def main(): intf = sys.argv[1] ipv6_src = sys.argv[2] ipv6_dst = sys.argv[3] ipv6_main = sp.IPv6(dst=ipv6_dst, src=ipv6_src) padding = 8 fid = random.randint(0, 100000) frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0) frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding / 8) pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \ / sp.Raw('XXXX' * 199) \ / sp.AH(nh=FRAG_PROTO, payloadlen=1) \ / frag_1 pkt0 = sp.Ether() / ipv6_main / frag_0 / sp.Raw('A' * padding) pkt1 = sp.Ether() / ipv6_main / pkt1_opts / sp.Raw('B' * padding) sp.sendp(pkt0, iface=intf, verbose=False) sp.sendp(pkt1, iface=intf, verbose=False)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single start fragment with zero length IPv6 header (jumbo). # Make sure we do hit the Fragment case, which is tricky as the # jumbogram needs to be > 64k. # # A: Jumbo-Fragment not allowed. # R: ICMPv6 param problem. # #data = "6" * (65536 - 2 - 6 - 8 - 8) data = "6" * 65512 ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], plen=0) / \ sp.IPv6ExtHdrHopByHop(options=sp.Jumbo(jumboplen=65536)) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=6) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # We should only need to sleep 0.10 but it seems scapy # takes time for this one. sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Send a sample of pseudo-random fragments into the system in order # to test vnet teardown. # # A: Cleaned up and freed # R: No panic (ignoring everything else) # random.seed() packets = [] for i in range(0, 127): fid = random.randint(0, 0xffff) foffset = random.randint(0, 0xffff) fm = random.randint(0, 1) fsrc = sp.RandIP6() ip6f01 = sp.Ether() / \ sp.IPv6(src=fsrc, dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=foffset, m=fm, id=fid) / \ sp.UDP(dport=3456, sport=6543) if args.debug: ip6f01.display() packets.append(ip6f01) for p in packets: sp.sendp(p, iface=args.sendif[0], verbose=False) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single start fragment with payload. # # A: Waiting for more data. # R: Timeout / Expiry. # data = "6" * 1280 ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=3) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for ICMPv6 error generation on timeout. sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # Atomic fragment. # # A: Nothing listening on UDP port. # R: ICMPv6 dst unreach, unreach port. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=0, id=3) / \ sp.UDP(dport=3456, sport=6543) if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # 0-byte first fragment. # # A: 0-byte fragment payload not allowed. Discarded. # R: ICMPv6 param prob, paramprob header. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=4) if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Send a sample of sequeneced ID fragments into the system in order # to test bucket distribution. # # A: No overflow at V_ip6_maxfragsperpacket == 64. # R: Stats only, timeout and no ICMPv6 (all ignored). # packets = [] data = "66666666" for i in range(0, 127): ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=1, m=1, id=i) / \ data if args.debug: ip6f01.display() packets.append(ip6f01) for p in packets: sp.sendp(p, iface=args.sendif[0], verbose=False) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Sysctl set to accept (no|maximum 10) fragments. # # A: Discarded. # R: Silence (statistics only) or ICMPv6 timeout expiry. # data = "6" * 1280 bfid = 0x5001 for i in range(20): fid = bfid + i ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=fid) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for possible expiry to happen. sleep(75) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # A single last fragment. # # A: Waiting for more data. # R: Timeout / Expiry. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=321, m=0, id=8) / \ sp.UDP(dport=3456, sport=6543) if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for expiration to happen. We will not see an ICMPv6 as there # is no frag with offset=0. sleep(75) sys.exit(0)
def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Send multiple fragments, with an exact overlap in a middle one, # not finishing the full packet (and ignoring the content anyway). # # A: Reassembly failure. # R: dup dropped silently / Timeout (not waiting for). # data = "6" * 8 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1000, m=0, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f03 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f04 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=16, m=1, id=14) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() ip6f03.display() ip6f04.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sp.sendp(ip6f03, iface=args.sendif[0], verbose=False) sp.sendp(ip6f04, iface=args.sendif[0], verbose=False) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # Send multiple fragments, with a partial overlap on the first one # not finishing the full packet (and ignoring the content anyway). # The second packet needs to be the first one in the fragment chain # in order to trigger the 2nd case to test. # # A: Reassembly failure. # R: dup dropped silently / Timeout (not waiting for). # data = "6" * 8 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=10, m=1, id=0x1401) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=9, m=0, id=0x1401) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # Wait for expiry. sleep(75) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Two fragments with different ECN (Traffic Clas) bits to trigger # error cases. # # A: Reassembly failure. # R: ip6f02 dropped / Timeout (not waiting for). # data = "6" * 8 # IPTOS_ECN_NOTECT ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=13) / \ sp.UDP(dport=3456, sport=6543) / \ data # IPTOS_ECN_CE ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x03) / \ sp.IPv6ExtHdrFragment(offset=16, m=0, id=13) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # Two