server/sockopt: Support to set minimum TTL

Signed-off-by: IWASE Yusuke <[email protected]>

server/sockopt.go

@@ -29,6 +29,10 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
 	return fmt.Errorf("setting ttl is not supported")
 }
 
+func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error {
+	return fmt.Errorf("setting min ttl is not supported")
+}
+
 func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) {
 	return nil, fmt.Errorf("md5 active connection unsupported")
 }

server/sockopt_bsd.go

@@ -25,7 +25,8 @@ import (
 )
 
 const (
-	TCP_MD5SIG = 0x10
+	TCP_MD5SIG       = 0x10 // TCP MD5 Signature (RFC2385)
+	IPV6_MINHOPCOUNT = 73   // Generalized TTL Security Mechanism (RFC5082)
 )
 
 func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error {
@@ -49,13 +50,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error
 	return nil
 }
 
-func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
-	level := syscall.IPPROTO_IP
-	name := syscall.IP_TTL
-	if strings.Contains(conn.RemoteAddr().String(), "[") {
-		level = syscall.IPPROTO_IPV6
-		name = syscall.IPV6_UNICAST_HOPS
-	}
+func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error {
 	fi, err := conn.File()
 	defer fi.Close()
 	if err != nil {
@@ -64,7 +59,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
 	if conn, err := net.FileConn(fi); err == nil {
 		defer conn.Close()
 	}
-	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl))
+	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value))
+}
+
+func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_TTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = syscall.IPV6_UNICAST_HOPS
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
+}
+
+func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_MINTTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = IPV6_MINHOPCOUNT
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
 }
 
 func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) {

server/sockopt_linux.go

@@ -26,7 +26,8 @@ import (
 )
 
 const (
-	TCP_MD5SIG = 14
+	TCP_MD5SIG       = 14 // TCP MD5 Signature (RFC2385)
+	IPV6_MINHOPCOUNT = 73 // Generalized TTL Security Mechanism (RFC5082)
 )
 
 type tcpmd5sig struct {
@@ -74,13 +75,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error
 	return nil
 }
 
-func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
-	level := syscall.IPPROTO_IP
-	name := syscall.IP_TTL
-	if strings.Contains(conn.RemoteAddr().String(), "[") {
-		level = syscall.IPPROTO_IPV6
-		name = syscall.IPV6_UNICAST_HOPS
-	}
+func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error {
 	fi, err := conn.File()
 	defer fi.Close()
 	if err != nil {
@@ -89,7 +84,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
 	if conn, err := net.FileConn(fi); err == nil {
 		defer conn.Close()
 	}
-	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl))
+	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value))
+}
+
+func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_TTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = syscall.IPV6_UNICAST_HOPS
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
+}
+
+func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_MINTTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = IPV6_MINHOPCOUNT
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
 }
 
 func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) {

server/sockopt_openbsd.go

@@ -348,7 +348,8 @@ func saDelete(address string) error {
 }
 
 const (
-	TCP_MD5SIG = 0x4
+	TCP_MD5SIG       = 0x4 // TCP MD5 Signature (RFC2385)
+	IPV6_MINHOPCOUNT = 73  // Generalized TTL Security Mechanism (RFC5082)
 )
 
 func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error {
@@ -373,13 +374,7 @@ func SetTcpMD5SigSockopts(l *net.TCPListener, address string, key string) error
 	return saDelete(address)
 }
 
-func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
-	level := syscall.IPPROTO_IP
-	name := syscall.IP_TTL
-	if strings.Contains(conn.RemoteAddr().String(), "[") {
-		level = syscall.IPPROTO_IPV6
-		name = syscall.IPV6_UNICAST_HOPS
-	}
+func setTcpSockoptInt(conn *net.TCPConn, level int, name int, value int) error {
 	fi, err := conn.File()
 	defer fi.Close()
 	if err != nil {
@@ -388,7 +383,27 @@ func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
 	if conn, err := net.FileConn(fi); err == nil {
 		defer conn.Close()
 	}
-	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, ttl))
+	return os.NewSyscallError("setsockopt", syscall.SetsockoptInt(int(fi.Fd()), level, name, value))
+}
+
+func SetTcpTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_TTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = syscall.IPV6_UNICAST_HOPS
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
+}
+
+func SetTcpMinTTLSockopts(conn *net.TCPConn, ttl int) error {
+	level := syscall.IPPROTO_IP
+	name := syscall.IP_MINTTL
+	if strings.Contains(conn.RemoteAddr().String(), "[") {
+		level = syscall.IPPROTO_IPV6
+		name = IPV6_MINHOPCOUNT
+	}
+	return setTcpSockoptInt(conn, level, name, ttl)
 }
 
 func DialTCPTimeoutWithMD5Sig(host string, port int, localAddr, key string, msec int) (*net.TCPConn, error) {