PF_PACKET socket and 'Port unreachable' ICMP messages

2
votes

My application needs to receive UDP packets from multiple destination ports (this is a bonafide application and not a sniffer). Therefore, I have chosen to use a PF_PACKET socket and to do port filtering at the application level.

Here's how I create the socket:

int g_rawSocket = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));

I am correctly receiving UDP packets. However, the kernel on which the application runs is sending ICMP packets of type 'Destination unreachable' and code 'Port unreachable' to the remote device that is sending packets to my app. I guess that this is because I have not bound a port number to the socket. However, I wonder if it is appropriate to use bind with a PF_PACKET socket, especially as I need to bind multiple ports to it, which I guess is not possible.

Any comments please?

2
linux-kernelraw-sockets
Alternatively, you could block ICMP replies with iptables, e.g. iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROPwick

2 Answers

0
votes

No, it can't be bound to a specific port, since it's working on a lower level than the Transport (UDP/TCP) layer. However, you could open and listen to all sockets, using regular UDP (AF_INET/SOCK_DGRAM) sockets and select for example and as far as I know you can bind and listen to as many sockets as you want, as long as you don't exceed the limits of open file descriptors for your process.

0
votes

I have also done the same thing in my application.

in my case i have created sockets as many i need & bind them with the particular port. but i m not listening to any socket. so i created one raw socket 

int sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_UDP);

& then received all the traffic without any ICMP.

So i think u have to bind all the ports to avoid ICMP either you have to some kernel hacking as stoping or removing the code for ICMP in the linux-kernel code & build it again