netinet6/frag6/frag6_12.py

*f74e6e49SBjoern A. Zeeb#!/usr/bin/env python
*f74e6e49SBjoern A. Zeeb#-
*f74e6e49SBjoern A. Zeeb# SPDX-License-Identifier: BSD-2-Clause
*f74e6e49SBjoern A. Zeeb#
*f74e6e49SBjoern A. Zeeb# Copyright (c) 2019 Netflix, Inc.
*f74e6e49SBjoern A. Zeeb#
*f74e6e49SBjoern A. Zeeb# Redistribution and use in source and binary forms, with or without
*f74e6e49SBjoern A. Zeeb# modification, are permitted provided that the following conditions
*f74e6e49SBjoern A. Zeeb# are met:
*f74e6e49SBjoern A. Zeeb# 1. Redistributions of source code must retain the above copyright
*f74e6e49SBjoern A. Zeeb#    notice, this list of conditions and the following disclaimer.
*f74e6e49SBjoern A. Zeeb# 2. Redistributions in binary form must reproduce the above copyright
*f74e6e49SBjoern A. Zeeb#    notice, this list of conditions and the following disclaimer in the
*f74e6e49SBjoern A. Zeeb#    documentation and/or other materials provided with the distribution.
*f74e6e49SBjoern A. Zeeb#
*f74e6e49SBjoern A. Zeeb# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
*f74e6e49SBjoern A. Zeeb# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*f74e6e49SBjoern A. Zeeb# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
*f74e6e49SBjoern A. Zeeb# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
*f74e6e49SBjoern A. Zeeb# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
*f74e6e49SBjoern A. Zeeb# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
*f74e6e49SBjoern A. Zeeb# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*f74e6e49SBjoern A. Zeeb# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*f74e6e49SBjoern A. Zeeb# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
*f74e6e49SBjoern A. Zeeb# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*f74e6e49SBjoern A. Zeeb# SUCH DAMAGE.
*f74e6e49SBjoern A. Zeeb#
*f74e6e49SBjoern A. Zeeb# $FreeBSD$
*f74e6e49SBjoern A. Zeeb#
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeebimport argparse
*f74e6e49SBjoern A. Zeebimport scapy.all as sp
*f74e6e49SBjoern A. Zeebimport socket
*f74e6e49SBjoern A. Zeebimport sys
*f74e6e49SBjoern A. Zeebfrom sniffer import Sniffer
*f74e6e49SBjoern A. Zeebfrom time import sleep
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeebdef check_icmp6_error(args, packet):
*f74e6e49SBjoern A. Zeeb	ip6 = packet.getlayer(sp.IPv6)
*f74e6e49SBjoern A. Zeeb	if not ip6:
*f74e6e49SBjoern A. Zeeb		return False
*f74e6e49SBjoern A. Zeeb	oip6 = sp.IPv6(src=args.src[0], dst=args.to[0])
*f74e6e49SBjoern A. Zeeb	if ip6.dst != oip6.src:
*f74e6e49SBjoern A. Zeeb		return False
*f74e6e49SBjoern A. Zeeb	icmp6 = packet.getlayer(sp.ICMPv6TimeExceeded)
*f74e6e49SBjoern A. Zeeb	if not icmp6:
*f74e6e49SBjoern A. Zeeb		return False
*f74e6e49SBjoern A. Zeeb	# ICMP6_TIME_EXCEED_REASSEMBLY 1
*f74e6e49SBjoern A. Zeeb	if icmp6.code != 1:
*f74e6e49SBjoern A. Zeeb		return False
*f74e6e49SBjoern A. Zeeb	# Should we check the payload as well?
*f74e6e49SBjoern A. Zeeb	# We are running in a very isolated environment and nothing else
*f74e6e49SBjoern A. Zeeb	# should trigger an ICMPv6 Time Exceeded / Frag reassembly so leave it.
*f74e6e49SBjoern A. Zeeb	#icmp6.display()
*f74e6e49SBjoern A. Zeeb	return True
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeebdef main():
*f74e6e49SBjoern A. Zeeb	parser = argparse.ArgumentParser("frag6.py",
*f74e6e49SBjoern A. Zeeb		description="IPv6 fragementation test tool")
*f74e6e49SBjoern A. Zeeb	parser.add_argument('--sendif', nargs=1,
*f74e6e49SBjoern A. Zeeb		required=True,
*f74e6e49SBjoern A. Zeeb		help='The interface through which the packet will be sent')
*f74e6e49SBjoern A. Zeeb	parser.add_argument('--recvif', nargs=1,
*f74e6e49SBjoern A. Zeeb		required=True,
*f74e6e49SBjoern A. Zeeb		help='The interface on which to check for the packet')
*f74e6e49SBjoern A. Zeeb	parser.add_argument('--src', nargs=1,
*f74e6e49SBjoern A. Zeeb		required=True,
*f74e6e49SBjoern A. Zeeb		help='The source IP address')
*f74e6e49SBjoern A. Zeeb	parser.add_argument('--to', nargs=1,
*f74e6e49SBjoern A. Zeeb		required=True,
*f74e6e49SBjoern A. Zeeb		help='The destination IP address')
*f74e6e49SBjoern A. Zeeb	parser.add_argument('--debug',
*f74e6e49SBjoern A. Zeeb		required=False, action='store_true',
*f74e6e49SBjoern A. Zeeb		help='Enable test debugging')
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb	args = parser.parse_args()
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb	# Start sniffing on recvif
*f74e6e49SBjoern A. Zeeb	sniffer = Sniffer(args, check_icmp6_error)
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb	########################################################################
*f74e6e49SBjoern A. Zeeb	#
*f74e6e49SBjoern A. Zeeb	# A single start fragment with payload.
*f74e6e49SBjoern A. Zeeb	#
*f74e6e49SBjoern A. Zeeb	# A:  Waiting for more data.
*f74e6e49SBjoern A. Zeeb	# R:  Timeout / Expiry.
*f74e6e49SBjoern A. Zeeb	#
*f74e6e49SBjoern A. Zeeb	data = "6" * 1280
*f74e6e49SBjoern A. Zeeb	ip6f01 = sp.Ether() / \
*f74e6e49SBjoern A. Zeeb		sp.IPv6(src=args.src[0], dst=args.to[0]) / \
*f74e6e49SBjoern A. Zeeb		sp.IPv6ExtHdrFragment(offset=0, m=1, id=3) / \
*f74e6e49SBjoern A. Zeeb		sp.UDP(dport=3456, sport=6543) / \
*f74e6e49SBjoern A. Zeeb		data
*f74e6e49SBjoern A. Zeeb	if args.debug :
*f74e6e49SBjoern A. Zeeb		ip6f01.display()
*f74e6e49SBjoern A. Zeeb	sp.sendp(ip6f01, iface=args.sendif[0], verbose=False)
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb	# Wait for ICMPv6 error generation on timeout.
*f74e6e49SBjoern A. Zeeb	sleep(75)
*f74e6e49SBjoern A. Zeeb	sniffer.setEnd()
*f74e6e49SBjoern A. Zeeb	sniffer.join()
*f74e6e49SBjoern A. Zeeb	if not sniffer.foundCorrectPacket:
*f74e6e49SBjoern A. Zeeb		sys.exit(1)
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeeb	sys.exit(0)
*f74e6e49SBjoern A. Zeeb
*f74e6e49SBjoern A. Zeebif __name__ == '__main__':
*f74e6e49SBjoern A. Zeeb	main()