Re: Sending an IP packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 22 Feb 2013 14:36:17 +0200, Adel Qodmani said:

> My question is quite simple, I have an sk_buff that I want to transmit, the
> sk_buff is an ICMP message and so far, I've built the headers and set up
> everything.

Others have given some details on "how".  A better question is "why".

Sending an ICMP message without the rest of the IP stack's knowledge is usually
a bad idea, because it can cause the remote end's concept of network state to
become desynchronized with the local concept.  As a quick example, consider a
spurious 'host/port unreachable' sent to the remote end - many IP stacks will
use that info to abort a TCP 3-packet handshake.  However, the rest of *your*
end thinks the connection is still trying to establish.

So what are you trying to accomplish by sending a forged ICMP packet from
within the kernel?  There may be better ways to approach it (for example,
if you're trying to say "this port is closed", a better way is to use iptables
with a '-j REJECT --reject-with xxxx', which will (a) do all the heavy lifting
of sending the ICMP for you and (b) also prevent the packet from making it to
the rest of the local IP stack...

Attachment: pgpjJa7SEIjGQ.pgp
Description: PGP signature

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux