Re: Scanning IP6 packets

[Darren Reed <darrenr () netbsd org>]

On 15/11/2013 6:26 AM, Michael Richardson wrote:
> Darren Reed <darrenr () netbsd org> wrote:
>     >> Or write your own filter expression that looks at the link-layer
>     >header to detect IPv6 packets, skips past the IPv6 header (you won't be
>     >able to handle extension headers, as that involves looping, and the
>     >libpcap filter language doesn't support that), and then loads the
>     >appropriate value from the TCP header based on that.
>     >>
>     >> There is no easy solution.
>
>     > Something that I'm working on is a design & implementation of BPF (v2) that
>     > incorporates instructions that are specifically designed to deal with
>     > headers
>
> That's cool...
>
>     > that are chained together in this fashion. In its current form, BPF (v1) is
>     > not that IPv6 friendly. Give me a week or two to back up a design with some
>     > code that works (the parser and compiler bit are the tricky pieces.)
>
> True. I assume you are adding kind of limited loop capability.  Could it be
> unrolled to some depth to work with BPFv1?

No. For analysing IPv6 you don't need loops, rather you need some
much more complex instructions than BPF's RISC design has at present.
Key to that are "find header number X" or "what is the last header"
as network analysis functions. Once those two operations become
explicit instructions for BPF, there isn't really any need to
support loops for analysing IPv6 packets.

Darren

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers