[Bro] Progress in the IPv6 support

Vern Paxson vern at icir.org
Wed Apr 11 01:19:52 PDT 2007


Great to hear that you're pursuing this!

> So now when Bro receives a TCP or UDP packet with an arbitrary number of 
> IPv6 extensions (hop-by-hop option, destination option and routing 
> header for the moment) it can parse the content of the upper layer.
> 
> It's a beginning, but now I have some questions :
> - what should I do with the data of the extensions header ?

Ideal would be to generate an event per header (assuming that the policy
script defines a corresponding handler).

> - what do you think is the "best pratice" in Bro to code the support of 
> ICMPv6 (it's a major update compared to ICMPv4) ?

I don't know the specifics of ICMPv6.  What are the main ways in which
it's a major update?

> - do you think binpac could help me ?

It will need extensions to do so.  You should contact Ruoming Pang
<rpang at CS.Princeton.EDU> to see what degree he has interest/cycles
in adding the necessary support.

> After that I will start dealing with the fragmentation, IPsec headers 
> and eventually the transition mechanisms.

This all sounds great ...

		Vern



More information about the Bro mailing list