[PATCH net-next 4/6] net: add sysctl for enabling RFC 8335 PROBE messages

Andreas Roeseler Thu, 03 Dec 2020 19:18:25 -0800

Section 8 of RFC 8335 specifies potential security concerns of
responding to PROBE requests, and states that nodes that support PROBE
functionality MUST be able to enable/disable responses and it is
disabled by default.


Add sysctl to enable responses to PROBE messages. 

Signed-off-by: Andreas Roeseler <andreas.a.roese...@gmail.com>
---
 net/ipv4/sysctl_net_ipv4.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 3e5f4f2e705e..f9f0e9d7394f 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -599,6 +599,13 @@ static struct ctl_table ipv4_net_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec
        },
+       {
+               .procname       = "icmp_echo_enable_probe",
+               .data           = &init_net.ipv4.sysctl_icmp_echo_enable_probe,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec
+       },
        {
                .procname       = "icmp_echo_ignore_broadcasts",
                .data           = 
&init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
-- 
2.25.1

[PATCH net-next 4/6] net: add sysctl for enabling RFC 8335 PROBE messages

Reply via email to