svn commit: r272378 - in head: share/man/man4 sys/netinet

Mark Johnston markj at FreeBSD.org
Wed Oct 1 18:07:36 UTC 2014 

Author: markj
Date: Wed Oct  1 18:07:34 2014
New Revision: 272378
URL: https://svnweb.freebsd.org/changeset/base/272378

Log:
  Add a sysctl, net.inet.icmp.tstamprepl, which can be used to disable replies
  to ICMP Timestamp packets.
  
  PR:		193689
  Submitted by:	Anthony Cornehl <accornehl at gmail.com>
  MFC after:	3 weeks
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/share/man/man4/icmp.4
  head/sys/netinet/ip_icmp.c

Modified: head/share/man/man4/icmp.4
==============================================================================
--- head/share/man/man4/icmp.4	Wed Oct  1 17:16:18 2014	(r272377)
+++ head/share/man/man4/icmp.4	Wed Oct  1 18:07:34 2014	(r272378)
@@ -28,7 +28,7 @@
 .\"     @(#)icmp.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd February 9, 2007
+.Dd September 30, 2014
 .Dt ICMP 4
 .Os
 .Sh NAME
@@ -216,6 +216,10 @@ instead of the possibly different return
 Number of bytes from original packet to quote in ICMP reply.
 This number is internally enforced to be at least 8 bytes (per RFC792)
 and at most the maximal space left in the ICMP reply mbuf.
+.It Va tstamprepl
+.Pq Vt boolean
+Enable/disable replies to ICMP Timestamp packets.
+Defaults to true.
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned:

Modified: head/sys/netinet/ip_icmp.c
==============================================================================
--- head/sys/netinet/ip_icmp.c	Wed Oct  1 17:16:18 2014	(r272377)
+++ head/sys/netinet/ip_icmp.c	Wed Oct  1 18:07:34 2014	(r272378)
@@ -149,6 +149,10 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO
 	&VNET_NAME(icmpbmcastecho), 0,
 	"");
 
+static VNET_DEFINE(int, icmptstamprepl) = 1;
+#define	V_icmptstamprepl		VNET(icmptstamprepl)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
+	&VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets");
 
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
@@ -545,6 +549,8 @@ icmp_input(struct mbuf **mp, int *offp, 
 			goto reflect;
 
 	case ICMP_TSTAMP:
+		if (V_icmptstamprepl == 0)
+			break;
 		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			ICMPSTAT_INC(icps_bmcasttstamp);

More information about the svn-src-head mailing list