Installing and Administering PPP

Chapter 5 105

Security Techniques

Building a Stanza - Speciﬁcs

The ‘unreach=’ keyword causes an ICMP Destination Unreachable

message to be sent to the packet's source address, bearing the indicated

code ﬁeld. The ICMP Code may be speciﬁed numerically or

mnemonically. A list of the messages appears on the following page. See

the footnotes below for information on related RFCs.

Example:

ip-opt=srcrt/unreach=srcfail # block source routed packets and

# notify sender of failure

tcp/113/unreach=1 # block RFC1413 Identification Protocol

# packets and send a Destination

# unreachable host message.

The currently available mnemonic codes are:

# Name Description

0 net The destination network is unreachable.

1 host The destination host is unreachable.

2 prot or protocol The designated transport protocol is not supported.

3 port The designated transport protocol (e.g., UDP) is unable to

demultiplex the datagram but has no protocol mechanism to

inform the sender.

4 needfrag Fragmentation is needed and the Don't Fragment ﬂag is set.

5 srcfail Source route failed.

6 net-unknown The destination network is unknown. This code normally

should not be generated. It implies that the destination

network does not exist. Code 0 (Network Unreachable)

should be used in place of Code 6.

7 host-unknown The destination host is unknown.

8 (see Note 1) The source host is isolated. Routers should not generate Code

8; whichever of Codes 0 (Network Unreachable) and 1 (Host

Unreachable) is appropriate should be used instead.