Miha Jemec wrote:
> Hi !
>
> I found a sample that causes me problem using the tap system.
>
> It is the second packet in attached file, which is actually an ICMP port
> unreacheable message to the previous RTP packet. The ICMP was sent
> because the port was closed and it contains some bytes from the previos
> packet: IP header, UDP header, RTP header and 24 bytes from RTP data.
>
> The problem is, that this packet seems to be handled as RTP even it is a
> plain ICMP message. So I get the tap event for it and it even passes the
> RTP display filter.
>
> Since this is not a RTP packet but an ICMP packet with the information
> which packet caused this error (in our case previous RTP packet) I think
> that it shouldn't be passed to the tap listener for rtp packets and
> should be filtered out by RTP display filter.
>
> Miha.
>
>
When you want to filter just rtp packets, but not ICMP packets with
RTP then you could use a dispaly filter "rtp and not icmp" or similar.
I guess that the tap maybe should check whether the ip proto
is 1 (ICMP) or 58 (ICMP v6) and disregard those packets.
Attachment:
icmp_rtp.raw
Description: Binary data
