Reposting here since want to know how a Linux computer handles this scenario.

  • Bitrot@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 months ago

    These are standards. If it worked differently it would be using a different networking protocol.

    • driftWood@infosec.pubOP
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      Standards are set of rules. But still different vendors implement them separately. For e.g. TCP/IP stack implementation is a bit different in Windows and Linux but end user generally never realises this because it’s close enough that things still work. I want to know what is the sequence of events when Linux creates a Response packet for a ping Request it received.

      • Dave.@aussie.zone
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        3 months ago

        What you have linked to is a high level overview of what happens in an ICMP response, regardless of what OS or network stack you are using.

        If you ask me to describe what Linux would do at that kind of level, well, exactly that.

        • driftWood@infosec.pubOP
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 months ago

          I added more comments on the original post which describes the situation a bit more.

          Don’t know what’s a good way to get the comments linked to this post.

          Do take a look if you are interested.

          • Dave.@aussie.zone
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            3 months ago

            Have a look here at the ICMP source code in the Linux kernel at line 400. That is the ICMP reply code.

            At lines 433/434 you can see the collection of the source and destination MAC addresses from the incoming packet. The source is just lifted directly from the packet, the destination is done with a helper function that presumably looks at which interface it arrived on and returns the MAC address of that interface.

            Lines 441 onwards construct the reply packet and push it to the generic ICMP transmit function (which is a bit higher up in the source code), which then pushes it on to the network stack.

            Hope that gives you an idea of how it works internally! It’s really only a slightly more detailed version of the actual standard, there are a few checks to make sure that we are not exceeding network rate limits in the stack and etc, but it’s a quite simple bit of code.

            Added edit: it’s “simple” at this point because a lot of the work has already been done. The packet has arrived via the network stack, it has been determined to be an ICMP packet, and it was sent here to this function. There are already functions that send packets out via the network stack, so this chunk of code just builds an appropriate packet and hands it on to be sent.

            • driftWood@infosec.pubOP
              link
              fedilink
              arrow-up
              2
              ·
              3 months ago

              Woah! Thanks for taking the time to write the detailed response. Will take a look at the source code. Really appreciate the effort ❤️