Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Oct 2014 18:07:35 +0000 (UTC)
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r272378 - in head: share/man/man4 sys/netinet
Message-ID:  <201410011807.s91I7ZdN023619@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: markj
Date: Wed Oct  1 18:07:34 2014
New Revision: 272378
URL: https://svnweb.freebsd.org/changeset/base/272378

Log:
  Add a sysctl, net.inet.icmp.tstamprepl, which can be used to disable replies
  to ICMP Timestamp packets.
  
  PR:		193689
  Submitted by:	Anthony Cornehl <accornehl@gmail.com>
  MFC after:	3 weeks
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/share/man/man4/icmp.4
  head/sys/netinet/ip_icmp.c

Modified: head/share/man/man4/icmp.4
==============================================================================
--- head/share/man/man4/icmp.4	Wed Oct  1 17:16:18 2014	(r272377)
+++ head/share/man/man4/icmp.4	Wed Oct  1 18:07:34 2014	(r272378)
@@ -28,7 +28,7 @@
 .\"     @(#)icmp.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd February 9, 2007
+.Dd September 30, 2014
 .Dt ICMP 4
 .Os
 .Sh NAME
@@ -216,6 +216,10 @@ instead of the possibly different return
 Number of bytes from original packet to quote in ICMP reply.
 This number is internally enforced to be at least 8 bytes (per RFC792)
 and at most the maximal space left in the ICMP reply mbuf.
+.It Va tstamprepl
+.Pq Vt boolean
+Enable/disable replies to ICMP Timestamp packets.
+Defaults to true.
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned:

Modified: head/sys/netinet/ip_icmp.c
==============================================================================
--- head/sys/netinet/ip_icmp.c	Wed Oct  1 17:16:18 2014	(r272377)
+++ head/sys/netinet/ip_icmp.c	Wed Oct  1 18:07:34 2014	(r272378)
@@ -149,6 +149,10 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO
 	&VNET_NAME(icmpbmcastecho), 0,
 	"");
 
+static VNET_DEFINE(int, icmptstamprepl) = 1;
+#define	V_icmptstamprepl		VNET(icmptstamprepl)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
+	&VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets");
 
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
@@ -545,6 +549,8 @@ icmp_input(struct mbuf **mp, int *offp, 
 			goto reflect;
 
 	case ICMP_TSTAMP:
+		if (V_icmptstamprepl == 0)
+			break;
 		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			ICMPSTAT_INC(icps_bmcasttstamp);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410011807.s91I7ZdN023619>