SI6 Networks' IPv6 Toolkit v1.5.2 released!
Templin, Fred L
Fred.L.Templin at boeing.com
Fri Jan 31 19:09:17 CET 2014
Hi Fernando,
I don't know if you are looking to add to your toolkit from outside
sources, but Sascha Hlusiak has created a tool called 'isatapd' that
sends RS messages to an ISATAP router and processes RA messages that
come back:
http://www.saschahlusiak.de/linux/isatap.htm
Does this look like something you might want to add to the toolkit?
Thanks - Fred
fred.l.templin at boeing.com
> -----Original Message-----
> From: ipv6-ops-bounces+fred.l.templin=boeing.com at lists.cluenet.de [mailto:ipv6-ops-
> bounces+fred.l.templin=boeing.com at lists.cluenet.de] On Behalf Of Fernando Gont
> Sent: Friday, January 31, 2014 8:03 AM
> To: ipv6-ops at lists.cluenet.de
> Subject: SI6 Networks' IPv6 Toolkit v1.5.2 released!
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Folks,
>
> [I had forgotten to send a heads-up to this list -- hopefully some of
> you will find this useful]
>
> This is not meant to be a "big release", but it does fix some issues
> present in previous versions, and adds some new features (please find
> the changelog below).
>
> So if you're using the ipv6toolkit, please upgrade to version 1.5.2.
>
> Tarballs (plain one, and gpg-signed with my key below) can be found
> at: <http://www.si6networks.com/tools/ipv6toolkit>).
>
> * Tools:
>
> If you want to find out which tools the ipv6toolkit comprises, just
> do a "man 7 ipv6toolkit".
>
>
> * Platforms:
>
> We currently support these platforms: FreeBSD, NetBSD, OpenBSD, Debian
> GNU/Linux, Debian GNU/kfreebsd, Gentoo Linux, Ubuntu, and Mac OS.
>
> Some of these platforms now feature the ipv6toolkit in their package
> system -- credits for that can be found below. :-)
>
>
> ===== CREDITS ======
> CONTRIBUTORS
> - ------------
>
> ** Contributors **
>
> The following people sent patches that were incorporated into this
> release of the toolkit:
>
> Octavio Alvarez <alvarezp at alvarezp.com>
> Alexander Bluhm <bluhm at openbsd.org>
> Alistair Crooks <agc at pkgsrc.org>
> Declan A Rieb <darieb at sandia.gov>
>
>
> ** Package maintainers **
>
> Availability of packages for different operating systems makes it
> easier for users to install and update the toolkit, and for the toolkit
> to integrate better with the operating systems.
>
> These are the maintainers for each of the different packages:
>
> + Debian
>
> Octavio Alvarez <alvarezp at alvarezp.com>, sponsored by Luciano Bello
> <luciano at debian.org>
>
> + FreeBSD
>
> Hiroki Sato <hrs at FreeBSD.org>
>
> + Gentoo Linux
>
> Robin H. Johnson <robbat2 at gentoo.org>
>
> + Mac OS
>
> Declan A Rieb <darieb at sandia.gov> tests the toolkit on multiple Mac
> OS versions, to ensure clean compiles on such platforms.
>
> + NetBSD (pkgsrc framework)
>
> Alistair Crooks <agc at pkgsrc.org>
>
> + OpenBSD
>
> Alexander Bluhm <bluhm at openbsd.org>
>
>
> ** Troubleshooting/Debugging **
>
> Spotting bugs in networking tool can be tricky, since at times they
> only show up in specific network scenarios.
>
> The following individuals provided great help in identifying bugs in
> the the toolkit (thus leading to fixes and improvements):
>
> Stephane Bortzmeyer <stephane at bortzmeyer.org>
> Marc Heuse <mh at mh-sec.de>
> Erik Muller <erikm at buh.org>
> Declan A Rieb <darieb at sandia.gov>
> Tim <tim-security at sentinelchicken.org>
> ===== CREDITS =====
>
>
> ===== CHANGELOG =====
> SI6 Networks IPv6 Toolkit v1.5.2
>
> * All: Add support for GNU Debian/kfreebsd
> The toolkit would not build on GNU Debian/kfreebsd before this
> release.
>
> * tcp6: Add support for TCP/IPv6 probes
> tcp6 can now send TCP/IPv6 packets ("--probe-mode" option), and
> read the TCP response packets, if any. This can be leveraged for
> port scans, and miscellaneous measurements.
>
> SI6 Networks IPv6 Toolkit v1.5.1
> * Fix Mac OS breakage
> libipv6.h had incorrect definitions for "struct tcp_hdr".
>
> SI6 Networks IPv6 Toolkit v1.5
>
> * All: Improved the next-hop determination
> Since the toolkit employs libpcap (as there is no portable way to
> forge IPv6 addresses and do other tricks), it was relying on the
> user specifying a network interface ("-i" was mandatory for all
> tools) and that routers would send Router Advertisements on the
> local links. This not only was rather inconvenient for users
> (specifying a network interface was not warranted), but also meant
> that in setups where RAs where not available (e.g., manual
> configuration), the tools would fail. The toolkit now employs
> routing sockets (in BSDs) or Netlink (in Linux), and only uses
> "sending RAs" as a fall-back in case of failure (IPv6 not
> configured on the local host).
