[Bro-Dev] #819: topic/dnthayer/icmp-error-message
Bro Tracker
bro at tracker.bro-ids.org
Tue May 15 07:28:10 PDT 2012
#819: topic/dnthayer/icmp-error-message
----------------------------+------------------------
Reporter: dnthayer | Owner: robin
Type: Merge Request | Status: closed
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: fixed | Keywords: ipv6
----------------------------+------------------------
Comment (by jsiwek):
Replying to [comment:1 robin]:
> Merged, but for my education, what's this testing for:
>
> {{{
> if ( icmpp->icmp_type < 128 )
> }}}
>
> I.e., where's the magic 128 coming from?
http://tools.ietf.org/html/rfc4443#section-2.1:
{{{
ICMPv6 messages are grouped into two classes: error messages and
informational messages. Error messages are identified as such by a
zero in the high-order bit of their message Type field values. Thus,
error messages have message types from 0 to 127; informational
messages have message types from 128 to 255.
}}}
Also relevant is http://tools.ietf.org/html/rfc4443#section-2.4:
{{{
(c) Every ICMPv6 error message (type < 128) MUST include as much of
the IPv6 offending (invoking) packet (the packet that caused the
error) as possible without making the error message packet exceed
the minimum IPv6 MTU
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/819#comment:3>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list