Turn off replies to ICMP echo requests for broadcast and multicast

addresses by default.

Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".

Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).

Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>

etc/network.subr

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.conf

@@ -6,7 +6,7 @@
 #
 # All arguments must be in double or single quotes.
 #
-#	$Id: rc.conf,v 1.55 1998/09/04 23:37:24 jkh Exp $
+#	$Id: rc.conf,v 1.56 1998/09/06 08:20:11 phk Exp $
 
 ##############################################################
 ### Important initial Boot-time options  #####################
@@ -114,6 +114,9 @@ arpproxy_all=""			# replaces obsolete kernel option ARP_PROXYALL.
 forward_sourceroute="NO"	# do source routing (only if gateway_enable is set to "YES")
 accept_sourceroute="NO"		# accept source routed packets to us
 
+### Miscellaneous network options: ###
+icmp_bmcastecho="NO"	# respond to broadcast ping packets
+
 
 ##############################################################
 ###  System console options  #################################

etc/rc.d/netoptions

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.d/network1

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.d/network2

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.d/network3

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.d/routing

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

etc/rc.network

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
+#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
 #	From: @(#)netstart	5.9 (Berkeley) 3/30/91
 
 # Note that almost all the user-configurable behavior is no longer in
@@ -110,6 +110,11 @@ network_pass1() {
 	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
     fi
 
+    if [ X"$icmp_bmcastecho" = X"YES" ]; then
+	    echo -n ' broadcast ping responses=YES'
+	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
+    fi
+
     if [ "X$gateway_enable" = X"YES" ]; then
 	    echo -n ' IP gateway=YES'
 	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1

lib/libc/gen/sysctl.3

@@ -479,12 +479,13 @@ The third level name is the protocol.
 The fourth level name is the variable name.
 The currently defined protocols and names are:
 .ne 1i
-.Bl -column "Protocol nameXXXXXX" "Variable nameXXX" "integerXXX" -offset indent
-.It Pa Protocol name	Variable name	Type	Changeable
+.Bl -column ProtocolXX VariableXX TypeXX ChangeableXX
+.It Pa Protocol	Variable	Type	Changeable
 .It ip	forwarding	integer	yes
 .It ip	redirect	integer	yes
 .It ip	ttl	integer	yes
 .It icmp	maskrepl	integer	yes
+.It icmp	bmcastecho	integer	yes
 .It udp	checksum	integer	yes
 .El
 .Pp
@@ -503,6 +504,9 @@ the system.
 This value applies to normal transport protocols, not to ICMP.
 .It Li icmp.maskrepl
 Returns 1 if ICMP network mask requests are to be answered.
+.It Li icmp.bmcastecho
+Returns 1 if an ICMP echo request to a broadcast or multicast address is 
+to be answered.
 .It Li udp.checksum
 Returns 1 when UDP checksums are being computed and checked.
 Disabling UDP checksums is strongly discouraged.

sys/netinet/ip_icmp.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_icmp.c	8.2 (Berkeley) 1/4/94
- *	$Id: ip_icmp.c,v 1.29 1997/08/25 16:29:27 wollman Exp $
+ *	$Id: ip_icmp.c,v 1.30 1998/05/26 11:34:30 dg Exp $
  */
 
 #include <sys/param.h>
@@ -69,7 +69,7 @@ static int	icmpmaskrepl = 0;
 SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
 	&icmpmaskrepl, 0, "");
 
-static int	icmpbmcastecho = 1;
+static int	icmpbmcastecho = 0;
 SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, &icmpbmcastecho,
 	   0, "");