>
> * All: Improved source address selection
> This is closely related to the previous bullet.
>
> * All: More code moved to libipv6
> More and more code was moved to libipv6 and removed to the
> individual tool source files. As with some of the above, this was
> painful and time-consuming, but was necessary -- and in the long
> run it will make code maintenance easier.
>
> * All: libipv6 used throughout all tools
> This was rather painful and non-exciting, but necessary.
>
>
> SI6 Networks' IPv6 Toolkit v1.4.1
>
> * frag6: Fixed bug that prevented Ethernet header from being filled
> A bug in the code caused Ethernet frames to go on te wire without
> any of their header fields completed.
>
> * All: Use of library to avoid code replication
> An "libipv6" library was created, such that common functions do
> not need to be replicated for each tool. ni6, ns6, rs6, and tcp6
> now employ such library.
>
>
> SI6 Networks' IPv6 Toolkit v1.4 release
>
> * frag6: Fixed the flooding option
> Fixed the fragment size used when employing the flooding option.
> It was previously sending fragment sizes that where not a multiple
> of eight, and hence these fragments were dropped.
>
> * scan6: Added support for 64-bit encoding of IPv4 addresses
> Option "--tgt-ipv4" was augmented to support both encodings (32 bit
> and 64 bit) of embedded IPv4 addresses.
>
> * tcp6: Fixed response to Neighbor Solicitations
> tcp6 was not responding to incoming Neighbor Solicitations. Hence,
> when packets were sent from spoofed addresses, tcp6 would never
> receive the response packets, because the NSs sent by the local
> router or target node would never be responded.
>
> * tcp6: Added support for TCP Window-based attacks
> tcp6 can now close the window after sending an app-layer command,
> and also "modulate" the TCP window to circumvent trivial
> mitigations for these attacks ("--window-mode" and
> "--win-modulate" options).
>
> * tcp6: Support for multiple connection-establishment types
> tcp6 can now cause e.g. TCP simultaneous opens (see the
> "--open-mode" option).
>
> * tcp6: Support for multiple connection-termination types
> tcp6 can now perform multiple connection-termination types (see the
> "--close-mode" option).
>
> * tcp6: Support for sending application layer requests
> tcp6 can now send application-layer requests with the "--data"
> option.
>
> * Many improvements to the manual pages.
> Fixed the troff encoding of many manual pages. Added
> ipv6toolkit(7), that describes a general description of the
> toolkit.
>
> * All: Fixed bug in link-layer destination address selection
> Tools now try to find a local router or perform Neighbor Discovery
> only when necessary (i.e., underlying link-layer is *not* loopback
> or tunnel, destination address is *not* link-local, and a
> link-layer destination address has *not* been specified).
>
> * All: Fixed bug in option handling
> Incorrect data type was used for the return value of
> getopt_long(), thus leading to problems in some architectures.
>
> * All: Fixed a number of issues with pcap_next_ex()
> The timeout parameter of pcap_next_ex() is now based on the
> platform (the previous constant value had different semantics in
> different platforms).
> Additionally, handle the case where pcap_next_ex() returns no
> packets.
>
> * All: General improvements and clean-up
> The development process now includes building the toolkit with the
> clang compiler (in addition to gcc), which has lead to the
> identification of a number of issues.
>
> * All: Improved support for building the toolkit.
> The toolkit now contains one makefile for pmake, and another for
> GNU make.
> Added support for the DESTDIR variable. Appropriate paths are
> selected based on the value of a number of variables.
> Configuration file is dynamically generated, with the right path
> to the oui.txt file.
>
> ===== CHANGELOG =====
>
>
> - --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
>
> - --
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at si6networks.com
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEcBAEBAgAGBQJS68k6AAoJEJbuqe/Qdv/xWWkIANS/GouhoQxvAgrB8Ryireon
> 8jsYkboNqA0bZtqt6oQASgllBUxtWC7OGmpgZk/s4n8SIDLA8JtlvlPxnIJ5QJlT
> dSunWgiQCgdLkgcJDhgBlSBtNnIH0DC/sCc+nRneCbxtM6PMGxCzD+makSe/3MBI
> pTzmNOg5oUy86zlYbpqTcoUOuFblAtx1rvmtIc3sTs9CELMJ8F2K400j1XxnmqwK
> gifmhPtbM8BNZat4/b3Jzn5rj4if8bUNiBZnKvQFZLuCi/LFdm171uM/HGeBBFNl
> /cmcm9mq+M4CKecRZXp5QIjMQIq3iUR0mOxSO1qm75TLcm886PQORddtcDvOjwQ=
> =epiF
> -----END PGP SIGNATURE-----
More information about the ipv6-ops
mailing list