Lines Matching +full:ipv6 +full:- +full:single +full:- +full:target
4 ## inet6.py --- IPv6 support for Scapy ##
5 ## see http://natisbad.org/IPv6/ ##
23 IPv6 (Internet Protocol v6).
40 raise socket.error("can't use AF_INET6, IPv6 is disabled")
95 …ighbor Solicitation message to get the MAC address of the neighbor with specified IPv6 address addr
107 p = Ether(dst=dm)/IPv6(dst=d, src=src, hlim=255)
117 """Returns the MAC address corresponding to an IPv6 address
160 ### IPv6 addresses manipulation routines ###
166 name = "ipv6"
167 ip_regex = re.compile(r"^([a-fA-F0-9:]+)(/[1]?[0-3]?[0-9])?$")
174 tmp[0]=socket.getaddrinfo(tmp[0], None, socket.AF_INET6)[0][-1][0]
187 (value | (0xff >> (8 - netmask))) + 1)
192 (x - self.plen for x in range(8, 129, 8)),
229 ### IPv6 Class ###
304 ipv6nh = { 0:"Hop-by-Hop Option Header",
308 41:"IPv6",
367 c -= 1
379 y = socket.getaddrinfo(y, None, socket.AF_INET6)[0][-1][0]
393 name = "Dummy class that implements guess_payload_class() for IPv6"
402 elif self.nh == 135 and len(p) > 3: # Mobile IPv6
408 class IPv6(_IPv6GuessPayload, Packet, IPTools): class
409 name = "IPv6"
411 BitField("tc", 0, 8), #TODO: IPv6, ByteField ?
431 l = len(p) - 40
446 if not conf.checkIPinIP and self.nh in [4, 41]: # IP, IPv6
454 # address of the IPv6 list if segleft > 0
457 sd = self.addresses[-1]
471 # the first address of the IPv6 addresses list
500 if not conf.checkIPinIP: # skip IP in IP and IPv6 in IP
503 if isinstance(other, IPv6) and other.nh in [4, 41]:
507 if not isinstance(other, IPv6): # self is reply, other is request
527 elif (sd != os): # or ss != od): <- removed for ICMP errors
530 # ICMPv6 Error message -> generated by IPv6 packet
564 return IPv6
566 return IPv6
572 conf.neighbor.register_l3(Ether, IPv6, inet6_register_l3)
575 class IPerror6(IPv6):
576 name = "IPv6 in ICMPv6"
578 if not isinstance(other, IPv6):
601 if ((ss == os and sd == od) or # <- Basic case
602 (ss == os and request_has_rh)): # <- Request has a RH :
659 class PseudoIPv6(Packet): # IPv6 Pseudo-header for checksum computation
660 name = "Pseudo IPv6 Header"
669 As Specified in RFC 2460 - 8.1 Upper-Layer Checksums
671 Performs IPv6 Upper Layer checksum computation. Provided parameters are:
672 - 'nh' : value of upper layer protocol
673 - 'u' : upper layer instance (TCP, UDP, ICMPv6*, ). Instance must be
674 provided with all under layers (IPv6 and all extension headers,
676 - 'p' : the payload of the upper layer provided as a string
680 - Next Header value
681 - the address of _final_ destination (if some Routing Header with non
683 - the address of _real_ source (basically the source address of an
684 IPv6 class instance available in the underlayer or the source address
687 - the length is the length of provided payload string ('p')
695 while u != None and not isinstance(u, IPv6):
699 rthdr = u.addresses[-1]
711 warning("No IPv6 underlayer to compute checksum. Leaving null.")
735 name = 'Abstract IPV6 Option Header'
736 aliastypes = [IPv6, IPerror6] # TODO ...
