Nmap Development mailing list archives
GSoC RFC: Raw IPv6 Scans
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 18 Mar 2008 23:14:02 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I've been digging into sending raw IPv6 packets to implement the various Nmap raw scans (UDP, TCP SYN, FIN, ACK, etc.) as I think this will make a good SoC project. However.. According to UNIX Networking Programming Vol.1 2nd ed. and RFC 3542 (Advanced Sockets [API] for IPv6), we're unable to read or write complete IPv6 packets (as opposed to using the IP_HDRINCL options for IPv4). Also, IPPROTO_RAW has no special meaning in IPv6, so the old Nmap 2.54 patch for raw IPv6 scans [1] won't work (..or it shouldn't work, but some systems probably implement IPPROTO_RAW for IPv6 as well). Reading full IPv6 packets should be no problem as pcap should take care of that, but I haven't resolved sending. Here are options I see: - - Build the full IPv6 packets as we wish, but send using libdnet. I think this will limit everything to Ethernet. - - Build raw TCP/UDP packets, but let the kernel handle the IPv6 header. ~ This is the same as using raw IPv4 but without using the IP_HDRINCL option. This will be portable across network hardware, but won't allow for complete control over the IPv6 header (i.e. spoofing). We're supposed to be able to use ancillary data and socket options to set different header fields, but this seems to mean we can't have similar build_* functions like in tcpip.cc which return whole packets (since the header information is kept in the kernel and is manipulated on a socket). I guess I'm seeing why IPv6 raw scans haven't been implemented before :) I've written a test program for building raw TCP packets and sending with socket(AF_INET6, SOCK_RAW, IPPROTO_TCP) over a IPv6 tunnel I've set up, and it's been working great (I receive SYN/ACKs in response to my SYNs and the kernel sends a RST back). But again, I can't really control the IPv6 header. Any comments on which direction to go, or (especially) any ideas on a better way to go about this, will be appreciated! Thanks, Kris Katterjohn [1] http://nmap6.sourceforge.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR+CTCf9K37xXYl36AQKC7w//cRCxILFiGpQ/cmqLUQeGKePn4CvdTMZv o+xdY4NopMGD6Ywb1NdsMUwofKuh4KciwM0Cc3olfLEFLpCBLFDqeKoYc6bAOEL9 xEwHGxpyJ6jmY6UF0Ta/zL+azuWFJOx6ACIcs0e/9fKGy+Bv1cshBBnjINEHvdtS bxc2SHLGoLhevPVEvHOkFqoCxPjYorJvp5CfKrdIR9ZrCQ/UpjL2MBqOZwX7EQR5 WD9yBqcUkP09HKrlCoZe73d65Hnzy/K1nFvbe8FpzPF43F/NsOoIpSV4K/oxISo5 02cJd5oC7QZeg4Z0eWJoSbLgzmHdahCoaOC9oDrE629PjYAcS7SOFvcXhjt1SUXU /ODV76T5SFmdAlZuRSFnHWSzbF2anpgQ/T8oTQ+5tPHf19iNd3ZVIyXdK9GBoEHl CZnAmzxiqnK1tvB0sSlgqaiBjONwARqMhdj/MzMmHSkL/W5tj3s1S1Lilln3YAMu dQLhkqDiv1FSs5w0B+ft6mWg7fQcsyHZejiANDBJ4VTnB3Z5JQEJ2CHNzuHuW/0y iR0kSnUZzPlLPzdirxvD9+P/RVcaqvbsVJJE+ckbDMRYVlpLWkT+ZTpi9bl/rFxF BXr2kgsDLe59UWX9Fc8ArYLWiEGSmOrYJfQUu1buD2akvxYoK9JSzuzcy/CbgN23 dMy8H1uwX3I= =NQG9 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- GSoC RFC: Raw IPv6 Scans Kris Katterjohn (Mar 18)