Re: Work on IPv6 support

[ambarisha b <b.ambarisha () gmail com>]

Hi,
Thanks for the info.I couldn't follow how extending libdnet to return
the interface name makes it incompatible.Can you please explain?

Regards
Ambarisha

On Tue, Jan 25, 2011 at 5:43 AM, David Fifield <david () bamsoftware com> wrote:
> On Tue, Jan 25, 2011 at 12:21:43AM +0100, Luis MartinGarcia. wrote:
> > On 01/24/2011 09:39 PM, ambarisha b wrote:
> > > Hi,
> > >
> > > Is anybody working on  extending the raw packet support for IPv6 ? Its
> > > in the todo list.If anybody is working on it,I would like to join in.
> >
> > Hi Ambarisha,
> >
> > Apart from the Nmap branch David mentioned, we are also trying to add
> > full IPv6 support to Nping. I'm currently working on this branch:
> > /nmap-exp/luis/nmap-icmpv6/nping, which mainly deals with ICMPv6.
> >
> > Basically, the most important thing right now is to get the "libnetutil"
> > in David's branch, working. We need to be able to list system interfaces
> > in all supported OS (Win, Linux, BSD, Mac, etc), and also, figure out
> > how to chose an interface and an IPv6 source address, based on the
> > target address and the local routing tables. Have a look at the code in
> > /nmap-exp/david/nmap-ipv6/libnetutil. If you could work on this, it
> > would be great (not an easy task though).
>
> I remember that the problem is this: On Linux, /proc/net/ipv6_route
> gives you three pieces of information directly: destination address,
> gateway address, and interface name. However listing routes with libdnet
> gives you only
>
> struct route_entry {
>        struct addr     route_dst;      /* destination address */
>        struct addr     route_gw;       /* gateway address */
> };
>
> What we crucially depend on is the interface name. We currently work
> around this with the function sysroutes_dnet_find_interfaces, which does
> some matching based on interface addresses and netmasks to guess the
> interface name. When it can't get a match, you get a message like
>
> WARNING: Unable to find appropriate interface for system route to ::
>
> I've found that this can fail, even in a fairly simple Teredo-based
> setup because the gateway for many routes is ::.
>
> It would, of course, be an easy matter to extend libdnet (at least our
> libdnet that doesn't have to be backward-compatible) to return the
> interface name for Linux, and probably also for BSD and Windows (see
> route-linux.c, route-bsd.c, route-win32.c). However there are other less
> common OSes that would be harder to test. Then, of course, there is the
> matter of making an incompatible change to libdnet.
>
> This is what stalled me a little while ago. I added an option to the
> nmap-ipv6 branch to help debug routing:
>
> $ nmap --route-dst google.com
> 74.125.224.19
> wlan0 wlan0 nexthop X.X.X.X
> $ nmap --route-dst ipv6.google.com
> 2001:4860:800a::67
> he-ipv6 he-ipv6 nexthop XXXX:XXXX::1
>
> That second command works for me with an he.net tunnel but not always
> with Teredo.
>
> Also, you might want to check out svn://svn.insecure.org/nmap-exp/david/ipv6,
> which has some notes and the portable sending primitives in a small test
> program.
>
> David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/