Nmap Development mailing list archives

Re: IPv6 ranges

From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Mon, 25 Jul 2011 10:42:30 +0200

On 07/22/2011 03:58 AM, David Fifield wrote:

On Wed, Jun 22, 2011 at 05:16:32PM -0700, David Fifield wrote:

Weilin,

I think that we must implement IPv6 ranges before doing multicast host
discovery. The reason for this is that I think it only makes sense to
use multicast when dealing with a whole network.

Currently Nmap's model is to parse the command-line host specifications,
return one host at a time (see TargetGroup::get_next_host), and then
feed those (4096 at a time) into ping scan. We need to change that, so
that we can feed an entire block like fe80::/64 into ping scan when
appropriate, without enumerating 2^64 addresses.

The addrset code does not yet support iteration over members. We need to
make it do that, but it must be capable of returning entire blocks when
asked. For example, given the address specifications
     ::1 fe80::/64 1:2:3::4:5:6 scanmev6.nmap.org/112
the iteration would return the single host ::1, the network fe80::/64,
the single host 1:2:3::4:5:6, and the network
2600:3c01::f03c:91ff:fe93:cd19/112. The next higher level would see:
     * ::1 as a localhost address (and not ping it),
     * fe80::/64 as a local network (and do multicast ping on it),
     * 1:2:3::4:5:6 as a single IP address (and do unicast ping on it), and
     * 2600:3c01::f03c:91ff:fe93:cd19/112 as a remote network (which it
       would then further iterate into 256 unicast hosts).

These are my recommendations for what Nmap should do when asked to scan
large and small, local and remote networks, over unicast and multicast.

                                          multicast        unicast
                                 default  requested      requested
                           ---------------------------------------
Small IPv6 local network       multicast  multicast        unicast
Large IPv6 local network       multicast  multicast  error/warning
Small IPv6 remote network        unicast      error        unicast
Large IPv6 remote network  error/warning      error  error/warning
Large IPv6 remote network  error/warning      error  error/warning


Hi!

Here are my two cents:

I think we could define "large IPv6 remote network" as a net bigger than
/96. A /96 is equivalent to the whole IPv4 address space so I guess
scanning something as big as the current Internet, should be the limit.
In my opinion, anything bigger than a /96 should make Nmap fatal. Of
course, we could add something like a --force option, but I really don't
think that Nmap should only warn users when they request some crazy
stuff like a /64.

Also, Weilin, if it is easy to do, It would be great if the code that
handles IPv6 ranges was placed in libnetutil. That way other tools like
Nping or Ncat could use it.

Regards,

Luis MartinGarcia.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: IPv6 ranges David Fifield (Jul 21)
- Re: IPv6 ranges Luis MartinGarcia. (Jul 25)
  - Re: IPv6 ranges Xu Weilin (Jul 26)