From owner-dev-commits-src-branches@freebsd.org Sun Jan 3 22:18:48 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8AA684C128F; Sun, 3 Jan 2021 22:18:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D8CpJ3VMpz4qp6; Sun, 3 Jan 2021 22:18:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6A32E749C; Sun, 3 Jan 2021 22:18:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 103MImNU020389; Sun, 3 Jan 2021 22:18:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 103MIm5c020388; Sun, 3 Jan 2021 22:18:48 GMT (envelope-from git) Date: Sun, 3 Jan 2021 22:18:48 GMT Message-Id: <202101032218.103MIm5c020388@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 8c45c8982a07 - stable/12 - Upgrade (scapy) py2 tests to work on py3. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 8c45c8982a071c8e9878fb4cc755e6a2e3f31718 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jan 2021 22:18:48 -0000 The branch stable/12 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=8c45c8982a071c8e9878fb4cc755e6a2e3f31718 commit 8c45c8982a071c8e9878fb4cc755e6a2e3f31718 Author: Bjoern A. Zeeb AuthorDate: 2019-10-26 21:19:55 +0000 Commit: Kristof Provost CommitDate: 2021-01-03 20:26:50 +0000 Upgrade (scapy) py2 tests to work on py3. In order to move python2 out of the test framework to avoid py2 vs. py3 confusions upgrade the remaining test cases using scapy to work with py3. That means only one version of scapy needs to be installed in the CI system. It also gives a path forward for testing i386 issues observed in the CI system with some of these tests. Fixes are: - Use default python from environment (which is 3.x these days). - properly ident some lines as common for the rest of the file to avoid errors. - cast the calculated offset to an int as the division result is considered a float which is not accepted input. - when comparing payload to a magic number make sure we always add the payload properly to the packet and do not try to compare string in the result but convert the data payload back into an integer. - fix print formating. Discussed with: lwhsu, kp (taking it off his todo :) MFC after: 2 weeks (cherry picked from commit f0297f121aee3ff9ae6de9d445fc4a7981385d05) --- tests/sys/netpfil/common/pft_ping.py | 14 +++++++------- tests/sys/netpfil/pf/CVE-2019-5597.py | 5 +++-- tests/sys/netpfil/pf/CVE-2019-5598.py | 14 +++++++------- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py index e77d0835134f..da8edd9f7b63 100644 --- a/tests/sys/netpfil/common/pft_ping.py +++ b/tests/sys/netpfil/common/pft_ping.py @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -34,15 +34,15 @@ def check_ping4_request(args, packet): raw = packet.getlayer(sp.Raw) if not raw: return False - if raw.load != str(PAYLOAD_MAGIC): + if int(raw.load) != PAYLOAD_MAGIC: return False # Wait to check expectations until we've established this is the packet we # sent. if args.expect_tos: if ip.tos != int(args.expect_tos[0]): - print "Unexpected ToS value %d, expected %s" \ - % (ip.tos, args.expect_tos[0]) + print("Unexpected ToS value %d, expected %d" \ + % (ip.tos, int(args.expect_tos[0]))) return False return True @@ -62,7 +62,7 @@ def check_ping6_request(args, packet): icmp = packet.getlayer(sp.ICMPv6EchoRequest) if not icmp: return False - if icmp.data != str(PAYLOAD_MAGIC): + if int(icmp.data) != PAYLOAD_MAGIC: return False return True @@ -71,7 +71,7 @@ def ping(send_if, dst_ip, args): ether = sp.Ether() ip = sp.IP(dst=dst_ip) icmp = sp.ICMP(type='echo-request') - raw = sp.Raw(str(PAYLOAD_MAGIC)) + raw = sp.raw(str(PAYLOAD_MAGIC)) if args.send_tos: ip.tos = int(args.send_tos[0]) @@ -82,7 +82,7 @@ def ping(send_if, dst_ip, args): def ping6(send_if, dst_ip, args): ether = sp.Ether() ip6 = sp.IPv6(dst=dst_ip) - icmp = sp.ICMPv6EchoRequest(data=PAYLOAD_MAGIC) + icmp = sp.ICMPv6EchoRequest(data=sp.raw(str(PAYLOAD_MAGIC))) req = ether / ip6 / icmp sp.sendp(req, iface=send_if, verbose=False) diff --git a/tests/sys/netpfil/pf/CVE-2019-5597.py b/tests/sys/netpfil/pf/CVE-2019-5597.py index 524d26d72b2d..68579e99590c 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5597.py +++ b/tests/sys/netpfil/pf/CVE-2019-5597.py @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import random import scapy.all as sp @@ -18,7 +18,8 @@ def main(): padding = 8 fid = random.randint(0,100000) frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0) - frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding/8) + foff_1 = (int)(padding/8) + frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=foff_1) pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \ / sp.Raw('XXXX' * 199) \ diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 1a019ea23fab..1a2619f7e52f 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -38,18 +38,18 @@ def main(): args = parser.parse_args() - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) + # Send the allowed packet to establish state + udp = sp.Ether() / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.UDP(dport=53, sport=1234) + sp.sendp(udp, iface=args.sendif[0], verbose=False) # Start sniffing on recvif sniffer = Sniffer(args, check_icmp_error) # Send the bad error packet icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ sp.ICMP(type=3, code=3) / \ sp.IP(src="4.3.2.1", dst="1.2.3.4") / \ sp.UDP(dport=53, sport=1234)