Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Gsoc 2011 idea about IPv6
From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Mar 2011 09:06:56 -0700

On Thu, Mar 24, 2011 at 10:21:55PM +0800, Xu Weilin wrote:
Hi all,
I have run ipv6.c program on my UBUNTU 10.10 and found some interesting

1) The Traffic Class and Flow Label of IPv6 header cannot be set correctly
with the macro function ip6_pack_hdr() of Libdnet.

In the main() function we write

ip6_pack_hdr1(ip6_hdr, 0x12, 0xabcde, sizeof(packet) - sizeof(*ip6_hdr),
IP_PROTO_HOPOPTS, 13, src[0], dst[0]);

The Traffic Class should be 0x12 and the Flow Label should be 0xabcde, but
the values I captured in Wireshark were 0x10 and 0x0. The reason is that
Libdnet defines a specific operation on ip6->ip6_flow with a flowlabel mask:
ip6->ip6_flow = htonl(((uint32_t)(fc) << 28) & \
    (IP6_FLOWLABEL_MASK | (fl)));

If I replace it with this:
ip6->ip6_flow = htonl(((uint32_t)(fc) << 20) | \
    ( (fl)));
Then the related values will be correct.

Since the flow label may be used for OS detection, we should be careful
about it.

Oh! Good find. I forgot to mention that I found the same bug, and it is
fixed in newer versions of libdnet (including the libdnet that comes
with Nmap).

2) send_ipv6_ip() couldn't work on my UBUNTU 10.10.

The sentence below returns '-1'
sd = socket(AF_INET6, SOCK_RAW, hdr->ip6_nxt);

and the next sentence 'perror("socket");'
prints 'socket: Protocol not supported'

This may need more tests.

I prefer to send_ipv6_eth() and send_ipv6_ipproto_raw() since they work well
and they are more powerful.

The different functions work on different operating systems--I think all
three are necessary. Linux treats IPPROTO_RAW differently and
incompatibly from different operating systems--it acts like IP_HDRINCL
for IPv4 (header is included with packet payload). Linux uses
send_ipv6_ipproto_raw. Other operating systems (like BSD) treat
IPPROTO_RAW as nothing special, just IP protocol 255. They use
send_ipv6_ip and use special functions to set header values. Windows
doesn't support raw sockets at all, and the only way I know of is to use
raw Ethernet sending with send_ipv6_eth. Other operating systems can
also use send_ipv6_eth, but only on Ethernet devices, and not, for
example, PPP devices. Raw sending on Windows with a non-Ethernet doesn't
work at all, but it's the same for IPv4. So I think all three functions
are necessary.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]