739 #################### IPv6 options for Extension Headers #####################
745 0x06: "Quick-Start",
751 Modified BytEnumField that displays information regarding the IPv6 option
762 enroutechange = {0x00: "0: Don't change en-route",
763 0x20: "1: May change en-route" }
771 class HBHOptUnknown(Packet): # IPv6 Hop-By-Hop Option
789 class Pad1(Packet): # IPv6 Hop-By-Hop Option
795 class PadN(Packet): # IPv6 Hop-By-Hop Option
804 class RouterAlert(Packet): # RFC 2711 - IPv6 Hop-By-Hop Option
818 # iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml
821 delta = x*((curpos - y + x - 1)//x) + y - curpos
824 class Jumbo(Packet): # IPv6 Hop-By-Hop Option
831 delta = x*((curpos - y + x - 1)//x) + y - curpos
834 class HAO(Packet): # IPv6 Destination Options Header Option
841 delta = x*((curpos - y + x - 1)//x) + y - curpos
851 ######################## Hop-by-Hop Extension Header ########################
884 c -= 1
919 s += raw(PadN(optdata=b'\x00'*(d-2)))
929 d = 8 - d
933 s += raw(PadN(optdata=b'\x00'*(d-2)))
954 name = "IPv6 Extension Header - Hop-by-Hop Options Header"
957 adjust = lambda pkt,x: (x+2+7)//8 - 1),
960 length_from = lambda pkt: (8*(pkt.len+1))-2) ]
961 overload_fields = {IPv6: { "nh": 0 }}
967 name = "IPv6 Extension Header - Destination Options Header"
970 adjust = lambda pkt,x: (x+2+7)//8 - 1),
973 length_from = lambda pkt: (8*(pkt.len+1))-2) ]
974 overload_fields = {IPv6: { "nh": 60 }}
980 name = "IPv6 Option Header Routing"
989 overload_fields = {IPv6: { "nh": 43 }}
1000 # https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-06
1003 name = "IPv6 Option Header Segment Routing - Generic TLV"
1027 name = "IPv6 Option Header Segment Routing - Ingress Node TLV"
1036 name = "IPv6 Option Header Segment Routing - Egress Node TLV"
1045 name = "IPv6 Option Header Segment Routing - Padding TLV"
1052 name = "IPv6 Option Header Segment Routing"
1068 length_from=lambda pkt: 8*pkt.len - 16*pkt.lastentry) ]
1070 overload_fields = { IPv6: { "nh": 43 } }
1077 tmp_mod = (len(pkt) - 8) % 8
1082 tmp_pad = b"\x00" * (tmp_mod-2)
1086 tmp_len = (len(pkt) - 8) // 8
1092 tmp_len -= 1
1104 name = "IPv6 Extension Header - Fragmentation header"
1111 overload_fields = {IPv6: { "nh": 44 }}
1116 Performs defragmentation of a list of IPv6 packets. Packets are reordered.
1152 fragmentable += b"X"*(offset - len(fragmentable))
1162 return IPv6(raw(q))
1167 Performs fragmentation of an IPv6 packet. Provided packet ('pkt') must already
1180 # as single element of a list
1184 # an IPv6 packet can't be bigger than 65535 bytes.
1186 warning("An IPv6 packet can'be bigger than 65535, please use a Jumbo payload.")
1194 # Fragmentable part : fake IPv6 for Fragmentable part length computation
1196 tmp = raw(IPv6(src="::1", dst="::1")/fragPart)
1197 fragPartLen = len(tmp) - 40 # basic IPv6 header length
1198 fragPartStr = s[-fragPartLen:]
1208 unfragPartLen = len(s) - fragPartLen - 8
1215 lastFragSize = fragSize - unfragPartLen - 8
1216 innerFragSize = lastFragSize - (lastFragSize % 8)
1240 if IPv6 in unfragPart:
1241 unfragPart[IPv6].plen = None
1247 if IPv6 in unfragPart:
1248 unfragPart[IPv6].plen = None
1260 # l = (l*8)-self.shift
1270 # name = "IPv6 Extension Header - AH"
1277 # overload_fields = {IPv6: { "nh": 51 }}
1290 # name = "IPv6 Extension Header - ESP"
1295 # overloads_fields = {IPv6: { "nh": 50 }}
1319 #138: Do Me - RFC 2894 - Seems painful
1324 #143: Do Me - RFC 3810
1329 #148: Do Me - SEND related - RFC 3971
1330 #149: Do Me - SEND related - RFC 3971
1400 overload_fields = {IPv6: {"nh": 58}}
1467 # the encapsulated IPv6 packet
1473 2: "unrecognized IPv6 option encountered"}),
1503 # tous les messages MLD sont emis avec une adresse source lien-locale
1504 # -> Y veiller dans le post_build si aucune n'est specifiee
1505 # La valeur de Hop-Limit doit etre de 1
1506 # "and an IPv6 Router Alert option in a Hop-by-Hop Options
1518 # general queries are sent to the link-scope all-nodes multicast
1526 name = "MLD - Multicast Listener Query"
1530 overload_fields = {IPv6: { "dst": "ff02::1", "hlim": 1, "nh": 58 }}
1543 name = "MLD - Multicast Listener Report"
1545 overload_fields = {IPv6: {"hlim": 1, "nh": 58}}
1549 # it SHOULD send a single Done message to the link-scope all-routers
1555 name = "MLD - Multicast Listener Done"
1557 overload_fields = {IPv6: { "dst": "ff02::2", "hlim": 1, "nh": 58}}
1560 ########## ICMPv6 MRD - Multicast Router Discovery (RFC 4286) ###############
1563 # - 04/09/06 troglocan : find a way to automatically add a router alert
1565 # way when IPv6 is the under layer with some specific keyword
1567 # providing IPv6 fields to be overloaded in fields_desc.
