tech-net: Re: ICMP specification

Subject: Re: ICMP specification
To: Robert Elz <kre@munnari.OZ.AU>
From: Andrew Brown <twofsonet@graffiti.com>
List: tech-net
Date: 10/05/1998 00:57:27
On Mon, Oct 05, 1998 at 12:15:30PM +1000, Robert Elz wrote:
>    Date:        Sun, 04 Oct 1998 15:17:35 -0700
>    From:        Dennis Ferguson <dennis@juniper.net>
>    Message-ID:  <199810042217.PAA05459@skank.juniper.net>
>
>    Also ICMP where the first sentence suggests this is talking about
>    sending errors in response to errors rather than a general restriction.
>
>Yes .. in fact, if you think about ICMP for a second, you'll see that the
>"never send an ICMP in response to an ICMP message" as a general rule would
>be absurd - by itself that would mean you couldn't send an ICMP echo response
>as a response to an ICMP echo request!

well....i wouldn't go that far.  i mean, an echo request is
"requesting" a reply.  unlike a udp port unreachable message from a
machine where the port was unreachable.  that icmp message is purely
informational, and is not requesting anything.

>In another message...
>
>    From:    Marc Slemko <marcs@znep.com>
>    Date:    Sun, 4 Oct 1998 14:46:48 -0700 (PDT)
>
>    At the time Unix traceroute was implemented, the world was a different
>    place and many routers wouldn't send ICMP in response to ICMP.
>
>No, that wasn't the reason.   Traceroute uses udp because udp is "real"
>traffic - that is, routers are going to be routing udp packets just the
>same way they process any other packets between the source and destination.
>ICMP is occasionally treated somewhat specially.   If you want honest
>traceroute reports it is better to get them from packets as close to being
>real traffic as possible.

that's sound reasoning...

>On the other hand (and as a wild guess the reason for switching to ICMP)
>ICMP packets are less frequently filtered than anything else floating around.
>If you want to find the route to somewhere through a firewall, ICMP has
>a better chance of actually working than random UDP traffic does.

...however, some people do filter out icmp at their ingress routers,
if not specifically echo requests.  on the other hand, it's relatively
trivial to traceroute through a packet filtering router by forging tcp
syn packets to a service that it's not filtering.  :)

i've hacked on traceroute to do just this...

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."