Nmap Development mailing list archives
Re: Work on IPv6 support
From: ambarisha b <b.ambarisha () gmail com>
Date: Wed, 26 Jan 2011 01:59:34 +0530
Hi, Thanks for the info.I couldn't follow how extending libdnet to return the interface name makes it incompatible.Can you please explain? Regards Ambarisha On Tue, Jan 25, 2011 at 5:43 AM, David Fifield <david () bamsoftware com> wrote:
On Tue, Jan 25, 2011 at 12:21:43AM +0100, Luis MartinGarcia. wrote:On 01/24/2011 09:39 PM, ambarisha b wrote:Hi, Is anybody working on extending the raw packet support for IPv6 ? Its in the todo list.If anybody is working on it,I would like to join in.Hi Ambarisha, Apart from the Nmap branch David mentioned, we are also trying to add full IPv6 support to Nping. I'm currently working on this branch: /nmap-exp/luis/nmap-icmpv6/nping, which mainly deals with ICMPv6. Basically, the most important thing right now is to get the "libnetutil" in David's branch, working. We need to be able to list system interfaces in all supported OS (Win, Linux, BSD, Mac, etc), and also, figure out how to chose an interface and an IPv6 source address, based on the target address and the local routing tables. Have a look at the code in /nmap-exp/david/nmap-ipv6/libnetutil. If you could work on this, it would be great (not an easy task though).I remember that the problem is this: On Linux, /proc/net/ipv6_route gives you three pieces of information directly: destination address, gateway address, and interface name. However listing routes with libdnet gives you only struct route_entry { struct addr route_dst; /* destination address */ struct addr route_gw; /* gateway address */ }; What we crucially depend on is the interface name. We currently work around this with the function sysroutes_dnet_find_interfaces, which does some matching based on interface addresses and netmasks to guess the interface name. When it can't get a match, you get a message like WARNING: Unable to find appropriate interface for system route to :: I've found that this can fail, even in a fairly simple Teredo-based setup because the gateway for many routes is ::. It would, of course, be an easy matter to extend libdnet (at least our libdnet that doesn't have to be backward-compatible) to return the interface name for Linux, and probably also for BSD and Windows (see route-linux.c, route-bsd.c, route-win32.c). However there are other less common OSes that would be harder to test. Then, of course, there is the matter of making an incompatible change to libdnet. This is what stalled me a little while ago. I added an option to the nmap-ipv6 branch to help debug routing: $ nmap --route-dst google.com 74.125.224.19 wlan0 wlan0 nexthop X.X.X.X $ nmap --route-dst ipv6.google.com 2001:4860:800a::67 he-ipv6 he-ipv6 nexthop XXXX:XXXX::1 That second command works for me with an he.net tunnel but not always with Teredo. Also, you might want to check out svn://svn.insecure.org/nmap-exp/david/ipv6, which has some notes and the portable sending primitives in a small test program. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Work on IPv6 support ambarisha b (Jan 24)
- Re: Work on IPv6 support David Fifield (Jan 24)
- Re: Work on IPv6 support Toni Ruottu (Jan 24)
- Re: Work on IPv6 support Luis MartinGarcia. (Jan 24)
- Re: Work on IPv6 support Toni Ruottu (Jan 24)
- Re: Work on IPv6 support Luis MartinGarcia. (Jan 24)
- Re: Work on IPv6 support David Fifield (Jan 24)
- Re: Work on IPv6 support ambarisha b (Jan 25)
- Re: Work on IPv6 support David Fifield (Jan 24)
- Re: Work on IPv6 support David Fifield (Jan 24)