Re: Determining IP:port corresponding to an ICMP port unreachable

Nadav Har'El (nyh@math.technion.ac.il)
Tue, 31 Jul 2001 22:20:10 +0300

On Tue, Jul 31, 2001, Erik De Bonte wrote about "RE: Determining IP:port corresponding to an ICMP port unreachable":
> Nadav Har'El said:
> > But for non-connected()ed sockets, you can only find out the host
> > sending the ICMP message.
>
> Why? The remote port is in the ICMP message (64-bits of the undeliverable
> message's header are in there), right? Why can't the kernel net code
> extract the port and give it to me? It's obviously possible, since Winsock
> does it.**

I outlined the problem with the standard socket API (note I said API, not
theoretical possibility to look at the packet content) in my previous message,
including a pointer to Stevens' book which explains the issue far better
than I can.

Anyway, since the IP_RECVERR is a "hack" to get more information which is
not available with the standard API, it's theoretically possible to add to it
anything, including the destination IP address and port on the original
packet. Read ip(7) carefully: it would appear that either the SOCK_EE_OFFENDER
macro or the actual data (not anciliary data) received from the error queue
can help you.

Too bad that this IP_RECVERR seems to be a completely non-standard Linux-only
feature...

-- 
Nadav Har'El                        |         Tuesday, Jul 31 2001, 12 Av 5761
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Jury: Twelve people who determine which
http://nadav.harel.org.il           |client has the better lawyer.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/