IPv6 and Scapy

I’m interning at Linux Kernel in project nftables, it filters network traffic, soon I’ll blog about it, promise; and recently had to work with code that deals with IPv6.

Probably we’ve all heard about IP addresses, everything connected to the internet has this identifier. IP is the internet protocol that tries to send messages to IP addresses, it runs in Network Layer (L3) in the core of the internet.

There are two well known versions of IP, v4 and v6. Nowadays most of the internet traffic is based on the v4, what might change in the near (maybe not so near) future.

The main reason to replace v4 is the number of addresses, there are only 32 bits (~4 billion addresses) available. A few decades ago this number was huge, almost unimaginable, but the game has changed and the last address was sold to an Internet Service Provider (ISP) a few years ago.

NATs are used to make a single IP address identify multiple hosts; probably in your home only the ISP modem has a unique IP address, the computers, cellphones and other devices all have a local IP 192.168.x.y – you can use ifconfig in a terminal window to check your network board’s (probably named eth0) IP. However, many people don’t like NATs for many reasons, but this belongs to another discussion.

Now, IPv6 reserves 128 bits (~a lot) to source and destination address, every grain of sand on Earth can have its own IP address, how long will it last? Moreover, the decades of experience with v4 were used to improve IP in many ways. Take a look at both headers and how different they are:

IPv4 and IPv6 header comparison, found in [1]
It’s important to notice that v4 header has variable length, options may be sent in it, what slows processing. For IPv6 the header has a fixed length of 40 bytes, no options allowed in the base header; however, options are an useful feature, so v6 still has them but they’re sent in extension headers.

The ‘Next Header’ field in the v6 defines which header follows the current one, that’s how extension headers are sent. In the last header this field contains the upper layer protocol (TCP, UDP etc.)  that is used, similar to v4 ‘Protocol’ field.

Sometimes it is necessary know which protocol an IPv6 packet uses, somewhere in Netfilter subsystem in the Kernel ipv6_find_hdr() is used for that. I was given the task to analyze if ipv6_skip_exthdr() can be used instead, because it’s simpler and faster. These functions are used by nftables to process every IPv6 packet, and to test them I had to create IPv6 packets, with extension headers. Now comes Scapy.

Scapy is a packet manipulation program, it has its own shell but it’s possible to use it with Python. Creating IPv6 packets with it is very simple, will just show it, since a code sample speaks for a thousand words. The following sends a message over TCP and IPv6:

from scapy.all import *

base = IPv6()

base.dst = '::1'  # ::1 is localhost in IPv6
base.src = '::1'

prot = TCP(sport=1234, dport=1234, flags='S') # Attributes can be defined in initialization

data = Raw(load="Important message!")

packet = base / prot / data # '/' encapsulates the messages

packet.show2() # Displays the fields in the packet

Output of packet.show2()

You can add as many extension headers to a v6 packet you want, just initialize and encapsulate them before sending:

ext = IPv6ExtHdrRouting(addresses=["::1", "::1"])

packet = base / ext / prot / data
Output of packet.show2() with one extension header

With it I was able to test the functions with different kinds of IPv6 packets. The values used in the packets don’t mean anything, just needed to test how the extension headers are skipped 🙂

Scapy seems very useful to manipulate packets in different layers, and it’s easy to use, looking forward to explore it in future tasks. Thank you for reading!

[1] http://www.gta.ufrj.br/ensino/eel879/trabalhos_vf_2009_2/priscilla/ipv6_cabecalho.html



Using Emacs, Beginner Level

Hello, let’s talk about development environments.

Currently, Emacs is my preferred editor, I’m still a beginner with it but it already helps me a lot on C, and sometimes Python, programming.


I started using Emacs to work with remote files, making ssh connections and accessing files is very easy with it, and it provides many more features than nano, the editor I was using at the time. When learning the basics, I read much about its power and adaptability  and took as a challenge to turn it into a good Python IDE.

I’m afraid I failed this challenge, since I still prefer Pycharm; mainly because of better autocomplete and documentation access, I couldn’t configure a good documentation search tool with Emacs, maybe a more skilled user is able to. However, I still use Emacs to write small scripts, Pycharm is heavy and hangs too much, so it’s something 🙂

I tried it with C++ and now Emacs is my main C++ IDE, I use it mostly to play with Codeforces problems. It helps to have three windows available in the same screen, one for the main code, another for the custom input and a terminal window.

