Add a sysctl, net.inet.icmp.tstamprepl, which can be used to disable replies

to ICMP Timestamp packets. PR: 193689 Submitted by: Anthony Cornehl <accornehl@gmail.com> MFC after: 3 weeks Sponsored by: EMC / Isilon Storage Division
2014-10-01 18:07:34 +00:00 · 2014-10-01 18:07:34 +00:00 · 00cb6bef99
commit 00cb6bef99
parent 98286ba5f4
2 changed files with 11 additions and 1 deletions
--- a/share/man/man4/icmp.4
+++ b/share/man/man4/icmp.4
@ -28,7 +28,7 @@
 .\"     @(#)icmp.4	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd February 9, 2007
+.Dd September 30, 2014
 .Dt ICMP 4
 .Os
 .Sh NAME
@ -216,6 +216,10 @@ instead of the possibly different return path.
 Number of bytes from original packet to quote in ICMP reply.
 This number is internally enforced to be at least 8 bytes (per RFC792)
 and at most the maximal space left in the ICMP reply mbuf.
+.It Va tstamprepl
+.Pq Vt boolean
+Enable/disable replies to ICMP Timestamp packets.
+Defaults to true.
 .El
 .Sh ERRORS
 A socket operation may fail with one of the following errors returned:
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@ -149,6 +149,10 @@ SYSCTL_VNET_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW,
 	&VNET_NAME(icmpbmcastecho), 0,
 	"");

+static VNET_DEFINE(int, icmptstamprepl) = 1;
+#define	V_icmptstamprepl		VNET(icmptstamprepl)
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, tstamprepl, CTLFLAG_RW,
+	&VNET_NAME(icmptstamprepl), 0, "Respond to ICMP Timestamp packets");

 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
@ -545,6 +549,8 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 			goto reflect;

 	case ICMP_TSTAMP:
+		if (V_icmptstamprepl == 0)
+			break;
 		if (!V_icmpbmcastecho
 		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
 			ICMPSTAT_INC(icps_bmcasttstamp);