我是新手。我尝试使用选项字段创建IP数据包,该字段的安全性设置为下面的代码。
packet = IP(dst="10.230.228.146", options=IPOption('\x81\x30'))
但是每次我尝试运行它时,它都会抛出一个ICMP答复,其类型字段设置为12,代码字段设置为0,指针字段也设置为0。
<IP version=4 ihl=5 tos=0x0 len=52 id=16349 flags= frag=0 ttl=128 proto=icmp
chksum=0x7793 src=10.*.*.* dst=10.*.*.* | <ICMP type=parameter-problem
code=ip-header-bad chksum=0xf3ea ptr=0 length=0 unused=None | <IPerror
version=4 ihl=6 tos=0x0 len=24 id=1 flags= frag=0 ttl=64 proto=ip chksum=0x40b
src=10.*.*.* dst=10.*.*.* options=[<IPOption_Security copy_flag=1
optclass=debug option=security length=129 security=12288 |>] |>>>
如果您知道如何解决此问题,请提供帮助。
谢谢
我尝试创建一个IP数据包,该IP数据包的选项字段的安全性设置为下面的代码。
packet = IP(dst="10.230.228.146", options=IPOption('\x81\x30'))
我收到此ICMP消息作为响应。
<IP version=4 ihl=5 tos=0x0 len=52 id=16349 flags= frag=0 ttl=128 proto=icmp
chksum=0x7793 src=10.*.*.* dst=10.*.*.* |<ICMP type=parameter-problem
code=ip-header-bad chksum=0xf3ea ptr=0 length=0 unused=None |<IPerror version=4
ihl=6 tos=0x0 len=24 id=1 flags= frag=0 ttl=64 proto=ip chksum=0x40b
src=10.*.*.* dst=10.*.*.* options=[<IPOption_Security copy_flag=1
optclass=debug option=security length=129 security=12288 |>] |>>>
请帮助纠正此问题。
答案 0 :(得分:0)
我不知道您在哪里提出这些选择。如果要将选项复制到所有片段,则可以将高位设置为1。然后,对于该类,您有两个位,对于“ 调试和测量”,它们为10。接下来的五位用于数字,对于“ Internet时间戳”,该数字为00100。
在那之后,您还有其他值。在 RFC 791, Internet Protocol 中有明确的解释:
Internet Timestamp +--------+--------+--------+--------+ |01000100| length | pointer|oflw|flg| +--------+--------+--------+--------+ | internet address | +--------+--------+--------+--------+ | timestamp | +--------+--------+--------+--------+ | . | . . Type = 68 The Option Length is the number of octets in the option counting the type, length, pointer, and overflow/flag octets (maximum length 40). The Pointer is the number of octets from the beginning of this option to the end of timestamps plus one (i.e., it points to the octet beginning the space for next timestamp). The smallest legal value is 5. The timestamp area is full when the pointer is greater than the length. The Overflow (oflw) [4 bits] is the number of IP modules that cannot register timestamps due to lack of space. The Flag (flg) [4 bits] values are 0 -- time stamps only, stored in consecutive 32-bit words, 1 -- each timestamp is preceded with internet address of the registering entity, 3 -- the internet address fields are prespecified. An IP module only registers its timestamp if it matches its own address with the next specified internet address. The Timestamp is a right-justified, 32-bit timestamp in milliseconds since midnight UT. If the time is not available in milliseconds or cannot be provided with respect to midnight UT then any time may be inserted as a timestamp provided the high order bit of the timestamp field is set to one to indicate the use of a non-standard value. The originating host must compose this option with a large enough timestamp data area to hold all the timestamp information expected. The size of the option does not change due to adding timestamps. The intitial contents of the timestamp data area must be zero or internet address/zero pairs. If the timestamp data area is already full (the pointer exceeds the length) the datagram is forwarded without inserting the timestamp, but the overflow count is incremented by one. If there is some room but not enough room for a full timestamp to be inserted, or the overflow count itself overflows, the original datagram is considered to be in error and is discarded. In either case an ICMP parameter problem message may be sent to the source host [3]. The timestamp option is not copied upon fragmentation. It is carried in the first fragment. Appears at most once in a datagram.填充:可变
The internet header padding is used to ensure that the internet header ends on a 32 bit boundary. The padding is zero.