[nzlug] Uncommon Transport Protocols + Linux

Raimund Eimann raimund at cs.auckland.ac.nz
Fri Jan 5 19:39:38 NZDT 2007 

Hi,

> No -- they should have an ICMP error generated informing the sender that
> the protocol in question is not supported.

Ok... but the data in the original packet is dropped, I suppose.

> That only happens for packets destined for this machine, though.  A
> forwarding system will pass *any* IP protocol regardless of local
> understanding -- absent any other restrictions.
> 
> This allows an IP compliant machine to participate in an IPv4 network
> without needing to understand all, or even any, of the higher level
> protocols.  That is, as they say, a feature.


Sure. Makes sense this way.

> > I mean transport protocol weirdos such as PUP, ARGUS or EMCON, for
> > instance. Does anyone here know which source file in Linux is
> > responsible for forwarding incoming packets according to the transport
> > protocol number found in the IP header to their appropriate handlers?
>
> net/ipv4/ip_forward.c, in the 'ip_forward' function.
>
> You want ip_input.c in the same place for the first part of your
> question, where the protocol error is generated.
>
> The code here, essentially, runs like this:
>
>   * grab the IP packet
>   * decrement the TTL and reject dead packets
>   * find the outbound route for the packet
>   * deliver the packet to the outbound queue

I must admit the code is not easy to read for me... I was expecting something 
along the lines of a switch(protocol) {case TCP:... case UDP:... case 
SCTP...} statement with a defaut: stanza handling unknown protocols.

> It seems likely you have a question behind these specific technical
> details; if you state that perhaps it can be explained?

It is part of a project that investigates the suitability of various protocol 
header fields for entropy measurement. In particular, I am examining the 
value distributions of such fields in various scenarios. I was looking for a 
reference to say that even in a network attack scenario, filling the IP 
protocol field with garbage, is not sensible, because target hosts simply 
drop packets, so this situation does not really need to be considered. In 
other words: independent of the scenario, one may expect the values of the IP 
protocol field to be limited to a very small subset of its 8 bit-spectrum.

Cheers,
Raimund

Today's wisdom:
Suicidal twin kills sister by mistake!

More information about the NZLUG mailing list