exabgp icon indicating copy to clipboard operation
exabgp copied to clipboard
verified publisher icon Exa-Networks

GTSM configuration (incoming-ttl) should support IPv6

Open plajjan opened this issue 7 years ago • 1 comments

Summary

I want GTSM support, i.e. setting a high TTL on outgoing packets and verifying that incoming packets have a high TTL. In v4 this seems properly supported for IPv4 but for IPv6 I don't think it is. Outgoing packets do have a high TTL but I don't think incoming packets are properly verified for IPv6 - the verification is only for IPv4.

The IP_MINTTL socket option used here https://github.com/Exa-Networks/exabgp/blob/master/lib/exabgp/reactor/network/tcp.py#L210 is for IPv4. I think the equivalent for IPv6 is https://github.com/torvalds/linux/blob/c4f4d2f917729e9b7b8bb452bf4971be93e7a15f/net/ipv6/ipv6_sockglue.c#L875 and that is not used anywhere in ExaBGP so it's simply not being set, thus no enforcement of TTL for incoming packets.

Sorry for sort of bypassing the issue template but I haven't tested this, only read code, so most of it wouldn't be relevant anyway. I will however try to verify the theory in practice as soon as I have upgraded to v4 (my config is still for v3).

plajjan avatar Mar 27 '18 07:03 plajjan

Hi @plajjan - I am behind on support and I need to fix some bugs before working on new features but it does not look like it should be hard to add if Python has support for the feature.

thomas-mangin avatar Mar 27 '18 14:03 thomas-mangin