swati desai wrote:
1st we create ethlen =sizeof(struct ether_header);
Unless you're using a compiler that would pad that structure to, for
example, 16 bytes. I'd suggest using 14.
iplen =sizeof(struct iphdr);
Not necessarily, for IPv4. The IPv4 header is not necessarily 20 bytes
long; it's longer if there are options.
See
http://www.tcpdump.org/pcap.htm
for example (see the "The actual sniffing" section).
Also, the packet in your example is IPv6. The IPv6 header is fixed
length, *BUT* there can be extension headers after it. You'd need to
process the "Next header" field until you get a header - such as an
ICMPv6 header - with no "Next header".
udplen =sizeof(struct udphdr);
That would work, because the UDP header has a fixed length.
icmplen=sizeof(struct icmphdr);
OK, as long as you realize that the ICMP header is *before* the UDP
header - and that there'll be an IPv4/IPv6 header between the ICMP
header and the UDP header.
Note also that the ICMP header is only the first 4 bytes, with type,
code, and checksum. Then, if it's an "unreachable" message, you have 4
bytes of padding, followed by the packet.
than how to extract the source and destination port from this icmp
packet.
Do the parsing necessary to find the ICMP packet (and to determine that
it *is* an ICMP packet, unless you're doing filtering to ensure that),
and then:
check whether it's an unreachable message (unless you're doing
filtering to ensure that);
get to the beginning of the packet with the error;
parse *its* IPv4/IPv6 header;
if it's a UDP packet, parse its UDP header, and get the source and
destination address from that.