1#!/usr/local/bin/python2.7 2# check ip and udp checksum in returned icmp packet 3 4import os 5from addr import * 6from scapy.all import * 7 8dstaddr=sys.argv[1] 9uport=os.getpid() & 0xffff 10# inetd ignores UDP packets from privileged port or nfs 11if uport < 1024 or uport == 2049: 12 uport+=1024 13payload="a" * 1472 14p=(Ether(src=SRC_MAC, dst=PF_MAC)/IP(flags="DF", src=SRC_OUT, dst=dstaddr)/ 15 UDP(sport=uport, dport=9)/payload) 16ipcksum=IP(str(p.payload)).chksum 17print "ipcksum=%#04x" % (ipcksum) 18udpcksum=IP(str(p.payload)).payload.chksum 19print "udpcksum=%#04x" % (udpcksum) 20a=srp1(p, iface=SRC_IF, timeout=2) 21if a and a.type == ETH_P_IP and \ 22 a.payload.proto == 1 and \ 23 icmptypes[a.payload.payload.type] == 'dest-unreach' and \ 24 icmpcodes[a.payload.payload.type][a.payload.payload.code] == \ 25 'fragmentation-needed': 26 outeripcksum=a.payload.chksum 27 print "outeripcksum=%#04x" % (outeripcksum) 28 outercksum=a.payload.payload.chksum 29 print "outercksum=%#04x" % (outercksum) 30 q=a.payload.payload.payload 31 inneripcksum=q.chksum 32 print "inneripcksum=%#04x" % (inneripcksum) 33 if q.proto == 17: 34 innercksum=q.payload.chksum 35 print "innercksum=%#04x" % (innercksum) 36 if innercksum == udpcksum: 37 exit(0) 38 print "INNERCKSUM!=UDPCKSUM" 39 exit(1) 40 print "NO INNER UDP REQUEST" 41 exit(2) 42print "NO FRAGMENTATION NEEDED" 43exit(2) 44