Lines Matching +full:ipv4 +full:- +full:single +full:- +full:target
4 ## inet6.py --- IPv6 support for Scapy ##
167 ip_regex = re.compile(r"^([a-fA-F0-9:]+)(/[1]?[0-3]?[0-9])?$")
174 tmp[0]=socket.getaddrinfo(tmp[0], None, socket.AF_INET6)[0][-1][0]
187 (value | (0xff >> (8 - netmask))) + 1)
192 (x - self.plen for x in range(8, 129, 8)),
304 ipv6nh = { 0:"Hop-by-Hop Option Header",
367 c -= 1
379 y = socket.getaddrinfo(y, None, socket.AF_INET6)[0][-1][0]
431 l = len(p) - 40
457 sd = self.addresses[-1]
527 elif (sd != os): # or ss != od): <- removed for ICMP errors
530 # ICMPv6 Error message -> generated by IPv6 packet
601 if ((ss == os and sd == od) or # <- Basic case
602 (ss == os and request_has_rh)): # <- Request has a RH :
659 class PseudoIPv6(Packet): # IPv6 Pseudo-header for checksum computation
669 As Specified in RFC 2460 - 8.1 Upper-Layer Checksums
672 - 'nh' : value of upper layer protocol
673 - 'u' : upper layer instance (TCP, UDP, ICMPv6*, ). Instance must be
676 - 'p' : the payload of the upper layer provided as a string
680 - Next Header value
681 - the address of _final_ destination (if some Routing Header with non
683 - the address of _real_ source (basically the source address of an
687 - the length is the length of provided payload string ('p')
699 rthdr = u.addresses[-1]
745 0x06: "Quick-Start",
762 enroutechange = {0x00: "0: Don't change en-route",
763 0x20: "1: May change en-route" }
771 class HBHOptUnknown(Packet): # IPv6 Hop-By-Hop Option
789 class Pad1(Packet): # IPv6 Hop-By-Hop Option
795 class PadN(Packet): # IPv6 Hop-By-Hop Option
804 class RouterAlert(Packet): # RFC 2711 - IPv6 Hop-By-Hop Option
818 # iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml
821 delta = x*((curpos - y + x - 1)//x) + y - curpos
824 class Jumbo(Packet): # IPv6 Hop-By-Hop Option
831 delta = x*((curpos - y + x - 1)//x) + y - curpos
841 delta = x*((curpos - y + x - 1)//x) + y - curpos
851 ######################## Hop-by-Hop Extension Header ########################
884 c -= 1
919 s += raw(PadN(optdata=b'\x00'*(d-2)))
929 d = 8 - d
933 s += raw(PadN(optdata=b'\x00'*(d-2)))
954 name = "IPv6 Extension Header - Hop-by-Hop Options Header"
957 adjust = lambda pkt,x: (x+2+7)//8 - 1),
960 length_from = lambda pkt: (8*(pkt.len+1))-2) ]
967 name = "IPv6 Extension Header - Destination Options Header"
970 adjust = lambda pkt,x: (x+2+7)//8 - 1),
973 length_from = lambda pkt: (8*(pkt.len+1))-2) ]
1000 # https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-06
1003 name = "IPv6 Option Header Segment Routing - Generic TLV"
1027 name = "IPv6 Option Header Segment Routing - Ingress Node TLV"
1036 name = "IPv6 Option Header Segment Routing - Egress Node TLV"
1045 name = "IPv6 Option Header Segment Routing - Padding TLV"
1068 length_from=lambda pkt: 8*pkt.len - 16*pkt.lastentry) ]
1077 tmp_mod = (len(pkt) - 8) % 8
1082 tmp_pad = b"\x00" * (tmp_mod-2)
1086 tmp_len = (len(pkt) - 8) // 8
1092 tmp_len -= 1
1104 name = "IPv6 Extension Header - Fragmentation header"
1152 fragmentable += b"X"*(offset - len(fragmentable))
1180 # as single element of a list
1197 fragPartLen = len(tmp) - 40 # basic IPv6 header length
1198 fragPartStr = s[-fragPartLen:]
1208 unfragPartLen = len(s) - fragPartLen - 8
