Project

General

Profile

Actions
Copy link

Support #8328

open
RK

ICMP error events are not reported

Support #8328: ICMP error events are not reported

Added by Rajkumar K about 2 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Affected Versions:
8.0.2
Label:

Description

I see suricata is not generating events for ICMP error messages due to the below code,

But I need to generate events for ICMP error messages.

if (PacketIsICMPv4(p)) {
if (ICMPV4_IS_ERROR_MSG(p->icmp_s.type)) {
return false;
}
}

#define ICMPV4_IS_ERROR_MSG(type) \
((type) ICMP_DEST_UNREACH || (type) ICMP_SOURCE_QUENCH || (type) ICMP_REDIRECT || \
(type) ICMP_TIME_EXCEEDED || (type) == ICMP_PARAMETERPROB)

Is this done intentionally?

Files

Download all files
clipboard-202602261706-kzxli.png (87.4 KB) clipboard-202602261706-kzxli.png Rajkumar K, 02/26/2026 11:36 AM
icmp2-onlyreply.pcap (138 Bytes) icmp2-onlyreply.pcap pcap which has only icmp rely, seeing the events Rajkumar K, 03/03/2026 11:18 AM
icmp2-onlyerror.pcap (630 Bytes) icmp2-onlyerror.pcap pcap which has only icmp error, not seeing the events Rajkumar K, 03/03/2026 11:18 AM
icmp-icmp-samehost-unreachable.pcap (280 Bytes) icmp-icmp-samehost-unreachable.pcap Rajkumar K, 03/10/2026 09:19 AM
Actions
Copy link

Also available in: PDF Atom