113 lines
3.5 KiB
Python
113 lines
3.5 KiB
Python
#!/usr/bin/env python3
|
|
#
|
|
# SPDX-License-Identifier: BSD-2-Clause
|
|
#
|
|
# Copyright (c) 2021 Rubicon Communications, LLC (Netgate)
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
# SUCH DAMAGE.
|
|
#
|
|
|
|
import argparse
|
|
import logging
|
|
logging.getLogger("scapy").setLevel(logging.CRITICAL)
|
|
import random
|
|
import scapy.all as sp
|
|
import socket
|
|
import sys
|
|
from sniffer import Sniffer
|
|
|
|
PAYLOAD_MAGIC = bytes.fromhex('42c0ffee')
|
|
|
|
def ping(send_if, dst_ip, args):
|
|
ether = sp.Ether()
|
|
ip = sp.IP(dst=dst_ip, src=args.fromaddr[0])
|
|
icmp = sp.ICMP(type='echo-request')
|
|
raw = sp.raw(PAYLOAD_MAGIC * 250) # We want 1000 bytes payload, -ish
|
|
|
|
ip.flags = 2 # Don't fragment
|
|
icmp.seq = random.randint(0, 65535)
|
|
args.icmp_seq = icmp.seq
|
|
|
|
req = ether / ip / icmp / raw
|
|
sp.sendp(req, iface=send_if, verbose=False)
|
|
|
|
def check_icmp_too_big(args, packet):
|
|
"""
|
|
Verify that this is an ICMP packet too big error, and that the IP addresses
|
|
in the payload packet match expectations.
|
|
"""
|
|
icmp = packet.getlayer(sp.ICMP)
|
|
if not icmp:
|
|
return False
|
|
|
|
if not icmp.type == 3:
|
|
return False
|
|
ip = packet.getlayer(sp.IPerror)
|
|
if not ip:
|
|
return False
|
|
|
|
if ip.src != args.fromaddr[0]:
|
|
print("Incorrect src addr %s" % ip.src)
|
|
return False
|
|
if ip.dst != args.to[0]:
|
|
print("Incorrect dst addr %s" % ip.dst)
|
|
return False
|
|
|
|
icmp2 = packet.getlayer(sp.ICMPerror)
|
|
if not icmp2:
|
|
print("IPerror doesn't contain ICMP")
|
|
return False
|
|
if icmp2.seq != args.icmp_seq:
|
|
print("Incorrect icmp seq %d != %d" % (icmp2.seq, args.icmp_seq))
|
|
return False
|
|
return True
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser("pft_icmp_check.py",
|
|
description="ICMP error validation tool")
|
|
parser.add_argument('--to', nargs=1, required=True,
|
|
help='The destination IP address')
|
|
parser.add_argument('--fromaddr', nargs=1, required=True,
|
|
help='The source IP address')
|
|
parser.add_argument('--sendif', nargs=1, required=True,
|
|
help='The interface through which the packet(s) will be sent')
|
|
parser.add_argument('--recvif', nargs=1,
|
|
help='The interface on which to expect the ICMP error')
|
|
|
|
args = parser.parse_args()
|
|
sniffer = None
|
|
if not args.recvif is None:
|
|
sniffer = Sniffer(args, check_icmp_too_big, args.recvif[0])
|
|
|
|
ping(args.sendif[0], args.to[0], args)
|
|
|
|
if sniffer:
|
|
sniffer.join()
|
|
|
|
if sniffer.correctPackets:
|
|
sys.exit(0)
|
|
else:
|
|
sys.exit(1)
|
|
|
|
if __name__ == '__main__':
|
|
main()
|