From b22978fa3b40f2589bef53de31639c082ee914fc Mon Sep 17 00:00:00 2001
From: Weilong Chen <chenweilong@huawei.com>
Date: Wed, 6 Nov 2019 15:11:32 +0800
Subject: [PATCH] ipv4: Add support to disable icmp time stamp

ascend inclusion
category: feature
bugzilla: NA
CVE: NA

-------------------

Fix ICMP information such as netmask and timestamp is
allowed from arbitrary hosts
Default is disable.
enable:
	sysctl -w net.ipv4.icmp_timestamp_enable=1
disable
	sysctl -w net.ipv4.icmp_timestamp_enable=0
test:
	hping3 --icmp --icmp-ts -V $IPADDR

Signed-off-by: Weilong Chen <chenweilong@huawei.com>
Signed-off-by: LI Heng <liheng40@huawei.com>
Signed-off-by: Lijun Fang <fanglijun3@huawei.com>
[fix-v2: define sysctl_icmp_timestamp_enable ifndef
CONFIG_ARCH_ASCEND
 fix-v3: ifndef CONFIG_ARCH_ASCEND, sysctl_icmp_timestamp_enable
should set 1]
Reviewed-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 include/net/ip.h           |  6 ++++++
 net/ipv4/icmp.c            |  7 +++++++
 net/ipv4/sysctl_net_ipv4.c | 10 ++++++++++
 3 files changed, 23 insertions(+)

diff --git a/include/net/ip.h b/include/net/ip.h
index cfc3dd5ff085..6ca64b3f32f3 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -685,6 +685,12 @@ bool icmp_global_allow(void);
 extern int sysctl_icmp_msgs_per_sec;
 extern int sysctl_icmp_msgs_burst;
 
+#ifdef CONFIG_ARCH_ASCEND
+extern int sysctl_icmp_timestamp_enable;
+#else
+#define sysctl_icmp_timestamp_enable 1
+#endif
+
 #ifdef CONFIG_PROC_FS
 int ip_misc_proc_init(void);
 #endif
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 0167e23d1c8f..308fe936638c 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -232,6 +232,9 @@ static inline void icmp_xmit_unlock(struct sock *sk)
 
 int sysctl_icmp_msgs_per_sec __read_mostly = 1000;
 int sysctl_icmp_msgs_burst __read_mostly = 50;
+#ifdef CONFIG_ARCH_ASCEND
+int sysctl_icmp_timestamp_enable __read_mostly;
+#endif
 
 static struct {
 	spinlock_t	lock;
@@ -959,6 +962,10 @@ static bool icmp_echo(struct sk_buff *skb)
 static bool icmp_timestamp(struct sk_buff *skb)
 {
 	struct icmp_bxm icmp_param;
+
+	if (!sysctl_icmp_timestamp_enable)
+		goto out_err;
+
 	/*
 	 *	Too short.
 	 */
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 4f1fa744d3c8..ca4d2fc5d326 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -545,6 +545,16 @@ static struct ctl_table ipv4_table[] = {
 		.proc_handler	= proc_dointvec_minmax,
 		.extra1		= &zero,
 	},
+#ifdef CONFIG_ARCH_ASCEND
+	{
+		.procname	= "icmp_timestamp_enable",
+		.data		= &sysctl_icmp_timestamp_enable,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec_minmax,
+		.extra1		= &zero,
+	},
+#endif
 	{
 		.procname	= "udp_mem",
 		.data		= &sysctl_udp_mem,
-- 
GitLab