Inliniac » libnet http://www.inliniac.net/blog Everything inline. Wed, 11 Jan 2012 19:09:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Snort_inline updated to 2.8.0.1 in SVN http://www.inliniac.net/blog/2008/01/09/snort_inline-updated-to-2801-in-svn.html http://www.inliniac.net/blog/2008/01/09/snort_inline-updated-to-2801-in-svn.html#comments Wed, 09 Jan 2008 15:41:19 +0000 Victor Julien http://www.inliniac.net/blog/2008/01/09/snort_inline-updated-to-2801-in-svn.html I’ve just committed an update to Snort_inline’s SVN. It brings it to the Snort 2.8.0.1 level. It supports both IPv4 and IPv6 on IPQ and NFQ. I have not been able to test IPFW on IPv6, so I don’t think that will work currently.

This update removes the libdnet dependency and replaces it with libnet 1.1. To be able to send ICMPv6 unreachable packets you will need the libnet 1.1 patch I wrote a while ago. You can find that here. Get the latest Snort_inline by checking out SVN:

svn co https://snort-inline.svn.sourceforge.net/svnroot/snort-inline/trunk

Consider the code to be of beta quality for now, so be careful with it. Please report any problems with it!

Again, a big thank you to NitroSecurity for funding this work!

]]> http://www.inliniac.net/blog/2008/01/09/snort_inline-updated-to-2801-in-svn.html/feed 0 Libnet 1.1 IPv6 fixes and additions http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html#comments Tue, 16 Oct 2007 21:35:11 +0000 Victor Julien http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html Libnet is a cool packet crafting tool, used by Snort to send TCP reset packets and ICMP unreachable packets as part of active responses. Libnet 1.1 supports IPv6 which is what I needed for my work. After some reading and testing there were a few problems. First, while possible to send TCP reset packets, the packets didn’t have a correct checksum and debugging this with valgrind showed lots of memory errors. Second, ICMPv6 was only partly implemented. The libnet_build_* functions for it are missing. This is, by the way, quite a common picture. Many libraries and projects have some support for IPv6, but generally incomplete and less well tested.

For my work on a IPv6 enabled Snort_inline I’ve only fixed the checksum issue and added a libnet_build_icmpv6_unreach() function. The patch against libnet 1.1.3-RC-01 can be found here. It’s development was funded by the great people of NitroSecurity Inc., who are funding my work to bring IPv6 to Snort_inline. The work is not based on Sourcefire‘s recent IPv6 implementation, so it will be interesting to see if and how those codebases can be used to improve each other. The changes to Snort_inline will be made available as well later, WhenItsDone(tm) :) Like with the support for NFQueue, NitroSecurity gives back to the community, which I really appreciate!

The patch: http://www.inliniac.net/files/libnet-1.1.3-RC-01-ipv6.diff.gz

]]> http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html/feed 7