Re: [PATCH net-next v2] icmp: Add icmp_timestamp_ignore_all to control ICMP_TIMESTAMP

[Paolo Abeni]

On Mon, 2024-05-20 at 16:53 +0800, ye.xingchen@xxxxxxxxxx wrote:
> From: YeXingchen <ye.xingchen@xxxxxxxxxx>
> 
> The CVE-1999-0524 vulnerability is associated with ICMP
> timestamp messages, which can be exploited to conduct 
> a denial-of-service (DoS) attack. In the Vulnerability
> Priority Rating (VPR) system, this vulnerability was 
> rated as a medium risk in May of this year.
> Link:https://www.tenable.com/plugins/nessus/10113
> 
> To protect embedded systems that cannot run firewalls
> from attacks exploiting the CVE-1999-0524 vulnerability,
> the icmp_timestamp_ignore_all sysctl is offered as 
> an easy solution, which allows all ICMP timestamp
> messages to be ignored, effectively bypassing the 
> potential exploitation through the CVE-1999-0524 
> vulnerability. It enables these resource-constrained
> systems to disregard all ICMP timestamp messages,
> preventing potential DoS attacks, making it an ideal
> lightweight solution for such environments.
> 
> Signed-off-by: YeXingchen <ye.xingchen@xxxxxxxxxx>
> Reviewed-by: xu xin <xu.xin16@xxxxxxxxxx>
> Reviewed-by: zhang yunkai <zhang.yunkai@xxxxxxxxxx>
> Reviewed-by: Fan Yu <fan.yu9@xxxxxxxxxx>
> CC: he peilin <he.peilin@xxxxxxxxxx>
> Cc: Yang Yang <yang.yang29@xxxxxxxxxx>
> Cc: Yang Guang <yang.guang5@xxxxxxxxxx>

## Form letter - net-next-closed

The merge window for v6.10 has begun and we have already posted our
pull
request. Therefore net-next is closed for new drivers, features, code
refactoring and optimizations. We are currently accepting bug fixes
only.

Please repost when net-next reopens after May 26th.

RFC patches sent for review only are obviously welcome at any time.

See:
https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle