Reposting here since want to know how a Linux computer handles this scenario.

  • driftWood@infosec.pubOP
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    Standards are set of rules. But still different vendors implement them separately. For e.g. TCP/IP stack implementation is a bit different in Windows and Linux but end user generally never realises this because it’s close enough that things still work. I want to know what is the sequence of events when Linux creates a Response packet for a ping Request it received.

    • Dave.@aussie.zone
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      4 months ago

      What you have linked to is a high level overview of what happens in an ICMP response, regardless of what OS or network stack you are using.

      If you ask me to describe what Linux would do at that kind of level, well, exactly that.

      • driftWood@infosec.pubOP
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        3 months ago

        I added more comments on the original post which describes the situation a bit more.

        Don’t know what’s a good way to get the comments linked to this post.

        Do take a look if you are interested.

        • Dave.@aussie.zone
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          3 months ago

          Have a look here at the ICMP source code in the Linux kernel at line 400. That is the ICMP reply code.

          At lines 433/434 you can see the collection of the source and destination MAC addresses from the incoming packet. The source is just lifted directly from the packet, the destination is done with a helper function that presumably looks at which interface it arrived on and returns the MAC address of that interface.

          Lines 441 onwards construct the reply packet and push it to the generic ICMP transmit function (which is a bit higher up in the source code), which then pushes it on to the network stack.

          Hope that gives you an idea of how it works internally! It’s really only a slightly more detailed version of the actual standard, there are a few checks to make sure that we are not exceeding network rate limits in the stack and etc, but it’s a quite simple bit of code.

          Added edit: it’s “simple” at this point because a lot of the work has already been done. The packet has arrived via the network stack, it has been determined to be an ICMP packet, and it was sent here to this function. There are already functions that send packets out via the network stack, so this chunk of code just builds an appropriate packet and hands it on to be sent.

          • driftWood@infosec.pubOP
            link
            fedilink
            arrow-up
            2
            ·
            3 months ago

            Woah! Thanks for taking the time to write the detailed response. Will take a look at the source code. Really appreciate the effort ❤️