Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Work on IPv6 support
From: David Fifield <david () bamsoftware com>
Date: Mon, 24 Jan 2011 16:13:29 -0800

On Tue, Jan 25, 2011 at 12:21:43AM +0100, Luis MartinGarcia. wrote:
On 01/24/2011 09:39 PM, ambarisha b wrote:

Is anybody working on  extending the raw packet support for IPv6 ? Its
in the todo list.If anybody is working on it,I would like to join in.

Hi Ambarisha,

Apart from the Nmap branch David mentioned, we are also trying to add
full IPv6 support to Nping. I'm currently working on this branch:
/nmap-exp/luis/nmap-icmpv6/nping, which mainly deals with ICMPv6.

Basically, the most important thing right now is to get the "libnetutil"
in David's branch, working. We need to be able to list system interfaces
in all supported OS (Win, Linux, BSD, Mac, etc), and also, figure out
how to chose an interface and an IPv6 source address, based on the
target address and the local routing tables. Have a look at the code in
/nmap-exp/david/nmap-ipv6/libnetutil. If you could work on this, it
would be great (not an easy task though).

I remember that the problem is this: On Linux, /proc/net/ipv6_route
gives you three pieces of information directly: destination address,
gateway address, and interface name. However listing routes with libdnet
gives you only

struct route_entry {
        struct addr     route_dst;      /* destination address */
        struct addr     route_gw;       /* gateway address */

What we crucially depend on is the interface name. We currently work
around this with the function sysroutes_dnet_find_interfaces, which does
some matching based on interface addresses and netmasks to guess the
interface name. When it can't get a match, you get a message like

WARNING: Unable to find appropriate interface for system route to ::

I've found that this can fail, even in a fairly simple Teredo-based
setup because the gateway for many routes is ::.

It would, of course, be an easy matter to extend libdnet (at least our
libdnet that doesn't have to be backward-compatible) to return the
interface name for Linux, and probably also for BSD and Windows (see
route-linux.c, route-bsd.c, route-win32.c). However there are other less
common OSes that would be harder to test. Then, of course, there is the
matter of making an incompatible change to libdnet.

This is what stalled me a little while ago. I added an option to the
nmap-ipv6 branch to help debug routing:

$ nmap --route-dst google.com
wlan0 wlan0 nexthop X.X.X.X
$ nmap --route-dst ipv6.google.com
he-ipv6 he-ipv6 nexthop XXXX:XXXX::1

That second command works for me with an he.net tunnel but not always
with Teredo.

Also, you might want to check out svn://svn.insecure.org/nmap-exp/david/ipv6,
which has some notes and the portable sending primitives in a small test

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]