lib: Add support for IPv6 ttl security

* sockunion.c: (sockopt_minttl) Add IPv6 support for min hop count.
  The kernel support is Linux kernel 2.6.35 or later.

diff --git a/lib/sockunion.c b/lib/sockunion.c
index df05acb39bb2e7893f808fd16a171c6edd80b6d5..a5382a72f0d3c60f82c8165a53c7484aac93877e 100644 (file)
--- a/lib/sockunion.c
+++ b/lib/sockunion.c
@@ -541,22 +541,30 @@ int
 sockopt_minttl (int family, int sock, int minttl)
 {
 #ifdef IP_MINTTL
-  int ret;
-  
-  ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
-  if (ret < 0)
+  if (family == AF_INET)
     {
-      zlog (NULL, LOG_WARNING,
-            "can't set sockopt IP_MINTTL to %d on socket %d: %s",
-            minttl, sock, safe_strerror (errno));
-      return -1;
+      int ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
+      if (ret < 0)
+         zlog (NULL, LOG_WARNING,
+               "can't set sockopt IP_MINTTL to %d on socket %d: %s",
+               minttl, sock, safe_strerror (errno));
+      return ret;
     }
+#endif /* IP_MINTTL */
+#ifdef IPV6_MINHOPCNT
+  if (family == AF_INET6)
+    {
+      int ret = setsockopt (sock, IPPROTO_IPV6, IPV6_MINHOPCNT, &minttl, sizeof(minttl));
+      if (ret < 0)
+         zlog (NULL, LOG_WARNING,
+               "can't set sockopt IPV6_MINHOPCNT to %d on socket %d: %s",
+               minttl, sock, safe_strerror (errno));
+      return ret;
+    }
+#endif
 
-  return 0;
-#else
   errno = EOPNOTSUPP;
   return -1;
-#endif /* IP_MINTTL */
 }
 
 /* If same family and same prefix return 1. */