1#!/usr/local/bin/python2.7 2 3print "ping6 fragment that overlaps the first fragment with its head" 4 5# |---------| 6# |XXXX-----| 7 8import os 9from addr import * 10from scapy.all import * 11 12pid=os.getpid() 13eid=pid & 0xffff 14payload="ABCDEFGHIJKLMNOP" 15packet=IPv6(src=LOCAL_ADDR6, dst=REMOTE_ADDR6)/ \ 16 ICMPv6EchoRequest(id=eid, data=payload) 17frag=[] 18fid=pid & 0xffffffff 19frag.append(IPv6ExtHdrFragment(nh=58, id=fid, m=1)/str(packet)[40:56]) 20frag.append(IPv6ExtHdrFragment(nh=58, id=fid, offset=1)/str(packet)[48:64]) 21eth=[] 22for f in frag: 23 pkt=IPv6(src=LOCAL_ADDR6, dst=REMOTE_ADDR6)/f 24 eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/pkt) 25 26if os.fork() == 0: 27 time.sleep(1) 28 sendp(eth, iface=LOCAL_IF) 29 os._exit(0) 30 31ans=sniff(iface=LOCAL_IF, timeout=3, filter= 32 "ip6 and src "+REMOTE_ADDR6+" and dst "+LOCAL_ADDR6+" and icmp6") 33for a in ans: 34 if a and a.type == ETH_P_IPV6 and \ 35 ipv6nh[a.payload.nh] == 'ICMPv6' and \ 36 icmp6types[a.payload.payload.type] == 'Echo Reply': 37 id=a.payload.payload.id 38 print "id=%#x" % (id) 39 if id != eid: 40 print "WRONG ECHO REPLY ID" 41 exit(2) 42 data=a.payload.payload.data 43 print "payload=%s" % (data) 44 if data == payload: 45 print "ECHO REPLY" 46 exit(1) 47 print "PAYLOAD!=%s" % (payload) 48 exit(2) 49print "no echo reply" 50exit(0) 51