From patchwork Tue Mar 19 16:37:12 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Suryaputra <ssuryaextr@gmail.com>
X-Patchwork-Id: 1058539
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="fc3s5dnP"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44NzHJ23RWz9s3q
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 20 Mar 2019 03:37:32 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727502AbfCSQha (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 19 Mar 2019 12:37:30 -0400
Received: from mail-io1-f65.google.com ([209.85.166.65]:43974 "EHLO
	mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726839AbfCSQha (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 19 Mar 2019 12:37:30 -0400
Received: by mail-io1-f65.google.com with SMTP id x3so6618140iol.10
	for <netdev@vger.kernel.org>; Tue, 19 Mar 2019 09:37:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=1uGyo+OFBFHc0MxiwVpJ17AqVrSYrlLo1jpscAc73as=;
	b=fc3s5dnPlWLAUIueSmvunZqepBLEOfOvwpmtClcqnKGNP6yz25iTmVOvS0/dXAUMxt
	bo9MCCfom3hOwWmqxhxTha3wP1kwGAN9kSUHy2nX+KnShfd36ZopXQiHnuF1yNabTnNF
	wcGRx1nexwerF3ZjdjCkdX9Ef+7fUModjUI1mYTuqNJnaxndcursvbEA6RM14w04M3nW
	4YhEg55p3nqk117k2/cjSCUofBpgRwi8uanhaQlMEC3jdp3zvHufIK2iFsZ+E18mecGF
	bx3c76MvjWQ9aTK/pw1X7m+Uq6l1suMZsfYZuMeLLmpfFTnaT7WXOFFQNS6qcqrSq3iw
	Spyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=1uGyo+OFBFHc0MxiwVpJ17AqVrSYrlLo1jpscAc73as=;
	b=UWVPj43hsfITI9rULYV99bPjYtgdaYxKLM/TtLyoyynUVexjnN5QJ1UkI3eEi5ndZw
	POO1NzmEiiwdms1ndm+iGkLz0n5BR8r14RRENFwDomedus0OMXynUiTFFxllWvMXKQNV
	66zRiemo3KUQ1TjMjFA+/FiAeou2dTnVVCwxASKykWCQ1hpdmz0aMnr3sYfeNQyly0JX
	vOojOwndFdWt/FSGVUzsX/yDzCHiGpt8pgr8vp7ZNi19sHvInrV4RktscOILzduhcJ0f
	VpsRusKB+7rJ442mmxMDS1yy5VEy2Ply0vyBoenQGoFNQISE/ac7kqsWBmaNECral6dp
	vl4w==
X-Gm-Message-State: APjAAAXIXVzRwwPhtB4c5dUYXnLfhz0dZe1jP7g8uUOp2TTIWED/pTe9
	xJSX8eGO24CIqnmgZ5KVRG+h2kVFCg==
X-Google-Smtp-Source: 
 APXvYqweXLGBdTBtTD48YkvmTHT/dOgnK5EdofwjlV7fEO7nrK6xHjLw9GoTZhIghYhvZ3mUWasWrQ==
X-Received: by 2002:a6b:740e:: with SMTP id
	s14mr2145025iog.133.1553013449333;
	Tue, 19 Mar 2019 09:37:29 -0700 (PDT)
Received: from ubuntu.extremenetworks.com ([12.38.14.8])
	by smtp.gmail.com with ESMTPSA id
	127sm1697753itl.25.2019.03.19.09.37.28
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 19 Mar 2019 09:37:28 -0700 (PDT)
From: Stephen Suryaputra <ssuryaextr@gmail.com>
To: netdev@vger.kernel.org
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Subject: [PATCH net-next,
	v2] ipv6: Add icmp_echo_ignore_multicast support for ICMPv6
Date: Tue, 19 Mar 2019 12:37:12 -0400
Message-Id: <20190319163712.21936-1-ssuryaextr@gmail.com>
X-Mailer: git-send-email 2.17.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

IPv4 has icmp_echo_ignore_broadcast to prevent responding to broadcast pings.
IPv6 needs a similar mechanism.

v1->v2:
- Remove NET_IPV6_ICMP_ECHO_IGNORE_MULTICAST.

Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
---
 Documentation/networking/ip-sysctl.txt |  5 +++++
 include/net/netns/ipv6.h               |  1 +
 net/ipv6/af_inet6.c                    |  1 +
 net/ipv6/icmp.c                        | 12 ++++++++++++
 4 files changed, 19 insertions(+)

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index acdfb5d2bcaa..55ea7def46be 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1918,6 +1918,11 @@ echo_ignore_all - BOOLEAN
 	requests sent to it over the IPv6 protocol.
 	Default: 0
 
+echo_ignore_multicast - BOOLEAN
+	If set non-zero, then the kernel will ignore all ICMP ECHO
+	requests sent to it over the IPv6 protocol via multicast.
+	Default: 0
+
 xfrm6_gc_thresh - INTEGER
 	The threshold at which we will start garbage collecting for IPv6
 	destination cache entries.  At twice this value the system will
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index b028a1dc150d..e29aff15acc9 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -33,6 +33,7 @@ struct netns_sysctl_ipv6 {
 	int auto_flowlabels;
 	int icmpv6_time;
 	int icmpv6_echo_ignore_all;
+	int icmpv6_echo_ignore_multicast;
 	int anycast_src_echo_reply;
 	int ip_nonlocal_bind;
 	int fwmark_reflect;
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 2f45d2a3e3a3..fdc117de849c 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -847,6 +847,7 @@ static int __net_init inet6_net_init(struct net *net)
 	net->ipv6.sysctl.bindv6only = 0;
 	net->ipv6.sysctl.icmpv6_time = 1*HZ;
 	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
+	net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
 	net->ipv6.sysctl.flowlabel_consistency = 1;
 	net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;
 	net->ipv6.sysctl.idgen_retries = 3;
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 802faa2fcc0e..0907bcede5e5 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -684,6 +684,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
 	struct ipcm6_cookie ipc6;
 	u32 mark = IP6_REPLY_MARK(net, skb->mark);
 
+	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
+	    net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
+		return;
+
 	saddr = &ipv6_hdr(skb)->daddr;
 
 	if (!ipv6_unicast_destination(skb) &&
@@ -1115,6 +1119,13 @@ static struct ctl_table ipv6_icmp_table_template[] = {
 		.mode		= 0644,
 		.proc_handler = proc_dointvec,
 	},
+	{
+		.procname	= "echo_ignore_multicast",
+		.data		= &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler = proc_dointvec,
+	},
 	{ },
 };
 
@@ -1129,6 +1140,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
 	if (table) {
 		table[0].data = &net->ipv6.sysctl.icmpv6_time;
 		table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
+		table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
 	}
 	return table;
 }