From patchwork Tue Mar 19 12:45:48 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Suryaputra <ssuryaextr@gmail.com>
X-Patchwork-Id: 1058375
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="mC5DpLDa"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44Nt8B1YSlz9s7T
	for <patchwork-incoming-netdev@ozlabs.org>;
	Tue, 19 Mar 2019 23:46:02 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727656AbfCSMqB (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 19 Mar 2019 08:46:01 -0400
Received: from mail-io1-f67.google.com ([209.85.166.67]:44014 "EHLO
	mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726053AbfCSMqA (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 19 Mar 2019 08:46:00 -0400
Received: by mail-io1-f67.google.com with SMTP id x3so5878482iol.10
	for <netdev@vger.kernel.org>; Tue, 19 Mar 2019 05:46:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=Jk/Rw3BXlAwPX7S8bUgInyqsqaePbG3ZF3kd7KHPS0E=;
	b=mC5DpLDaaUNb433om3moMxz1c/l6mZfeMjV0paz0XBgxGcY7gUSTRqWWPseV/v5hCA
	jQ8lU6i/HaG/bl87GcBG4ob5ocd1jzGRvDjnlsTXlCBXlXKxlPyisnGBRDiCjy5+R69M
	CZhH9vHV0pLai5A4NEweFm5ImGvIg6Dzo0BpryxhXRyAd3kmuJEd70JVsdHfoQxqrEWV
	zrJI80nsG95drvKsaxoHEVqNu4YNZRe1xsr9uQ8wX/uk8hePSSQcZC3h/6MhN1gsiGBz
	frJQ5H3nHynodBqB+LKp19HDW9CIHTcdCUU911MQgCoRwAhfjc5x10RIvMLQtTKpdn24
	iUqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=Jk/Rw3BXlAwPX7S8bUgInyqsqaePbG3ZF3kd7KHPS0E=;
	b=E5qenjy3sXynT3+gk4NZBGNsHvU+gtxR/AoxyZAcdvWgTl27PjVCUgMMCKbJ+JBJ9Y
	0OXSV2D/jwMpZP6pWW93m12ykRTeOQU1NuIVB/N9B3KuT/PoF8ACSRp0BzdzHWyUWGT8
	tXUnJXSN3xs1zPud/yadQMRnnZVSne7DDyrvw0P/xdnHT6wiAmNp2If03iddzyTAvAVj
	/DcHe6aRQ2ESsr76YEsoISCrkgTgKdvg8XpZZcyWkUUCVgI2bAEkc3xoZpCF3UsvAXYO
	OVtD4jGPBowG3LU4SBQqWUdGP6fJ51zUM/PP1YmNma3uV7EKclVKFn0l/ttEbUHktR2v
	ldQA==
X-Gm-Message-State: APjAAAX1jXMGu8i6lJfK58BdCzKga/mch9+Smtp7Fjhiis2bBtK9Zxeq
	LZvsV1+c0DD3MBqrpd4Lx0Qtz7ykCQ==
X-Google-Smtp-Source: 
 APXvYqym0DsMaLOGhZ035F7RZromLmwxSn1c7X5jhYDBOkuqlQlOfehxa39+WQiyHqocO6FT9ja3gg==
X-Received: by 2002:a6b:7517:: with SMTP id l23mr1284755ioh.74.1552999559613;
	Tue, 19 Mar 2019 05:45:59 -0700 (PDT)
Received: from ubuntu.extremenetworks.com ([12.38.14.8])
	by smtp.gmail.com with ESMTPSA id
	15sm1341849itz.28.2019.03.19.05.45.58
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 19 Mar 2019 05:45:59 -0700 (PDT)
From: Stephen Suryaputra <ssuryaextr@gmail.com>
To: netdev@vger.kernel.org
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Subject: [PATCH net-next] ipv6: Add icmp_echo_ignore_multicast support for
	ICMPv6
Date: Tue, 19 Mar 2019 08:45:48 -0400
Message-Id: <20190319124548.21382-1-ssuryaextr@gmail.com>
X-Mailer: git-send-email 2.17.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

IPv4 has icmp_echo_ignore_broadcast to prevent responding to broadcast pings.
IPv6 needs a similar mechanism.

Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
---
 Documentation/networking/ip-sysctl.txt |  5 +++++
 include/net/netns/ipv6.h               |  1 +
 include/uapi/linux/sysctl.h            |  3 ++-
 net/ipv6/af_inet6.c                    |  1 +
 net/ipv6/icmp.c                        | 12 ++++++++++++
 5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index acdfb5d2bcaa..55ea7def46be 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1918,6 +1918,11 @@ echo_ignore_all - BOOLEAN
 	requests sent to it over the IPv6 protocol.
 	Default: 0
 
+echo_ignore_multicast - BOOLEAN
+	If set non-zero, then the kernel will ignore all ICMP ECHO
+	requests sent to it over the IPv6 protocol via multicast.
+	Default: 0
+
 xfrm6_gc_thresh - INTEGER
 	The threshold at which we will start garbage collecting for IPv6
 	destination cache entries.  At twice this value the system will
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index b028a1dc150d..e29aff15acc9 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -33,6 +33,7 @@ struct netns_sysctl_ipv6 {
 	int auto_flowlabels;
 	int icmpv6_time;
 	int icmpv6_echo_ignore_all;
+	int icmpv6_echo_ignore_multicast;
 	int anycast_src_echo_reply;
 	int ip_nonlocal_bind;
 	int fwmark_reflect;
diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
index 87aa2a6d9125..bd83ddedc014 100644
--- a/include/uapi/linux/sysctl.h
+++ b/include/uapi/linux/sysctl.h
@@ -577,7 +577,8 @@ enum {
 /* /proc/sys/net/ipv6/icmp */
 enum {
 	NET_IPV6_ICMP_RATELIMIT = 1,
-	NET_IPV6_ICMP_ECHO_IGNORE_ALL = 2
+	NET_IPV6_ICMP_ECHO_IGNORE_ALL = 2,
+	NET_IPV6_ICMP_ECHO_IGNORE_MULTICAST = 3
 };
 
 /* /proc/sys/net/<protocol>/neigh/<dev> */
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 2f45d2a3e3a3..fdc117de849c 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -847,6 +847,7 @@ static int __net_init inet6_net_init(struct net *net)
 	net->ipv6.sysctl.bindv6only = 0;
 	net->ipv6.sysctl.icmpv6_time = 1*HZ;
 	net->ipv6.sysctl.icmpv6_echo_ignore_all = 0;
+	net->ipv6.sysctl.icmpv6_echo_ignore_multicast = 0;
 	net->ipv6.sysctl.flowlabel_consistency = 1;
 	net->ipv6.sysctl.auto_flowlabels = IP6_DEFAULT_AUTO_FLOW_LABELS;
 	net->ipv6.sysctl.idgen_retries = 3;
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 802faa2fcc0e..0907bcede5e5 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -684,6 +684,10 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
 	struct ipcm6_cookie ipc6;
 	u32 mark = IP6_REPLY_MARK(net, skb->mark);
 
+	if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
+	    net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
+		return;
+
 	saddr = &ipv6_hdr(skb)->daddr;
 
 	if (!ipv6_unicast_destination(skb) &&
@@ -1115,6 +1119,13 @@ static struct ctl_table ipv6_icmp_table_template[] = {
 		.mode		= 0644,
 		.proc_handler = proc_dointvec,
 	},
+	{
+		.procname	= "echo_ignore_multicast",
+		.data		= &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler = proc_dointvec,
+	},
 	{ },
 };
 
@@ -1129,6 +1140,7 @@ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
 	if (table) {
 		table[0].data = &net->ipv6.sysctl.icmpv6_time;
 		table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
+		table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
 	}
 	return table;
 }