IPV6_MINHOPCOUNT on UDP sockets

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

IPV6_MINHOPCOUNT on UDP sockets

Jeremie Courreges-Anglas-2

Renato would like to implement GTSM in ldpd(8), the first step would be
to support IPV6_MINHOPCOUNT on SOCK_DGRAM sockets.  The following diff
seems to work fine for him.

I did not go down all possible *_input() methods, only regular TCP and
UDP sockets.  Is that enough to deserve the associated manpage diff?

Thoughts / oks?  I'll admit that the code is getting a big ugly...


Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.213
diff -u -p -r1.213 udp_usrreq.c
--- sys/netinet/udp_usrreq.c 18 Jun 2016 10:36:13 -0000 1.213
+++ sys/netinet/udp_usrreq.c 27 Jun 2016 17:19:35 -0000
@@ -425,15 +425,25 @@ udp_input(struct mbuf *m, ...)
  continue;
 #ifdef INET6
  if (ip6) {
+ if (inp->inp_ip6_minhlim &&
+    inp->inp_ip6_minhlim > ip6->ip6_hlim)
+ continue;
  if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6))
  if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
     &ip6->ip6_dst))
  continue;
  } else
 #endif /* INET6 */
- if (inp->inp_laddr.s_addr != INADDR_ANY) {
- if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
+ {
+ if (inp->inp_ip_minttl &&
+    inp->inp_ip_minttl > ip->ip_ttl)
  continue;
+
+ if (inp->inp_laddr.s_addr != INADDR_ANY) {
+ if (inp->inp_laddr.s_addr !=
+    ip->ip_dst.s_addr)
+ continue;
+ }
  }
 #ifdef INET6
  if (ip6) {
@@ -580,6 +590,17 @@ udp_input(struct mbuf *m, ...)
  }
  KASSERT(sotoinpcb(inp->inp_socket) == inp);
 
+#ifdef INET6
+ if (ip6 && inp->inp_ip6_minhlim &&
+    inp->inp_ip6_minhlim > ip6->ip6_hlim) {
+ goto bad;
+ } else
+#endif
+ if (ip && inp->inp_ip_minttl &&
+    inp->inp_ip_minttl > ip->ip_ttl) {
+ goto bad;
+ }
+
 #if NPF > 0
  if (inp->inp_socket->so_state & SS_ISCONNECTED)
  pf_inp_link(m, inp);
Index: share/man/man4/ip6.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip6.4,v
retrieving revision 1.38
diff -u -p -r1.38 ip6.4
--- share/man/man4/ip6.4 27 Jun 2016 16:33:48 -0000 1.38
+++ share/man/man4/ip6.4 27 Jun 2016 18:36:53 -0000
@@ -146,9 +146,7 @@ datagrams sent on this socket.
 A value of \-1 resets to the default value.
 .It Dv IPV6_MINHOPCOUNT Fa "int *"
 Get or set the minimum hop limit header field for incoming unicast
-datagrams received on this
-.Dv SOCK_STREAM
-socket.
+datagrams received on this socket.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.


--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Alexander Bluhm
On Mon, Jun 27, 2016 at 08:46:12PM +0200, Jeremie Courreges-Anglas wrote:
>
> Renato would like to implement GTSM in ldpd(8), the first step would be
> to support IPV6_MINHOPCOUNT on SOCK_DGRAM sockets.  The following diff
> seems to work fine for him.
>
> I did not go down all possible *_input() methods, only regular TCP and
> UDP sockets.  Is that enough to deserve the associated manpage diff?
>
> Thoughts / oks?  I'll admit that the code is getting a big ugly...

The man page says IPV6_MINHOPCOUNT is only for unicast packets.
The ugly part of the code is dealing with multicast packets.

