Configurably don't reply to broadcast or multicast echos. There are still

potential problems with other automatic-reply ICMPs, but some of them may
depend on broadcast/multicast to operate.  (This code can simply be
moved to the `reflect' label to generalize it.)

sys/netinet/icmp_var.h

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)icmp_var.h	8.1 (Berkeley) 6/10/93
- * $Id$
+ * $Id: icmp_var.h,v 1.6 1997/02/22 09:41:24 peter Exp $
  */
 
 #ifndef _NETINET_ICMP_VAR_H_
@@ -54,6 +54,7 @@ struct	icmpstat {
 	u_long	icps_badlen;		/* calculated bound mismatch */
 	u_long	icps_reflect;		/* number of responses */
 	u_long	icps_inhist[ICMP_MAXTYPE + 1];
+	u_long	icps_bmcastecho; 	/* b/mcast echo requests dropped */
 };
 
 /*

sys/netinet/ip_icmp.c

@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)ip_icmp.c	8.2 (Berkeley) 1/4/94
- * $Id: ip_icmp.c,v 1.26 1997/05/23 22:33:16 julian Exp $
+ * $Id: ip_icmp.c,v 1.27 1997/08/02 14:32:53 bde Exp $
  */
 
 #include <sys/param.h>
@@ -69,6 +69,10 @@ static int	icmpmaskrepl = 0;
 SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW,
 	&icmpmaskrepl, 0, "");
 
+static int	icmpbmcastecho = 1;
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, &icmpbmcastecho,
+	   0, "");
+
 #ifdef ICMPPRINTFS
 int	icmpprintfs = 0;
 #endif
@@ -370,6 +374,12 @@ icmp_input(m, hlen)
 		break;
 
 	case ICMP_ECHO:
+		if (!icmpbmcastecho
+		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0
+		    && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+			icmpstat.icps_bmcastecho++;
+			break;
+		}
 		icp->icmp_type = ICMP_ECHOREPLY;
 		goto reflect;