Miha Jemec wrote: > Hi ! > > I found a sample that causes me problem using the tap system. > > It is the second packet in attached file, which is actually an ICMP port > unreacheable message to the previous RTP packet. The ICMP was sent > because the port was closed and it contains some bytes from the previos > packet: IP header, UDP header, RTP header and 24 bytes from RTP data. > > The problem is, that this packet seems to be handled as RTP even it is a > plain ICMP message. So I get the tap event for it and it even passes the > RTP display filter. > > Since this is not a RTP packet but an ICMP packet with the information > which packet caused this error (in our case previous RTP packet) I think > that it shouldn't be passed to the tap listener for rtp packets and > should be filtered out by RTP display filter. > > Miha. > >
When you want to filter just rtp packets, but not ICMP packets with RTP then you could use a dispaly filter "rtp and not icmp" or similar. I guess that the tap maybe should check whether the ip proto is 1 (ICMP) or 58 (ICMP v6) and disregard those packets.
icmp_rtp.raw
Description: Binary data
