Commit 03f1eccc authored by Stephen Suryaputra's avatar Stephen Suryaputra Committed by David S. Miller
Browse files

ipv6: Add icmp_echo_ignore_multicast support for ICMPv6 



IPv4 has icmp_echo_ignore_broadcast to prevent responding to broadcast pings.
IPv6 needs a similar mechanism.

v1->v2:
- Remove NET_IPV6_ICMP_ECHO_IGNORE_MULTICAST.

Signed-off-by: default avatarStephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f9cb7597

Documentation/networking/ip-sysctl.txt

+5 −0
Original line number Original line Diff line number Diff line
@@ -1918,6 +1918,11 @@ echo_ignore_all - BOOLEAN 
	requests sent to it over the IPv6 protocol.

	requests sent to it over the IPv6 protocol.

	Default: 0

	Default: 0





echo_ignore_multicast - BOOLEAN

	If set non-zero, then the kernel will ignore all ICMP ECHO

	requests sent to it over the IPv6 protocol via multicast.

	Default: 0



xfrm6_gc_thresh - INTEGER

xfrm6_gc_thresh - INTEGER

	The threshold at which we will start garbage collecting for IPv6

	The threshold at which we will start garbage collecting for IPv6

	destination cache entries.  At twice this value the system will

	destination cache entries.  At twice this value the system will

include/net/netns/ipv6.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -33,6 +33,7 @@ struct netns_sysctl_ipv6 { 
	int auto_flowlabels;

	int auto_flowlabels;

	int icmpv6_time;

	int icmpv6_time;

	int icmpv6_echo_ignore_all;

	int icmpv6_echo_ignore_all;

	int icmpv6_echo_ignore_multicast;

	int anycast_src_echo_reply;

	int anycast_src_echo_reply;

	int ip_nonlocal_bind;

	int ip_nonlocal_bind;

	int fwmark_reflect;

	int fwmark_reflect;

net/ipv6/af_inet6.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -847,6 +847,7 @@ static int __net_init inet6_net_init(struct net *net) 
	net->ipv6.sysctl.bindv6only = 0;

	net->ipv6.sysctl.bindv6only = 0;

	net->ipv6.sysctl.icmpv6_time = 1*HZ;

	net->ipv6.sysctl.icmpv6_time = 1*HZ;

	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;

	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;

	net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;

	net->ipv6.sysctl.flowlabel_consistency = 1;

	net->ipv6.sysctl.flowlabel_consistency = 1;

	net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;

	net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;

	net->ipv6.sysctl.idgen_retries = 3;

	net->ipv6.sysctl.idgen_retries = 3;

net/ipv6/icmp.c

+12 −0
Original line number Original line Diff line number Diff line
@@ -684,6 +684,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb) 
	struct ipcm6_cookie ipc6;

	struct ipcm6_cookie ipc6;

	u32 mark = IP6_REPLY_MARK(net, skb->mark);

	u32 mark = IP6_REPLY_MARK(net, skb->mark);





	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&

	    net->ipv6.sysctl.icmpv6_echo_ignore_multicast)

		return;



	saddr = &ipv6_hdr(skb)->daddr;

	saddr = &ipv6_hdr(skb)->daddr;





	if (!ipv6_unicast_destination(skb) &&

	if (!ipv6_unicast_destination(skb) &&
@@ -1115,6 +1119,13 @@ static struct ctl_table ipv6_icmp_table_template[] = { 
		.mode		= 0644,

		.mode		= 0644,

		.proc_handler = proc_dointvec,

		.proc_handler = proc_dointvec,

	},

	},

	{

		.procname	= "echo_ignore_multicast",

		.data		= &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler = proc_dointvec,

	},

	{ },

	{ },

};

};
@@ -1129,6 +1140,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 
	if (table) {

	if (table) {

		table[0].data = &net->ipv6.sysctl.icmpv6_time;

		table[0].data = &net->ipv6.sysctl.icmpv6_time;

		table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;

		table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;

		table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;

	}

	}

	return table;

	return table;

}

}