CVS commit: src

Mon, 07 Dec 2009 10:47:40 -0800 

Module Name:    src
Committed By:   christos
Date:           Mon Dec  7 18:47:25 UTC 2009

Modified Files:
        src/share/man/man7: sysctl.7
        src/sys/netinet: icmp_var.h ip_icmp.c

Log Message:
PR/42243: Yasuoka Masahiko: Add "net.inet.icmp.bmcastecho" sysctl support,
to disable icmp replies to the broadcast address.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/share/man/man7/sysctl.7
cvs rdiff -u -r1.27 -r1.28 src/sys/netinet/icmp_var.h
cvs rdiff -u -r1.121 -r1.122 src/sys/netinet/ip_icmp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/share/man/man7/sysctl.7
diff -u src/share/man/man7/sysctl.7:1.27 src/share/man/man7/sysctl.7:1.28
--- src/share/man/man7/sysctl.7:1.27	Mon Oct  5 06:47:52 2009
+++ src/share/man/man7/sysctl.7	Mon Dec  7 13:47:24 2009
@@ -1,4 +1,4 @@
-.\"	$NetBSD: sysctl.7,v 1.27 2009/10/05 10:47:52 wiz Exp $
+.\"	$NetBSD: sysctl.7,v 1.28 2009/12/07 18:47:24 christos Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -983,6 +983,7 @@
 .It icmp	maskrepl	integer	yes
 .It icmp	rediraccept	integer	yes
 .It icmp	redirtimeout	integer	yes
+.It icmp	bmcastecho	integer	yes
 .It ip	allowsrcrt	integer	yes
 .It ip	anonportmax	integer	yes
 .It ip	anonportmin	integer	yes
@@ -1192,6 +1193,9 @@
 This defaults to 600 seconds.
 .It Li icmp.returndatabytes
 Number of bytes to return in an ICMP error message.
+.It Li icmp.bmcastecho
+If set to 1, enables responding to ICMP echo or timestamp request to the
+broadcast address.
 .It Li tcp.ack_on_push
 If set to 1, TCP is to immediately transmit an ACK upon reception of
 a packet with PUSH set.

Index: src/sys/netinet/icmp_var.h
diff -u src/sys/netinet/icmp_var.h:1.27 src/sys/netinet/icmp_var.h:1.28
--- src/sys/netinet/icmp_var.h:1.27	Sat Apr 12 01:58:22 2008
+++ src/sys/netinet/icmp_var.h	Mon Dec  7 13:47:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: icmp_var.h,v 1.27 2008/04/12 05:58:22 thorpej Exp $	*/
+/*	$NetBSD: icmp_var.h,v 1.28 2009/12/07 18:47:24 christos Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -57,7 +57,10 @@
 		/* space for ICMP_MAXTYPE + 1 (19) counters */
 #define	ICMP_STAT_PMTUCHG	46	/* path MTU changes */
 
-#define	ICMP_NSTATS		47
+#define	ICMP_STAT_BMCASTECHO	47	/* b/mcast echo requests dropped */
+#define	ICMP_STAT_BMCASTTSTAMP	48	/* b/mcast tstamp requests dropped */
+
+#define	ICMP_NSTATS		49
 
 #if ICMP_MAXTYPE != 18
 #error ICMP_MAXTYPE too large for ICMP statistics
@@ -75,7 +78,8 @@
 #define ICMPCTL_REDIRACCEPT	5	/* Accept redirects from routers */
 #define ICMPCTL_REDIRTIMEOUT	6	/* Remove routes added via redirects */
 #define	ICMPCTL_STATS		7	/* ICMP statistics */
-#define ICMPCTL_MAXID		8
+#define ICMPCTL_BMCASTECHO	8	/* allow broad/mult-cast echo */
+#define ICMPCTL_MAXID		9
 
 #define ICMPCTL_NAMES { \
 	{ 0, 0 }, \
@@ -86,6 +90,7 @@
 	{ "rediraccept", CTLTYPE_INT }, \
 	{ "redirtimeout", CTLTYPE_INT }, \
 	{ "stats", CTLTYPE_STRUCT }, \
+	{ "bmcastecho", CTLTYPE_INT }, \
 }
 
 #ifdef _KERNEL

Index: src/sys/netinet/ip_icmp.c
diff -u src/sys/netinet/ip_icmp.c:1.121 src/sys/netinet/ip_icmp.c:1.122
--- src/sys/netinet/ip_icmp.c:1.121	Wed Sep 16 11:23:05 2009
+++ src/sys/netinet/ip_icmp.c	Mon Dec  7 13:47:24 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_icmp.c,v 1.121 2009/09/16 15:23:05 pooka Exp $	*/
+/*	$NetBSD: ip_icmp.c,v 1.122 2009/12/07 18:47:24 christos Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.121 2009/09/16 15:23:05 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.122 2009/12/07 18:47:24 christos Exp $");
 
 #include "opt_ipsec.h"
 
@@ -142,6 +142,7 @@
  */
 
 int	icmpmaskrepl = 0;
+int	icmpbmcastecho = 0;
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
 #endif
@@ -542,6 +543,11 @@
 		break;
 
 	case ICMP_ECHO:
+		if (!icmpbmcastecho &&
+		    (m->m_flags & (M_MCAST | M_BCAST)) != 0)  {
+			ICMP_STATINC(ICMP_STAT_BMCASTECHO);
+			break;
+		}
 		icp->icmp_type = ICMP_ECHOREPLY;
 		goto reflect;
 
@@ -550,6 +556,11 @@
 			ICMP_STATINC(ICMP_STAT_BADLEN);
 			break;
 		}
+		if (!icmpbmcastecho &&
+		    (m->m_flags & (M_MCAST | M_BCAST)) != 0)  {
+			ICMP_STATINC(ICMP_STAT_BMCASTTSTAMP);
+			break;
+		}
 		icp->icmp_type = ICMP_TSTAMPREPLY;
 		icp->icmp_rtime = iptime();
 		icp->icmp_ttime = icp->icmp_rtime;	/* bogus, do later! */
@@ -1055,6 +1066,14 @@
 		       sysctl_net_inet_icmp_stats, 0, NULL, 0,
 		       CTL_NET, PF_INET, IPPROTO_ICMP, ICMPCTL_STATS,
 		       CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "bmcastecho",
+		       SYSCTL_DESCR("Respond to ICMP_ECHO or ICMP_TIMESTAMP "
+				    "message to the broadcast or multicast"),
+		       NULL, 0, &icmpbmcastecho, 0,
+		       CTL_NET, PF_INET, IPPROTO_ICMP, ICMPCTL_BMCASTECHO,
+		       CTL_EOL);
 }
 
 void

Reply via email to