[Bro-Dev] #531: Handle IPv6 protocol chains
Bro Tracker
bro at tracker.bro-ids.org
Fri Mar 2 18:22:10 PST 2012
#531: Handle IPv6 protocol chains
----------------------+------------------------
Reporter: gregor | Owner: jsiwek
Type: Problem | Status: assigned
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords: IPv6
----------------------+------------------------
Comment (by jsiwek):
In [eb9f686bb20fc1fe5021cd0b92eea3b5a147a1cd/bro]:
{{{
#!CommitTicketReference repository="bro"
revision="eb9f686bb20fc1fe5021cd0b92eea3b5a147a1cd"
Add handling for IPv6 extension header chains (addresses #531)
- The script-layer 'pkt_hdr' type is extended with a new 'ip6' field
representing the full IPv6 header chain.
- The 'new_packet' event is now raised for IPv6 packets (addresses #523)
- A new event called 'ipv6_ext_header' is raised for any IPv6 packet
containing extension headers.
- A new event called 'esp_packet' is raised for any packets using ESP
('new_packet' and 'ipv6_ext_header' events provide connection info,
but that info can't be provided here since the upper-layer payload
is encrypted).
- The 'unknown_protocol' weird is now raised more reliably when Bro
sees a transport protocol or IPv6 extension header it can't handle.
(addresses #522)
Still need to do IPv6 fragment reassembly and needs more testing.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/531#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list