1569 # At the moment, if user inserts an IPv6 Router alert option
1570 # none of the IPv6 default values of IPv6 layer will be set.
1579 overload_fields = {IPv6: { "nh": 58, "hlim": 1, "dst": "ff02::2"}}
1580 # IPv6 Router Alert requires manual inclusion
1589 overload_fields = {IPv6: { "nh": 58, "hlim": 1, "dst": "ff02::2"}}
1590 # IPv6 Router Alert requires manual inclusion
1599 overload_fields = {IPv6: { "nh": 58, "hlim": 1, "dst": "ff02::6A"}}
1600 # IPv6 Router Alert requires manual inclusion
1607 icmp6ndopts = { 1: "Source Link-Layer Address",
1608 2: "Target Link-Layer Address",
1616 10: "Target Address List",
1625 19: "Link-layer Address Option", # RFC 4068
1632 26: "IPv6 Router Advertisement Flags Option"
1676 name = "ICMPv6 Neighbor Discovery Option - Scapy Unimplemented"
1681 length_from = lambda pkt: pkt.len-2) ]
1686 name = "ICMPv6 Neighbor Discovery Option - Source Link-Layer Address"
1694 name = "ICMPv6 Neighbor Discovery Option - Destination Link-Layer Address"
1698 name = "ICMPv6 Neighbor Discovery Option - Prefix Information"
1714 # like (initiallen - 40 - 2)
1739 l = l - r
1748 name = "ICMPv6 Neighbor Discovery Option - Redirected Header"
1753 TruncPktLenField("pkt", b"", IPv6, 8,
1754 length_from = lambda pkt: 8*pkt.len-8) ]
1758 name = "ICMPv6 Neighbor Discovery Option - MTU"
1765 name = "ICMPv6 Neighbor Discovery Option - NBMA Shortcut Limit"
1773 name = "ICMPv6 Neighbor Discovery - Interval Advertisement"
1782 name = "ICMPv6 Neighbor Discovery - Home Agent Information"
1796 name = "ICMPv6 Neighbor Discovery - IP Address Option (FH for MIPv6)"
1799 ByteEnumField("optcode", 1, {1: "Old Care-Of Address",
1800 2: "New Care-Of Address",
1807 name = "ICMPv6 Neighbor Discovery - New Router Prefix Information Option (FH for MIPv6)"
1825 name = "ICMPv6 Neighbor Discovery - Link-Layer Address (LLA) Option (FH for MIPv6)"
1832 name = "ICMPv6 Neighbor Discovery - MAP Option"
1847 self.length_from = lambda pkt: 8*(pkt.len - 1)
1856 p += b'\x00'*(16-l)
1876 return x[:8*(l-1)]
1878 return x + b'\x00'*8*(l-3)
1881 name = "ICMPv6 Neighbor Discovery Option - Route Information Option"
1893 name = "ICMPv6 Neighbor Discovery Option - Recursive DNS Server Option"
1900 length_from = lambda pkt: 8*(pkt.len-1)) ]
1903 name = "ICMPv6 Neighbor Discovery Option - Expanded Flags Option"
1947 if z and orb(z[-1]) == 0:
1956 ret_string += b"\x00" * (self.padded_unit - len(ret_string) % self.padded_unit)
1961 name = "ICMPv6 Neighbor Discovery Option - DNS Search List Option"
1968 length_from=lambda pkt: 8*pkt.len -8,
1975 name = "ICMPv6 Neighbor Discovery - Router Solicitation"
1980 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::2", "hlim": 255 }}
1983 name = "ICMPv6 Neighbor Discovery - Router Advertisement"
2000 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2006 name = "ICMPv6 Neighbor Discovery - Neighbor Solicitation"
2012 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2021 name = "ICMPv6 Neighbor Discovery - Neighbor Advertisement"
2030 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2041 # associated possible options : target link-layer option, Redirected header
2043 name = "ICMPv6 Neighbor Discovery - Redirect"