fragments with different ECN (Traffic Clas) bits to trigger # error cases. # # A: Reassembly failure. # R: ip6f02 dropped / Timeout (not waiting for). # # IPTOS_ECN_ECT1 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x01) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=0x1301) / \ sp.UDP(dport=3456, sport=6543) / \ data # IPTOS_ECN_NOTECT ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], tc=0x00) / \ sp.IPv6ExtHdrFragment(offset=16, m=0, id=0x1301) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) # Wait for expiry. sleep(75) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single fragmented packet with upper layer data in multiple segments # to pass fragmentation. # We need to do a bit of a dance to get the UDP checksum right. # # A: 1 reassembled packet # R: Statistics and ICMPv6 error (non-fragmentation) as no port open. # data = "6" * 1280 dataall = data * 30 ip6f01 = \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.UDP(dport=3456, sport=6543) / \ dataall ip6fd = sp.IPv6(sp.raw(ip6f01)) ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=16) / \ sp.UDP(dport=3456, sport=6543, len=ip6fd.len, chksum=ip6fd.chksum) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) foffset = (int)(1288 / 8) mbit = 1 for i in range(1, 30): if i is 29: mbit = 0 ip6f0n = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=foffset, m=mbit, id=16, nh=socket.IPPROTO_UDP) / \ data if args.debug: ip6f0n.display() sp.sendp(ip6f0n, iface=args.sendif[0], verbose=False) foffset += (int)(1280 / 8) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # Two fragments with payload and offset set to add up to >64k. # # Make a first fragment arrive and a second to explode everything. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. # R: ICMPv6 timeout (1st frag, off=0) # data = "6" * 1280 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # A fragment with payload and offset set to add up to >64k. # # Try again with the first packet to make things explode. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. # # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=0x7001) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) # Wait for expiry from first test run. sleep(75) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() ######################################################################## # # Sysctl set to accept maximum 3 segments on a fragmented packet. # The 4th packet will flush the entire q6. # # A: 4 Discarded. # R: Silence (statistics only) no ICMPv6 as we skip the off=0 segment. # data = "66666666" for i in range(4): foffset = 16 + (i * (0x100 + (int)(16 / 8))) ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=foffset, m=1, id=15) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # Sysctl set to accept maximum 3 segments on a fragmented packet. # The 4th packet will flush the entire q6. # This time we play proper offset/length games on the packets in order # to trigger the 2nd test case, with the last packet still having m=1. # # A: 4 Discarded. # R: ICMPv6 timeout expired. # data = "66666666" for i in range(4): foffset = (i * (int)(16 / 8)) ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=foffset, m=1, id=0x1501) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sys.exit(0)
def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # Send a proper first fragment (off=0) and a second fragment which # just fits the 64k. The re-send the first fragment with an extra # unfragmentable part making the 64k to exceed the limit. # This is to make sure we don't allow to update meta-data for a # 1st fragmented packet should a second arrive but given the # fragmentable part is an exact duplicate only that fragment # will be silently discarded. # # A: Reassembly failure, timeout after # R: ICMPv6 time exceeded / statistics for the duplicate # data = "6" * 8 ip6f00 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 15 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 8 ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f00.display() ip6f01.display() ip6f02.display() sp.sendp(ip6f00, iface=args.sendif[0], verbose=False) sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # A fragment with payload and offset set to add up to >64k when # another frag with offset=0 arrives and has an unfrag part. # This is us checking for all fragments queued already when the # one with off=0 arrives. Note: unless the off=0 has its own problem # it will be queued and off!=0 ones might be expunged with param prob. # # A: Reassembly failure, timeout after # R: ICMPv6 param prob, param header (1st frag) # R: ICMPv6 time exceeded (2nd frag, as off=0) # data = "6" * 15 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 8 ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sleep(75) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0)
def getExtHdrs(args): ext = None # XXX-TODO Try to put them in an order which could make sense # in real life packets and according to the RFCs. if args.hbh: hbh = sp.IPv6ExtHdrHopByHop(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) ext = addExt(ext, hbh) if args.rh: rh = sp.IPv6ExtHdrRouting(type=0) ext = addExt(ext, rh) if args.frag6: frag6 = sp.IPv6ExtHdrFragment(offset=0, m=0, id=0x1234) ext = addExt(ext, frag6) if args.esp: # XXX TODO esp = None ext = addExt(ext, esp) if args.ah: # XXX TODO ah = None ext = addExt(ext, ah) if args.dest: dest = sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) ext = addExt(ext, dest) if args.mobi: # XXX TODO mobi = None ext = addExt(ext, mobi) if args.hip: # XXX TODO hip = None ext = addExt(ext, hip) if args.shim6: # XXX TODO shim6 = None ext = addExt(ext, shim6) if args.proto253: # XXX TODO tft = None ext = addExt(ext, tft) if args.proto254: # XXX TODO tff = None ext = addExt(ext, tff) if args.hbhbad: hbhbad = sp.IPv6ExtHdrHopByHop(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) ext = addExt(ext, hbhbad) return ext