I wondered why NET_IPV6_ICMP_ECHO_IGNORE_ALL isn't being referenced.
Your comment made me probe further. Apparently, commit
e6f86b0f7ae473969a3301b74bf98af9e42ecd0e didn't add it to:
static const struct bin_table bin_net_ipv6_icmp_table[] = {
{ CTL_INT, NET_IPV6_ICMP_RATELIMIT, "ratelimit" },
{}
};
I will fix that as well.
Thanks.
On Tue, Mar 19, 2019 at 9:10 AM Eric Dumazet <eric.duma...@gmail.com> wrote:
>
>
>
> On 03/19/2019 05:45 AM, Stephen Suryaputra wrote:
> > IPv4 has icmp_echo_ignore_broadcast to prevent responding to broadcast
> > pings.
> > IPv6 needs a similar mechanism.
> >
>
>
> ...
>
> > diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
> > index 87aa2a6d9125..bd83ddedc014 100644
> > --- a/include/uapi/linux/sysctl.h
> > +++ b/include/uapi/linux/sysctl.h
> > @@ -577,7 +577,8 @@ enum {
> > /* /proc/sys/net/ipv6/icmp */
> > enum {
> > NET_IPV6_ICMP_RATELIMIT = 1,
> > - NET_IPV6_ICMP_ECHO_IGNORE_ALL = 2
> > + NET_IPV6_ICMP_ECHO_IGNORE_ALL = 2,
> > + NET_IPV6_ICMP_ECHO_IGNORE_MULTICAST = 3
> > };
> >
> > /* /proc/sys/net/<protocol>/neigh/<dev> */
>
> This part is probably not needed.
>
