1#!/usr/local/bin/python2.7
2# send ping6 fragment that overlaps the first fragment with the head
3# send complete packet fragments and check that they generate a reply.
4
5# |---------|
6#      |XXXXXXXXX|
7# |----|
8#      |----|
9#           |----|
10
11import os
12from addr import *
13from scapy.all import *
14
15pid=os.getpid() & 0xffff
16payload="ABCDEFGHIJKLMNOP"
17dummy="0123456701234567"
18packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload)
19frag=[]
20frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:56])
21frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/dummy)
22frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:48])
23frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1, m=1)/str(packet)[48:56])
24frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/str(packet)[56:64])
25eth=[]
26for f in frag:
27	pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f
28	eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt)
29
30if os.fork() == 0:
31	time.sleep(1)
32	sendp(eth, iface=SRC_IF)
33	os._exit(0)
34
35ans=sniff(iface=SRC_IF, timeout=3, filter=
36    "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6")
37for a in ans:
38	if a and a.type == ETH_P_IPV6 and \
39	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
40	    icmp6types[a.payload.payload.type] == 'Echo Reply':
41		id=a.payload.payload.id
42		print "id=%#x" % (id)
43		if id != pid:
44			print "WRONG ECHO REPLY ID"
45			exit(2)
46		data=a.payload.payload.data
47		print "payload=%s" % (data)
48		if data == payload:
49			exit(0)
50		print "PAYLOAD!=%s" % (payload)
51		exit(2)
52print "NO ECHO REPLY"
53exit(1)
54