Date: Sat, 26 Oct 2019 21:19:55 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354121 - in head/tests/sys/netpfil: common pf Message-ID: <201910262119.x9QLJtF2086963@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Sat Oct 26 21:19:55 2019 New Revision: 354121 URL: https://svnweb.freebsd.org/changeset/base/354121 Log: Upgrade (scapy) py2 tests to work on py3. In order to move python2 out of the test framework to avoid py2 vs. py3 confusions upgrade the remaining test cases using scapy to work with py3. That means only one version of scapy needs to be installed in the CI system. It also gives a path forward for testing i386 issues observed in the CI system with some of these tests. Fixes are: - Use default python from environment (which is 3.x these days). - properly ident some lines as common for the rest of the file to avoid errors. - cast the calculated offset to an int as the division result is considered a float which is not accepted input. - when comparing payload to a magic number make sure we always add the payload properly to the packet and do not try to compare string in the result but convert the data payload back into an integer. - fix print formating. Discussed with: lwhsu, kp (taking it off his todo :) MFC after: 2 weeks Modified: head/tests/sys/netpfil/common/pft_ping.py head/tests/sys/netpfil/pf/CVE-2019-5597.py head/tests/sys/netpfil/pf/CVE-2019-5598.py Modified: head/tests/sys/netpfil/common/pft_ping.py ============================================================================== --- head/tests/sys/netpfil/common/pft_ping.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/common/pft_ping.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -34,15 +34,15 @@ def check_ping4_request(args, packet): raw = packet.getlayer(sp.Raw) if not raw: return False - if raw.load != str(PAYLOAD_MAGIC): + if int(raw.load) != PAYLOAD_MAGIC: return False # Wait to check expectations until we've established this is the packet we # sent. if args.expect_tos: if ip.tos != int(args.expect_tos[0]): - print "Unexpected ToS value %d, expected %s" \ - % (ip.tos, args.expect_tos[0]) + print("Unexpected ToS value %d, expected %d" \ + % (ip.tos, int(args.expect_tos[0]))) return False return True @@ -62,7 +62,7 @@ def check_ping6_request(args, packet): icmp = packet.getlayer(sp.ICMPv6EchoRequest) if not icmp: return False - if icmp.data != str(PAYLOAD_MAGIC): + if int(icmp.data) != PAYLOAD_MAGIC: return False return True @@ -71,7 +71,7 @@ def ping(send_if, dst_ip, args): ether = sp.Ether() ip = sp.IP(dst=dst_ip) icmp = sp.ICMP(type='echo-request') - raw = sp.Raw(str(PAYLOAD_MAGIC)) + raw = sp.raw(str(PAYLOAD_MAGIC)) if args.send_tos: ip.tos = int(args.send_tos[0]) @@ -82,7 +82,7 @@ def ping(send_if, dst_ip, args): def ping6(send_if, dst_ip, args): ether = sp.Ether() ip6 = sp.IPv6(dst=dst_ip) - icmp = sp.ICMPv6EchoRequest(data=PAYLOAD_MAGIC) + icmp = sp.ICMPv6EchoRequest(data=sp.raw(str(PAYLOAD_MAGIC))) req = ether / ip6 / icmp sp.sendp(req, iface=send_if, verbose=False) Modified: head/tests/sys/netpfil/pf/CVE-2019-5597.py ============================================================================== --- head/tests/sys/netpfil/pf/CVE-2019-5597.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/pf/CVE-2019-5597.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import random import scapy.all as sp @@ -18,7 +18,8 @@ def main(): padding = 8 fid = random.randint(0,100000) frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0) - frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding/8) + foff_1 = (int)(padding/8) + frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=foff_1) pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \ / sp.Raw('XXXX' * 199) \ Modified: head/tests/sys/netpfil/pf/CVE-2019-5598.py ============================================================================== --- head/tests/sys/netpfil/pf/CVE-2019-5598.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/pf/CVE-2019-5598.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -38,18 +38,18 @@ def main(): args = parser.parse_args() - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) + # Send the allowed packet to establish state + udp = sp.Ether() / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.UDP(dport=53, sport=1234) + sp.sendp(udp, iface=args.sendif[0], verbose=False) # Start sniffing on recvif sniffer = Sniffer(args, check_icmp_error) # Send the bad error packet icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ sp.ICMP(type=3, code=3) / \ sp.IP(src="4.3.2.1", dst="1.2.3.4") / \ sp.UDP(dport=53, sport=1234)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910262119.x9QLJtF2086963>