0;
 
   ifa->cf = new;

sysdep/bsd/sysio.h

@@ -6,9 +6,22 @@
  *	Can be freely distributed and used under the terms of the GNU GPL.
  */
 
+#ifdef __NetBSD__
+
+#ifndef IP_RECVTTL
+#define IP_RECVTTL 23
+#endif
+
+#ifndef IP_MINTTL
+#define IP_MINTTL 24
+#endif
+
+#endif
+
 #ifdef __DragonFly__
 #define TCP_MD5SIG	TCP_SIGNATURE_ENABLE
 #endif
+
 #ifdef IPV6
 
 static inline void
@@ -259,8 +272,6 @@ sk_set_md5_auth_int(sock *s, sockaddr *sa, char *passwd)
 
 #ifndef IPV6
 
-#ifdef IP_MINTTL
-
 static int
 sk_set_min_ttl4(sock *s, int ttl)
 {
@@ -277,17 +288,6 @@ sk_set_min_ttl4(sock *s, int ttl)
   return 0;
 }
 
-#else /* no IP_MINTTL */
-
-static int
-sk_set_min_ttl4(sock *s, int ttl)
-{
-  log(L_ERR "IPv4 TTL security not supported");
-  return -1;
-}
-
-#endif
-
 #else /* IPv6 */
 
 static int

sysdep/unix/io.c

@@ -821,10 +821,10 @@ sk_setup(sock *s)
     WARN("IPV6_V6ONLY");
 #endif
 
-  if (s->ttl >= 0)
+  if ((s->ttl >= 0) && (err = sk_set_ttl_int(s)))
-    err = sk_set_ttl_int(s);
+    goto bad;
 
-  sysio_register_cmsgs(s);
+  err = sysio_register_cmsgs(s);
 bad:
   return err;
 }