diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-01-02 04:52:27 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2000-01-02 04:52:27 +0000 |
| commit | a4a19933b41b16f245be1e53f9ae09e550f78197 (patch) | |
| tree | a7e684d483ffd94b0f195237366c089c7e490849 | |
| parent | dfe699529891d9775c6d26c56a6b2b9c845be781 (diff) | |
implement net.inet6.icmp6.nodeinfo sysctl, which disables
ICMPv6 node information query (and FQDN query - old variant).
kame repository has the change as well.
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 3 | ||||
| -rw-r--r-- | sys/netinet6/icmp6.c | 33 | ||||
| -rw-r--r-- | sys/netinet6/icmp6.h | 7 | ||||
| -rw-r--r-- | sys/netinet6/in6_proto.c | 3 |
4 files changed, 33 insertions, 13 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 7ddb0226071..c43de4d1d71 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.33 1999/12/30 20:49:20 provos Exp $ +.\" $OpenBSD: sysctl.8,v 1.34 2000/01/02 04:52:26 itojun Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -197,6 +197,7 @@ privilege can change the value. .It net.inet6.icmp6.nd6_mmaxtries integer yes .It net.inet6.icmp6.nd6_useloopback integer yes .It net.inet6.icmp6.nd6_proxyall integer yes +.It net.inet6.icmp6.nodeinfo integer yes .It net.ipx.ipx.recvspace integer yes .It net.ipx.ipx.sendspace integer yes .It debug.syncprt integer yes diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 7e3c6b2a123..428e6720b01 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.3 1999/12/15 07:08:00 itojun Exp $ */ +/* $OpenBSD: icmp6.c,v 1.4 2000/01/02 04:52:26 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -108,6 +108,7 @@ struct icmp6stat icmp6stat; extern struct in6pcb rawin6pcb; extern u_int icmp6errratelim; +extern int icmp6_nodeinfo; static struct rttimer_queue *icmp6_mtudisc_timeout_q = NULL; extern int pmtu_expire; @@ -588,6 +589,9 @@ icmp6_input(mp, offp, proto) if (code != 0) goto badcode; + if (!icmp6_nodeinfo) + break; + if (icmp6len == sizeof(struct icmp6_hdr) + 4) mode = WRU; else if (icmp6len >= sizeof(struct icmp6_hdr) + 8) /* XXX */ @@ -596,12 +600,16 @@ icmp6_input(mp, offp, proto) goto badlen; if (mode == FQDN) { +#ifndef PULLDOWN_TEST IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_nodeinfo), IPPROTO_DONE); - n = ni6_input(m, off); - noff = sizeof(struct ip6_hdr); - } - else { +#endif + n = m_copy(m, 0, M_COPYALL); + if (n) + n = ni6_input(n, off); + if (n) + noff = sizeof(struct ip6_hdr); + } else { u_char *p; MGETHDR(n, M_DONTWAIT, m->m_type); @@ -848,10 +856,11 @@ ni6_input(m, off) #ifndef PULLDOWN_TEST ni6 = (struct icmp6_nodeinfo *)(mtod(m, caddr_t) + off); #else - IP6_EXTHDR_GET(ni6, struct icmp6_nodeinfo *, m, off, - sizeof(*ni6)); - if (ni6 == NULL) + IP6_EXTHDR_GET(ni6, struct icmp6_nodeinfo *, m, off, sizeof(*ni6)); + if (ni6 == NULL) { + /* m is already reclaimed */ return NULL; + } #endif qtype = ntohs(ni6->ni_qtype); @@ -889,8 +898,10 @@ ni6_input(m, off) /* allocate a mbuf to reply. */ MGETHDR(n, M_DONTWAIT, m->m_type); - if (n == NULL) + if (n == NULL) { + m_freem(m); return(NULL); + } M_COPY_PKTHDR(n, m); /* just for recvif */ if (replylen > MHLEN) { if (replylen > MCLBYTES) @@ -956,9 +967,11 @@ ni6_input(m, off) nni6->ni_type = ICMP6_NI_REPLY; nni6->ni_code = ICMP6_NI_SUCESS; + m_freem(m); return(n); bad: + m_freem(m); if (n) m_freem(n); return(NULL); @@ -1979,6 +1992,8 @@ icmp6_sysctl(name, namelen, oldp, oldlenp, newp, newlen) &nd6_useloopback); case ICMPV6CTL_ND6_PROXYALL: return sysctl_int(oldp, oldlenp, newp, newlen, &nd6_proxyall); + case ICMPV6CTL_NODEINFO: + return sysctl_int(oldp, oldlenp, newp, newlen, &icmp6_nodeinfo); default: return ENOPROTOOPT; } diff --git a/sys/netinet6/icmp6.h b/sys/netinet6/icmp6.h index 03a1bc9b484..45532bb0c57 100644 --- a/sys/netinet6/icmp6.h +++ b/sys/netinet6/icmp6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.h,v 1.2 1999/12/10 10:04:27 angelos Exp $ */ +/* $OpenBSD: icmp6.h,v 1.3 2000/01/02 04:52:26 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -526,7 +526,8 @@ struct icmp6stat { #define ICMPV6CTL_ND6_MMAXTRIES 10 #define ICMPV6CTL_ND6_USELOOPBACK 11 #define ICMPV6CTL_ND6_PROXYALL 12 -#define ICMPV6CTL_MAXID 13 +#define ICMPV6CTL_NODEINFO 13 +#define ICMPV6CTL_MAXID 14 #define ICMPV6CTL_NAMES { \ { 0, 0 }, \ @@ -542,6 +543,7 @@ struct icmp6stat { { "nd6_mmaxtries", CTLTYPE_INT }, \ { "nd6_useloopback", CTLTYPE_INT }, \ { "nd6_proxyall", CTLTYPE_INT }, \ + { "nodeinfo", CTLTYPE_INT }, \ } #define ICMPV6CTL_VARS { \ @@ -559,6 +561,7 @@ struct icmp6stat { &nd6_mmaxtries, \ &nd6_useloopback, \ &nd6_proxyall, \ + &icmp6_nodeinfo, \ } #define RTF_PROBEMTU RTF_PROTO1 diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 0b87927209f..764d8f35e66 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_proto.c,v 1.6 1999/12/10 10:04:28 angelos Exp $ */ +/* $OpenBSD: in6_proto.c,v 1.7 2000/01/02 04:52:26 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -292,6 +292,7 @@ u_long rip6_recvspace = RIPV6RCVQ; int icmp6_rediraccept = 1; /* accept and process redirects */ int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ u_int icmp6errratelim = 1000; /* 1000usec = 1msec */ +int icmp6_nodeinfo = 1; /* enable/disable NI response */ #ifdef TCP6 /* TCP on IP6 parameters */ |