On Fri, Jul 15, 2011 at 04:40:08PM -0700, Philip Guenther wrote: > On Fri, Jul 15, 2011 at 4:13 PM, Christiano F. Haesbaert > <haesba...@haesbaert.org> wrote: > > Hi, this diff adds a sysctl to disable kernel icmp echo processing and pass > > it > > to userland via raw sockets. I'm terrible with names but I chose userecho, > > so > > net.inet.icmp.userecho. > > IMO, a per-socket option makes more sense than an all-machine sysctl. >
I don't like the idea much, suppose there is no process using the option, should the kernel still answer the echo requests ? But then if we do have a process using the option, should we answer the request *and* forward the packet ? I'm not sure, I believe the all-machine sysctl is a better option since it implies "not answering echo requests". If its of any use I did some digging and linox has something similar in /proc/sys/net/ipv4/icmp_echo_ignore_all. > > > I kinda need this to tunnel ip over icmp echo. > > Great, now they'll start blocking echo... > I hope not, but you're probably right :/. Anyway, I still think it's useful. -- Christiano Farina HAESBAERT Do NOT send me html mail.
