[Bro] Progress in the IPv6 support
vern at icir.org
Wed Apr 11 01:19:52 PDT 2007
Great to hear that you're pursuing this!
> So now when Bro receives a TCP or UDP packet with an arbitrary number of
> IPv6 extensions (hop-by-hop option, destination option and routing
> header for the moment) it can parse the content of the upper layer.
> It's a beginning, but now I have some questions :
> - what should I do with the data of the extensions header ?
Ideal would be to generate an event per header (assuming that the policy
script defines a corresponding handler).
> - what do you think is the "best pratice" in Bro to code the support of
> ICMPv6 (it's a major update compared to ICMPv4) ?
I don't know the specifics of ICMPv6. What are the main ways in which
it's a major update?
> - do you think binpac could help me ?
It will need extensions to do so. You should contact Ruoming Pang
<rpang at CS.Princeton.EDU> to see what degree he has interest/cycles
in adding the necessary support.
> After that I will start dealing with the fragmentation, IPsec headers
> and eventually the transition mechanisms.
This all sounds great ...
More information about the Bro