tech-net: Re: ICMP specification

Subject: Re: ICMP specification
To: Robert Elz <kre@munnari.OZ.AU>
From: Marc Slemko <marcs@znep.com>
List: tech-net
Date: 10/04/1998 22:32:56
On Mon, 5 Oct 1998, Robert Elz wrote:

>     Date:        Sun, 04 Oct 1998 15:17:35 -0700
>     From:        Dennis Ferguson <dennis@juniper.net>
>     Message-ID:  <199810042217.PAA05459@skank.juniper.net>
> 
>     Also ICMP where the first sentence suggests this is talking about
>     sending errors in response to errors rather than a general restriction.
> 
> Yes .. in fact, if you think about ICMP for a second, you'll see that the
> "never send an ICMP in response to an ICMP message" as a general rule would
> be absurd - by itself that would mean you couldn't send an ICMP echo response
> as a response to an ICMP echo request!

No, that doesn't apply.

It doesn't actually say "in response to" but "about".  

An ICMP echo response isn't about the ICMP echo request, but is in
response to.

> 
> In another message...
> 
>     From:    Marc Slemko <marcs@znep.com>
>     Date:    Sun, 4 Oct 1998 14:46:48 -0700 (PDT)
> 
>     At the time Unix traceroute was implemented, the world was a different
>     place and many routers wouldn't send ICMP in response to ICMP.
> 
> No, that wasn't the reason.   Traceroute uses udp because udp is "real"
> traffic - that is, routers are going to be routing udp packets just the
> same way they process any other packets between the source and destination.
> ICMP is occasionally treated somewhat specially.   If you want honest
> traceroute reports it is better to get them from packets as close to being
> real traffic as possible.

I really don't buy that.

I mean I _really_ don't buy that.  I have never heard anyone use that as
the reason before and I have heard a lot of people who should know state
that it is because of the reason I gave.

The number of places where ICMP will be routed differently is very small.

Do you have anything to support this assertion?

To use ICMP, of course, you also have to find some way to associate the
responses with the sent packets.  UDP traceroute uses the port number.
Since you only get 8 bytes of data back from the original segment, you
would probably have to use the IP ID, but most Unixes don't give you easy
access to that.

> 
> On the other hand (and as a wild guess the reason for switching to ICMP)
> ICMP packets are less frequently filtered than anything else floating around.
> If you want to find the route to somewhere through a firewall, ICMP has
> a better chance of actually working than random UDP traffic does.

Erm... I really don't buy that either.  A _lot_ of sites filter ICMP (and
break other things while they are doing it).