ipv4: Add support to disable icmp time stamp

ascend inclusion category: feature bugzilla: NA CVE: NA ------------------- Fix ICMP information such as netmask and timestamp is allowed from arbitrary hosts Default is disable. enable: sysctl -w net.ipv4.icmp_timestamp_enable=1 disable sysctl -w net.ipv4.icmp_timestamp_enable=0 test: hping3 --icmp --icmp-ts -V $IPADDR Signed-off-by: N Weilong Chen <chenweilong@huawei.com> Signed-off-by: N LI Heng <liheng40@huawei.com> Signed-off-by: N Lijun Fang <fanglijun3@huawei.com> [fix-v2: define sysctl_icmp_timestamp_enable ifndef CONFIG_ARCH_ASCEND fix-v3: ifndef CONFIG_ARCH_ASCEND, sysctl_icmp_timestamp_enable should set 1] Reviewed-by: N Mao Wenan <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

ipv4: Add support to disable icmp time stamp
ascend inclusion category: feature bugzilla: NA CVE: NA ------------------- Fix ICMP information such as netmask and timestamp is allowed from arbitrary hosts Default is disable. enable: sysctl -w net.ipv4.icmp_timestamp_enable=1 disable sysctl -w net.ipv4.icmp_timestamp_enable=0 test: hping3 --icmp --icmp-ts -V $IPADDR Signed-off-by: N Weilong Chen <chenweilong@huawei.com> Signed-off-by: N LI Heng <liheng40@huawei.com> Signed-off-by: N Lijun Fang <fanglijun3@huawei.com> [fix-v2: define sysctl_icmp_timestamp_enable ifndef CONFIG_ARCH_ASCEND fix-v3: ifndef CONFIG_ARCH_ASCEND, sysctl_icmp_timestamp_enable should set 1] Reviewed-by: N Mao Wenan <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
b22978fa · Weilong Chen · Xie XiuQi · 95ec8bc1 · b22978fa · b22978fa
隐藏空白更改
内联并排

Showing with 23 addition and 0 deletion

include/net/ip.h include/net/ip.h +6 -0

net/ipv4/icmp.c net/ipv4/icmp.c +7 -0

net/ipv4/sysctl_net_ipv4.c net/ipv4/sysctl_net_ipv4.c +10 -0

未找到文件。
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -685,6 +685,12 @@ bool icmp_global_allow(void);
 extern int sysctl_icmp_msgs_per_sec;
 extern int sysctl_icmp_msgs_burst;
+#ifdef CONFIG_ARCH_ASCEND
+extern int sysctl_icmp_timestamp_enable;
+#else
+#define sysctl_icmp_timestamp_enable 1
+#endif
 #ifdef CONFIG_PROC_FS
 int ip_misc_proc_init(void);
 #endif

--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -232,6 +232,9 @@ static inline void icmp_xmit_unlock(struct sock *sk)
 int sysctl_icmp_msgs_per_sec __read_mostly = 1000;
 int sysctl_icmp_msgs_burst __read_mostly = 50;
+#ifdef CONFIG_ARCH_ASCEND
+int sysctl_icmp_timestamp_enable __read_mostly;
+#endif
 static struct {
 	spinlock_t	lock;
@@ -959,6 +962,10 @@ static bool icmp_echo(struct sk_buff *skb)
 static bool icmp_timestamp(struct sk_buff *skb)
 {
 	struct icmp_bxm icmp_param;
+	if (!sysctl_icmp_timestamp_enable)
+		goto out_err;
 	/*
 	 *	Too short.
 	 */

--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -545,6 +545,16 @@ static struct ctl_table ipv4_table[] = {
 		.proc_handler	= proc_dointvec_minmax,
 		.extra1		= &zero,
 	},
+#ifdef CONFIG_ARCH_ASCEND
+	{
+		.procname	= "icmp_timestamp_enable",
+		.data		= &sysctl_icmp_timestamp_enable,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec_minmax,
+		.extra1		= &zero,
+	},
+#endif
 	{
 		.procname	= "udp_mem",
 		.data		= &sysctl_udp_mem,