From 82f99134bbaa42d8fdcc9eb71fe4527a3d8d70aa Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Thu, 17 Nov 2016 13:24:33 +0000 Subject: Send fragment with Hop-by-Hop extension header after the fragment header. I must not be processed. --- regress/sys/netinet6/frag6/Makefile | 9 ++++++- regress/sys/netinet6/frag6/frag6_hop.py | 47 +++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 regress/sys/netinet6/frag6/frag6_hop.py (limited to 'regress/sys') diff --git a/regress/sys/netinet6/frag6/Makefile b/regress/sys/netinet6/frag6/Makefile index a168bf33a93..eb334ce720b 100644 --- a/regress/sys/netinet6/frag6/Makefile +++ b/regress/sys/netinet6/frag6/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.13 2016/10/19 14:31:19 tb Exp $ +# $OpenBSD: Makefile,v 1.14 2016/11/17 13:24:32 bluhm Exp $ # The following ports must be installed: # @@ -103,6 +103,13 @@ run-regress-frag6-ext: addr.py @echo Check ping6 extension header reassembly ${SUDO} ${PYTHON}frag6_ext.py +# An hop by hop options extension header after the fragment header +TARGETS += frag6-hop +run-regress-frag6-hop: addr.py + @echo '\n======== $@ ========' + @echo Check ping6 not initial hop by hop extension header + ${SUDO} ${PYTHON}frag6_hop.py + # An destination options extension header after the fragment header TARGETS += frag6-opt run-regress-frag6-opt: addr.py diff --git a/regress/sys/netinet6/frag6/frag6_hop.py b/regress/sys/netinet6/frag6/frag6_hop.py new file mode 100644 index 00000000000..3a224870e1a --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_hop.py @@ -0,0 +1,47 @@ +#!/usr/local/bin/python2.7 +# send 2 ping6 fragments with missplaced hop-by-hop extension header + +# |HHHH----------| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/IPv6ExtHdrHopByHop()/ \ + ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=0, id=pid, m=1)/str(packet)[40:64]) +frag.append(IPv6ExtHdrFragment(nh=0, id=pid, offset=3)/str(packet)[64:72]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + print "ECHO REPLY" + exit(1) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "no echo reply" +exit(0) -- cgit v1.2.3