I have become aware of at least one other OS implementing returning of
more than 8 bytes in ICMP error replies, which according to RFC1122 is
allowed.  This seemed cool enough to me that I thought why not add it
to NetBSD.  I have made some changes to icmp_error() to support this.
I've also added a control for this in sysctl - icmp.returndatabytes.
In the patch I've made, it's range is limited to [8,512].  The lower
limit is obvious, the upper limit is (perhaps a bit large) there to
help ensure that the packet will never exceed 576 bytes in size.  In
practice, I would expect returning more than even 48 to be excessive
in most cases.  I've set the default to 8 (least surprise).  The diffs
can be found at:

http://coombs.anu.edu.au/~avalon/icmp.diff

Comments welcome.

Cheers,
Darren

From RFC 1122, page 38, 3.2.2:
...
         Every ICMP error message includes the Internet header and at
         least the first 8 data octets of the datagram that triggered
         the error; more than 8 octets MAY be sent; this header and data
         MUST be unchanged from the received datagram.
...