1215 lastFragSize = fragSize - unfragPartLen - 8
1216 innerFragSize = lastFragSize - (lastFragSize % 8)
1260 # l = (l*8)-self.shift
1270 # name = "IPv6 Extension Header - AH"
1290 # name = "IPv6 Extension Header - ESP"
1319 #138: Do Me - RFC 2894 - Seems painful
1324 #143: Do Me - RFC 3810
1329 #148: Do Me - SEND related - RFC 3971
1330 #149: Do Me - SEND related - RFC 3971
1503 # tous les messages MLD sont emis avec une adresse source lien-locale
1504 # -> Y veiller dans le post_build si aucune n'est specifiee
1505 # La valeur de Hop-Limit doit etre de 1
1506 # "and an IPv6 Router Alert option in a Hop-by-Hop Options
1518 # general queries are sent to the link-scope all-nodes multicast
1526 name = "MLD - Multicast Listener Query"
1543 name = "MLD - Multicast Listener Report"
1549 # it SHOULD send a single Done message to the link-scope all-routers
1555 name = "MLD - Multicast Listener Done"
1560 ########## ICMPv6 MRD - Multicast Router Discovery (RFC 4286) ###############
1563 # - 04/09/06 troglocan : find a way to automatically add a router alert
1607 icmp6ndopts = { 1: "Source Link-Layer Address",
1608 2: "Target Link-Layer Address",
1616 10: "Target Address List",
1625 19: "Link-layer Address Option", # RFC 4068
1676 name = "ICMPv6 Neighbor Discovery Option - Scapy Unimplemented"
1681 length_from = lambda pkt: pkt.len-2) ]
1686 name = "ICMPv6 Neighbor Discovery Option - Source Link-Layer Address"
1694 name = "ICMPv6 Neighbor Discovery Option - Destination Link-Layer Address"
1698 name = "ICMPv6 Neighbor Discovery Option - Prefix Information"
1714 # like (initiallen - 40 - 2)
1739 l = l - r
1748 name = "ICMPv6 Neighbor Discovery Option - Redirected Header"
1754 length_from = lambda pkt: 8*pkt.len-8) ]
1758 name = "ICMPv6 Neighbor Discovery Option - MTU"
1765 name = "ICMPv6 Neighbor Discovery Option - NBMA Shortcut Limit"
1773 name = "ICMPv6 Neighbor Discovery - Interval Advertisement"
1782 name = "ICMPv6 Neighbor Discovery - Home Agent Information"
1796 name = "ICMPv6 Neighbor Discovery - IP Address Option (FH for MIPv6)"
1799 ByteEnumField("optcode", 1, {1: "Old Care-Of Address",
1800 2: "New Care-Of Address",
1807 name = "ICMPv6 Neighbor Discovery - New Router Prefix Information Option (FH for MIPv6)"
1825 name = "ICMPv6 Neighbor Discovery - Link-Layer Address (LLA) Option (FH for MIPv6)"
1832 name = "ICMPv6 Neighbor Discovery - MAP Option"
1847 self.length_from = lambda pkt: 8*(pkt.len - 1)
1856 p += b'\x00'*(16-l)
1876 return x[:8*(l-1)]
1878 return x + b'\x00'*8*(l-3)
1881 name = "ICMPv6 Neighbor Discovery Option - Route Information Option"
1893 name = "ICMPv6 Neighbor Discovery Option - Recursive DNS Server Option"
1900 length_from = lambda pkt: 8*(pkt.len-1)) ]
1903 name = "ICMPv6 Neighbor Discovery Option - Expanded Flags Option"
1947 if z and orb(z[-1]) == 0:
1956 ret_string += b"\x00" * (self.padded_unit - len(ret_string) % self.padded_unit)
1961 name = "ICMPv6 Neighbor Discovery Option - DNS Search List Option"
1968 length_from=lambda pkt: 8*pkt.len -8,
1975 name = "ICMPv6 Neighbor Discovery - Router Solicitation"
1983 name = "ICMPv6 Neighbor Discovery - Router Advertisement"
2006 name = "ICMPv6 Neighbor Discovery - Neighbor Solicitation"
2021 name = "ICMPv6 Neighbor Discovery - Neighbor Advertisement"