I don't know which is right.  Is there a specification somewhere?

bluhm

> Index: sys/netinet/udp_usrreq.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
> retrieving revision 1.213
> diff -u -p -r1.213 udp_usrreq.c
> --- sys/netinet/udp_usrreq.c 18 Jun 2016 10:36:13 -0000 1.213
> +++ sys/netinet/udp_usrreq.c 27 Jun 2016 17:19:35 -0000
> @@ -425,15 +425,25 @@ udp_input(struct mbuf *m, ...)
>   continue;
>  #ifdef INET6
>   if (ip6) {
> + if (inp->inp_ip6_minhlim &&
> +    inp->inp_ip6_minhlim > ip6->ip6_hlim)
> + continue;
>   if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6))
>   if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
>      &ip6->ip6_dst))
>   continue;
>   } else
>  #endif /* INET6 */
> - if (inp->inp_laddr.s_addr != INADDR_ANY) {
> - if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
> + {
> + if (inp->inp_ip_minttl &&
> +    inp->inp_ip_minttl > ip->ip_ttl)
>   continue;
> +
> + if (inp->inp_laddr.s_addr != INADDR_ANY) {
> + if (inp->inp_laddr.s_addr !=
> +    ip->ip_dst.s_addr)
> + continue;
> + }
>   }
>  #ifdef INET6
>   if (ip6) {
> @@ -580,6 +590,17 @@ udp_input(struct mbuf *m, ...)
>   }
>   KASSERT(sotoinpcb(inp->inp_socket) == inp);
>  
> +#ifdef INET6
> + if (ip6 && inp->inp_ip6_minhlim &&
> +    inp->inp_ip6_minhlim > ip6->ip6_hlim) {
> + goto bad;
> + } else
> +#endif
> + if (ip && inp->inp_ip_minttl &&
> +    inp->inp_ip_minttl > ip->ip_ttl) {
> + goto bad;
> + }
> +
>  #if NPF > 0
>   if (inp->inp_socket->so_state & SS_ISCONNECTED)
>   pf_inp_link(m, inp);
> Index: share/man/man4/ip6.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/ip6.4,v
> retrieving revision 1.38
> diff -u -p -r1.38 ip6.4
> --- share/man/man4/ip6.4 27 Jun 2016 16:33:48 -0000 1.38
> +++ share/man/man4/ip6.4 27 Jun 2016 18:36:53 -0000
> @@ -146,9 +146,7 @@ datagrams sent on this socket.
>  A value of \-1 resets to the default value.
>  .It Dv IPV6_MINHOPCOUNT Fa "int *"
>  Get or set the minimum hop limit header field for incoming unicast
> -datagrams received on this
> -.Dv SOCK_STREAM
> -socket.
> +datagrams received on this socket.
>  This can be used to implement the
>  .Em Generalized TTL Security Mechanism (GTSM)
>  according to RFC 5082.
>
>
> --
> jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Jeremie Courreges-Anglas-2
Alexander Bluhm <[hidden email]> writes:

> On Mon, Jun 27, 2016 at 08:46:12PM +0200, Jeremie Courreges-Anglas wrote:
>>
>> Renato would like to implement GTSM in ldpd(8), the first step would be
>> to support IPV6_MINHOPCOUNT on SOCK_DGRAM sockets.  The following diff
>> seems to work fine for him.
>>
>> I did not go down all possible *_input() methods, only regular TCP and
>> UDP sockets.  Is that enough to deserve the associated manpage diff?
>>
>> Thoughts / oks?  I'll admit that the code is getting a big ugly...
>
> The man page says IPV6_MINHOPCOUNT is only for unicast packets.
> The ugly part of the code is dealing with multicast packets.

IIUC Renato also needs multicast support.  I thought it wouldn't be
a problem to extend the IPV6_MINHOPCOUNT scope.

> I don't know which is right.  Is there a specification somewhere?

Nope.  IPV6_MINHOPCOUNT is almost undocumented in Linux land, where it
only applies to TCP sockets.

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Alexander Bluhm
On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
> Alexander Bluhm <[hidden email]> writes:
> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
> > The ugly part of the code is dealing with multicast packets.
>
> IIUC Renato also needs multicast support.  I thought it wouldn't be
> a problem to extend the IPV6_MINHOPCOUNT scope.

If he needs it, just remove the word "unicast" from the man page.
Then it is OK bluhm@

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Renato Westphal
2016-06-27 19:01 GMT-03:00 Alexander Bluhm <[hidden email]>:

> On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
>> Alexander Bluhm <[hidden email]> writes:
>> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
>> > The ugly part of the code is dealing with multicast packets.
>>
>> IIUC Renato also needs multicast support.  I thought it wouldn't be
>> a problem to extend the IPV6_MINHOPCOUNT scope.
>
> If he needs it, just remove the word "unicast" from the man page.
> Then it is OK bluhm@

Yes, I need this to implement support for RFC 7552, which says: "(...)
the LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
be checked for the same upon receipt (before any LDP-specific
processing)". And LDP Link Hello packets are multicast UDP packets...