2050 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2057 name = "ICMPv6 Inverse Neighbor Discovery Option - Source Address List"
2063 length_from = lambda pkt: 8*(pkt.len-1)) ]
2066 name = "ICMPv6 Inverse Neighbor Discovery Option - Target Address List"
2071 # Options requises : source lladdr et target lladdr
2073 # - Comme precise dans le document, il serait bien de prendre l'adresse L2
2074 # demandee dans l'option requise target lladdr et l'utiliser au niveau
2076 # - ca semble pas forcement pratique si l'utilisateur doit preciser toutes
2078 # Ether() must use the target lladdr as destination
2085 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2087 # Options requises : target lladdr, target address list
2095 overload_fields = {IPv6: { "nh": 58, "dst": "ff02::1", "hlim": 255 }}
2103 # in IPv6 class (Scapy6 modification when integrated) if :
2104 # - it is not provided
2105 # - upper layer is ICMPv6NIQueryName() with a valid value
2121 3: "IPv6 Address",
2153 # valid qtype: NOOP, Node Name, IPv6@, IPv4@). They all share the same
2157 # - IPv6 if acceptable for inet_pton(AF_INET6, ): code is set to 0,
2159 # - IPv4 if acceptable for inet_pton(AF_INET, ): code is set to 2,
2161 # - Name in the other cases: code is set to 0, if not overridden by user
2164 # the type and the value (1 is IPv6@, 1 is Name or string, 2 is IPv4@)
2169 # -- arno
2177 Take as input a list of DNS names or a single DNS name
2185 if x and x[-1:] == b'\x00': # stupid heuristic
2192 if n.count(b'.') == 0: # single-component gets one more
2213 if cur and cur[-1:] == b'.':
2214 cur = cur[:-1]
2217 if x and orb(x[0]) == 0: # single component
2220 if l & 0xc0: # XXX TODO : work on that -- arno
2243 # Try IPv6
2276 if tmp and tmp[-1] == '.':
2277 tmp = tmp[:-1]
2287 if code == 0: # IPv6 Addr
2312 elif d[0] == 0: # IPv6 address
2323 _niquery_code = {0: "IPv6 Query", 1: "Name Query", 2: "IPv4 Query"}
2326 # 8: "Link-local addresses", 16: "Site-local addresses",
2332 name = "ICMPv6 Node Information Query - NOOP Query"
2343 name = "ICMPv6 Node Information Query - IPv6 Name Query"
2346 # We ask for the IPv6 address of the peer
2348 name = "ICMPv6 Node Information Query - IPv6 Address Query"
2353 name = "ICMPv6 Node Information Query - IPv4 Address Query"
2363 8: "Link-local addresses",
2364 16: "Site-local addresses",
2415 elif qtype in [3, 4]: # IPv4 or IPv6 addr
2463 elif qtype == 3: # IPv6 addresses with TTLs
2503 name = "ICMPv6 Node Information Reply - NOOP Reply"
2514 name = "ICMPv6 Node Information Reply - Node Names"
2518 name = "ICMPv6 Node Information Reply - IPv6 addresses"
2522 name = "ICMPv6 Node Information Reply - IPv4 addresses"
2526 name = "ICMPv6 Node Information Reply - Responder refuses to supply answer"
2530 name = "ICMPv6 Node Information Reply - Qtype unknown to the responder"
2561 ### Mobile IPv6 (RFC 3775) and Nemo (RFC 3963) ###
2565 # Mobile IPv6 ICMPv6 related classes
2619 # Mobile IPv6 Options classes
2623 3: "Alternate Care-of Address",
2627 7: "Link-Layer Address (RFC4068)",
2635 15: "Care-of Test Init (RFC4866)",
2636 16: "Care-of Test (RFC4866)" }
2640 """ Mobile IPv6 options have alignment requirements of the form x*n+y.
