hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ipv6: Add icmp_echo_ignore_multicast support for ICMPv6 

IPv4 has icmp_echo_ignore_broadcast to prevent responding to broadcast pings.
IPv6 needs a similar mechanism.

v1->v2:
- Remove NET_IPV6_ICMP_ECHO_IGNORE_MULTICAST.

Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Stephen Suryaputra 2019-03-19 12:37:12 -04:00 committed by David S. Miller
parent f9cb75970e
commit 03f1eccc7a
4 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Documentation/networking/ip-sysctl.txt
View File

@ -1918,6 +1918,11 @@ echo_ignore_all - BOOLEAN
requests sent to it over the IPv6 protocol. requests sent to it over the IPv6 protocol.
Default: 0 Default: 0
echo_ignore_multicast - BOOLEAN
If set non-zero, then the kernel will ignore all ICMP ECHO
requests sent to it over the IPv6 protocol via multicast.
Default: 0
xfrm6_gc_thresh - INTEGER xfrm6_gc_thresh - INTEGER
The threshold at which we will start garbage collecting for IPv6 The threshold at which we will start garbage collecting for IPv6
destination cache entries. At twice this value the system will destination cache entries. At twice this value the system will

1
include/net/netns/ipv6.h
View File

@ -33,6 +33,7 @@ struct netns_sysctl_ipv6 {
int auto_flowlabels; int auto_flowlabels;
int icmpv6_time; int icmpv6_time;
int icmpv6_echo_ignore_all; int icmpv6_echo_ignore_all;
int icmpv6_echo_ignore_multicast;
int anycast_src_echo_reply; int anycast_src_echo_reply;
int ip_nonlocal_bind; int ip_nonlocal_bind;
int fwmark_reflect; int fwmark_reflect;

1
net/ipv6/af_inet6.c
View File

@ -847,6 +847,7 @@ static int __net_init inet6_net_init(struct net *net)
net->ipv6.sysctl.bindv6only = 0; net->ipv6.sysctl.bindv6only = 0;
net->ipv6.sysctl.icmpv6_time = 1*HZ; net->ipv6.sysctl.icmpv6_time = 1*HZ;
net->ipv6.sysctl.icmpv6_echo_ignore_all = 0; net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
net->ipv6.sysctl.flowlabel_consistency = 1; net->ipv6.sysctl.flowlabel_consistency = 1;
net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS; net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;
net->ipv6.sysctl.idgen_retries = 3; net->ipv6.sysctl.idgen_retries = 3;

12
net/ipv6/icmp.c
View File

@ -684,6 +684,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
struct ipcm6_cookie ipc6; struct ipcm6_cookie ipc6;
u32 mark = IP6_REPLY_MARK(net, skb->mark); u32 mark = IP6_REPLY_MARK(net, skb->mark);
if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
return;
saddr = &ipv6_hdr(skb)->daddr; saddr = &ipv6_hdr(skb)->daddr;
if (!ipv6_unicast_destination(skb) && if (!ipv6_unicast_destination(skb) &&
@ -1115,6 +1119,13 @@ static struct ctl_table ipv6_icmp_table_template[] = {
.mode = 0644, .mode = 0644,
.proc_handler = proc_dointvec, .proc_handler = proc_dointvec,
}, },
{
.procname = "echo_ignore_multicast",
.data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = proc_dointvec,
},
{ }, { },
}; };
@ -1129,6 +1140,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
if (table) { if (table) {
table[0].data = &net->ipv6.sysctl.icmpv6_time; table[0].data = &net->ipv6.sysctl.icmpv6_time;
table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all; table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
} }
return table; return table;
} }