Name

nexp-ip — Internet Protocol (IP) version 4 support for Network Expect

Synopsis

PDU definition:

ip ( [version=num,] [src=ipaddr,] [dst=ipaddr,] [ttl=num,] [length=num,] [cksum= num,] [ihl=num,] [tos=num,] [fragoff=num,] [proto=num,] [id=num,] [options(IPv4 options)] )

PDU decoding:

$ip(version), $ip(ihl), $ip(id), $ip(ttl), $ip(tot_len), $ip(protocol) $ip(src), $ip(dst), $iperror(version), $iperror(ihl), $iperror(id), $iperror(ttl), $iperror(tot_len), $iperror(protocol), $iperror(src), $iperror(dst)

PDU Definition

The following parameters allow to define the different parts of an IPv4 protocol data unit (PDU) in Network Expect:

version = NUMSPEC

The 4-bit Version field of the Internet Protocol header. Default: 4.

src = NUMSPEC

Specifies the source IP address. IP addresses can be specified in numeric format (separated by dots) or by fully-qualified domain name (FQDN), in which case the name is resolved to its IP address. Note that this is a numeric specification. Default: IP address of egress interface.

dst = NUMSPEC

Specifies the destination IP address. IP addresses can be specified in numeric format (separated by dots) or by fully-qualified domain name (FQDN), in which case the name is resolved to its IP address. Note that this is a numeric specification.

id = NUMSPEC

Specifies the value of the ID field in the IPv4 header. Default: 256 for little endian architectures and 1 for big endian architectures.

ttl = NUMSPEC

Specifies the value of the Time-to-live field in the IPv4 header. Default: 64.

tos = NUMSPEC

Specifies the value of the Type Of Service field in the IPv4 header. Default: 0.

options( [eol,] [nop,] [raw=PAYLOADSPEC,] [rr(record route definition),] [lsrr(record route definition),] [ssrr(record route definition)] )

Defines IPv4 options. The following IPv4 options are available:

eol

Specifies that an IP end-of-option-list option be added to the IPv4 header. Note that when specifying IPv4 options it is up to the user to make sure that the correct padding is specified so the entire option section is correctly aligned. nop options should be used to pad between options and eol should be used to pad at the end of the option list. See RFC 791 to know about padding requirements. You need to make sure that the IP header has enough space for this option. Remember that the IP header only has space for 40 bytes of options.

nop

Specifies that an IP no-operation option be added to the IPv4 header. Note that when specifying IPv4 options it is up to the user to make sure that the correct padding is specified so the entire option section is correctly aligned. nop options should be used to pad between options and eol should be used to pad at the end of the option list. See RFC 791 to know about padding requirements. You need to make sure that the IP header has enough space for this option. Remember that the IP header only has space for 40 bytes of options.

raw = PAYLOADSPEC

Defines a raw IP option which allows to enter arbitrary values in the option definition. PAYLOADSPEC is a payload specification.

rr( [length=num,] [ptr=num,] [router=hostname or IP addr,] ...)

Specifies that an IP record-route option be added to the IPv4 header. The option definition uses the following parameters:

length=number

Specifies the total space that should be reserved for this option. It is not a numeric specification, just a number.

ptr=number

Another number and not a numeric specification, represents the value of the PTR field in the option.

router=hostname or IP addr

After specifying length and pointer a list of IP addresses can optionally follow. IP addresses can be specified in numeric format (separated by dots) or by fully-qualified domain name (FQDN), in which case the name is resolved to its IP address. Note that fields are separated by commas and that no space between commas is allowed. You need to make sure that the IP header has enough space for this option. Remember that the IP header only has space for 40 bytes of options.

lsrr( [length=num,] [ptr=num,] [router=hostname or IP addr,] ...)

Specifies that an IP loose-source, record-route option be added to the IPv4 header. The parameters of the option definition are explained above in the description of the rr option. You need to make sure that the IP header has enough space for this option. Remember that the IP header only has space for 40 bytes of options.

ssrr( [length=num,] [ptr=num,] [router=hostname or IP addr,] ...)

Specifies that an IP strict-source, record-route option be added to the IPv4 header. The parameters of the option definition are explained above in the description of the rr option. You need to make sure that the IP header has enough space for this option. Remember that the IP header only has space for 40 bytes of options.

protocol = NUMSPEC

Specifies the value of the Protocol field in the IPv4 header. You should only use this option if you are not specifying a higher layer protocol like UDP, TCP or ICMP, and want to inject a raw IPv4 payload. Default: IP protocol number if upper layer protocol is known.

PDU Decoding

The following Tcl variables are available to Tcl scripts after any Network Expect command that reads and decodes packets has decoded a packet. Commands that read and decode packets include the expect_network family of commands as well as the pdu decode command.

$ip(version)

The 4-bit Version field of the Internet Protocol header of the received packet.

$ip(ihl)

The 4-bit Internet Header Name (IHL) field in the Internet Protocol header of the received packet.

$ip(id)

The 16-bit Identification field in the Internet Protocol header of the received packet.

$ip(ttl)

The 8-bit Time to Live (TTL) field in the Internet Protocol header of the received packet.

$ip(tot_len)

The 16-bit Total Length field in the Internet Protocol header of the received packet.

$ip(protocol)

The 8-bit Protocol field in the Internet Protocol header of the received packet.

$ip(src)

The source IP address of the received IP packet.

$ip(dst)

The destination IP address of the received IP packet.

$iperror(version)

The 4-bit Version field of the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(ihl)

The 4-bit Internet Header Name (IHL) field in the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(id)

The 16-bit Identification field in the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(ttl)

The 8-bit Time to Live (TTL) field in the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(tot_len)

The 16-bit Total Length field in the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(protocol)

The 8-bit Protocol field in the Internet Protocol header of the packet embedded in the received ICMP error message.

$iperror(src)

The source IP address of the IP packet embedded in the received ICMP error message.

$iperror(dst)

The destination IP address of the IP packet embedded in the received ICMP error message.

send_expect Support

Network Expect IP version 4 PDUs support the send_expect command.

The hash of an IP version 4 PDU is the bitwise exclusive OR (XOR) of the source and destination IP addresses (4 bytes) followed by the IP protocol field (1 byte) for a hash total length of 5 bytes.

A received IP version 4 PDU is considered to be a response to an injected stimulus if the hash of the received IP packet is the same to that of the injected stimulus and the IP protocol field is the same in both the received and injected packets and the source IP address of the received packet is the destination IP address of the injected stimulus.

Please note that IP packets can be embedded in ICMP error messages.

Examples

  1. A simple IP packet:

    ip(dst = www.netexpect.org, ttl = 64)
    	
  2. An IP packet with simple options:

    ip(dst = www.netexpect.org, options(nop, nop, nop, eol) )
    	
  3. The same IP packet but using a raw option:

    ip(dst = www.netexpect.org, options(raw='\x01\x01\x01\x00') )
    	
  4. An IP packet with a record-route option:

    ip(dst = www.netexpect.org, options(rr(length = 7, ptr = 4, \
        router = 30.30.30.30) ) )
    	

VERSION

This man page is correct for version 1.0 of Network Expect.

SEE ALSO

nexp(1), nexp-numspec(1), nexp-payload(1), RFC 791

AUTHOR

IP version 4 support for Network Expect was written by Eloy Paris <peloy@netexpect.org>. The "Send and Expect" functionality of the IPv4 modules was borrowed from Scapy, the packet manipulation program written in Python by Philippe Biondi.

This man page was written by Eloy Paris.