[PATCH] Add IP_RECVTTL socket option support

[Hasso Tepper <hasso@xxxxxxxxx>]

# HG changeset patch
# User Hasso Tepper <hasso@estpak.ee>
# Date 1175495001 -10800
# Node ID bb9e64772dc17d5e6155ed7d2ad98545cd65d794
# Parent  3a99304a032fccb41f8423112e3274bf329d7d96
Add IP_RECVTTL socket option support.

When set, userland receives the incoming packet's TTL as ancillary data
with recvmsg(2) call. It allows to implement security mechanisms described
in RFC3682 (GTSM).

Obtained from FreeBSD.

diff -r 3a99304a032f -r bb9e64772dc1 share/man/man4/ip.4
--- a/share/man/man4/ip.4	Sun Apr 01 22:58:14 2007 +0300
+++ b/share/man/man4/ip.4	Mon Apr 02 09:23:21 2007 +0300
@@ -137,6 +137,28 @@ cmsg_type = IP_RECVDSTADDR
 cmsg_type = IP_RECVDSTADDR
 .Ed
 .Pp
+If the
+.Dv IP_RECVTTL
+option is enabled on a
+.Dv SOCK_DGRAM
+socket, the
+.Xr recvmsg 2
+call will return the
+.Tn IP
+.Tn TTL
+(time to live) field for a
+.Tn UDP
+datagram.
+The msg_control field in the msghdr structure points to a buffer
+that contains a cmsghdr structure followed by the
+.Tn TTL .
+The cmsghdr fields have the following values:
+.Bd -literal
+cmsg_len = sizeof(u_char)
+cmsg_level = IPPROTO_IP
+cmsg_type = IP_RECVTTL
+.Ed
+.Pp
 .Dv IP_PORTRANGE
 may be used to set the port range used for selecting a local port number
 on a socket with an unspecified (zero) port number.
diff -r 3a99304a032f -r bb9e64772dc1 sys/netinet/in.h
--- a/sys/netinet/in.h	Sun Apr 01 22:58:14 2007 +0300
+++ b/sys/netinet/in.h	Mon Apr 02 09:23:21 2007 +0300
@@ -355,6 +355,8 @@ struct sockaddr_in {
 #define	IP_DUMMYNET_FLUSH	62   /* flush dummynet */
 #define	IP_DUMMYNET_GET		64   /* get entire dummynet pipes */
 
+#define	IP_RECVTTL		65   /* bool; receive IP TTL w/dgram */
+
 /*
  * Defaults and limits for options
  */
diff -r 3a99304a032f -r bb9e64772dc1 sys/netinet/in_pcb.h
--- a/sys/netinet/in_pcb.h	Sun Apr 01 22:58:14 2007 +0300
+++ b/sys/netinet/in_pcb.h	Mon Apr 02 09:23:21 2007 +0300
@@ -327,8 +327,10 @@ struct inpcbinfo {		/* XXX documentation
 #define	IN6P_RTHDRDSTOPTS	0x200000 /* receive dstoptions before rthdr */
 #define IN6P_AUTOFLOWLABEL	0x800000 /* attach flowlabel automatically */
 
+#define	INP_RECVTTL		0x80000000 /* receive incoming IP TTL */
+
 #define	INP_CONTROLOPTS		(INP_RECVOPTS|INP_RECVRETOPTS|INP_RECVDSTADDR|\
-					INP_RECVIF|\
+					INP_RECVIF|INP_RECVTTL|\
 				 IN6P_PKTINFO|IN6P_HOPLIMIT|IN6P_HOPOPTS|\
 				 IN6P_DSTOPTS|IN6P_RTHDR|IN6P_RTHDRDSTOPTS|\
 				 IN6P_AUTOFLOWLABEL)
diff -r 3a99304a032f -r bb9e64772dc1 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c	Sun Apr 01 22:58:14 2007 +0300
+++ b/sys/netinet/ip_input.c	Mon Apr 02 09:23:21 2007 +0300
@@ -2171,6 +2171,12 @@ ip_savecontrol(struct inpcb *inp, struct
 		if (*mp)
 			mp = &(*mp)->m_next;
 	}
+	if (inp->inp_flags & INP_RECVTTL) {
+		*mp = sbcreatecontrol((caddr_t) &ip->ip_ttl,
+		    sizeof(u_char), IP_RECVTTL, IPPROTO_IP);
+		if (*mp)
+			mp = &(*mp)->m_next;
+	}
 #ifdef notyet
 	/* XXX
 	 * Moving these out of udp_input() made them even more broken
diff -r 3a99304a032f -r bb9e64772dc1 sys/netinet/ip_output.c
--- a/sys/netinet/ip_output.c	Sun Apr 01 22:58:14 2007 +0300
+++ b/sys/netinet/ip_output.c	Mon Apr 02 09:23:21 2007 +0300
@@ -1413,6 +1413,7 @@ ip_ctloutput(struct socket *so, struct s
 		case IP_RECVRETOPTS:
 		case IP_RECVDSTADDR:
 		case IP_RECVIF:
+		case IP_RECVTTL:
 		case IP_FAITH:
 			error = sooptcopyin(sopt, &optval, sizeof optval,
 					    sizeof optval);
@@ -1447,6 +1448,10 @@ ip_ctloutput(struct socket *so, struct s
 
 			case IP_RECVIF:
 				OPTSET(INP_RECVIF);
+				break;
+
+			case IP_RECVTTL:
+				OPTSET(INP_RECVTTL);
 				break;
 
 			case IP_FAITH:
@@ -1541,6 +1546,7 @@ ip_ctloutput(struct socket *so, struct s
 		case IP_RECVOPTS:
 		case IP_RECVRETOPTS:
 		case IP_RECVDSTADDR:
+		case IP_RECVTTL:
 		case IP_RECVIF:
 		case IP_PORTRANGE:
 		case IP_FAITH:
@@ -1566,6 +1572,10 @@ ip_ctloutput(struct socket *so, struct s
 
 			case IP_RECVDSTADDR:
 				optval = OPTBIT(INP_RECVDSTADDR);
+				break;
+
+			case IP_RECVTTL:
+				optval = OPTBIT(INP_RECVTTL);
 				break;
 
 			case IP_RECVIF: