Hi, this diff adds a sysctl to disable kernel icmp echo processing and pass it
to userland via raw sockets. I'm terrible with names but I chose userecho, so
net.inet.icmp.userecho.
I did some basic tests and it seems to work ok.
I kinda need this to tunnel ip over icmp echo.
Index: netinet/icmp_var.h
===
RCS file: /cvs/src/sys/netinet/icmp_var.h,v
retrieving revision 1.13
diff -d -u -p -w -r1.13 icmp_var.h
--- netinet/icmp_var.h 13 Dec 2007 20:00:53 - 1.13
+++ netinet/icmp_var.h 15 Jul 2011 22:47:17 -
@@ -65,7 +65,8 @@ structicmpstat {
#defineICMPCTL_REDIRTIMEOUT5 /* Remove routes added via
redirects */
#defineICMPCTL_TSTAMPREPL 6 /* allow replies to timestamp
requests */
#define ICMPCTL_STATS 7 /* ICMP statistics */
-#define ICMPCTL_MAXID 8
+#define ICMPCTL_USERECHO 8 /* ICMP echo requests in raw sockets */
+#define ICMPCTL_MAXID 9
#define ICMPCTL_NAMES { \
{ 0, 0 }, \
@@ -75,7 +76,8 @@ structicmpstat {
{ rediraccept, CTLTYPE_INT }, \
{ redirtimeout, CTLTYPE_INT }, \
{ tstamprepl, CTLTYPE_INT }, \
- { stats, CTLTYPE_STRUCT } \
+ { stats, CTLTYPE_STRUCT }, \
+ { userecho, CTLTYPE_INT } \
}
#define ICMPCTL_VARS { \
@@ -86,7 +88,8 @@ structicmpstat {
icmp_rediraccept, \
NULL, \
icmptstamprepl, \
- NULL \
+ NULL, \
+ icmpuserecho, \
}
#ifdef _KERNEL
Index: netinet/ip_icmp.c
===
RCS file: /cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.94
diff -d -u -p -w -r1.94 ip_icmp.c
--- netinet/ip_icmp.c 6 Jul 2011 01:57:37 - 1.94
+++ netinet/ip_icmp.c 15 Jul 2011 22:47:17 -
@@ -106,6 +106,7 @@
*/
inticmpmaskrepl = 0;
+inticmpuserecho = 0;
inticmpbmcastecho = 0;
inticmptstamprepl = 1;
#ifdef ICMPPRINTFS
@@ -482,6 +483,8 @@ icmp_input(struct mbuf *m, ...)
break;
case ICMP_ECHO:
+ if (icmpuserecho)
+ goto raw;
if (!icmpbmcastecho
(m-m_flags (M_MCAST | M_BCAST)) != 0) {
icmpstat.icps_bmcastecho++;
