this post was submitted on 27 Jul 2024
30 points (96.9% liked)

Linux

48935 readers
681 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Reposting here since want to know how a Linux computer handles this scenario.

you are viewing a single comment's thread
view the rest of the comments
[–] dgriffith@aussie.zone 3 points 5 months ago* (last edited 5 months ago) (3 children)

What you have linked to is a high level overview of what happens in an ICMP response, regardless of what OS or network stack you are using.

If you ask me to describe what Linux would do at that kind of level, well, exactly that.

[–] driftWood@infosec.pub 1 points 5 months ago* (last edited 5 months ago) (2 children)

I added more comments on the original post which describes the situation a bit more.

Don't know what's a good way to get the comments linked to this post.

Do take a look if you are interested.

[–] dgriffith@aussie.zone 4 points 5 months ago* (last edited 5 months ago) (1 children)

Have a look here at the ICMP source code in the Linux kernel at line 400. That is the ICMP reply code.

At lines 433/434 you can see the collection of the source and destination MAC addresses from the incoming packet. The source is just lifted directly from the packet, the destination is done with a helper function that presumably looks at which interface it arrived on and returns the MAC address of that interface.

Lines 441 onwards construct the reply packet and push it to the generic ICMP transmit function (which is a bit higher up in the source code), which then pushes it on to the network stack.

Hope that gives you an idea of how it works internally! It's really only a slightly more detailed version of the actual standard, there are a few checks to make sure that we are not exceeding network rate limits in the stack and etc, but it's a quite simple bit of code.

Added edit: it's "simple" at this point because a lot of the work has already been done. The packet has arrived via the network stack, it has been determined to be an ICMP packet, and it was sent here to this function. There are already functions that send packets out via the network stack, so this chunk of code just builds an appropriate packet and hands it on to be sent.

[–] driftWood@infosec.pub 2 points 5 months ago

Woah! Thanks for taking the time to write the detailed response. Will take a look at the source code. Really appreciate the effort ❤️