summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorStephen Suryaputra <ssuryaextr@gmail.com>2019-03-20 10:29:27 -0400
committerDavid S. Miller <davem@davemloft.net>2019-03-20 16:29:37 -0700
commit0b03a5ca8b14321366eec4a903922d2b46d585ff (patch)
treedd57f1bdfad2cdd949bde6d02fafa392fd374001 /Documentation
parenta534ea30e70fc51c4cef31c0683955dd8a568a11 (diff)
ipv6: Add icmp_echo_ignore_anycast for ICMPv6
In addition to icmp_echo_ignore_multicast, there is a need to also prevent responding to pings to anycast addresses for security. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/networking/ip-sysctl.txt5
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 55ea7def46be..bd029fc55ccb 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1923,6 +1923,11 @@ echo_ignore_multicast - BOOLEAN
requests sent to it over the IPv6 protocol via multicast.
Default: 0
+echo_ignore_anycast - BOOLEAN
+ If set non-zero, then the kernel will ignore all ICMP ECHO
+ requests sent to it over the IPv6 protocol destined to anycast address.
+ Default: 0
+
xfrm6_gc_thresh - INTEGER
The threshold at which we will start garbage collecting for IPv6
destination cache entries. At twice this value the system will