4 files changed, 29 insertions, 1 deletions

diff --git a/include/linux/in6.h b/include/linux/in6.h
index bd55c6e46b2..9b90cb296eb 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -265,6 +265,9 @@ struct in6_flowlabel_req {
 #define IPV6_PREFER_SRC_CGA             0x0008
 #define IPV6_PREFER_SRC_NONCGA          0x0800
 
+/* RFC5082: Generalized Ttl Security Mechanism */
+#define IPV6_MINHOPCOUNT                73
+
 /*
  * Multicast Routing:
  * see include/linux/mroute6.h.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index e0cc9a7db2b..1bdbebf08d1 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -348,6 +348,7 @@ struct ipv6_pinfo {
                                                  * 010: prefer public address
                                                  * 100: prefer care-of address
                                                  */
+        __u8                    min_hopcount;
         __u8                    tclass;
 
         __u32                   dst_cookie;
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 1160400e9db..92295ad3487 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -767,6 +767,14 @@ pref_skip_coa:
 
                 break;
             }
+        case IPV6_MINHOPCOUNT:
+                if (optlen < sizeof(int))
+                        goto e_inval;
+                if (val < 0 || val > 255)
+                        goto e_inval;
+                np->min_hopcount = val;
+                retv = 0;
+                break;
         }
 
         release_sock(sk);
@@ -1116,6 +1124,10 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
                         val |= IPV6_PREFER_SRC_HOME;
                 break;
 
+        case IPV6_MINHOPCOUNT:
+                val = np->min_hopcount;
+                break;
+
         default:
                 return -ENOPROTOOPT;
         }
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 1ababbb4113..6603511e367 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -353,6 +353,11 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
         if (sk->sk_state == TCP_CLOSE)
                 goto out;
 
+        if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
+                NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
+                goto out;
+        }
+
         tp = tcp_sk(sk);
         seq = ntohl(th->seq);
         if (sk->sk_state != TCP_LISTEN &&
@@ -1678,6 +1683,7 @@ ipv6_pktoptions:
 static int tcp_v6_rcv(struct sk_buff *skb)
 {
         struct tcphdr *th;
+        struct ipv6hdr *hdr;
         struct sock *sk;
         int ret;
         struct net *net = dev_net(skb->dev);
@@ -1704,12 +1710,13 @@ static int tcp_v6_rcv(struct sk_buff *skb)
                 goto bad_packet;
 
         th = tcp_hdr(skb);
+        hdr = ipv6_hdr(skb);
         TCP_SKB_CB(skb)->seq = ntohl(th->seq);
         TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
                                     skb->len - th->doff*4);
         TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
         TCP_SKB_CB(skb)->when = 0;
-        TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
+        TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(hdr);
         TCP_SKB_CB(skb)->sacked = 0;
 
         sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -1720,6 +1727,11 @@ process:
         if (sk->sk_state == TCP_TIME_WAIT)
                 goto do_time_wait;
 
+        if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
+                NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
+                goto discard_and_relse;
+        }
+
         if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
                 goto discard_and_relse;