masque_icmp (masque v0.7.0)

ICMPv4 (RFC 792) and ICMPv6 (RFC 4443) error-message builders used by CONNECT-IP proxies to synthesise errors for packets they cannot deliver.

Each builder returns a complete IP packet (IP header + ICMP message) ready to hand back to the client via masque:send_ip_packet/2 or a handler's {send_ip_packet, _} / {icmp_error, _} action.

Invoking-packet truncation (RFC 4443 §3.1 and RFC 1812 §4.3.2.3):

ICMPv6: "as much of invoking packet as possible without the ICMPv6 packet exceeding the minimum IPv6 MTU" (1280 B). Budget: 1280 − 40 (IPv6 hdr) − 8 (ICMPv6 hdr) = 1232 B.
ICMPv4: at least the IPv4 header plus 8 B of the original datagram's data; we cap at the IPv4 minimum MTU 576, i.e. 576 − 20 − 8 = 548 B of the invoking packet.

Summary

Functions

apply_action(_, Mtu, Invoking)

Translate a session-level {icmp_error, Spec} action into the IP packet it represents. Used by the IP server session's action interpreter. Spec accepts

dest_unreachable(_, Code, Invoking)

Build a Destination Unreachable ICMP packet. Code maps to the RFC type/code tables. For IPv4 (type 3): 0 = net unreachable, 1 = host unreachable, 3 = port unreachable, 4 = frag needed (RFC 792 / RFC 1812). For IPv6 (type 1): 0 = no route, 1 = admin prohibited, 3 = addr unreachable, 4 = port unreachable, 5 = src addr failed ingress/egress policy (RFC 4443 section 3.1).

packet_too_big(Mtu, Invoking)

Build an IPv6 Packet Too Big (type 2, RFC 4443 §3.2). Mtu is the next-hop MTU that caused the drop.

time_exceeded(_, Invoking)