def packet_dst_in(dsts, p): dsts = isinstance(dsts, list) and dsts or [dsts] for d in dsts: d = IPAddress.identify(d) if d.version() == 4 and p.haslayer(IP) and IPAddress.identify(p.getlayer(IP).dst) == d: return True elif d.version() == 6 and p.haslayer(IPv6) and IPAddress.identify(p.getlayer(IPv6).dst) == d: return True return False
def packet_src_in(srcs, p): srcs = isinstance(srcs, list) and srcs or [srcs] for s in srcs: s = IPAddress.identify(s) if s.version() == 4 and p.haslayer(IP) and IPAddress.identify(p.getlayer(IP).src) == s: return True elif s.version() == 6 and p.haslayer(IPv6) and IPAddress.identify(p.getlayer(IPv6).src) == s: return True return False
def run(self): # This relies on SEND - Ping it so it sends an NS self.logger.info( "Sending an ICMPv6 Echo Request to the UUT, to trigger a Secure Neighbor Solicitation..." ) self.node(1).send( IPv6(src=str(self.node(1).link_local_ip()), dst=str(self.target(1).link_local_ip())) / ICMPv6EchoRequest(seq=self.next_seq())) self.logger.info("Checking for a signed CGA packet...") cga_packets = self.node(1).received(src=self.target(1).link_local_ip(), dst=self.node(1).link_local_ip(), type=ICMPv6NDOptCGA, timeout=120) assertGreaterThanOrEqualTo( 1, len(cga_packets), "expect to receive one-or-more CGA packets") self.logger.info("Receive a CGA packet. Verifying it:") cga_layer = cga_packets[0][ICMPv6NDOptCGA] self.logger.info("Checking Collision count is in range...") assertTrue(cga_layer.collision in [0, 1, 2], "expected Collision Count to be 0, 1 or 2") iface_identifier = inet_pton(socket.AF_INET6, IPAddress.identify( cga_packets[0].src).ip)[8:] prefix = IPAddress.identify(cga_packets[0].src).network() # check the CGA subnet prefix(mask) is equal to the subnet prefix self.logger.info("Checking the Subnet Prefix Mask...") assertEqual(str(Network(cga_layer.mask)), prefix, "expected the CGA Prefix to match the Address Prefix") self.logger.info("Checking Hash One...") hash1 = self.hash_one(cga_layer) mask1 = '\x1c\xff\xff\xff\xff\xff\xff\xff' # RFC3972, Section 2 # Hash1 & Mask1 == Interface Identifier & Mask1, last 7 octets should match exactly assertEqual(self.and_byte_strings(hash1, mask1), self.and_byte_strings(iface_identifier, mask1), "expected hash1 to match the interface identifier") assertEqual(hash1[7:], iface_identifier[7:], "expected hash1 to match the interface identifier") self.logger.info("Checking Hash Two...") hash2 = self.hash_two(cga_layer) sec = (ord(iface_identifier[0]) >> 5) & 0x07 mask2 = '\xff\xff' * sec + '\x00\x00' * ( 7 - sec) # 112bit mask as in RFC 3972, Section 2 # Hash2 & Mask2 == 0x0000000000000000000000000000 assertEqual(self.and_byte_strings(hash2, mask2), '\x00\x00' * 7, "expected hash2 & mask2 to be zero")
def packet_src_in(srcs, p): srcs = isinstance(srcs, list) and srcs or [srcs] for s in srcs: s = IPAddress.identify(s) if s.version() == 4 and p.haslayer(IP) and IPAddress.identify( p.getlayer(IP).src) == s: return True elif s.version() == 6 and p.haslayer( IPv6) and IPAddress.identify( p.getlayer(IPv6).src) == s: return True return False
def packet_dst_in(dsts, p): dsts = isinstance(dsts, list) and dsts or [dsts] for d in dsts: d = IPAddress.identify(d) if d.version() == 4 and p.haslayer(IP) and IPAddress.identify( p.getlayer(IP).dst) == d: return True elif d.version() == 6 and p.haslayer( IPv6) and IPAddress.identify( p.getlayer(IPv6).dst) == d: return True return False
