ipv6 and "net" filter
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed Dec 8 11:38:16 EST 2010
Hi,
I've been using Argus pretty successfully for the last couple of weeks
(using PF_RING-enabled libpcap) for a mixed ipv4/ipv6 network. It's
proving very useful!
I've spotted what seems to be a bug in the ipv6 netmask handling in at
least Argus clients 3.0.3.19 and 3.0.3.20 (the Argus server is
3.0.3.19). It seems to work if the number of masked bits is a multiple
of 32, but not for in-between values.
E.g.
ipv6 and net 2001:630:53::/48 doesn't match (should match exactly our
network)
ipv6 and net 2001:630:53::/32 does match (but matches 2001:630:1: etc.
as well)
ipv6 and net 2001:630:53::/33 doesn't match
ipv6 and net 2001:630:53:18::/64 does match (one of our subnets)
and, of course,
ipv6 and host 2001:630:53:fa::99 does match (my PC)
Am I missing something?
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the argus
mailing list