Feature #480
closed
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to 1.4beta1
protocol decoding¶
This is the easy part. the IPv6 packet is simply put inside the IPv4 packet via encapsulation. We may have a dedicated field before the IPv6 field but it will be enough to iterate other the block starting with 0x0 and to get the length of the block. Then jumping to the next block can be done. If it looks like an IPv6 header this is one!
protocol detection¶
This part is more tricky. The start of the exchange is made with a teredo-server. A negotiation is made and this lead to the choice by the teredo server of a teredo-relay (the real data are exchanged with the relay). A message is sent by toredo-server to indicate the teredo-relay params.
Then the teredo-client can send tunneled data to the teredo-relay.
I don't think using a match on 0x0 (0x0|0x1) is a sufficient criteria as there is too few bits. A possible detection method is to try to decode the protocol and if we found a IPv6 packet after a few jumps, we've won.
I attach a complete pcap (with data to relay) to the ticket.
- % Done changed from 0 to 80
I attach the patch against origin/master to the ticket. No configuration is needed to activate the decoding.
- % Done changed from 80 to 90
Merged, thanks Eric.
Can you also add teredo packet counter?
- Status changed from Assigned to Closed
- % Done changed from 90 to 100
Counter merged as well, thanks Eric!
Also available in: Atom
PDF