Anyway, too much was said about why I use it, and that’s not the purpose of this post. I intend to show how Emacs can help you to work with huge codebases, similar to the ones found in Linux Kernel.

Before we begin, be aware, Emacs will mess with indentation, you should be careful when configuring it. The configuration I use seems ok, you can find it at: https://github.com/Elise-Lennion/Emacs. Rename emacs_init to .emacs and place it at ~/, then Emacs should load this configuration at launch.

Now you’re ready to use it on Open Source C projects, but what does it offer? I can show you the features which help me most.

On the following paragraphs, C refers to Ctrl and M (Meta) to Alt. If the command is a function name (e. g. occur), you should type M-x and the command name, you can configure custom key bindings to any command you choose.

Split window: This feature is a built-in of Emacs, you can split a view horizontally, C-x 2, or vertically, C-x 3. It’s the most useful feature mentioned here, you can see multiple files you’re working on at the same time, just beautiful. To navigate between windows, press C-x ‘direction arrow’, the configuration file I use also sets ‘Windows key’-‘direction arrow’ to make navigation faster.

Emacs multiple screens

Highlight 80+ columns: All characters after 79th column are highlighted, so you know when a line won’t be properly displayed in a terminal window, simple and prevents checkpatch warnings.

Interactive completion: To open a file you should type C-x C-f, then a little window at the bottom of the screen will appear, where you type the filename. Using Interactive completion, all files in the current folder are listed, also, it filters the displayed files to match what you’re typing. This speeds codebase navigation a lot, no need to use ls in every folder, also, typing filenames can be frustrating slow when there are many similar names.

String search, occur: Emacs offers a lot of string search methods, search-forward, search-backwardRegexp matching, occur and more. They all have their uses but occur is special. It displays all occurrences of a string in a new interactive window, when you click on an occurrence your screen will be directed to it. That’s a blessing when trying to understand what a specific function does and where it’s called.

Occur example

Built-in terminal: Emacs isn’t simply a IDE, you can open a terminal window inside it, with M-x shell, no need to mention what this offers. However, the terminal isn’t always 100% functional, e.g. it doesn’t work properly when using ‘man’ or ‘git grep’. Usually I have a dedicated terminal window open.

Some useful commands: C-g cancels your current action, M-w is similar to Ctrl+c, C-w to Ctrl+x and C-y to Ctrl+v, if it pastes the wrong text try to use M-y afterwards.

These features are very helpful, and are only very basic functionalities of Emacs. For further readings, there are many easy to find tutorials about Emacs, it is 40 years old, the community and references are very developed, and there is much to discover.

That’s a beginner view on why it’s good and how to use Emacs on C projects, code navigation will be hard at first but you’ll get used to it. I’ll share more features when I learn them, magit is next  🙂

Outreachy round 13 – Linux Kernel

Hello there!

This blog will be all about my experience on Outreachy round 13. As the tittle suggests, I was accepted at Linux Kernel 🙂

Please allow me to tell a small background story.

This year I started using an OS with Linux kernel as my main; Ubuntu was my choice, I know I shouldn’t talk about it openly, but the large community, it was too appealing – in my defense, I plan on trying Arch Linux during summer vacations, when I’ll have time to fix things I break during the transition. Anyway, the high customizable system I found was a new world I wanted to explore, still do.

This same year I was introduced to Open Source, by programming things I used a lot of open source projects – mostly Python with many of its modules and a lot of useful scripts from kind people around the globe. But using and not contributing feels wrong and scales poorly, so I wanted to give back to the community.

Then I heard about Outreachy, it immediately caught my attention, was the perfect opportunity to dive deeper in and contribute to open source projects. Fedora, Debian and Linux Kernel attracted me the most, and I decided to dedicate my time to Linux Kernel.

Many patches later, followed by their v2, v3, and so on, I was assigned to nftables, won’t extend myself about the project here, a new post is needed for this purpose, but I’m very happy to work on it.


That’s how I feel right now, see you next time!