svn commit: r272378 - in head: share/man/man4 sys/netinet

Wed, 01 Oct 2014 11:08:17 -0700 

Author: markj
Date: Wed Oct  1 18:07:34 2014
New Revision: 272378
URL: https://svnweb.freebsd.org/changeset/base/272378

Log:
  Add a sysctl, net.inet.icmp.tstamprepl, which can be used to disable replies
  to ICMP Timestamp packets.
  
  PR:           193689
  Submitted by: Anthony Cornehl <accorn...@gmail.com>
  MFC after:    3 weeks
  Sponsored by: EMC / Isilon Storage Division

Modified:
  head/share/man/man4/icmp.4
  head/sys/netinet/ip_icmp.c

Modified: head/share/man/man4/icmp.4
==============================================================================
--- head/share/man/man4/icmp.4  Wed Oct  1 17:16:18 2014        (r272377)
+++ head/share/man/man4/icmp.4  Wed Oct  1 18:07:34 2014        (r272378)
@@ -28,7 +28,7 @@
 .\"     @(#)icmp.4     8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd February 9, 2007
+.Dd September 30, 2014
 .Dt ICMP 4
 .Os
 .Sh NAME
@@ -216,6 +216,10 @@ instead of the possibly different return
 Number of bytes from original packet to quote in ICMP reply.
 This number is internally enforced to be at least 8 bytes (per RFC792)
 and at most the maximal space left in the ICMP reply mbuf.
+.It Va tstamprepl
+.Pq Vt boolean
+Enable/disable replies to ICMP Timestamp packets.
+Defaults to true.
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned:

Modified: head/sys/netinet/ip_icmp.c
==============================================================================
--- head/sys/netinet/ip_icmp.c  Wed Oct  1 17:16:18 2014        (r272377)
+++ head/sys/netinet/ip_icmp.c  Wed Oct  1 18:07:34 2014        (r272378)
@@ -149,6 +149,10 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO
        &VNET_NAME(icmpbmcastecho), 0,
        "");
 
+static VNET_DEFINE(int, icmptstamprepl) = 1;
+#define        V_icmptstamprepl                VNET(icmptstamprepl)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
+       &VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets");
 
 #ifdef ICMPPRINTFS
 int    icmpprintfs = 0;
@@ -545,6 +549,8 @@ icmp_input(struct mbuf **mp, int *offp, 
                        goto reflect;
 
        case ICMP_TSTAMP:
+               if (V_icmptstamprepl == 0)
+                       break;
                if (!V_icmpbmcastecho
                    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
                        ICMPSTAT_INC(icps_bmcasttstamp);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to