Also, besides removing the word "unicast" from the man page, I'd go
further and rename "datagrams" to "packets", which is a more generic
term.

--
Renato Westphal

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Jeremie Courreges-Anglas-2
Renato Westphal <[hidden email]> writes:

> 2016-06-27 19:01 GMT-03:00 Alexander Bluhm <[hidden email]>:
>> On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
>>> Alexander Bluhm <[hidden email]> writes:
>>> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
>>> > The ugly part of the code is dealing with multicast packets.
>>>
>>> IIUC Renato also needs multicast support.  I thought it wouldn't be
>>> a problem to extend the IPV6_MINHOPCOUNT scope.
>>
>> If he needs it, just remove the word "unicast" from the man page.
>> Then it is OK bluhm@

Ack, thanks.

> Yes, I need this to implement support for RFC 7552, which says: "(...)
> the LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
> be checked for the same upon receipt (before any LDP-specific
> processing)". And LDP Link Hello packets are multicast UDP packets...
>
> Also, besides removing the word "unicast" from the man page, I'd go
> further and rename "datagrams" to "packets", which is a more generic
> term.

Makes sense.  Updated diff below, I'll probably commit it tomorrow
(tuesday CEST): let me know if this is enough for ldpd.

Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /cvs/src/sys/netinet/udp_usrreq.c,v
retrieving revision 1.213
diff -u -p -r1.213 udp_usrreq.c
--- sys/netinet/udp_usrreq.c 18 Jun 2016 10:36:13 -0000 1.213
+++ sys/netinet/udp_usrreq.c 27 Jun 2016 17:19:35 -0000
@@ -425,15 +425,25 @@ udp_input(struct mbuf *m, ...)
  continue;
 #ifdef INET6
  if (ip6) {
+ if (inp->inp_ip6_minhlim &&
+    inp->inp_ip6_minhlim > ip6->ip6_hlim)
+ continue;
  if (!IN6_IS_ADDR_UNSPECIFIED(&inp->inp_laddr6))
  if (!IN6_ARE_ADDR_EQUAL(&inp->inp_laddr6,
     &ip6->ip6_dst))
  continue;
  } else
 #endif /* INET6 */
- if (inp->inp_laddr.s_addr != INADDR_ANY) {
- if (inp->inp_laddr.s_addr != ip->ip_dst.s_addr)
+ {
+ if (inp->inp_ip_minttl &&
+    inp->inp_ip_minttl > ip->ip_ttl)
  continue;
+
+ if (inp->inp_laddr.s_addr != INADDR_ANY) {
+ if (inp->inp_laddr.s_addr !=
+    ip->ip_dst.s_addr)
+ continue;
+ }
  }
 #ifdef INET6
  if (ip6) {
@@ -580,6 +590,17 @@ udp_input(struct mbuf *m, ...)
  }
  KASSERT(sotoinpcb(inp->inp_socket) == inp);
 
+#ifdef INET6
+ if (ip6 && inp->inp_ip6_minhlim &&
+    inp->inp_ip6_minhlim > ip6->ip6_hlim) {
+ goto bad;
+ } else
+#endif
+ if (ip && inp->inp_ip_minttl &&
+    inp->inp_ip_minttl > ip->ip_ttl) {
+ goto bad;
+ }
+
 #if NPF > 0
  if (inp->inp_socket->so_state & SS_ISCONNECTED)
  pf_inp_link(m, inp);
Index: share/man/man4/ip6.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip6.4,v
retrieving revision 1.38
diff -u -p -r1.38 ip6.4
--- share/man/man4/ip6.4 27 Jun 2016 16:33:48 -0000 1.38
+++ share/man/man4/ip6.4 27 Jun 2016 23:24:37 -0000
@@ -145,10 +145,8 @@ Get or set the default hop limit header
 datagrams sent on this socket.
 A value of \-1 resets to the default value.
 .It Dv IPV6_MINHOPCOUNT Fa "int *"
-Get or set the minimum hop limit header field for incoming unicast
-datagrams received on this
-.Dv SOCK_STREAM
-socket.
+Get or set the minimum hop limit header field for incoming
+packets received on this socket.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.


