Reputation: 228
Source and destination port of ICMP packet
I'm writing a packet filter in netfilter. Is there a way I can get the source and destination port of a ICMP packet?
I have extracted icmp_hdr from the sk_buff structure. But I don't see any property from source and destination address?
Upvotes: 5
Views: 13207
Answers (1)
Reputation: 5533
Port numbers are the way the TRANSPORT layer recognizes which packet belongs to what process at the end systems.
They're used to let the process-to-process delivery work; but ICMP, from a functional point of view, is not a transport layer protocol.
ICMP is a messaging protocol at the Network layer(on top of the IP; but not really in the transport layer), it's got a lot of responsibilities but none of them has anything to do with process-to-process delivery, so having a port number there wouldn't make any sense.
Take an example, when you ping(ping uses ICMP echo messages) an IP address, which port are you really pinging?
The answer is: no port, you're pinging the whole station to see if it's alive.
Now, ICMP has many types of messages; if you want to filter out, for example, ping messages, you should check the field type and if it equals ICMP_ECHO, you can return NF_DROP.
Upvotes: 10
Related Questions
- Netfilter hook stateful connection packet filtering
- Netfilter kernel module to intercept packets and log them
- RAW socket and NF_INET_POST_ROUTING
- netfilter incoming hook: struct tcphdr -> dest pointer does not point to the correct location?
- Packet Processing in NetFilter Hooks ?
- Get packet in a raw form with netfilter
- netfilter-like kernel module to get source and destination address
- How to capture packets with netfilter?
- Raw ICMP packet to myself
- netfilter event on packet locally processed ( netfilter C kernel module code)