bgpd: Cleanups & fixes for minttl / GTSM

* bgp_vty.c: (peer_ebgp_multihop_{un,}set_vty) tail-call cleanup.
  ({no_,}neighbor_ttl_security) ditto.
* bgpd.c: (peer_ttl_security_hops_set) Peer group checks and TTL set only
  need to be done on transition.
* sockunion.c: (sockopt_minttl) remove always-on debug and improve readability.
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index e1c47f4..d93c5d3 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -2629,7 +2629,6 @@
 {
   struct peer *peer;
   unsigned int ttl;
-  int ret;
 
   peer = peer_and_group_lookup_vty (vty, ip_str);
   if (! peer)
@@ -2640,24 +2639,19 @@
   else
     VTY_GET_INTEGER_RANGE ("TTL", ttl, ttl_str, 1, 255);
 
-  ret = peer_ebgp_multihop_set (peer, ttl);
-  
-  return bgp_vty_return (vty, ret);
+  return bgp_vty_return (vty,  peer_ebgp_multihop_set (peer, ttl));
 }
 
 static int
 peer_ebgp_multihop_unset_vty (struct vty *vty, const char *ip_str) 
 {
   struct peer *peer;
-  int ret;
 
   peer = peer_and_group_lookup_vty (vty, ip_str);
   if (! peer)
     return CMD_WARNING;
 
-  ret = peer_ebgp_multihop_unset (peer);
-  
-  return bgp_vty_return (vty, ret);
+  return bgp_vty_return (vty, peer_ebgp_multihop_unset (peer));
 }
 
 /* neighbor ebgp-multihop. */
@@ -3967,7 +3961,7 @@
        "Specify the maximum number of hops to the BGP peer\n")
 {
   struct peer *peer;
-  int ret, gtsm_hops;
+  int gtsm_hops;
 
   peer = peer_and_group_lookup_vty (vty, argv[0]);
   if (! peer)
@@ -3975,9 +3969,7 @@
     
   VTY_GET_INTEGER_RANGE ("", gtsm_hops, argv[1], 1, 254);
 
-  ret = peer_ttl_security_hops_set (peer, gtsm_hops);
-
-  return bgp_vty_return (vty, ret);
+  return bgp_vty_return (vty, peer_ttl_security_hops_set (peer, gtsm_hops));
 }
 
 DEFUN (no_neighbor_ttl_security,
@@ -3989,15 +3981,12 @@
        "Specify the maximum number of hops to the BGP peer\n")
 {
   struct peer *peer;
-  int ret;
 
   peer = peer_and_group_lookup_vty (vty, argv[0]);
   if (! peer)
     return CMD_WARNING;
 
-  ret = peer_ttl_security_hops_unset (peer);
-
-  return bgp_vty_return (vty, ret);
+  return bgp_vty_return (vty, peer_ttl_security_hops_unset (peer));
 }
 
 /* Address family configuration.  */
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index cc0ea8d..5a412f2 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -4376,7 +4376,7 @@
   zlog_debug ("peer_ttl_security_hops_set: set gtsm_hops to %d for %s", gtsm_hops, peer->host);
 
   if (peer_sort (peer) == BGP_PEER_IBGP)
-      return 0;
+    return 0;
 
   /* We cannot configure ttl-security hops when ebgp-multihop is already
      set.  For non peer-groups, the check is simple.  For peer-groups, it's
@@ -4385,35 +4385,36 @@
      before actually applying the ttl-security rules.  Cisco really made a
      mess of this configuration parameter, and OpenBGPD got it right.
   */
+  
+  if (peer->gtsm_hops == 0) {
+    if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
+      {
+        group = peer->group;
+        if (group->conf->ttl != 1)
+          return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
 
-  if (CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
-    {
-      group = peer->group;
-      if (group->conf->ttl != 1)
-        return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
+        for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1))
+          {
+            if (peer_sort (peer1) == BGP_PEER_IBGP)
+              continue;
 
-      for (ALL_LIST_ELEMENTS (group->peer, node, nnode, peer1))
-        {
-          if (peer_sort (peer1) == BGP_PEER_IBGP)
-            continue;
-
-          if (peer1->ttl != 1)
-            return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
-        }
-    }
-  else
-    {
-      if (peer->ttl != 1)
-        return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
-    }
-
+            if (peer1->ttl != 1)
+              return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
+          }
+      }
+    else
+      {
+        if (peer->ttl != 1)
+          return BGP_ERR_NO_EBGP_MULTIHOP_WITH_TTLHACK;
+      }
+    /* specify MAXTTL on outgoing packets */
+    ret = peer_ebgp_multihop_set (peer, MAXTTL);
+    if (ret != 0)
+      return ret;
+  }
+  
   peer->gtsm_hops = gtsm_hops;
 
-  /* specify MAXTTL on outgoing packets */
-  ret = peer_ebgp_multihop_set (peer, MAXTTL);
-  if (ret != 0)
-    return ret;
-
   if (! CHECK_FLAG (peer->sflags, PEER_STATUS_GROUP))
     {
       if (peer->fd >= 0 && peer_sort (peer) != BGP_PEER_IBGP)
@@ -4793,7 +4794,7 @@
      /* ttl-security hops */
       if (peer_sort (peer) != BGP_PEER_IBGP && peer->gtsm_hops != 0)
         if (! peer_group_active (peer) || g_peer->gtsm_hops != peer->gtsm_hops)
-          vty_out (vty, " neighbor %s ttl-security hops %d%s", addr, 
+          vty_out (vty, " neighbor %s ttl-security hops %d%s", addr,
                    peer->gtsm_hops, VTY_NEWLINE);
 
       /* disable-connected-check.  */
diff --git a/lib/sockunion.c b/lib/sockunion.c
index a32809c..df05acb 100644
--- a/lib/sockunion.c
+++ b/lib/sockunion.c
@@ -540,23 +540,23 @@
 int
 sockopt_minttl (int family, int sock, int minttl)
 {
+#ifdef IP_MINTTL
   int ret;
   
-  zlog_debug ("sockopt_minttl: set minttl to %d", minttl);
-
-#ifdef IP_MINTTL
   ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl));
-#else
-  ret = -1;
-  errno = EOPNOTSUPP;
-#endif /* IP_MINTTL */
   if (ret < 0)
     {
-      zlog (NULL, LOG_WARNING, "can't set sockopt IP_MINTTL to %d on socket %d: %s", minttl, sock, safe_strerror (errno));
+      zlog (NULL, LOG_WARNING,
+            "can't set sockopt IP_MINTTL to %d on socket %d: %s",
+            minttl, sock, safe_strerror (errno));
       return -1;
     }
 
   return 0;
+#else
+  errno = EOPNOTSUPP;
+  return -1;
+#endif /* IP_MINTTL */
 }
 
 /* If same family and same prefix return 1. */