-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, This is not meant to be a "big release", but it does fix some issues present in previous versions, and adds some new features (please find the changelog below). So if you're using the ipv6toolkit, please upgrade to version 1.5.2. Tarballs (plain one, and gpg-signed with my key below) can be found at: <http://www.si6networks.com/tools/ipv6toolkit>). * Tools: If you want to find out which tools the ipv6toolkit comprises, just do a "man 7 ipv6toolkit". * Platforms: We currently support these platforms: FreeBSD, NetBSD, OpenBSD, Debian GNU/Linux, Debian GNU/kfreebsd, Gentoo Linux, Ubuntu, and Mac OS. Some of these platforms now feature the ipv6toolkit in their package system -- credits for that can be found below. :-) ===== CREDITS ====== CONTRIBUTORS - ------------ ** Contributors ** The following people sent patches that were incorporated into this release of the toolkit: Octavio Alvarez <alvarezp@xxxxxxxxxxxx> Alexander Bluhm <bluhm@xxxxxxxxxxx> Alistair Crooks <agc@xxxxxxxxxx> Declan A Rieb <darieb@xxxxxxxxxx> ** Package maintainers ** Availability of packages for different operating systems makes it easier for users to install and update the toolkit, and for the toolkit to integrate better with the operating systems. These are the maintainers for each of the different packages: + Debian Octavio Alvarez <alvarezp@xxxxxxxxxxxx>, sponsored by Luciano Bello <luciano@xxxxxxxxxx> + FreeBSD Hiroki Sato <hrs@xxxxxxxxxxx> + Gentoo Linux Robin H. Johnson <robbat2@xxxxxxxxxx> + Mac OS Declan A Rieb <darieb@xxxxxxxxxx> tests the toolkit on multiple Mac OS versions, to ensure clean compiles on such platforms. + NetBSD (pkgsrc framework) Alistair Crooks <agc@xxxxxxxxxx> + OpenBSD Alexander Bluhm <bluhm@xxxxxxxxxxx> ** Troubleshooting/Debugging ** Spotting bugs in networking tool can be tricky, since at times they only show up in specific network scenarios. The following individuals provided great help in identifying bugs in the the toolkit (thus leading to fixes and improvements): Stephane Bortzmeyer <stephane@xxxxxxxxxxxxxx> Marc Heuse <mh@xxxxxxxxx> Erik Muller <erikm@xxxxxxx> Declan A Rieb <darieb@xxxxxxxxxx> Tim <tim-security@xxxxxxxxxxxxxxxxxxx> ===== CREDITS ===== ===== CHANGELOG ===== SI6 Networks IPv6 Toolkit v1.5.2 * All: Add support for GNU Debian/kfreebsd The toolkit would not build on GNU Debian/kfreebsd before this release. * tcp6: Add support for TCP/IPv6 probes tcp6 can now send TCP/IPv6 packets ("--probe-mode" option), and read the TCP response packets, if any. This can be leveraged for port scans, and miscellaneous measurements. SI6 Networks IPv6 Toolkit v1.5.1 * Fix Mac OS breakage libipv6.h had incorrect definitions for "struct tcp_hdr". SI6 Networks IPv6 Toolkit v1.5 * All: Improved the next-hop determination Since the toolkit employs libpcap (as there is no portable way to forge IPv6 addresses and do other tricks), it was relying on the user specifying a network interface ("-i" was mandatory for all tools) and that routers would send Router Advertisements on the local links. This not only was rather inconvenient for users (specifying a network interface was not warranted), but also meant that in setups where RAs where not available (e.g., manual configuration), the tools would fail. The toolkit now employs routing sockets (in BSDs) or Netlink (in Linux), and only uses "sending RAs" as a fall-back in case of failure (IPv6 not configured on the local host). * All: Improved source address selection This is closely related to the previous bullet. * All: More code moved to libipv6 More and more code was moved to libipv6 and removed to the individual tool source files. As with some of the above, this was painful and time-consuming, but was necessary -- and in the long run it will make code maintenance easier. * All: libipv6 used throughout all tools This was rather painful and non-exciting, but necessary. SI6 Networks' IPv6 Toolkit v1.4.1 * frag6: Fixed bug that prevented Ethernet