def __forward_to_if1(self, packet_or_frame, iface): if any( map( lambda n: (packet_or_frame.haslayer( IP) or packet_or_frame.haslayer(IPv6)) and str( IPAddress.identify(packet_or_frame.dst)) in n, self.__forwards_to_1)): self.__forward_from_to(0, 1, packet_or_frame)
def append(self, ip): if not isinstance(ip, IPAddress): ip = IPAddress.identify(ip) if not str(ip) in self: if ip.version() == 4: self.__v4_ips.append(ip) elif ip.version() == 6 and not ip.is_tunnel() and not ip.is_v4_mapped(): self.__v6_ips.append(ip) elif ip.version() == 6 and ip.is_tunnel(): self.__v6_tunnel_ips.append(ip) elif ip.version() == 6 and ip.is_v4_mapped(): self.__v4_mapped_ips.append(ip)
def append(self, ip): if not isinstance(ip, IPAddress): ip = IPAddress.identify(ip) if not str(ip) in self: if ip.version() == 4: self.__v4_ips.append(ip) elif ip.version( ) == 6 and not ip.is_tunnel() and not ip.is_v4_mapped(): self.__v6_ips.append(ip) elif ip.version() == 6 and ip.is_tunnel(): self.__v6_tunnel_ips.append(ip) elif ip.version() == 6 and ip.is_v4_mapped(): self.__v4_mapped_ips.append(ip)
def run(self): # This relies on SEND - Ping it so it sends an NS self.logger.info("Sending an ICMPv6 Echo Request to the UUT, to trigger a Secure Neighbor Solicitation...") self.node(1).send( IPv6(src=str(self.node(1).link_local_ip()), dst=str(self.target(1).link_local_ip()))/ ICMPv6EchoRequest(seq=self.next_seq())) self.logger.info("Checking for a signed CGA packet...") cga_packets = self.node(1).received(src=self.target(1).link_local_ip(), dst=self.node(1).link_local_ip(), type=ICMPv6NDOptCGA, timeout=120) assertGreaterThanOrEqualTo(1, len(cga_packets), "expect to receive one-or-more CGA packets") self.logger.info("Receive a CGA packet. Verifying it:") cga_layer = cga_packets[0][ICMPv6NDOptCGA] self.logger.info("Checking Collision count is in range...") assertTrue(cga_layer.collision in [0,1,2], "expected Collision Count to be 0, 1 or 2") iface_identifier = inet_pton(socket.AF_INET6, IPAddress.identify(cga_packets[0].src).ip)[8:] prefix = IPAddress.identify(cga_packets[0].src).network() # check the CGA subnet prefix(mask) is equal to the subnet prefix self.logger.info("Checking the Subnet Prefix Mask...") assertEqual(str(Network(cga_layer.mask)), prefix, "expected the CGA Prefix to match the Address Prefix") self.logger.info("Checking Hash One...") hash1 = self.hash_one(cga_layer) mask1 = '\x1c\xff\xff\xff\xff\xff\xff\xff' # RFC3972, Section 2 # Hash1 & Mask1 == Interface Identifier & Mask1, last 7 octets should match exactly assertEqual(self.and_byte_strings(hash1, mask1), self.and_byte_strings(iface_identifier, mask1), "expected hash1 to match the interface identifier") assertEqual(hash1[7:], iface_identifier[7:], "expected hash1 to match the interface identifier") self.logger.info("Checking Hash Two...") hash2 = self.hash_two(cga_layer) sec = (ord(iface_identifier[0]) >> 5) & 0x07 mask2 = '\xff\xff'*sec + '\x00\x00'*(7-sec) # 112bit mask as in RFC 3972, Section 2 # Hash2 & Mask2 == 0x0000000000000000000000000000 assertEqual(self.and_byte_strings(hash2, mask2), '\x00\x00'*7, "expected hash2 & mask2 to be zero")
def __forward_to_if1(self, packet_or_frame, iface): if any(map(lambda n: (packet_or_frame.haslayer(IP) or packet_or_frame.haslayer(IPv6)) and str(IPAddress.identify(packet_or_frame.dst)) in n, self.__forwards_to_1)): self.__forward_from_to(0, 1, packet_or_frame)