2041 # associated possible options : target link-layer option, Redirected header
2043 name = "ICMPv6 Neighbor Discovery - Redirect"
2057 name = "ICMPv6 Inverse Neighbor Discovery Option - Source Address List"
2063 length_from = lambda pkt: 8*(pkt.len-1)) ]
2066 name = "ICMPv6 Inverse Neighbor Discovery Option - Target Address List"
2071 # Options requises : source lladdr et target lladdr
2073 # - Comme precise dans le document, il serait bien de prendre l'adresse L2
2074 # demandee dans l'option requise target lladdr et l'utiliser au niveau
2076 # - ca semble pas forcement pratique si l'utilisateur doit preciser toutes
2078 # Ether() must use the target lladdr as destination
2087 # Options requises : target lladdr, target address list
2104 # - it is not provided
2105 # - upper layer is ICMPv6NIQueryName() with a valid value
2122 4: "IPv4 Address" }
2153 # valid qtype: NOOP, Node Name, IPv6@, IPv4@). They all share the same
2157 # - IPv6 if acceptable for inet_pton(AF_INET6, ): code is set to 0,
2159 # - IPv4 if acceptable for inet_pton(AF_INET, ): code is set to 2,
2161 # - Name in the other cases: code is set to 0, if not overridden by user
2164 # the type and the value (1 is IPv6@, 1 is Name or string, 2 is IPv4@)
2169 # -- arno
2177 Take as input a list of DNS names or a single DNS name
2185 if x and x[-1:] == b'\x00': # stupid heuristic
2192 if n.count(b'.') == 0: # single-component gets one more
2213 if cur and cur[-1:] == b'.':
2214 cur = cur[:-1]
2217 if x and orb(x[0]) == 0: # single component
2220 if l & 0xc0: # XXX TODO : work on that -- arno
2249 # Try IPv4
2276 if tmp and tmp[-1] == '.':
2277 tmp = tmp[:-1]
2289 elif code == 2: # IPv4 Addr
2316 elif d[0] == 2: # IPv4 address
2323 _niquery_code = {0: "IPv6 Query", 1: "Name Query", 2: "IPv4 Query"}
2325 #_niquery_flags = { 2: "All unicast addresses", 4: "IPv4 addresses",
2326 # 8: "Link-local addresses", 16: "Site-local addresses",
2332 name = "ICMPv6 Node Information Query - NOOP Query"
2343 name = "ICMPv6 Node Information Query - IPv6 Name Query"
2348 name = "ICMPv6 Node Information Query - IPv6 Address Query"
2353 name = "ICMPv6 Node Information Query - IPv4 Address Query"
2362 4: "IPv4 addresses",
2363 8: "Link-local addresses",
2364 16: "Site-local addresses",
2415 elif qtype in [3, 4]: # IPv4 or IPv6 addr
2473 elif qtype == 4: # IPv4 addresses with TTLs
2503 name = "ICMPv6 Node Information Reply - NOOP Reply"
2514 name = "ICMPv6 Node Information Reply - Node Names"
2518 name = "ICMPv6 Node Information Reply - IPv6 addresses"
2522 name = "ICMPv6 Node Information Reply - IPv4 addresses"
2526 name = "ICMPv6 Node Information Reply - Responder refuses to supply answer"
2530 name = "ICMPv6 Node Information Reply - Qtype unknown to the responder"
2623 3: "Alternate Care-of Address",
2627 7: "Link-Layer Address (RFC4068)",
2635 15: "Care-of Test Init (RFC4866)",
2636 16: "Care-of Test (RFC4866)" }
2649 delta = x*((curpos - y + x - 1)//x) + y - curpos
2654 name = 'Mobile IPv6 Option - Binding Refresh Advice'
2661 name = 'MIPv6 Option - Alternate Care-of Address'
2668 name = 'MIPv6 Option - Nonce Indices'
2676 name = 'MIPv6 Option - Binding Authorization Data'
2682 class MIP6OptMobNetPrefix(_MIP6OptAlign, Packet): # NEMO - RFC 3963
