#!/usr/bin/env python # -*- coding: utf-8 -*- # # routeradvert-scan.py: Scan for rogue IPv6 router advertisements. # # Copyright © 2010 Anders Kaseorg # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation files # (the “Software”), to deal in the Software without restriction, # including without limitation the rights to use, copy, modify, merge, # publish, distribute, sublicense, and/or sell copies of the Software, # and to permit persons to whom the Software is furnished to do so, # subject to the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. import errno import math import os import re import signal import socket import subprocess import sys import time # configuration interface = 'eth1' timeout = 30 zclass = 'andersk-auto' zinstance = '6to4' zsig = '%s on %s' % (sys.argv[0], socket.gethostname()) # end configuration mac_re = re.compile(r'^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$') seen_macs = {} def msg(m): os.spawnlp(os.P_WAIT, 'zwrite', 'zwrite', '-q', '-d', '-c', zclass, '-i', zinstance, '-s', zsig, '-m', m) def check_gone(): now = time.time() next = None for (mac, t) in seen_macs.items(): if t < now: del seen_macs[mac] msg('Gone 6to4 router: %s\nCurrent 6to4 routers: %s' % (mac, seen_macs.keys())) elif next is None or next > t: next = t if next is None: signal.alarm(0) else: signal.alarm(int(math.ceil(next - now))) msg('Starting %s' % sys.argv[0]) signal.signal(signal.SIGALRM, lambda signum, frame: check_gone()) p = subprocess.Popen(['tcpdump', '-elnp', '-i', interface, 'icmp6 and (ip6[40] = 134)'], stdout=subprocess.PIPE) while True: check_gone() while True: try: line = p.stdout.readline() except IOError, (e, s): if e == errno.EINTR: continue break signal.alarm(0) if line == '': break words = line.split() if len(words) >= 2 and mac_re.match(words[1]): mac = words[1] t = time.time() + timeout if mac in seen_macs: seen_macs[mac] = t else: seen_macs[mac] = t msg('New 6to4 router: %s\n%s\nCurrent 6to4 routers: %s' % (mac, line.rstrip('\n'), seen_macs.keys())) else: print >>sys.stderr, 'Unrecognized line: ', line.rstrip('\n')