--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Renato Westphal
2016-06-27 20:30 GMT-03:00 Jeremie Courreges-Anglas <[hidden email]>:

> Renato Westphal <[hidden email]> writes:
>
>> 2016-06-27 19:01 GMT-03:00 Alexander Bluhm <[hidden email]>:
>>> On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
>>>> Alexander Bluhm <[hidden email]> writes:
>>>> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
>>>> > The ugly part of the code is dealing with multicast packets.
>>>>
>>>> IIUC Renato also needs multicast support.  I thought it wouldn't be
>>>> a problem to extend the IPV6_MINHOPCOUNT scope.
>>>
>>> If he needs it, just remove the word "unicast" from the man page.
>>> Then it is OK bluhm@
>
> Ack, thanks.
>
>> Yes, I need this to implement support for RFC 7552, which says: "(...)
>> the LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
>> be checked for the same upon receipt (before any LDP-specific
>> processing)". And LDP Link Hello packets are multicast UDP packets...
>>
>> Also, besides removing the word "unicast" from the man page, I'd go
>> further and rename "datagrams" to "packets", which is a more generic
>> term.
>
> Makes sense.  Updated diff below, I'll probably commit it tomorrow
> (tuesday CEST): let me know if this is enough for ldpd.

Yes, that's all I need. Thank you :)

--
Renato Westphal

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Jeremie Courreges-Anglas-2
In reply to this post by Renato Westphal
Renato Westphal <[hidden email]> writes:

> 2016-06-27 19:01 GMT-03:00 Alexander Bluhm <[hidden email]>:
>> On Mon, Jun 27, 2016 at 11:57:08PM +0200, J??r??mie Courr??ges-Anglas wrote:
>>> Alexander Bluhm <[hidden email]> writes:
>>> > The man page says IPV6_MINHOPCOUNT is only for unicast packets.
>>> > The ugly part of the code is dealing with multicast packets.
>>>
>>> IIUC Renato also needs multicast support.  I thought it wouldn't be
>>> a problem to extend the IPV6_MINHOPCOUNT scope.
>>
>> If he needs it, just remove the word "unicast" from the man page.
>> Then it is OK bluhm@
>
> Yes, I need this to implement support for RFC 7552, which says: "(...)
> the LDP Link Hello packets MUST have their IPv6 Hop Limit set to 255,
> be checked for the same upon receipt (before any LDP-specific
> processing)". And LDP Link Hello packets are multicast UDP packets...
>
> Also, besides removing the word "unicast" from the man page, I'd go
> further and rename "datagrams" to "packets", which is a more generic
> term.

Committed.

IP_MINTTL also benefits from this.  Do we want to list SOCK_STREAM and
SOCK_DRAM here, or use more generic language?

Index: ip.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip.4,v
retrieving revision 1.38
diff -u -p -p -u -r1.38 ip.4
--- ip.4 20 Oct 2015 22:08:19 -0000 1.38
+++ ip.4 28 Jun 2016 11:25:26 -0000
@@ -201,9 +201,8 @@ cmsg_type = IP_RECVTTL
 .Pp
 The
 .Dv IP_MINTTL
-option may be used on
-.Dv SOCK_STREAM
-sockets to discard packets with a TTL lower than the option value.
+option may be used on sockets to discard packets with a TTL lower than
+the option value.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Alexander Bluhm
On Tue, Jun 28, 2016 at 01:27:59PM +0200, Jeremie Courreges-Anglas wrote:
> IP_MINTTL also benefits from this.  Do we want to list SOCK_STREAM and
> SOCK_DRAM here, or use more generic language?

We should mention that it only works for TCP and UDP.  This is the
ip(4) man page so naming the protocols is more specific than talking
about the socket type.

bluhm

>
> Index: ip.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/ip.4,v
> retrieving revision 1.38
> diff -u -p -p -u -r1.38 ip.4
> --- ip.4 20 Oct 2015 22:08:19 -0000 1.38
> +++ ip.4 28 Jun 2016 11:25:26 -0000
> @@ -201,9 +201,8 @@ cmsg_type = IP_RECVTTL
>  .Pp
>  The
>  .Dv IP_MINTTL
> -option may be used on
> -.Dv SOCK_STREAM
> -sockets to discard packets with a TTL lower than the option value.
> +option may be used on sockets to discard packets with a TTL lower than
> +the option value.
>  This can be used to implement the
>  .Em Generalized TTL Security Mechanism (GTSM)
>  according to RFC 5082.
>
> --
> jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Jeremie Courreges-Anglas-2
Alexander Bluhm <[hidden email]> writes:

> On Tue, Jun 28, 2016 at 01:27:59PM +0200, Jeremie Courreges-Anglas wrote:
>> IP_MINTTL also benefits from this.  Do we want to list SOCK_STREAM and
>> SOCK_DRAM here, or use more generic language?
>
> We should mention that it only works for TCP and UDP.  This is the
> ip(4) man page so naming the protocols is more specific than talking
> about the socket type.

