1#!/usr/local/bin/python2.7 2# end of new fragment overlaps old one 3 4# |>>>>>----| 5# |--------| 6 7# If the tail of the current framgent overlaps the beginning of an 8# older fragment, cut the older fragment. 9# m_adj(after->fe_m, aftercut); 10# The older data becomes more suspect, and we essentially cause it 11# to be dropped in the end, meaning it will come again. 12 13import os 14from addr import * 15from scapy.all import * 16 17dstaddr=sys.argv[1] 18pid=os.getpid() 19payload="ABCDEFGHIJKLOMNO" 20dummy="01234567" 21packet=IP(src=SRC_OUT, dst=dstaddr)/ICMP(id=pid)/payload 22frag0=str(packet)[20:36] 23frag1=dummy+str(packet)[36:44] 24pkt0=IP(src=SRC_OUT, dst=dstaddr, proto=1, id=pid, frag=0, flags='MF')/frag0 25pkt1=IP(src=SRC_OUT, dst=dstaddr, proto=1, id=pid, frag=1)/frag1 26eth=[] 27eth.append(Ether(src=SRC_MAC, dst=PF_MAC)/pkt1) 28eth.append(Ether(src=SRC_MAC, dst=PF_MAC)/pkt0) 29 30if os.fork() == 0: 31 time.sleep(1) 32 sendp(eth, iface=SRC_IF) 33 os._exit(0) 34 35ans=sniff(iface=SRC_IF, timeout=3, filter= 36 "ip and src "+dstaddr+" and dst "+SRC_OUT+" and icmp") 37a=ans[0] 38if a and a.type == ETH_P_IP and \ 39 a.payload.proto == 1 and \ 40 a.payload.frag == 0 and a.payload.flags == 0 and \ 41 icmptypes[a.payload.payload.type] == 'echo-reply': 42 id=a.payload.payload.id 43 print "id=%#x" % (id) 44 if id != pid: 45 print "WRONG ECHO REPLY ID" 46 exit(2) 47 load=a.payload.payload.payload.load 48 print "payload=%s" % (load) 49 if load == payload: 50 exit(0) 51 print "PAYLOAD!=%s" % (payload) 52 exit(1) 53print "NO ECHO REPLY" 54exit(2) 55