2683 name = 'NEMO Option - Mobile Network Prefix'
2692 name = "MIPv6 Option - Link-Layer Address (MH-LLA)"
2701 name = "MIPv6 Option - Mobile Node Identifier"
2707 length_from = lambda pkt: pkt.olen-1) ]
2712 # you). --arno
2714 name = "MIPv6 Option - Mobility Message Authentication"
2718 ByteEnumField("subtype", 1, {1: "MN-HA authentication mobility option",
2719 2: "MN-AAA authentication mobility option"}),
2722 length_from = lambda pkt: pkt.olen-5) ]
2726 # NTP timestamps are represented as a 64-bit unsigned fixed-point number,
2736 delta = -2209075761
2738 j = float(x & 0xffffffff) * 2.0**-32
2745 name = "MIPv6 option - Replay Protection"
2752 name = "MIPv6 option - CGA Parameters Request"
2759 # XXX simplified. Make it hold packets, by the way --arno
2761 name = "MIPv6 option - CGA Parameters"
2769 name = "MIPv6 option - Signature"
2777 name = "MIPv6 option - Home Keygen Token"
2785 name = "MIPv6 option - Care-of Test Init"
2791 name = "MIPv6 option - Care-of Test"
2799 name = 'Scapy6 - Unknown Mobility Option'
2839 # From http://www.iana.org/assignments/mobility-parameters
2851 137: 'Expired care-of nonce index',
2858 144: 'MIPV6-ID-MISMATCH',
2859 145: 'MIPV6-MESG-ID-REQD',
2860 146: 'MIPV6-AUTH-FAIL',
2864 150: 'Non-null home nonce index expected' }
2875 l = (len(p)-8)//8
2886 name = "IPv6 Mobility Header - Generic Message"
2893 length_from = lambda pkt: 8*pkt.len-6) ]
2948 s += raw(PadN(optdata=b'\x00'*(d-2)))
2958 d = 8 - d
2962 s += raw(PadN(optdata=b'\x00'*(d-2)))
2970 name = "IPv6 Mobility Header - Binding Refresh Request"
2984 # because we need match BA with BU and BU with BRR. --arno
2988 name = "IPv6 Mobility Header - Home Test Init"
2998 length_from = lambda pkt: 8*(pkt.len-1)) ]
3004 name = "IPv6 Mobility Header - Care-of Test Init"
3010 name = "IPv6 Mobility Header - Home Test"
3021 length_from = lambda pkt: 8*(pkt.len-2)) ]
3032 name = "IPv6 Mobility Header - Care-of Test"
3048 name = "IPv6 Mobility Header - Binding Update"
3060 length_from = lambda pkt: 8*pkt.len - 4) ]
3072 name = "IPv6 Mobility Header - Binding ACK"
3085 length_from = lambda pkt: 8*pkt.len-4) ]
3105 name = "IPv6 Mobility Header - Binding Error"
3115 length_from = lambda pkt: 8*(pkt.len-2)) ]
3139 embedded IPv4 address if the address is 6to4 or Teredo.
3164 …return self.make_table(lambda s_r: (s_r[0].sprintf("%-42s,IPv6.dst%:{TCP:tcp%TCP.dport%}{UDP:udp%U…
3166 s_r[1].sprintf("%-42s,IPv6.src% {TCP:%TCP.flags%}"+
3203 def traceroute6(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), argument
3206 traceroute6(target, [maxttl=30], [dport=80], [sport=80]) -> None
3212 a,b = sr(IPv6(dst=target, hlim=(minttl,maxttl))/TCP(seq=RandInt(),sport=sport, dport=dport),
3215 a,b = sr(IPv6(dst=target, hlim=(minttl,maxttl))/l4,
3313 # Check destination is the link-local solicited-node multicast
3314 # address associated with target address in received NS
3345 unspecified address and sending a NS reply for the target address,
3350 - as target address the target address found in received NS.
3351 - as IPv6 source address: the unspecified address (::).
3352 - as IPv6 destination address: the link-local solicited-node multicast
3353 address derived from the target address in received NS.
