Reposting here since want to know how a Linux computer handles this scenario.

  • Dave.
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 months ago

    Have a look here at the ICMP source code in the Linux kernel at line 400. That is the ICMP reply code.

    At lines 433/434 you can see the collection of the source and destination MAC addresses from the incoming packet. The source is just lifted directly from the packet, the destination is done with a helper function that presumably looks at which interface it arrived on and returns the MAC address of that interface.

    Lines 441 onwards construct the reply packet and push it to the generic ICMP transmit function (which is a bit higher up in the source code), which then pushes it on to the network stack.

    Hope that gives you an idea of how it works internally! It’s really only a slightly more detailed version of the actual standard, there are a few checks to make sure that we are not exceeding network rate limits in the stack and etc, but it’s a quite simple bit of code.

    Added edit: it’s “simple” at this point because a lot of the work has already been done. The packet has arrived via the network stack, it has been determined to be an ICMP packet, and it was sent here to this function. There are already functions that send packets out via the network stack, so this chunk of code just builds an appropriate packet and hands it on to be sent.

    • driftWood@infosec.pubOP
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      Woah! Thanks for taking the time to write the detailed response. Will take a look at the source code. Really appreciate the effort ❤️