From owner-svn-src-all@freebsd.org Sat Oct 26 21:19:56 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A5A81596D4; Sat, 26 Oct 2019 21:19:56 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 470v5837jfz4cwd; Sat, 26 Oct 2019 21:19:56 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5024FDF81; Sat, 26 Oct 2019 21:19:56 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x9QLJusd086966; Sat, 26 Oct 2019 21:19:56 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x9QLJtF2086963; Sat, 26 Oct 2019 21:19:55 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201910262119.x9QLJtF2086963@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Sat, 26 Oct 2019 21:19:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354121 - in head/tests/sys/netpfil: common pf X-SVN-Group: head X-SVN-Commit-Author: bz X-SVN-Commit-Paths: in head/tests/sys/netpfil: common pf X-SVN-Commit-Revision: 354121 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Oct 2019 21:19:56 -0000 Author: bz Date: Sat Oct 26 21:19:55 2019 New Revision: 354121 URL: https://svnweb.freebsd.org/changeset/base/354121 Log: Upgrade (scapy) py2 tests to work on py3. In order to move python2 out of the test framework to avoid py2 vs. py3 confusions upgrade the remaining test cases using scapy to work with py3. That means only one version of scapy needs to be installed in the CI system. It also gives a path forward for testing i386 issues observed in the CI system with some of these tests. Fixes are: - Use default python from environment (which is 3.x these days). - properly ident some lines as common for the rest of the file to avoid errors. - cast the calculated offset to an int as the division result is considered a float which is not accepted input. - when comparing payload to a magic number make sure we always add the payload properly to the packet and do not try to compare string in the result but convert the data payload back into an integer. - fix print formating. Discussed with: lwhsu, kp (taking it off his todo :) MFC after: 2 weeks Modified: head/tests/sys/netpfil/common/pft_ping.py head/tests/sys/netpfil/pf/CVE-2019-5597.py head/tests/sys/netpfil/pf/CVE-2019-5598.py Modified: head/tests/sys/netpfil/common/pft_ping.py ============================================================================== --- head/tests/sys/netpfil/common/pft_ping.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/common/pft_ping.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -34,15 +34,15 @@ def check_ping4_request(args, packet): raw = packet.getlayer(sp.Raw) if not raw: return False - if raw.load != str(PAYLOAD_MAGIC): + if int(raw.load) != PAYLOAD_MAGIC: return False # Wait to check expectations until we've established this is the packet we # sent. if args.expect_tos: if ip.tos != int(args.expect_tos[0]): - print "Unexpected ToS value %d, expected %s" \ - % (ip.tos, args.expect_tos[0]) + print("Unexpected ToS value %d, expected %d" \ + % (ip.tos, int(args.expect_tos[0]))) return False return True @@ -62,7 +62,7 @@ def check_ping6_request(args, packet): icmp = packet.getlayer(sp.ICMPv6EchoRequest) if not icmp: return False - if icmp.data != str(PAYLOAD_MAGIC): + if int(icmp.data) != PAYLOAD_MAGIC: return False return True @@ -71,7 +71,7 @@ def ping(send_if, dst_ip, args): ether = sp.Ether() ip = sp.IP(dst=dst_ip) icmp = sp.ICMP(type='echo-request') - raw = sp.Raw(str(PAYLOAD_MAGIC)) + raw = sp.raw(str(PAYLOAD_MAGIC)) if args.send_tos: ip.tos = int(args.send_tos[0]) @@ -82,7 +82,7 @@ def ping(send_if, dst_ip, args): def ping6(send_if, dst_ip, args): ether = sp.Ether() ip6 = sp.IPv6(dst=dst_ip) - icmp = sp.ICMPv6EchoRequest(data=PAYLOAD_MAGIC) + icmp = sp.ICMPv6EchoRequest(data=sp.raw(str(PAYLOAD_MAGIC))) req = ether / ip6 / icmp sp.sendp(req, iface=send_if, verbose=False) Modified: head/tests/sys/netpfil/pf/CVE-2019-5597.py ============================================================================== --- head/tests/sys/netpfil/pf/CVE-2019-5597.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/pf/CVE-2019-5597.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import random import scapy.all as sp @@ -18,7 +18,8 @@ def main(): padding = 8 fid = random.randint(0,100000) frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0) - frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding/8) + foff_1 = (int)(padding/8) + frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=foff_1) pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \ / sp.Raw('XXXX' * 199) \ Modified: head/tests/sys/netpfil/pf/CVE-2019-5598.py ============================================================================== --- head/tests/sys/netpfil/pf/CVE-2019-5598.py Sat Oct 26 19:20:59 2019 (r354120) +++ head/tests/sys/netpfil/pf/CVE-2019-5598.py Sat Oct 26 21:19:55 2019 (r354121) @@ -1,4 +1,4 @@ -#!/usr/local/bin/python2.7 +#!/usr/bin/env python import argparse import scapy.all as sp @@ -38,18 +38,18 @@ def main(): args = parser.parse_args() - # Send the allowed packet to establish state - udp = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ - sp.UDP(dport=53, sport=1234) - sp.sendp(udp, iface=args.sendif[0], verbose=False) + # Send the allowed packet to establish state + udp = sp.Ether() / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.UDP(dport=53, sport=1234) + sp.sendp(udp, iface=args.sendif[0], verbose=False) # Start sniffing on recvif sniffer = Sniffer(args, check_icmp_error) # Send the bad error packet icmp_reachable = sp.Ether() / \ - sp.IP(src=args.src[0], dst=args.to[0]) / \ + sp.IP(src=args.src[0], dst=args.to[0]) / \ sp.ICMP(type=3, code=3) / \ sp.IP(src="4.3.2.1", dst="1.2.3.4") / \ sp.UDP(dport=53, sport=1234)