bgpd - ttl security hack


send everything with ttl 255, receiver checks for ttl 255 (resp. 255 minus distance in multihop configs).
thus no routing can have happened, attacks limited to the local link
in theory at least, but it's not too bad. exploitation would require buggy routers that you can trick into leaving or putting a ttl of 255.

checking the ttl is done in the kernel of course, and very early.
coded all that

missing: knob in bgpd to actually enable. piece of cake, maybe on the train ride back

i really want this to work automagically when both sides support it, not all that easy tho... we'll see