diff options
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 3 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 3 | ||||
| -rw-r--r-- | sys/netinet/icmp_var.h | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_icmp.c | 8 |
4 files changed, 15 insertions, 5 deletions
diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index f73df5f3d90..a103b356cdc 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.86 2002/05/01 08:03:29 mpech Exp $ +.\" $OpenBSD: sysctl.3,v 1.87 2002/05/24 21:53:08 deraadt Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -710,6 +710,7 @@ The currently defined protocols and names are: .It icmp errppslimit integer yes .It icmp rediraccept integer yes .It icmp redirtimeout integer yes +.It icmp tstamprepl integer yes .It ipip allow integer yes .It tcp rfc1323 integer yes .It tcp ident structure no diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 9799db1d567..e7b03f8504c 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.82 2002/04/03 20:34:11 angelos Exp $ +.\" $OpenBSD: sysctl.8,v 1.83 2002/05/24 21:53:08 deraadt Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -192,6 +192,7 @@ privilege can change the value. .It net.inet.icmp.errppslimit integer yes .It net.inet.icmp.rediraccept integer yes .It net.inet.icmp.redirtimeout integer yes +.It net.inet.icmp.tstamprepl integer yes .It net.inet.ipip.allow integer yes .It net.inet.etherip.allow integer yes .It net.inet.tcp.rfc1323 integer yes diff --git a/sys/netinet/icmp_var.h b/sys/netinet/icmp_var.h index 564d7bbe144..dbd54102422 100644 --- a/sys/netinet/icmp_var.h +++ b/sys/netinet/icmp_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp_var.h,v 1.7 2002/01/12 00:51:59 ericj Exp $ */ +/* $OpenBSD: icmp_var.h,v 1.8 2002/05/24 21:53:08 deraadt Exp $ */ /* $NetBSD: icmp_var.h,v 1.8 1995/03/26 20:32:19 jtc Exp $ */ /* @@ -67,7 +67,8 @@ struct icmpstat { #define ICMPCTL_ERRPPSLIMIT 3 /* ICMP error pps limitation */ #define ICMPCTL_REDIRACCEPT 4 /* Accept redirects from routers */ #define ICMPCTL_REDIRTIMEOUT 5 /* Remove routes added via redirects */ -#define ICMPCTL_MAXID 6 +#define ICMPCTL_TSTAMPREPL 6 /* allow replies to timestamp requests */ +#define ICMPCTL_MAXID 7 #define ICMPCTL_NAMES { \ { 0, 0 }, \ @@ -76,6 +77,7 @@ struct icmpstat { { "errppslimit", CTLTYPE_INT }, \ { "rediraccept", CTLTYPE_INT }, \ { "redirtimeout", CTLTYPE_INT }, \ + { "tstamprepl", CTLTYPE_INT }, \ } #ifdef _KERNEL diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 796821178e7..d443446c724 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.47 2002/03/15 18:19:52 millert Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.48 2002/05/24 21:53:08 deraadt Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -98,6 +98,7 @@ int icmpmaskrepl = 0; int icmpbmcastecho = 0; +int icmptstamprepl = 1; #ifdef ICMPPRINTFS int icmpprintfs = 0; #endif @@ -464,6 +465,9 @@ icmp_input(struct mbuf *m, ...) goto reflect; case ICMP_TSTAMP: + if (icmptstamprepl == 0) + break; + if (!icmpbmcastecho && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { icmpstat.icps_bmcastecho++; @@ -799,6 +803,8 @@ icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) return (ENOTDIR); switch (name[0]) { + case ICMPCTL_TSTAMPREPL: + return (sysctl_int(oldp, oldlenp, newp, newlen, &icmptstamprepl)); case ICMPCTL_MASKREPL: return (sysctl_int(oldp, oldlenp, newp, newlen, &icmpmaskrepl)); case ICMPCTL_BMCASTECHO: |