1#!/usr/local/bin/python3 2 3print("drop too long fragment queue, reassemble less fragments") 4 5# |----| 6# |----| 7# |----| 8# ... ... 9# |----| 10 11import os 12from addr import * 13from scapy.all import * 14 15pid=os.getpid() 16eid=pid & 0xffff 17payload=b"ABCDEFGHIJKLMNOP" * 70 18frag=[] 19fid=pid & 0xffff 20# send packets with 65 and 64 fragments 21for max in (64, 63): 22 eid = ~eid & 0xffff 23 packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ 24 ICMP(type='echo-request', id=eid)/payload 25 fid = ~fid & 0xffff 26 for i in range(max): 27 frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, 28 frag=i, flags='MF')/bytes(packet)[20+i*8:20+(i+1)*8]) 29 frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, 30 frag=max)/bytes(packet)[20+max*8:]) 31eth=[] 32for f in frag: 33 eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f) 34 35child = os.fork() 36if child == 0: 37 time.sleep(1) 38 for e in eth: 39 sendp(e, iface=LOCAL_IF) 40 time.sleep(0.001) 41 os._exit(0) 42 43ans=sniff(iface=LOCAL_IF, timeout=6, filter= 44 "ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp") 45os.kill(child, 15) 46os.wait() 47 48reply=False 49for a in ans: 50 if a and a.type == ETH_P_IP and \ 51 a.payload.proto == 1 and \ 52 a.payload.frag == 0 and a.payload.flags == 0 and \ 53 icmptypes[a.payload.payload.type] == 'echo-reply': 54 id=a.payload.payload.id 55 print("id=%#x" % (id)) 56 if id == ~eid & 0xffff: 57 print("ECHO REPLY FROM 65 FRAGMENTS") 58 exit(1) 59 if id != eid: 60 print("WRONG ECHO REPLY ID") 61 exit(2) 62 data=a.payload.payload.payload.load 63 print("payload=%s" % (data)) 64 if data != payload: 65 print("PAYLOAD!=%s" % (payload)) 66 exit(2) 67 reply=True 68if not reply: 69 print("NO ECHO REPLY FROM 64 FRAGMENTS") 70 exit(1) 71exit(0) 72