anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sniffer): passive IPv6 link-local leak detection

Browse Source 
Add _ipv6_iid_classify() to fingerprint EUI-64 vs stable-privacy IIDs
and derive the MAC OUI from EUI-64-encoded link-local addresses.
SnifferEngine._on_ipv6_packet() observes fe80::/10 sources destined for
known deckies and emits ipv6_link_local_leak syslog + bus events.
on_packet() now dispatches the IPv6 branch before the v4 TCP path.
BPF default widened from "tcp" to "tcp or ip6" so the sniff loop
captures IPv6 frames without config change.
This commit is contained in:
anti
2026-05-17 20:16:29 -04:00
parent 69ecc4cc20
commit aa833ddda9
3 changed files with 227 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/sniffer/worker.py
View File

@@ -89,7 +89,7 @@ def _sniff_loop(
log_path: Path,
json_path: Path,
stop_event: threading.Event,
bpf_filter: str = "tcp",
bpf_filter: str = "tcp or ip6",
publish_fn: Callable[[str, str, dict[str, Any]], None] | None = None,
engine: "SnifferEngine | None" = None,
) -> None: