PcapPlusPlus icon indicating copy to clipboard operation
PcapPlusPlus copied to clipboard

Published 20 hours ago verified publisher icon seladb

IPFilter not for IPv6?

Open JasMetzger opened this issue 1 year ago • 5 comments

Documentation indicates that IPFilter works for IPv4. Ultimately, it creates a BPF using string such as "ip and src net

" used to filter the raw packet. Is there any reason this is just suitable for IPv4 and not IPv6? Using the BPF Wrapper I believe I have created what would be the same thing for IPv6 which remains to be tested. It seems natural that IPFilter would apply to IPv6 addressing but the documentation is specific about parameters being IPv4.

JasMetzger avatar Jan 27 '24 16:01 JasMetzger

@JasMetzger I wrote this a long time ago so I don't remember all the details but I think that libpcap/WinPcap/Npcap don't support netmask for IPv6. Please see this comment: https://github.com/seladb/PcapPlusPlus/blob/f49f009ecfac28f9978e8030834e7bd5477e6367/Pcap%2B%2B/src/PcapFilter.cpp#L164

We could (and maybe should) support IPv6 without a mask, or maybe have both IPv4Filter (with mask support), IPv6Filter (without mask support), IPFilter (IPv4/6 without mask support)

seladb avatar Jan 30 '24 07:01 seladb

I think that solution can be done as a (somewhat lengthy) two step process.

Step 1 would be:

  • The current IPFilter being renamed to IPv4Filter as it already has mask support and works fine.
  • The IPFilter is kept as a deprecated alias to IPv4Filter for 1 release.
  • A new IPv6Filter is added (without mask support).

Step 2 would need to proceed after the old IPFilter has been removed:

  • Adding a new IPFilter that works with IPv4/v6 without mask support. This can be an alias to IPv6Filter if that one is made to work with IPv4/v6 without mask support or be a facade class that exposes only the shared functionality between the v4 and v6 filters and internally chooses which one to use based on the IP.

Dimi1010 avatar Feb 24 '24 12:02 Dimi1010

@Dimi1010 Step 1 is a good idea. I agree that the current filter should be renamed IPv4Filter which comports with the naming conventions used elsewhere. Step 2 may be a good step to take if and when IPv6Filter can support masking.

JasMetzger avatar Feb 24 '24 15:02 JasMetzger

First I'd check if libpcap, WinPcap, Npcap indeed don't support IPv6 masks. If they do, it's easy to transform this class to support both IPv4 and IPv6.

If they don't, we can still transform this class to support both IPv4 and IPv6, but throw an exception when trying to set a mask when IPFilter is instantiated with IPv6.

BTW, we have the pcpp::IPAddress class which is a wrapper for both IPv4 and IPv6, we can store it as a private member to know which IP version it is (4 or 6)

seladb avatar Feb 25 '24 03:02 seladb

@seladb Still not supported for the netmask syntax, in any of the libs, from what I could find.

Dimi1010 avatar Feb 25 '24 10:02 Dimi1010

@tigercosmos maybe close this as #1324 is now merged?

Dimi1010 avatar May 05 '24 10:05 Dimi1010

sure, thanks

tigercosmos avatar May 05 '24 14:05 tigercosmos