[src/trunk]: src PR/42243: Yasuoka Masahiko: Add "net.inet.icmp.bmcastecho" s...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9afc73d0141e
branches:  trunk
changeset: 749770:9afc73d0141e
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Dec 07 18:47:24 2009 +0000

description:
PR/42243: Yasuoka Masahiko: Add "net.inet.icmp.bmcastecho" sysctl support,
to disable icmp replies to the broadcast address.

diffstat:

 share/man/man7/sysctl.7 |   6 +++++-
 sys/netinet/icmp_var.h  |  11 ++++++++---
 sys/netinet/ip_icmp.c   |  23 +++++++++++++++++++++--
 3 files changed, 34 insertions(+), 6 deletions(-)

diffs (131 lines):

diff -r 523ec30535d2 -r 9afc73d0141e share/man/man7/sysctl.7
--- a/share/man/man7/sysctl.7   Mon Dec 07 18:38:55 2009 +0000
+++ b/share/man/man7/sysctl.7   Mon Dec 07 18:47:24 2009 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.7,v 1.27 2009/10/05 10:47:52 wiz Exp $
+.\"    $NetBSD: sysctl.7,v 1.28 2009/12/07 18:47:24 christos Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -983,6 +983,7 @@
 .It icmp       maskrepl        integer yes
 .It icmp       rediraccept     integer yes
 .It icmp       redirtimeout    integer yes
+.It icmp       bmcastecho      integer yes
 .It ip allowsrcrt      integer yes
 .It ip anonportmax     integer yes
 .It ip anonportmin     integer yes
@@ -1192,6 +1193,9 @@
 This defaults to 600 seconds.
 .It Li icmp.returndatabytes
 Number of bytes to return in an ICMP error message.
+.It Li icmp.bmcastecho
+If set to 1, enables responding to ICMP echo or timestamp request to the
+broadcast address.
 .It Li tcp.ack_on_push
 If set to 1, TCP is to immediately transmit an ACK upon reception of
 a packet with PUSH set.
diff -r 523ec30535d2 -r 9afc73d0141e sys/netinet/icmp_var.h
--- a/sys/netinet/icmp_var.h    Mon Dec 07 18:38:55 2009 +0000
+++ b/sys/netinet/icmp_var.h    Mon Dec 07 18:47:24 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: icmp_var.h,v 1.27 2008/04/12 05:58:22 thorpej Exp $    */
+/*     $NetBSD: icmp_var.h,v 1.28 2009/12/07 18:47:24 christos Exp $   */
 
 /*
  * Copyright (c) 1982, 1986, 1993
@@ -57,7 +57,10 @@
                /* space for ICMP_MAXTYPE + 1 (19) counters */
 #define        ICMP_STAT_PMTUCHG       46      /* path MTU changes */
 
-#define        ICMP_NSTATS             47
+#define        ICMP_STAT_BMCASTECHO    47      /* b/mcast echo requests dropped */
+#define        ICMP_STAT_BMCASTTSTAMP  48      /* b/mcast tstamp requests dropped */
+
+#define        ICMP_NSTATS             49
 
 #if ICMP_MAXTYPE != 18
 #error ICMP_MAXTYPE too large for ICMP statistics
@@ -75,7 +78,8 @@
 #define ICMPCTL_REDIRACCEPT    5       /* Accept redirects from routers */
 #define ICMPCTL_REDIRTIMEOUT   6       /* Remove routes added via redirects */
 #define        ICMPCTL_STATS           7       /* ICMP statistics */
-#define ICMPCTL_MAXID          8
+#define ICMPCTL_BMCASTECHO     8       /* allow broad/mult-cast echo */
+#define ICMPCTL_MAXID          9
 
 #define ICMPCTL_NAMES { \
        { 0, 0 }, \
@@ -86,6 +90,7 @@
        { "rediraccept", CTLTYPE_INT }, \
        { "redirtimeout", CTLTYPE_INT }, \
        { "stats", CTLTYPE_STRUCT }, \
+       { "bmcastecho", CTLTYPE_INT }, \
 }
 
 #ifdef _KERNEL
diff -r 523ec30535d2 -r 9afc73d0141e sys/netinet/ip_icmp.c
--- a/sys/netinet/ip_icmp.c     Mon Dec 07 18:38:55 2009 +0000
+++ b/sys/netinet/ip_icmp.c     Mon Dec 07 18:47:24 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_icmp.c,v 1.121 2009/09/16 15:23:05 pooka Exp $      */
+/*     $NetBSD: ip_icmp.c,v 1.122 2009/12/07 18:47:24 christos Exp $   */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.121 2009/09/16 15:23:05 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.122 2009/12/07 18:47:24 christos Exp $");
 
 #include "opt_ipsec.h"
 
@@ -142,6 +142,7 @@
  */
 
 int    icmpmaskrepl = 0;
+int    icmpbmcastecho = 0;
 #ifdef ICMPPRINTFS
 int    icmpprintfs = 0;
 #endif
@@ -542,6 +543,11 @@
                break;
 
        case ICMP_ECHO:
+               if (!icmpbmcastecho &&
+                   (m->m_flags & (M_MCAST | M_BCAST)) != 0)  {
+                       ICMP_STATINC(ICMP_STAT_BMCASTECHO);
+                       break;
+               }
                icp->icmp_type = ICMP_ECHOREPLY;
                goto reflect;
 
@@ -550,6 +556,11 @@
                        ICMP_STATINC(ICMP_STAT_BADLEN);
                        break;
                }
+               if (!icmpbmcastecho &&
+                   (m->m_flags & (M_MCAST | M_BCAST)) != 0)  {
+                       ICMP_STATINC(ICMP_STAT_BMCASTTSTAMP);
+                       break;
+               }
                icp->icmp_type = ICMP_TSTAMPREPLY;
                icp->icmp_rtime = iptime();
                icp->icmp_ttime = icp->icmp_rtime;      /* bogus, do later! */
@@ -1055,6 +1066,14 @@
                       sysctl_net_inet_icmp_stats, 0, NULL, 0,
                       CTL_NET, PF_INET, IPPROTO_ICMP, ICMPCTL_STATS,
                       CTL_EOL);
+       sysctl_createv(clog, 0, NULL, NULL,
+                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                      CTLTYPE_INT, "bmcastecho",
+                      SYSCTL_DESCR("Respond to ICMP_ECHO or ICMP_TIMESTAMP "
+                                   "message to the broadcast or multicast"),
+                      NULL, 0, &icmpbmcastecho, 0,
+                      CTL_NET, PF_INET, IPPROTO_ICMP, ICMPCTL_BMCASTECHO,
+                      CTL_EOL);
 }
 
 void