Source and destination port of ICMP packet

lash picture lash · Mar 29, 2013 · Viewed 11.5k times · Source

I'm writing a packet filter in netfilter. Is there a way I can get the source and destination port of a ICMP packet?

I have extracted icmp_hdr from the sk_buff structure. But I don't see any property from source and destination address?

Answer

Fingolfin picture Fingolfin · Mar 31, 2013

Port numbers are the way the TRANSPORT layer recognizes which packet belongs to what process at the end systems.
They're used to let the process-to-process delivery work; but ICMP, from a functional point of view, is not a transport layer protocol.

ICMP is a messaging protocol at the Network layer(on top of the IP; but not really in the transport layer), it's got a lot of responsibilities but none of them has anything to do with process-to-process delivery, so having a port number there wouldn't make any sense.

Take an example, when you ping(ping uses ICMP echo messages) an IP address, which port are you really pinging?
The answer is: no port, you're pinging the whole station to see if it's alive.

Now, ICMP has many types of messages; if you want to filter out, for example, ping messages, you should check the field type and if it equals ICMP_ECHO, you can return NF_DROP.