lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Dec 2020 19:16:55 -0800 From: Andreas Roeseler <andreas.a.roeseler@...il.com> To: davem@...emloft.net, kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org, kuba@...nel.org Cc: netdev@...r.kernel.org Subject: [PATCH net-next 4/6] net: add sysctl for enabling RFC 8335 PROBE messages Section 8 of RFC 8335 specifies potential security concerns of responding to PROBE requests, and states that nodes that support PROBE functionality MUST be able to enable/disable responses and it is disabled by default. Add sysctl to enable responses to PROBE messages. Signed-off-by: Andreas Roeseler <andreas.a.roeseler@...il.com> --- net/ipv4/sysctl_net_ipv4.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 3e5f4f2e705e..f9f0e9d7394f 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -599,6 +599,13 @@ static struct ctl_table ipv4_net_table[] = { .mode = 0644, .proc_handler = proc_dointvec }, + { + .procname = "icmp_echo_enable_probe", + .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec + }, { .procname = "icmp_echo_ignore_broadcasts", .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, -- 2.25.1
Powered by blists - more mailing lists