2649 delta = x*((curpos - y + x - 1)//x) + y - curpos
2654 name = 'Mobile IPv6 Option - Binding Refresh Advice'
2661 name = 'MIPv6 Option - Alternate Care-of Address'
2668 name = 'MIPv6 Option - Nonce Indices'
2676 name = 'MIPv6 Option - Binding Authorization Data'
2682 class MIP6OptMobNetPrefix(_MIP6OptAlign, Packet): # NEMO - RFC 3963
2683 name = 'NEMO Option - Mobile Network Prefix'
2692 name = "MIPv6 Option - Link-Layer Address (MH-LLA)"
2701 name = "MIPv6 Option - Mobile Node Identifier"
2707 length_from = lambda pkt: pkt.olen-1) ]
2712 # you). --arno
2714 name = "MIPv6 Option - Mobility Message Authentication"
2718 ByteEnumField("subtype", 1, {1: "MN-HA authentication mobility option",
2719 2: "MN-AAA authentication mobility option"}),
2722 length_from = lambda pkt: pkt.olen-5) ]
2726 # NTP timestamps are represented as a 64-bit unsigned fixed-point number,
2736 delta = -2209075761
2738 j = float(x & 0xffffffff) * 2.0**-32
2745 name = "MIPv6 option - Replay Protection"
2752 name = "MIPv6 option - CGA Parameters Request"
2759 # XXX simplified. Make it hold packets, by the way --arno
2761 name = "MIPv6 option - CGA Parameters"
2769 name = "MIPv6 option - Signature"
2777 name = "MIPv6 option - Home Keygen Token"
2785 name = "MIPv6 option - Care-of Test Init"
2791 name = "MIPv6 option - Care-of Test"
2799 name = 'Scapy6 - Unknown Mobility Option'
2825 # Main Mobile IPv6 Classes
2839 # From http://www.iana.org/assignments/mobility-parameters
2851 137: 'Expired care-of nonce index',
2858 144: 'MIPV6-ID-MISMATCH',
2859 145: 'MIPV6-MESG-ID-REQD',
2860 146: 'MIPV6-AUTH-FAIL',
2864 150: 'Non-null home nonce index expected' }
2868 name = 'Dummy IPv6 Mobility Header'
2869 overload_fields = { IPv6: { "nh": 135 }}
2875 l = (len(p)-8)//8
2886 name = "IPv6 Mobility Header - Generic Message"
2893 length_from = lambda pkt: 8*pkt.len-6) ]
2948 s += raw(PadN(optdata=b'\x00'*(d-2)))
2958 d = 8 - d
2962 s += raw(PadN(optdata=b'\x00'*(d-2)))
2970 name = "IPv6 Mobility Header - Binding Refresh Request"
2980 overload_fields = { IPv6: { "nh": 135 } }
2984 # because we need match BA with BU and BU with BRR. --arno
2988 name = "IPv6 Mobility Header - Home Test Init"
2998 length_from = lambda pkt: 8*(pkt.len-1)) ]
2999 overload_fields = { IPv6: { "nh": 135 } }
3004 name = "IPv6 Mobility Header - Care-of Test Init"
3010 name = "IPv6 Mobility Header - Home Test"
3021 length_from = lambda pkt: 8*(pkt.len-2)) ]
3022 overload_fields = { IPv6: { "nh": 135 } }
3032 name = "IPv6 Mobility Header - Care-of Test"
3048 name = "IPv6 Mobility Header - Binding Update"
3060 length_from = lambda pkt: 8*pkt.len - 4) ]
3061 overload_fields = { IPv6: { "nh": 135 } }
3072 name = "IPv6 Mobility Header - Binding ACK"
3085 length_from = lambda pkt: 8*pkt.len-4) ]
3086 overload_fields = { IPv6: { "nh": 135 }}
3105 name = "IPv6 Mobility Header - Binding Error"
3115 length_from = lambda pkt: 8*(pkt.len-2)) ]
