Nmap Development mailing list archives

Re: IPv6 ranges

From: David Fifield <david () bamsoftware com>
Date: Thu, 21 Jul 2011 18:58:35 -0700

On Wed, Jun 22, 2011 at 05:16:32PM -0700, David Fifield wrote:

Weilin,

I think that we must implement IPv6 ranges before doing multicast host
discovery. The reason for this is that I think it only makes sense to
use multicast when dealing with a whole network.

Currently Nmap's model is to parse the command-line host specifications,
return one host at a time (see TargetGroup::get_next_host), and then
feed those (4096 at a time) into ping scan. We need to change that, so
that we can feed an entire block like fe80::/64 into ping scan when
appropriate, without enumerating 2^64 addresses.

The addrset code does not yet support iteration over members. We need to
make it do that, but it must be capable of returning entire blocks when
asked. For example, given the address specifications
      ::1 fe80::/64 1:2:3::4:5:6 scanmev6.nmap.org/112
the iteration would return the single host ::1, the network fe80::/64,
the single host 1:2:3::4:5:6, and the network
2600:3c01::f03c:91ff:fe93:cd19/112. The next higher level would see:
      * ::1 as a localhost address (and not ping it),
      * fe80::/64 as a local network (and do multicast ping on it),
      * 1:2:3::4:5:6 as a single IP address (and do unicast ping on it), and
      * 2600:3c01::f03c:91ff:fe93:cd19/112 as a remote network (which it
        would then further iterate into 256 unicast hosts).


These are my recommendations for what Nmap should do when asked to scan
large and small, local and remote networks, over unicast and multicast.

                                          multicast        unicast
                                 default  requested      requested
                           ---------------------------------------
Small IPv6 local network       multicast  multicast        unicast
Large IPv6 local network       multicast  multicast  error/warning
Small IPv6 remote network        unicast      error        unicast
Large IPv6 remote network  error/warning      error  error/warning

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: IPv6 ranges David Fifield (Jul 21)
- Re: IPv6 ranges Luis MartinGarcia. (Jul 25)
  - Re: IPv6 ranges Xu Weilin (Jul 26)