tcpdump mailing list archives

Re: Scanning IP6 packets

From: Darren Reed <darrenr () netbsd org>
Date: Thu, 14 Nov 2013 20:04:57 +1100

On 13/11/2013 7:15 PM, Guy Harris wrote:

...
Or write your own filter expression that looks at the link-layer header to detect IPv6 packets, skips past the IPv6 
header (you won't be able to handle extension headers, as that involves looping, and the libpcap filter language 
doesn't support that), and then loads the appropriate value from the TCP header based on that.

There is no easy solution.


Something that I'm working on is a design & implementation of BPF (v2) that
incorporates instructions that are specifically designed to deal with headers
that are chained together in this fashion. In its current form, BPF (v1) is
not that IPv6 friendly. Give me a week or two to back up a design with some
code that works (the parser and compiler bit are the tricky pieces.)

Darren
.

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Scanning IP6 packets Steve (Nov 12)
- Re: Scanning IP6 packets Guy Harris (Nov 13)
  - Re: SPAM-LOW: Re: Scanning IP6 packets Steve (Nov 13)
  - Re: Scanning IP6 packets Darren Reed (Nov 14)
    - Re: Scanning IP6 packets Michael Richardson (Nov 14)
    - Re: Scanning IP6 packets Darren Reed (Nov 14)
    - Re: Scanning IP6 packets Michael Richardson (Nov 14)