3354 - the mac address of the interface as source (or reply_mac, see below).
3355 - the multicast mac address derived from the solicited node multicast
3365 This allows limiting the effects of the DoS to a single target by
3369 tgt_filter: Same as previous but for a specific target IPv6 address for
3370 received NS. If the target address in the NS message (not the IPv6
3372 be sent, i.e. the emitter will be a target of the DoS.
3390 print("Reply NS for target address %s (received from %s)" % (tgt, mac))
3401 unspecified address* and sending a NA reply for the target address,
3406 - as target address the target address found in received NS.
3407 - as IPv6 source address: the target address found in received NS.
3408 - as IPv6 destination address: the link-local solicited-node multicast
3409 address derived from the target address in received NS.
3410 - the mac address of the interface as source (or reply_mac, see below).
3411 - the multicast mac address derived from the solicited node multicast
3413 - A Target Link-Layer address option (ICMPv6NDOptDstLLAddr) filled
3423 This allows limiting the effects of the DoS to a single target by
3427 tgt_filter: Same as previous but for a specific target IPv6 address for
3428 received NS. If the target address in the NS message (not the IPv6
3430 be sent, i.e. the emitter will be a target of the DoS.
3434 address will also be used in the Target Link-Layer Address option.
3451 print("Reply NA for target address %s (received from %s)" % (tgt, mac))
3468 - as target address the target address found in received NS.
3469 - as IPv6 source address: the target address
3470 - as IPv6 destination address: the source IPv6 address of received NS
3472 - the mac address of the interface as source (or reply_mac, see below).
3473 - the source mac address of the received NS as destination macs address
3475 - A Target Link-Layer address option (ICMPv6NDOptDstLLAddr)
3485 This allows limiting the effects of the DoS to a single target by
3489 tgt_filter: Same as previous but for a specific target IPv6 address for
3490 received NS. If the target address in the NS message (not the IPv6
3492 be sent, i.e. the emitter will be a target of the DoS.
3496 address will also be used in the Target Link-Layer Address option.
3503 reasons (kernel space vs. Python speed), when the target of the address
3510 genuine target (kernel stack) usually occurs in the same millisecond as
3542 # address of the packet is the link-local solicited node multicast
3543 # address associated with the target of the NS.
3545 # unicasting the NS to check the target is still alive (L2
3550 print("solicited node multicast @ does not match target @!")
3567 rep /= ICMPv6ND_NA(tgt=tgt, S=1, R=router, O=1) # target from the NS
3570 # address, the Target Link-Layer Address option MAY be omitted"
3576 print("Reply NA for target address %s (received from %s)" % (tgt, mac))
3594 def NDP_Attack_NS_Spoofing(src_lladdr=None, src=None, target="2001:db8::1", argument
3602 currently performing DAD for the target of the NS). The entry's reachability
3605 The two main parameters of the function are the source link-layer address
3606 (carried by the Source Link-Layer Address option in the NS) and the
3615 src_lladdr: the MAC address used in the Source Link-Layer Address option
3625 target: the target address of the NS packet. If no value is provided,
3626 a dummy address (2001:db8::1) is used. The value of the target
3628 is not overridden. By default, the solicited-node multicast address
3629 associated with the target is used as destination address of the
3631 intend to use a target address different than the one of the victim.
3634 multicast address associated with the target address (see previous
3638 the attack to target all hosts on the link. On the contrary, if
3639 you want to be more stealth, you should provide the target address
3649 the IPv6 destination address is multicast (all-nodes, solicited
3657 When set to False, a single packet is sent.
3668 # Use provided MAC address as source link-layer address option
3687 # Compute the solicited-node multicast address
3688 # associated with the target address.
3690 in6_getnsma(inet_pton(socket.AF_INET6, target)))
3695 pkt /= ICMPv6ND_NS(tgt=target)
3706 sent by default routers (RA with a non-zero Router Lifetime values)
3714 By default, the function considers all RA messages with a non-zero
3717 With regard to emission, the multicast all-nodes address is used
3718 by default but a specific target can be used, in order for the DoS to
3854 you intend to target only the source of the RS using this option,