def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single start fragment with zero length IPv6 header (jumbo). # Make sure we do hit the Fragment case, which is tricky as the # jumbogram needs to be > 64k. # # A: Jumbo-Fragment not allowed. # R: ICMPv6 param problem. # #data = "6" * (65536 - 2 - 6 - 8 - 8) data = "6" * 65512 ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0], plen=0) / \ sp.IPv6ExtHdrHopByHop(options=sp.Jumbo(jumboplen=65536)) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=6) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # We should only need to sleep 0.10 but it seems scapy # takes time for this one. sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single start fragment with payload. # # A: Waiting for more data. # R: Timeout / Expiry. # data = "6" * 1280 ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=3) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) # Wait for ICMPv6 error generation on timeout. sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # Atomic fragment. # # A: Nothing listening on UDP port. # R: ICMPv6 dst unreach, unreach port. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=0, id=3) / \ sp.UDP(dport=3456, sport=6543) if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # 0-byte first fragment. # # A: 0-byte fragment payload not allowed. Discarded. # R: ICMPv6 param prob, paramprob header. # ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=4) if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # A fragment with payload and offset set to add up to >64k when # another frag with offset=0 arrives and has an unfrag part. # This is us checking for all fragments queued already when the # one with off=0 arrives. Note: unless the off=0 has its own problem # it will be queued and off!=0 ones might be expunged with param prob. # # A: Reassembly failure, timeout after # R: ICMPv6 param prob, param header (1st frag) # R: ICMPv6 time exceeded (2nd frag, as off=0) # data = "6" * 15 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 8 ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=8) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug: ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sleep(75) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser( "frag6.py", description="IPv6 fragementation test tool") parser.add_argument( '--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # A single fragmented packet with upper layer data in multiple segments # to pass fragmentation. # We need to do a bit of a dance to get the UDP checksum right. # # A: 1 reassembled packet # R: Statistics and ICMPv6 error (non-fragmentation) as no port open. # data = "6" * 1280 dataall = data * 30 ip6f01 = \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.UDP(dport=3456, sport=6543) / \ dataall ip6fd = sp.IPv6(sp.raw(ip6f01)) ip6f01 = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=16) / \ sp.UDP(dport=3456, sport=6543, len=ip6fd.len, chksum=ip6fd.chksum) / \ data if args.debug: ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) foffset = (int)(1288 / 8) mbit = 1 for i in range(1, 30): if i is 29: mbit = 0 ip6f0n = sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=foffset, m=mbit, id=16, nh=socket.IPPROTO_UDP) / \ data if args.debug: ip6f0n.display() sp.sendp(ip6f0n, iface=args.sendif[0], verbose=False) foffset += (int)(1280 / 8) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) sniffer2 = Sniffer(args, check_icmp6_error_2) ######################################################################## # # Two fragments with payload and offset set to add up to >64k. # # Make a first fragment arrive and a second to explode everything. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. # R: ICMPv6 timeout (1st frag, off=0) # data = "6" * 1280 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=7) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() ip6f02.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(1.00) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ## # # A fragment with payload and offset set to add up to >64k. # # Try again with the first packet to make things explode. # # A: Reassembly failure. # R: ICMPv6 param prob, param header. # # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1fff, m=1, id=0x7001) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f01.display() sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sleep(0.10) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) # Wait for expiry from first test run. sleep(75) sniffer2.setEnd() sniffer2.join() if not sniffer2.foundCorrectPacket: sys.exit(1) sys.exit(0)
def main(): parser = argparse.ArgumentParser("frag6.py", description="IPv6 fragementation test tool") parser.add_argument('--sendif', nargs=1, required=True, help='The interface through which the packet will be sent') parser.add_argument('--recvif', nargs=1, required=True, help='The interface on which to check for the packet') parser.add_argument('--src', nargs=1, required=True, help='The source IP address') parser.add_argument('--to', nargs=1, required=True, help='The destination IP address') parser.add_argument('--debug', required=False, action='store_true', help='Enable test debugging') args = parser.parse_args() # Start sniffing on recvif sniffer = Sniffer(args, check_icmp6_error) ######################################################################## # # Send a proper first fragment (off=0) and a second fragment which # just fits the 64k. The re-send the first fragment with an extra # unfragmentable part making the 64k to exceed the limit. # This is to make sure we don't allow to update meta-data for a # 1st fragmented packet should a second arrive but given the # fragmentable part is an exact duplicate only that fragment # will be silently discarded. # # A: Reassembly failure, timeout after # R: ICMPv6 time exceeded / statistics for the duplicate # data = "6" * 8 ip6f00 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 15 ip6f01 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrFragment(offset=0x1ffc, m=0, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data data = "6" * 8 ip6f02 = \ sp.Ether() / \ sp.IPv6(src=args.src[0], dst=args.to[0]) / \ sp.IPv6ExtHdrDestOpt(options = \ sp.PadN(optdata="\x00\x00\x00\x00\x00\x00")) / \ sp.IPv6ExtHdrFragment(offset=0, m=1, id=20) / \ sp.UDP(dport=3456, sport=6543) / \ data if args.debug : ip6f00.display() ip6f01.display() ip6f02.display() sp.sendp(ip6f00, iface=args.sendif[0], verbose=False) sp.sendp(ip6f01, iface=args.sendif[0], verbose=False) sp.sendp(ip6f02, iface=args.sendif[0], verbose=False) sleep(75) sniffer.setEnd() sniffer.join() if not sniffer.foundCorrectPacket: sys.exit(1) sys.exit(0)