[net-next,0/6] add support for RFC 8335 PROBE

Message ID	cover.1607050388.git.andreas.a.roeseler@gmail.com
Headers	show Return-Path: <netdev-owner@kernel.org> From: Andreas Roeseler <andreas.a.roeseler@gmail.com> To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 0/6] add support for RFC 8335 PROBE Date: Thu, 3 Dec 2020 19:16:17 -0800 Message-Id: <cover.1607050388.git.andreas.a.roeseler@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	add support for RFC 8335 PROBE \| expand [net-next,0/6] add support for RFC 8335 PROBE [net-next,1/6] icmp: support for RFC 8335 [net-next,2/6] ICMPv6: support for RFC 8335 [net-next,3/6] net: add sysctl for enabling RFC 8335 PROBE messages [net-next,4/6] net: add sysctl for enabling RFC 8335 PROBE messages [net-next,5/6] net: add support for sending RFC 8335 PROBE messages [net-next,6/6] icmp: add response to RFC 8335 PROBE messages

Message ID

cover.1607050388.git.andreas.a.roeseler@gmail.com

Headers

From: Andreas Roeseler <andreas.a.roeseler@gmail.com>
To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org,
	kuba@kernel.org
Cc: netdev@vger.kernel.org
Subject: [PATCH net-next 0/6] add support for RFC 8335 PROBE 
Date: Thu,  3 Dec 2020 19:16:17 -0800
Message-Id: <cover.1607050388.git.andreas.a.roeseler@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

add support for RFC 8335 PROBE | expand

Message

Andreas Roeseler Dec. 4, 2020, 3:16 a.m. UTC

The popular utility ping has several severe limitations such as the
inability to query specific interfaces on a node and requiring
bidirectional connectivity between the probing and probed interfaces.
RFC 8335 attempts to solve these limitations by creating the new utility
PROBE which is a specialized ICMP message that makes use of the ICMP
Extention Structure outlined in RFC 4884.

This patchset adds definitions for the ICMP Extended Echo Request and
Reply (PROBE) types for both IPV4 and IPV6, adds a sysctl to enable 
response to PROBE messages, expands the list of supported ICMP messages
to accommodate PROBE types, and adds functionality to respond to PROBE
requests.

Andreas Roeseler (6):
  icmp: support for RFC 8335
  ICMPv6: support for RFC 8335
  net: add sysctl for enabling RFC 8335 PROBE messages
  net: add sysctl for enabling RFC 8335 PROBE messages
  net: add support for sending RFC 8335 PROBE messages
  icmp: add response to RFC 8335 PROBE messages

 include/net/netns/ipv4.h    |   1 +
 include/uapi/linux/icmp.h   |  22 ++++++
 include/uapi/linux/icmpv6.h |   6 ++
 net/ipv4/icmp.c             | 135 +++++++++++++++++++++++++++++++++---
 net/ipv4/ping.c             |   4 +-
 net/ipv4/sysctl_net_ipv4.c  |   7 ++
 6 files changed, 164 insertions(+), 11 deletions(-)

Comments

David Ahern Dec. 5, 2020, 5:49 a.m. UTC | #1

On 12/3/20 8:16 PM, Andreas Roeseler wrote:
> Section 8 of RFC 8335 specifies potential security concerns of

> responding to PROBE requests, and states that nodes that support PROBE

> functionality MUST be able to enable/disable responses and it is

> disabled by default. 

> 

> Add sysctl to enable responses to PROBE messages. 

> 

> Signed-off-by: Andreas Roeseler <andreas.a.roeseler@gmail.com>

> ---

>  include/net/netns/ipv4.h | 1 +

>  1 file changed, 1 insertion(+)

> 

> diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h

> index 8e4fcac4df72..1d9b74228f3e 100644

> --- a/include/net/netns/ipv4.h

> +++ b/include/net/netns/ipv4.h

> @@ -85,6 +85,7 @@ struct netns_ipv4 {

>  #endif

>  

>  	int sysctl_icmp_echo_ignore_all;

> +	int sysctl_icmp_echo_enable_probe;

>  	int sysctl_icmp_echo_ignore_broadcasts;

>  	int sysctl_icmp_ignore_bogus_error_responses;

>  	int sysctl_icmp_ratelimit;

> 


this can be folded into patch 4; no need for a standalone patch here.