3116 overload_fields = { IPv6: { "nh": 135 }}
3140 Otherwise, the native IPv6 address is passed.
3164 …return self.make_table(lambda s_r: (s_r[0].sprintf("%-42s,IPv6.dst%:{TCP:tcp%TCP.dport%}{UDP:udp%U…
3166 s_r[1].sprintf("%-42s,IPv6.src% {TCP:%TCP.flags%}"+
3175 if IPv6 not in s:
3177 d = s[IPv6].dst
3186 trace[d][s[IPv6].hlim] = r[IPv6].src, t
3203 def traceroute6(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), argument
3205 """Instant TCP traceroute using IPv6
3206 traceroute6(target, [maxttl=30], [dport=80], [sport=80]) -> None
3212 a,b = sr(IPv6(dst=target, hlim=(minttl,maxttl))/TCP(seq=RandInt(),sport=sport, dport=dport),
3215 a,b = sr(IPv6(dst=target, hlim=(minttl,maxttl))/l4,
3274 if isinstance(p.payload, IPv6):
3301 if not (Ether in req and IPv6 in req and ICMPv6ND_NS in req):
3310 if req[IPv6].src != "::":
3313 # Check destination is the link-local solicited-node multicast
3314 # address associated with target address in received NS
3318 received_snma = inet_pton(socket.AF_INET6, req[IPv6].dst)
3345 unspecified address and sending a NS reply for the target address,
3350 - as target address the target address found in received NS.
3351 - as IPv6 source address: the unspecified address (::).
3352 - as IPv6 destination address: the link-local solicited-node multicast
3353 address derived from the target address in received NS.
3354 - the mac address of the interface as source (or reply_mac, see below).
3355 - the multicast mac address derived from the solicited node multicast
3356 address used as IPv6 destination address.
3365 This allows limiting the effects of the DoS to a single target by
3369 tgt_filter: Same as previous but for a specific target IPv6 address for
3370 received NS. If the target address in the NS message (not the IPv6
3372 be sent, i.e. the emitter will be a target of the DoS.
3385 dst = req[IPv6].dst
3387 rep = Ether(src=reply_mac)/IPv6(src="::", dst=dst)/ICMPv6ND_NS(tgt=tgt)
3390 print("Reply NS for target address %s (received from %s)" % (tgt, mac))
3401 unspecified address* and sending a NA reply for the target address,
3406 - as target address the target address found in received NS.
3407 - as IPv6 source address: the target address found in received NS.
3408 - as IPv6 destination address: the link-local solicited-node multicast
3409 address derived from the target address in received NS.
3410 - the mac address of the interface as source (or reply_mac, see below).
3411 - the multicast mac address derived from the solicited node multicast
3412 address used as IPv6 destination address.
3413 - A Target Link-Layer address option (ICMPv6NDOptDstLLAddr) filled
3423 This allows limiting the effects of the DoS to a single target by
3427 tgt_filter: Same as previous but for a specific target IPv6 address for
3428 received NS. If the target address in the NS message (not the IPv6
3430 be sent, i.e. the emitter will be a target of the DoS.
3434 address will also be used in the Target Link-Layer Address option.
3444 dst = req[IPv6].dst
3446 rep = Ether(src=reply_mac)/IPv6(src=tgt, dst=dst)
3451 print("Reply NA for target address %s (received from %s)" % (tgt, mac))
3468 - as target address the target address found in received NS.
3469 - as IPv6 source address: the target address
3470 - as IPv6 destination address: the source IPv6 address of received NS
3472 - the mac address of the interface as source (or reply_mac, see below).
3473 - the source mac address of the received NS as destination macs address
3475 - A Target Link-Layer address option (ICMPv6NDOptDstLLAddr)
3485 This allows limiting the effects of the DoS to a single target by
3489 tgt_filter: Same as previous but for a specific target IPv6 address for
3490 received NS. If the target address in the NS message (not the IPv6
3492 be sent, i.e. the emitter will be a target of the DoS.
3496 address will also be used in the Target Link-Layer Address option.
3503 reasons (kernel space vs. Python speed), when the target of the address
3510 genuine target (kernel stack) usually occurs in the same millisecond as
3523 if not (Ether in req and IPv6 in req and ICMPv6ND_NS in req):
3531 if req[IPv6].src == "::":
3538 dst = req[IPv6].dst
3542 # address of the packet is the link-local solicited node multicast
3543 # address associated with the target of the NS.
