[solved] Send a NDP advertiesement to specific target adress

Kernels & Hardware, configuring network, installing services

[solved] Send a NDP advertiesement to specific target adress

Postby isochor89 » 2020-09-28 07:36

Hello everybody,

I would like to send manually a NDP advertisement. I tried the ndsend package for this purpose. But I can't achieve my goal. I would be glad if somebody could give me a hint.

My source address which I defined in /etc/network/interfaces is
Code: Select all
fd53:aaaa:bbbb:2::56


I must send a neighbor advertisement with the information:

Code: Select all
fd53:aaaa:bbbb:2::4f (ovr) is at 68:aa:bb:cc:dd:9d


to the target address
Code: Select all
fd53:aaaa:bbbb:2::57


If I use the example provided in here:
https://manpages.debian.org/stretch/vzctl/ndsend.8

I get the following result (Wireshark extract):
Code: Select all
 2972539   3066.650453000   fd53:aaaa:bbbb:2::56   ff02::1   ICMPv6   90   Neighbor Advertisement fd53:aaaa:bbbb:2::4f (ovr) is at 68:aa:bb:cc:dd:9d


As you can see, ndsend sends the information via multiast ff02::1. But my SUT doesn't seem to care about multicast. The only thing that I know is, that it will listen to the IP adress fd53:aaaa:bbbb:2::57

Is there a way to change the standard multicast IP-Address of ff02::1 to unicast fd53:aaaa:bbbb:2::57?

My approach was a redirection of the outgoing ff02::1 to fd53:aaaa:bbbb:2::57

Code: Select all
ip6tables -t nat -A PREROUTING -p ndp -m ndp \ ff02::1 -j REDIRECT --to-destination fd53:aaaa:bbbb:2::57


But it doesn't work because I don't know how this command should look like



Thank you all!
Last edited by isochor89 on 2020-09-28 14:24, edited 1 time in total.
isochor89
 
Posts: 5
Joined: 2020-09-28 07:24

Re: Send a NDP advertiesement to specific target adress

Postby p.H » 2020-09-28 09:32

isochor89 wrote:My approach was a redirection of the outgoing ff02::1 to fd53:aaaa:bbbb:2::57

You don't want to do that. Really. It may break IPv6 connectivity with other hosts.
The PREROUTING chain is for incoming packets, not outgoing.
The REDIRECT target is for redirecting to the local host.
Stateful NAT (SNAT, DNAT, REDIRECT, MASQUERADE, NETMAP...) does not work on NDP packets (except the redirect type) because they are in the UNTRACKED state.
p.H
 
Posts: 1489
Joined: 2017-09-17 07:12

Re: Send a NDP advertiesement to specific target adress

Postby isochor89 » 2020-09-28 10:14

If you take a look at the source code of ndsend (https://github.com/blueboxgroup/vzctl/b ... c/ndsend.c)

Code: Select all
static void sender(void)
{
   struct sockaddr_in6 to;

   to.sin6_family = AF_INET6;
   to.sin6_port = 0;
   ((__u32*)&to.sin6_addr)[0] = htonl(0xFF020000);
   ((__u32*)&to.sin6_addr)[1] = 0;
   ((__u32*)&to.sin6_addr)[2] = 0;
   ((__u32*)&to.sin6_addr)[3] = htonl(0x1);
   to.sin6_scope_id = ifindex;

   if (sendto(sock, &pkt, sizeof(pkt), 0,
       (struct sockaddr*) &to, sizeof(to)) < 0) {
      fprintf(stderr, NAME "Error in sendto(): %m\n");
      exit(EXC_SYS);
   }
}


one can see that by modifying sin6_addr)[0]-[3] I could achieve my goal.

Is this the way to go?

In this case I have to apt-get remove vzctl and compile it on debian with the hardcoded IP address right?
isochor89
 
Posts: 5
Joined: 2020-09-28 07:24

Re: Send a NDP advertiesement to specific target adress

Postby p.H » 2020-09-28 11:37

You do noy have to uninstall anything. You can compile the program in /usr/local.
Before doing this, did you search and try other tools which can send ND packets ?
na6 from ipv6toolkit
ndptool from libndp-tools
p.H
 
Posts: 1489
Joined: 2017-09-17 07:12

Re: Send a NDP advertiesement to specific target adress

Postby isochor89 » 2020-09-28 12:27

Now I tried na6. It seems to offer what I am looking for. However

Code: Select all
na6 -i eth2.2 -d fd53:aaaa:bbbb:2::4f -t fd53:aaaa:bbbb:2::57 -c -o -e


leads to the error:
Code: Select all
Packet too large while inserting Neighbor Advertisement header (should be using Frag. option?)


But I don't want the NDP-Message fragmented. I only want to send 1 IP Adress and its corresponding MAC adress.
isochor89
 
Posts: 5
Joined: 2020-09-28 07:24

Re: Send a NDP advertiesement to specific target adress

Postby isochor89 » 2020-09-28 12:31

p.H wrote:You do noy have to uninstall anything. You can compile the program in /usr/local.
Before doing this, did you search and try other tools which can send ND packets ?
na6 from ipv6toolkit
ndptool from libndp-tools


I changed the IP Adress in the source code of ndsend but It was of no use.

Code: Select all
ndsend: Error in sendto(): Network is unreachable


I made a minor change from FF02 to FD53, but it seems to be enough of a change that someone is noticing, that FD53 is no multicast address. I continue with the na6 tool you've mentioned
isochor89
 
Posts: 5
Joined: 2020-09-28 07:24

Re: [solved] Send a NDP advertiesement to specific target ad

Postby isochor89 » 2020-09-28 14:30

The first approach of modifying the source code in order to force a specific unicast instead of a generic multicast was correct:

Code: Select all
static void sender(void)
{
   struct sockaddr_in6 to;

   to.sin6_family = AF_INET6;
   to.sin6_port = 0;
   ((__u32*)&to.sin6_addr)[0] = htonl(0xFD53aaaa);
   ((__u32*)&to.sin6_addr)[1] = htonl(0xbbbb0002);;
   ((__u32*)&to.sin6_addr)[2] = 0;
   ((__u32*)&to.sin6_addr)[3] = htonl(0x57);
   to.sin6_scope_id = ifindex;

   if (sendto(sock, &pkt, sizeof(pkt), 0,


after building and installing the package, one can send neighbor advertisement with:

Code: Select all
ndsend fd53:aaaa:bbbb:2::4f eth2.2 to fd53:aaaa:bbbb:2::57


Thanks @ p.H. for your input
isochor89
 
Posts: 5
Joined: 2020-09-28 07:24


Return to System configuration

Who is online

Users browsing this forum: No registered users and 15 guests

fashionable