How about this version?

Index: ip.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip.4,v
retrieving revision 1.38
diff -u -p -r1.38 ip.4
--- ip.4 20 Oct 2015 22:08:19 -0000 1.38
+++ ip.4 28 Jun 2016 16:46:34 -0000
@@ -201,9 +201,8 @@ cmsg_type = IP_RECVTTL
 .Pp
 The
 .Dv IP_MINTTL
-option may be used on
-.Dv SOCK_STREAM
-sockets to discard packets with a TTL lower than the option value.
+option may be used on TCP and UDP sockets to discard packets with a TTL
+lower than the option value.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.
Index: ip6.4
===================================================================
RCS file: /cvs/src/share/man/man4/ip6.4,v
retrieving revision 1.39
diff -u -p -r1.39 ip6.4
--- ip6.4 28 Jun 2016 11:23:57 -0000 1.39
+++ ip6.4 28 Jun 2016 16:53:09 -0000
@@ -146,7 +146,7 @@ datagrams sent on this socket.
 A value of \-1 resets to the default value.
 .It Dv IPV6_MINHOPCOUNT Fa "int *"
 Get or set the minimum hop limit header field for incoming
-packets received on this socket.
+packets received on TCP and UDP sockets.
 This can be used to implement the
 .Em Generalized TTL Security Mechanism (GTSM)
 according to RFC 5082.


--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply | Threaded
Open this post in threaded view
|

Re: IPV6_MINHOPCOUNT on UDP sockets

Alexander Bluhm
On Tue, Jun 28, 2016 at 06:54:40PM +0200, Jeremie Courreges-Anglas wrote:

> Alexander Bluhm <[hidden email]> writes:
>
> > On Tue, Jun 28, 2016 at 01:27:59PM +0200, Jeremie Courreges-Anglas wrote:
> >> IP_MINTTL also benefits from this.  Do we want to list SOCK_STREAM and
> >> SOCK_DRAM here, or use more generic language?
> >
> > We should mention that it only works for TCP and UDP.  This is the
> > ip(4) man page so naming the protocols is more specific than talking
> > about the socket type.
>
> How about this version?

OK bluhm@

>
> Index: ip.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/ip.4,v
> retrieving revision 1.38
> diff -u -p -r1.38 ip.4
> --- ip.4 20 Oct 2015 22:08:19 -0000 1.38
> +++ ip.4 28 Jun 2016 16:46:34 -0000
> @@ -201,9 +201,8 @@ cmsg_type = IP_RECVTTL
>  .Pp
>  The
>  .Dv IP_MINTTL
> -option may be used on
> -.Dv SOCK_STREAM
> -sockets to discard packets with a TTL lower than the option value.
> +option may be used on TCP and UDP sockets to discard packets with a TTL
> +lower than the option value.
>  This can be used to implement the
>  .Em Generalized TTL Security Mechanism (GTSM)
>  according to RFC 5082.
> Index: ip6.4
> ===================================================================
> RCS file: /cvs/src/share/man/man4/ip6.4,v
> retrieving revision 1.39
> diff -u -p -r1.39 ip6.4
> --- ip6.4 28 Jun 2016 11:23:57 -0000 1.39
> +++ ip6.4 28 Jun 2016 16:53:09 -0000
> @@ -146,7 +146,7 @@ datagrams sent on this socket.
>  A value of \-1 resets to the default value.
>  .It Dv IPV6_MINHOPCOUNT Fa "int *"
>  Get or set the minimum hop limit header field for incoming
> -packets received on this socket.
> +packets received on TCP and UDP sockets.
>  This can be used to implement the
>  .Em Generalized TTL Security Mechanism (GTSM)
>  according to RFC 5082.
>
>
> --
> jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE