Nmap Development mailing list archives
Re: Gsoc 2011 idea about IPv6
From: Xu Weilin <mzweilin () gmail com>
Date: Thu, 24 Mar 2011 22:21:55 +0800
Hi all, I have run ipv6.c program on my UBUNTU 10.10 and found some interesting things. 1) The Traffic Class and Flow Label of IPv6 header cannot be set correctly with the macro function ip6_pack_hdr() of Libdnet. In the main() function we write ip6_pack_hdr1(ip6_hdr, 0x12, 0xabcde, sizeof(packet) - sizeof(*ip6_hdr), IP_PROTO_HOPOPTS, 13, src[0], dst[0]); The Traffic Class should be 0x12 and the Flow Label should be 0xabcde, but the values I captured in Wireshark were 0x10 and 0x0. The reason is that Libdnet defines a specific operation on ip6->ip6_flow with a flowlabel mask: ip6->ip6_flow = htonl(((uint32_t)(fc) << 28) & \ (IP6_FLOWLABEL_MASK | (fl))); If I replace it with this: ip6->ip6_flow = htonl(((uint32_t)(fc) << 20) | \ ( (fl))); Then the related values will be correct. Since the flow label may be used for OS detection, we should be careful about it. 2) send_ipv6_ip() couldn't work on my UBUNTU 10.10. The sentence below returns '-1' sd = socket(AF_INET6, SOCK_RAW, hdr->ip6_nxt); and the next sentence 'perror("socket");' prints 'socket: Protocol not supported' This may need more tests. I prefer to send_ipv6_eth() and send_ipv6_ipproto_raw() since they work well and they are more powerful. -- I'm sorry I have a bad cold this week so that I haven't much time to deal with the project. I will read the notes.txt and the mentioned papers carefully in the next few days. On Tue, Mar 22, 2011 at 7:57 AM, David Fifield <david () bamsoftware com>wrote:
On Sun, Mar 20, 2011 at 11:26:49AM +0800, 许伟林 wrote:Hi all, I'm a college student from Beijing, China. This is my 3rd year of computer science. I'm very interested in nmap so I would like to applyforthe Gsoc 2011 program. Actually, I have been researching IPv6 in part time for half a yearandgot some experiences. Last November, I helped Simon Kelley improve afeatureof Dnsmasq about IPv6 DNS. (Mail-subject named 'Modification to thefeatureof config-static DNS record in dual-stack network.' inhttp://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q4/subject.html ). That's good. Involvement in other free software projects is good, so be sure to mention it in your proposal.In addition, my team has created a open-source project 'stateful IPv6-to-IPv6 Network Address Translation (NAPT66)' last month in http://code.google.com/p/napt66/. NAPT66 has been deployed in severaltypesof middle-box routers and Chinese people can use it to reduce theexpensivecost of accessing Internet. I have read the 6 required items of IPv6 support carefully, and gotsomeideas. For the first 5 items, are the basic theories the same to IPv4'sways? This is an interesting question. We are not sure, so part of this project will involve doing research and testing the new possibilities of IPv6. For OS detection, there is at least one tool that applies identical techniques to IPv4 and IPv6 OS detection: http://www.gomor.org/bin/view/Sinfp. I think we need to research new tests though. You can see some ideas we've had in the file notes.txt in svn co --username guess --password "" svn:// svn.insecure.org/nmap-exp/david/ipv6 Port scans and traceroute will probably be mostly the same. Something to think about is the possibility of including extension headers.For the 6th item about IPv6 host discovery, I think we have more than two ways to handle this problem. First, we can used a public BGP information to narrow down the IPv6 address space so that 2^128 times of scanning are not necessary. Second, we can use the worm's technique to discover all active hostsina subnet. I recently read a paper about worm exploiting IPv6 network. (Anewworm exploiting IPv6 and IPv4-IPv6 dual-stack networks: experiment, modeling, simulation, and defense<http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5274918>)Thanks, these are good ideas. We've had some others in the ipv6.txt file I linked above. In some ways I think host discovery on the same subnet will be easier and more effective than with IPv4 because we can use multicast to do most of the work. For remote hosts it's harder; I suspect that we will start relying more on NSE scripts to find targets. If you like, please comment on the ipv6.c program in the Subversion directory I linked above. I'm thinking to use its functions as the base of Nmap's raw IPv6 sending. David Fifield
-- Regards Xu Weilin Beijing University of Posts & Telecommunications _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Gsoc 2011 idea about IPv6 许伟林 (Mar 19)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 21)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 24)
- Re: Gsoc 2011 idea about IPv6 Rob Nicholls (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 24)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 29)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 31)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 21)