[Oisf-users] IPv6 & Extension header
Victor Julien
victor at inliniac.net
Thu Jul 5 13:12:11 UTC 2012
On 07/03/2012 11:58 AM, Michel SABORDE wrote:
> Hi again,
>
> I'm still trying to access extension headers that are after the IPv6
> header but i can't manage to do it.
> Even if i use a pcre like /^\x2c/ to check if the first octet of the
> payload is a fragment next header it does not work because pcre only
> matches the TCP/ICMP/... payload, not the IPv6 payload, even when the
> signature is about ip protocol.
> Is there something like "raw signatures" ? Maybe with the use of pkthdr
> signatures ? Or by accessing the payload of the ethernet protocol ?
I don't think there is anything like this currently. We'll have to
extend the signature language.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list