English | Deutsch
Home »

OpenVAS Change Request #27: IPv6 support

Votes: +10. Done. Released with openvas-libraries and openvas-scanner 3.0.0.


To introduce IPv6 support into OpenVAS


IPv6 and a text about OpenVAS on InternetNews


In the current version, OpenVAS only supports IPv4 protocol. This is now a dominant protocol on the Internet. The problems with IPv4 are long known, e.g. shortage of addresses, and a subset of those problems is expected to be solved by a new protocol, IPv6. IPv6 is now supported on all the major operating systems, network devices and in the applications and the IPv6 deployment is growing steadily but certainly. This means that the OpenVAS, in order to stay viable solution for the security testings, has to be extended to support IPv6.

More specifically, supporting IPv6 in OpenVAS means at least the following:

  1. It means that you can enter IPv6 address(es) in the OpenVAS client and then those hosts, whith those addresses, are scanned.
  2. It means that when you enter hostname (or FQDN) which resolves to IPv6 address, this address will be used


The code changes will not impact any existing functionality. They will allow existing checks to be used over the IPv6 network. Additionally, it will be possible to write new tests specialized for IPv6 weaknesses.

Design and Implementation

The following changes will be necessary:

Specifically, the following modules will undergo changes,

The proposed development steps are:

  1. Phase I: Allow IPv6 addresses to be entered by the user, even though they are not used, i.e. when user enters IPv6 the address is ignored with appropriate warning or error message.
  2. Phase II: Refactor the current IPv4 specific code into separate module and/or functions.
  3. Phase III: Then, in the next step this code is extended so that it transparently supports IPv6 in addition to IPv4.
  4. Phase IV: Add the code to handle raw IPv6 packets.
  5. Phase V: Update the OpenVAS compendium documenting the IPv6 support and design overview