Re: ICMP handling in Linux

To: debian-user <debian-user@lists.debian.org>
Subject: Re: ICMP handling in Linux
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 14 Apr 2012 07:42:11 -0300
Message-id: <[🔎] 20120414104211.GA22597@khazad-dum.debian.net>
In-reply-to: <[🔎] 4F894FDD.6010706@plouf.fr.eu.org>
References: <[🔎] CAJx5YvG0RSUYi-WaLzVC2ZpEZK7+5XzB7qNRaDesYxBt6ze6gw@mail.gmail.com> <[🔎] 20120411001020.GB7792@khazad-dum.debian.net> <[🔎] 4F894FDD.6010706@plouf.fr.eu.org>

On Sat, 14 Apr 2012, Pascal Hambourg wrote:
> Henrique de Moraes Holschuh a écrit :
> > Easy depriorizing is possible by outright dropping incoming ICMP packets
> > in the iptables layer, before it is processed by the IP stack.
> 
> iptables is not before the IP stack, it is a part of it.

I suppose you're correct, since it is the IPv4-specific part of netfilter,
and it does hook into several places of the IP stack, and it knows IPv4.

I should probably have written it as "drop it in the RAW table, which
happens very early in the packet's processing by the IP stack."

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- ICMP handling in Linux
  - From: Martin T <m4rtntns@gmail.com>
- Re: ICMP handling in Linux
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: ICMP handling in Linux
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: Re: Squid as default gateway in proxy mode.
Next by Date: Re: Disk clicking and in increasing Load_Cycle_Count in laptop with debian/testing
Previous by thread: Re: ICMP handling in Linux
Next by thread: Re: ICMP handling in Linux
Index(es):
- Date
- Thread