[Bro-Dev] #833: ICMPv6:Patch to add payload as a parameter to neighbor advertisements and neighbor solicitation events
Bro Tracker
bro at tracker.bro-ids.org
Sat Jun 16 16:25:19 PDT 2012
#833: ICMPv6:Patch to add payload as a parameter to neighbor advertisements and
neighbor solicitation events
------------------------+--------------------
Reporter: aashish | Type: Patch
Status: new | Priority: Normal
Milestone: Bro2.1 | Component: Bro
Version: git/master | Keywords:
------------------------+--------------------
Patch to provide access to the ICMPv6 payload in the scripting layer for
both neighbor advertisements and neighbor solicitation messages. Payload
is needed for extracting mac-addresses which is useful for:
1) to get bindings of mac with v6 IP addresses. This is needed to be able
to dhcp jail IPv6 hosts.
2) Alert on fake router advertisements
3) Build Neighbor Caches and flag of spoofing etc.
I believe instead of payload we can send just the mac-address to the
scripting layer (extract it in ICMP.cc - instead of in the script events).
I am open to that thought. Not sure if there is anything else, apart from
the mac-address that we eventually might need from the payload in these
events ( icmp_neighbor_solicitation and event icmp_neighbor_advertisement)
Also, attaching a skeleton policy file to log IPv6 and mac-addr bindings.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/833>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list