[Bro] Progress in the IPv6 support

Julien Desfossez ju at klipix.org
Mon Apr 2 20:27:17 PDT 2007


Hi,

Some months ago, I told you I wanted to improve Bro IPv6 support.

After a long time of source code reading I've started to code something.

To begin, I've primarily focused on the support for extensions.

So now when Bro receives a TCP or UDP packet with an arbitrary number of 
IPv6 extensions (hop-by-hop option, destination option and routing 
header for the moment) it can parse the content of the upper layer.

It's a beginning, but now I have some questions :
- what should I do with the data of the extensions header ?
- what do you think is the "best pratice" in Bro to code the support of 
ICMPv6 (it's a major update compared to ICMPv4) ?
- do you think binpac could help me ?

I have not yet catched all the details of the analysers and event 
handlers, and the most of the doc I have found focuses on upper layer 
protocols, so any help would be greatly appreciated !

After that I will start dealing with the fragmentation, IPsec headers 
and eventually the transition mechanisms.

Thank you for your help.

Julien Desfossez

P.S : sorry but my code isn't clean enough yet to attach the patch, as 
soon as I have something fully functionnal/tested I'll send it to the list.




More information about the Bro mailing list