Add an option to have ICMP replies to non-local packets generated with

the IP address the packet came through in.  This is useful for routers
to show in traceroutes the actual path a packet has taken instead of
the possibly different return path.

The new sysctl is named net.inet.icmp.reply_from_interface and defaults
to off.

MFC after:	2 weeks

1 files changed, 19 insertions, 0 deletions

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 6d1670f..0cba594 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -110,6 +110,11 @@ static char	reply_src[IFNAMSIZ];
 SYSCTL_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW,
 	&reply_src, IFNAMSIZ, "icmp reply source for non-local packets.");
 
+static int	icmp_rfi = 0;
+SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW,
+	&icmp_rfi, 0, "ICMP reply from incoming interface for "
+	"non-local packets");
+
 /*
  * ICMP broadcast echo sysctl
  */
@@ -624,6 +629,20 @@ icmp_reflect(m)
 		}
 	}
 	/*
+	 * If the packet was transiting through us, use the address of
+	 * the interface the packet came through in.  If that interface
+	 * doesn't have a suitable IP address, the normal selection
+	 * criteria apply.
+	 */
+	if (icmp_rfi && m->m_pkthdr.rcvif != NULL) {
+		TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
+			if (ifa->ifa_addr->sa_family != AF_INET)
+				continue;
+			ia = ifatoia(ifa);
+			goto match;
+		}
+	}
+	/*
 	 * If the incoming packet was not addressed directly to us, use
 	 * designated interface for icmp replies specified by sysctl
 	 * net.inet.icmp.reply_src (default not set). Otherwise continue