icmp | 易学教程

Calculating checksum of ICMPv6 Packet in C

阅读更多关于 Calculating checksum of ICMPv6 Packet in C

问题 I am trying to calculate the checksum of an ICMPv6 message (to be precise, a Neighbor Advertisement). RFC 4443 describes it as the "16-bit one's complement of the one's complement sum of the entire ICMPv6 message" There is also some example code on how to do that (although I think it's from IPv4, but the only difference is what is included in the sum, not how to calculate it): RFC 1071 I have taken a packet from wireshark and entered the shorts in host byte order. Then I print the correct

Why do ping packets not reach a custom gateway in docker?

阅读更多关于 Why do ping packets not reach a custom gateway in docker?

问题 The Story I have the following virtual Docker network configuration: ...10.2 ...10.3 ...100.3 ...100.2 +------+ +-------+ +------+ | so_A +--so_net_a--+ so_AB +--so_net_b--+ so_B | +------+ ...10.0/24 +-------+ ..100.0/24 +------+ Build with the setup script in the end of the question. Here so_A , so_AB and so_B are Debian containers; so_net_a and so_net_b are Docker networks (a recently added feature). I want to make a router out of the middle container so_AB . For that I replace the default

UDP socket fail to receive ECONNREFUSED

阅读更多关于 UDP socket fail to receive ECONNREFUSED

问题 I created a socket using: socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP). According to this, if I send simple packet several times (multiply send() and/or sendto()), I can get ECONNREFUSED. ICMP should tell that previous packet didn't arrive and ECONNREFUSED should appear. But it fails, errno doesn't report about any errors, and send() always returns number of bytes sent. UDP protocol actually shouldn't tell that packet was sent. But ICMP can give advice as I understand. So, the question is - why

Linux防火墙|Linux

阅读更多关于 Linux防火墙|Linux

文章目录一、Firewalld概述 1.Firewalld简介二、Firewalld和iptables的关系 1.什么是iptables 1.1 Firewalld和iptables的区别 2. 四表五链 2.1 具体的四表 2.2 五链 2.3 四表五链之间的关系 3.iptables语法格式三、Firewalld网络区域 1. 区域介绍 2. Firewalld数据处理流程四、Firewalld防火墙的配置方法 1. 运行时配置 2. 永久配置五、Firewall-config图形工具 5.1 /etc/firewalld中的配置文件 5.2 运行时配置/永久配置 5.3 Firewall-cmd命令行工具 5.4 重新加载防火墙 5.5 关联网卡到指定区域 5.6 修改默认区域 5.7 连接状态 ‘区域’选项卡 ‘服务’选项卡六、Firewalld防火墙维护命令 6.1 防火墙进程操作 6.2 防火墙管理操作 6.3 查询Firewalld状态 6.4 重新加载Firewall的配置七、查询预定义信息命令 7.1 获取预定义信息 7.2 显示网络连接或接口的默认区域 7.3 设置网络连接或接口的默认区域为internal 7.4 显示已激活的所有区域八、Firewalld区域操作命令 8.1 显示ens33接口绑定的区域 8.2

“Connected” UDP socket receives ICMP Port Unreachable

阅读更多关于 “Connected” UDP socket receives ICMP Port Unreachable

问题 Based on the premise that UDP is a connectionless protocol I had presumed that whether a host is up or down would be irrelevant. However, now that I'm doing testing I've discovered that when I have "connected" my UDP client socket, a write to that socket returns an error because the server has sent back a ICMP Port Unreachable error .. The purpose of "connecting" the UDP port (According to Stevens Unix Network Programming ) is to basically caches the entry from the routing table, rather than

Firewalld防火墙

阅读更多关于 Firewalld防火墙

Firewalld 安全 OSI 物理层数据链路层网络层传输层会话层表示层应用层硬件安全机柜锁网络安全 iptables firewalld selinux 服务安全更新有漏洞的版本 nginx mysql redis 系统安全没有公网ip，修改ssh默认端口号，禁用root远程登录。公有云安全组第三方软件硬件防火墙 waf防火墙防DDOS攻击漏洞注入 SQL注入安全狗知道创宇牛盾云 1. Firewalld基本概述 RHEL/CentOS 7系统中集成了多款防火墙管理工具，其中Firewalld（Dynamic Firewall Manager of Linux systems, Linux系统的动态防火墙管理器）服务是默认的防火墙配置管理工具，它拥有基于CLI（命令行界面）和基于GUI（图形用户界面）的两种管理方式。那么相较于传统的Iptables防火墙，Firewalld支持动态更新,并加入了区域zone的概念。简单来说，区域就是Firewalld预先准备了几套防火墙策略集合（策略模板）,用户可以根据生产场景的不同而选择合适的策略集合，从而实现防火墙策略之间的快速切换。 firewalld规则配置,从外访问服务器内部如果没有添加规则默认是阻止,从服务器内部访问服务器外部默认是允许的注意: 一个网卡仅能绑定一个区域

Get exact size of IPv6 header including the extenstion headers

阅读更多关于 Get exact size of IPv6 header including the extenstion headers

问题 If IPv4 is in question and I want to extract IP and ICMP header out of std::istream, first I get the initial 20 bytes, then check if the header lenght provided in the IPv4 header is larger than 20 bytes in order to extract any options. The next bytes are the ICMP packet. Using the header lenght value carried inside the IPv4 header I can see the expect size of the IP header. However how to get the exact size of IPv6 header? There is a payload value inside IPv6 header that includes the size of

How do I implement ICMP ping in Ruby using only the standard the socket library?

阅读更多关于 How do I implement ICMP ping in Ruby using only the standard the socket library?

问题 It should be possible send and receive ICMP packets using the Ruby socket library but I do not see any good documentation on this. I do not want to use net-ping, icmp, ping, and all of these other libraries that either fail because of cross-platform issues, require devkit and custom building, which fail during the build process, are neglected and have not been updated for a lengthy time, and/or are just in general buggy. Does anyone have any good documentation on how to accomplish this? I

What is the proper process for ICMP echo request/reply on unreachable destinations?

阅读更多关于 What is the proper process for ICMP echo request/reply on unreachable destinations?

问题 Goal: I need to be able to ping a network switch to determine whether or not it is available. This is meant to tell the user that either the network cabling is unplugged, the network switch is unavailable, or some other problem lies within the network communication pathway. I realize this is not a comprehensive diagnosis tool, but something is better than nothing. Design: I planned on using ICMP with raw sockets to send five (5) ping messages to a particular address in IPv4 dot-notation. I

Maximum legal size of ICMP echo packet

阅读更多关于 Maximum legal size of ICMP echo packet

问题 Can someone please explain why maximum legal size of ICMP echo packet is calculated as follows: 65535 - 20 - 8 = 65507 Thanks. 回答1: 65535 bytes is the maximum allowed size of a IPv4 network packet, while 20 and 8 are the sizes of the IP and ICMP headers, which leaves up to 65507 bytes for the ICMP data. 来源： https://stackoverflow.com/questions/9449837/maximum-legal-size-of-icmp-echo-packet