header from being filled A bug in the code caused Ethernet frames to go on te wire without any of their header fields completed. * All: Use of library to avoid code replication An "libipv6" library was created, such that common functions do not need to be replicated for each tool. ni6, ns6, rs6, and tcp6 now employ such library. SI6 Networks' IPv6 Toolkit v1.4 release * frag6: Fixed the flooding option Fixed the fragment size used when employing the flooding option. It was previously sending fragment sizes that where not a multiple of eight, and hence these fragments were dropped. * scan6: Added support for 64-bit encoding of IPv4 addresses Option "--tgt-ipv4" was augmented to support both encodings (32 bit and 64 bit) of embedded IPv4 addresses. * tcp6: Fixed response to Neighbor Solicitations tcp6 was not responding to incoming Neighbor Solicitations. Hence, when packets were sent from spoofed addresses, tcp6 would never receive the response packets, because the NSs sent by the local router or target node would never be responded. * tcp6: Added support for TCP Window-based attacks tcp6 can now close the window after sending an app-layer command, and also "modulate" the TCP window to circumvent trivial mitigations for these attacks ("--window-mode" and "--win-modulate" options). * tcp6: Support for multiple connection-establishment types tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode" option). * tcp6: Support for multiple connection-termination types tcp6 can now perform multiple connection-termination types (see the "--close-mode" option). * tcp6: Support for sending application layer requests tcp6 can now send application-layer requests with the "--data" option. * Many improvements to the manual pages. Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that describes a general description of the toolkit. * All: Fixed bug in link-layer destination address selection Tools now try to find a local router or perform Neighbor Discovery only when necessary (i.e., underlying link-layer is *not* loopback or tunnel, destination address is *not* link-local, and a link-layer destination address has *not* been specified). * All: Fixed bug in option handling Incorrect data type was used for the return value of getopt_long(), thus leading to problems in some architectures. * All: Fixed a number of issues with pcap_next_ex() The timeout parameter of pcap_next_ex() is now based on the platform (the previous constant value had different semantics in different platforms). Additionally, handle the case where pcap_next_ex() returns no packets. * All: General improvements and clean-up The development process now includes building the toolkit with the clang compiler (in addition to gcc), which has lead to the identification of a number of issues. * All: Improved support for building the toolkit. The toolkit now contains one makefile for pmake, and another for GNU make. Added support for the DESTDIR variable. Appropriate paths are selected based on the value of a number of variables. Configuration file is dynamically generated, with the right path to the oui.txt file. ===== CHANGELOG ===== - -- Fernando Gont SI6 Networks e-mail: fgont@xxxxxxxxxxxxxxx PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJS2XWiAAoJEK4lDVUdTnSSNcIP/A3Kdy7ZCNPBB4Q8GRS/zuvo JdkwJ9BCgkx8xtiyU7W+wB6stWb1/n/iEHK38nuhAPvJ5+pxyII1Les9k2LsE9Ga e3t+6bdp2W0ID05FCLeHMzm9NJ0kZtuwr03AXTQ8d0hdHIFmBgg3sMRMNuYtXoR5 HDqJRzvP9IUjGiph/zZV7yu8JDVJHxk5e3+wyeB3ThoRpxbcm0IfizD3vdvLW8V2 s7iUe0nrRydh9m8UQSY6sdw1fv+kec7aKkmPtycq2TPnBWWdab83SL0zyRRR5i++ zbvfSv9Ggx524+dvt22uO8r1tZUvweZKk6G2nHTQQ1a9K2hSOHxdwKmDpt4TpsnL 8jD/UAEvcpPm7SVWGXRe7L4UuQsNO9ITxwPvPAL2U/jylgGs6SDSxpmJo3tGtKNv KewkYmQkcqp+oGwPnoNPCFeGMZko4Msjdv+vBXcf0QgE0gFLCyrsuomWgquH7k6Z utd8bvRt8yGwPGUSYIkQ8AJo+zTHbj56GzhO6uDTrsHYc6INR5lCbTiMC+ov/Cal cMT5Q3Yac+ja1l5fhX6EVptYim1l8pGeWGUFNvPoOSRAbQWDMvfsabJ8kVQk85sx IqN6GRC05kgt0dlXiwNceh6ibqg2j/oOICV8u5NtQxEZ9jyY8BFLi3GwBjxi5HJ3 ClRivtmDIXaoO4BSsngY =J+s0 -----END PGP SIGNATURE-----