3545 # unicasting the NS to check the target is still alive (L2
3550 print("solicited node multicast @ does not match target @!")
3563 pkt = req[IPv6]
3566 rep = Ether(src=reply_mac, dst=mac)/IPv6(src=tgt, dst=src)
3567 rep /= ICMPv6ND_NA(tgt=tgt, S=1, R=router, O=1) # target from the NS
3570 # address, the Target Link-Layer Address option MAY be omitted"
3576 print("Reply NA for target address %s (received from %s)" % (tgt, mac))
3594 def NDP_Attack_NS_Spoofing(src_lladdr=None, src=None, target="2001:db8::1", argument
3602 currently performing DAD for the target of the NS). The entry's reachability
3605 The two main parameters of the function are the source link-layer address
3606 (carried by the Source Link-Layer Address option in the NS) and the
3615 src_lladdr: the MAC address used in the Source Link-Layer Address option
3617 associate in its neighbor cache with the IPv6 source address of the
3621 src: the IPv6 address used as source of the packet. If None is provided,
3625 target: the target address of the NS packet. If no value is provided,
3626 a dummy address (2001:db8::1) is used. The value of the target
3628 is not overridden. By default, the solicited-node multicast address
3629 associated with the target is used as destination address of the
3631 intend to use a target address different than the one of the victim.
3634 multicast address associated with the target address (see previous
3638 the attack to target all hosts on the link. On the contrary, if
3639 you want to be more stealth, you should provide the target address
3649 the IPv6 destination address is multicast (all-nodes, solicited
3657 When set to False, a single packet is sent.
3668 # Use provided MAC address as source link-layer address option
3687 # Compute the solicited-node multicast address
3688 # associated with the target address.
3690 in6_getnsma(inet_pton(socket.AF_INET6, target)))
3694 pkt /= IPv6(**ipv6_params)
3695 pkt /= ICMPv6ND_NS(tgt=target)
3706 sent by default routers (RA with a non-zero Router Lifetime values)
3714 By default, the function considers all RA messages with a non-zero
3717 With regard to emission, the multicast all-nodes address is used
3718 by default but a specific target can be used, in order for the DoS to
3732 ip_src_filter: an IPv6 address (e.g. fe80::21e:bff:fe4e:3b2) to filter
3736 value is None: the DoS is not limited to a specific IPv6 source
3751 if not (Ether in req and IPv6 in req and ICMPv6ND_RA in req):
3758 ip_src = req[IPv6].src
3776 src = req[IPv6].src
3787 rep = Ether(**ether_params)/IPv6(src=src, dst="ff02::1")
3828 (i.e. providing a packet starting with IPv6 will not work) in response
3834 >>> ra = Ether()/IPv6()/ICMPv6ND_RA()
3854 you intend to target only the source of the RS using this option,
3860 ip_src_filter: an IPv6 address (e.g. fe80::21e:bff:fe4e:3b2) to filter
3872 if not (Ether in req and IPv6 in req and ICMPv6ND_RS in req):
3879 ip_src = req[IPv6].src
3890 src = req[IPv6].src
3911 conf.l3types.register(ETH_P_IPV6, IPv6)
3912 conf.l2types.register(31, IPv6)
3913 conf.l2types.register(DLT_IPV6, IPv6)
3917 bind_layers(Ether, IPv6, type = 0x86dd )
3918 bind_layers(CookedLinux, IPv6, proto = 0x86dd )
3919 bind_layers(GRE, IPv6, proto = 0x86dd )
3920 bind_layers(SNAP, IPv6, code = 0x86dd )
3921 bind_layers(Loopback, IPv6, type = 0x1c )
3924 bind_layers(IPv6, TCP, nh = socket.IPPROTO_TCP )
3925 bind_layers(IPv6, UDP, nh = socket.IPPROTO_UDP )
3926 bind_layers(IP, IPv6, proto = socket.IPPROTO_IPV6 )
3927 bind_layers(IPv6, IPv6, nh = socket.IPPROTO_IPV6 )
3928 bind_layers(IPv6, IP, nh = socket.IPPROTO_IPIP )
3929 bind_layers(IPv6, GRE, nh = socket.IPPROTO_GRE )