1#!/usr/local/bin/python2.7 2 3print "ping6 fragment that overlaps the first fragment with the head" 4 5# |---------| 6# |XXXXXXXXX| 7# |----| 8# |----| 9# |----| 10 11import os 12from addr import * 13from scapy.all import * 14 15pid=os.getpid() 16eid=pid & 0xffff 17payload="ABCDEFGHIJKLMNOP" 18dummy="0123456701234567" 19packet=IPv6(src=LOCAL_ADDR6, dst=REMOTE_ADDR6)/ \ 20 ICMPv6EchoRequest(id=eid, data=payload) 21frag=[] 22fid=pid & 0xffffffff 23frag.append(IPv6ExtHdrFragment(nh=58, id=fid, m=1)/str(packet)[40:56]) 24frag.append(IPv6ExtHdrFragment(nh=58, id=fid, offset=1)/dummy) 25frag.append(IPv6ExtHdrFragment(nh=58, id=fid, m=1)/str(packet)[40:48]) 26frag.append(IPv6ExtHdrFragment(nh=58, id=fid, offset=1, m=1)/str(packet)[48:56]) 27frag.append(IPv6ExtHdrFragment(nh=58, id=fid, offset=2)/str(packet)[56:64]) 28eth=[] 29for f in frag: 30 pkt=IPv6(src=LOCAL_ADDR6, dst=REMOTE_ADDR6)/f 31 eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/pkt) 32 33if os.fork() == 0: 34 time.sleep(1) 35 sendp(eth, iface=LOCAL_IF) 36 os._exit(0) 37 38ans=sniff(iface=LOCAL_IF, timeout=3, filter= 39 "ip6 and src "+REMOTE_ADDR6+" and dst "+LOCAL_ADDR6+" and icmp6") 40for a in ans: 41 if a and a.type == ETH_P_IPV6 and \ 42 ipv6nh[a.payload.nh] == 'ICMPv6' and \ 43 icmp6types[a.payload.payload.type] == 'Echo Reply': 44 id=a.payload.payload.id 45 print "id=%#x" % (id) 46 if id != eid: 47 print "WRONG ECHO REPLY ID" 48 exit(2) 49 data=a.payload.payload.data 50 print "payload=%s" % (data) 51 if data == payload: 52 exit(0) 53 print "PAYLOAD!=%s" % (payload) 54 exit(2) 55print "NO ECHO REPLY" 56exit(1) 57