>Should we be thinking of adding a knob to control how frequently
>NetBSD sends out ICMP unreachables ?  Below I've got a patch which
>I just hacked up (untested :) which provides a knob in sysctl to
>control how often to actually send an ICMP error back.  I've added
>a patch which uses the same knob for ICMP6 (an ICMP error is an
>ICMP error, be it v4 or v6).

	I think ICMPv6 part is not necessary, because KAME code hs 
	rate limiting code for ICMPv6 errors.  This is mandatory from
	RFC2463 page 5.  see sys/netinet6/icmp6.c:icmp6_ratelimit().
	sysctl knob is net.inet6.icmp6.errratelimit.  I think you are doing
	exactly the same thing.

itojun