Libnet 1.1 IPv6 fixes and additions

Libnet is a cool packet crafting tool, used by Snort to send TCP reset packets and ICMP unreachable packets as part of active responses. Libnet 1.1 supports IPv6 which is what I needed for my work. After some reading and testing there were a few problems. First, while possible to send TCP reset packets, the packets didn’t have a correct checksum and debugging this with valgrind showed lots of memory errors. Second, ICMPv6 was only partly implemented. The libnet_build_* functions for it are missing. This is, by the way, quite a common picture. Many libraries and projects have some support for IPv6, but generally incomplete and less well tested.

For my work on a IPv6 enabled Snort_inline I’ve only fixed the checksum issue and added a libnet_build_icmpv6_unreach() function. The patch against libnet 1.1.3-RC-01 can be found here. It’s development was funded by the great people of NitroSecurity Inc., who are funding my work to bring IPv6 to Snort_inline. The work is not based on Sourcefire‘s recent IPv6 implementation, so it will be interesting to see if and how those codebases can be used to improve each other. The changes to Snort_inline will be made available as well later, WhenItsDone(tm) 🙂 Like with the support for NFQueue, NitroSecurity gives back to the community, which I really appreciate!

The patch: http://www.inliniac.net/files/libnet-1.1.3-RC-01-ipv6.diff.gz

7 thoughts on “Libnet 1.1 IPv6 fixes and additions

  1. I would like to second that thank you to Nitro. Without the support of Nitro and more specifically Dave Remien (great guy btw) snort_inline wouldn’t have things like support for NFQUEUE etc..

    Thanx again,

    Will

  2. Pingback: Inliniac » Blog Archive » Snort_inline updated to 2.8.0.1 in SVN

  3. Hello,

    A few days ago I had successfully built a project to send an ICMP echo request – IPv4 using the libnet library (version 1.1.2.1) using Visual Studio 2008. I captured the packets using WireShark.

    I now need to send an ICMP echo request in IPv6. But I am facing a few IPv6 support issues in using libnet. I am using the libnet library version 1.1.5. In this library I am not able to find the functionality support for IPv6 .

    When creating a packet these were some issues encountered:
    1. The ‘libnet_autobuild_ipv6’ is not yet implemented (resolved by using the ‘libnet_build_ipv6’ function)
    2. ‘libnet_name2addr6’ function (in the file libnet_resolve.c) seems to have no functionality.
    3. There seems to be no function to build an ICMPv6 Header – similar to libnet_build_icmpv4_echo

    Any suggestion and help in this regard will be appreciated.

    Does there exist any other library similar to libnet to send IPv6 packets while working in windows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s