Make getNextHopMAC do ND when the dest is IPv6.

This is what setTargetNextHopMAC already did, but the code change was
not copied here. This provided a way for NSE scripts to cause an
assertion failure:

local math = require "math"
local packet = require "packet"
function portrule(host, port)
  return port.protocol == "udp"
end
function action(host, port)
  local ip_raw = bin.pack("H", "60000000000d11ff")
    .. host.bin_ip_src .. host.bin_ip
    .. bin.pack(">S", math.random(32768, 65535)) .. bin.pack(">S",
port.number)
    .. bin.pack("H", "000d8082") .. "hello"
  local p = packet.Packet:new(ip_raw, #ip_raw)
  p:udp_count_checksum()
  local s = nmap.new_dnet()
  s:ip_open()
  s:ip_send(p.buf)
end

This would fail with the message "doArp can only handle IPv4 addresses"
when ip_send called getNextHopMAC. (Only with --send-eth.)

tcpip.cc

@@ -1967,11 +1967,11 @@ bool getNextHopMAC(const char *iface, const u8 *srcmac, const struct sockaddr_st
   arp_t *a;
   struct arp_entry ae;
 
-  /* Nmap's ARP cache */
+  /* First, let us check the Nmap arp cache ... */
   if (mac_cache_get(dstss, dstmac))
     return true;
 
-  /* System ARP cache */
+  /* Maybe the system ARP cache will be more helpful */
   a = arp_open();
   addr_ston((sockaddr *) dstss, &ae.arp_pa);
   if (arp_get(a, &ae) == 0) {
@@ -1982,11 +1982,19 @@ bool getNextHopMAC(const char *iface, const u8 *srcmac, const struct sockaddr_st
   }
   arp_close(a);
 
-  /* Send ARP */
+  /* OK, the last choice is to send our own damn ARP request (and
+     retransmissions if necessary) to determine the MAC */
+  if (dstss->ss_family == AF_INET) {
     if (doArp(iface, srcmac, srcss, dstss, dstmac, PacketTrace::traceArp)) {
       mac_cache_set(dstss, dstmac);
       return true;
     }
+  } else if (dstss->ss_family == AF_INET6) {
+    if (doND(iface, srcmac, srcss, dstss, dstmac, PacketTrace::traceND)) {
+      mac_cache_set(dstss, dstmac);
+      return true;
+    }
+  }
 
   return false;
 }