I've downloaded libnet 1.1.2.1 and looking at libnet_build_ip.c, I think I see a bug. Mind you, I'm fairly new to this area so I believe it's as likely I'm wrong as the code but I'd appreciate feedback either way.

I'm looking at IPv6 header creation in libnet_build_ipv6(). Lines 490-491 say:

ip_hdr.ip_flags[0] = 0x06 << 4;
ip_hdr.ip_flags[1] = ((tc & 0x0F) << 4) | ((fl & 0xF0000) >> 16);

but page 3 of RFC 2460 (http://www.ietf.org/rfc/rfc2460.txt) shows:

3. IPv6 Header Format

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

and http://www.networksorcery.com/enp/protocol/ipv6.htm confirms:

Version. 4 bits.
IPv6 version number.

Traffic Class. 8 bits.
Internet traffic priority delivery value.

So isn't libnet_build_ipv6() wrong? Shouldn't lines 490-491 read something like:

ip_hdr.ip_flags[0] = (0x06 << 4) | ((tc & 0xF0) >> 4)
ip_hdr.ip_flags[1] = ((tc & 0x0F) << 4) | ((fl & 0xF0000) >> 16);

Chris