locked
Odd behaviour filtering ICMP traffic RRS feed

  • Question

  • Hi,

    This is a bit of an obscure one.  I need to filter ICMPv6 traffic so I thought the best solution would be to add filters at the ICMP error layers for types 1 (destination unreachable), type 2 (packet too big), type 3 (Time exceeded) and type 4 (parameter problem) and to filter all other types at the ALE layers so we get the stateful behaviour (for echos etc.).

    However I've noticed that where some types are seen depends on the addresses used.  For example, type 133 (router solicitation) inbound with a "link local all routers" destination address, e.g. FF02::2 is seen at the inbound transport and then the ALE layer, great just as I expected.  However if the destination address is a global/link local address then I see it at the transport layer but not at the ALE layer. 

    I would prefer not to have to filter at the transport layer just for these odd scenarios but I can't see any other way .  Any suggestions.

     

    Thanks.

     

    Friday, February 4, 2011 2:48 PM