git: 8c45c8982a07 - stable/12 - Upgrade (scapy) py2 tests to work on py3.

Kristof Provost kp at FreeBSD.org
Sun Jan 3 22:18:48 UTC 2021 

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=8c45c8982a071c8e9878fb4cc755e6a2e3f31718

commit 8c45c8982a071c8e9878fb4cc755e6a2e3f31718
Author:     Bjoern A. Zeeb <bz at FreeBSD.org>
AuthorDate: 2019-10-26 21:19:55 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-01-03 20:26:50 +0000

    Upgrade (scapy) py2 tests to work on py3.
    
    In order to move python2 out of the test framework to avoid py2 vs. py3
    confusions upgrade the remaining test cases using scapy to work with py3.
    That means only one version of scapy needs to be installed in the CI system.
    It also gives a path forward for testing i386 issues observed in the CI
    system with some of these tests.
    
    Fixes are:
    - Use default python from environment (which is 3.x these days).
    - properly ident some lines as common for the rest of the file to avoid
      errors.
    - cast the calculated offset to an int as the division result is considered
      a float which is not accepted input.
    - when comparing payload to a magic number make sure we always add the
      payload properly to the packet and do not try to compare string in
      the result but convert the data payload back into an integer.
    - fix print formating.
    
    Discussed with: lwhsu, kp (taking it off his todo :)
    MFC after:      2 weeks
    
    (cherry picked from commit f0297f121aee3ff9ae6de9d445fc4a7981385d05)
---
 tests/sys/netpfil/common/pft_ping.py  | 14 +++++++-------
 tests/sys/netpfil/pf/CVE-2019-5597.py |  5 +++--
 tests/sys/netpfil/pf/CVE-2019-5598.py | 14 +++++++-------
 3 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index e77d0835134f..da8edd9f7b63 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
 
 import argparse
 import scapy.all as sp
@@ -34,15 +34,15 @@ def check_ping4_request(args, packet):
 	raw = packet.getlayer(sp.Raw)
 	if not raw:
 		return False
-	if raw.load != str(PAYLOAD_MAGIC):
+	if int(raw.load) != PAYLOAD_MAGIC:
 		return False
 
 	# Wait to check expectations until we've established this is the packet we
 	# sent.
 	if args.expect_tos:
 		if ip.tos != int(args.expect_tos[0]):
-			print "Unexpected ToS value %d, expected %s" \
-				% (ip.tos, args.expect_tos[0])
+			print("Unexpected ToS value %d, expected %d" \
+				% (ip.tos, int(args.expect_tos[0])))
 			return False
 
 	return True
@@ -62,7 +62,7 @@ def check_ping6_request(args, packet):
 	icmp = packet.getlayer(sp.ICMPv6EchoRequest)
 	if not icmp:
 		return False
-	if icmp.data != str(PAYLOAD_MAGIC):
+	if int(icmp.data) != PAYLOAD_MAGIC:
 		return False
 
 	return True
@@ -71,7 +71,7 @@ def ping(send_if, dst_ip, args):
 	ether = sp.Ether()
 	ip = sp.IP(dst=dst_ip)
 	icmp = sp.ICMP(type='echo-request')
-	raw = sp.Raw(str(PAYLOAD_MAGIC))
+	raw = sp.raw(str(PAYLOAD_MAGIC))
 
 	if args.send_tos:
 		ip.tos = int(args.send_tos[0])
@@ -82,7 +82,7 @@ def ping(send_if, dst_ip, args):
 def ping6(send_if, dst_ip, args):
 	ether = sp.Ether()
 	ip6 = sp.IPv6(dst=dst_ip)
-	icmp = sp.ICMPv6EchoRequest(data=PAYLOAD_MAGIC)
+	icmp = sp.ICMPv6EchoRequest(data=sp.raw(str(PAYLOAD_MAGIC)))
 
 	req = ether / ip6 / icmp
 	sp.sendp(req, iface=send_if, verbose=False)
diff --git a/tests/sys/netpfil/pf/CVE-2019-5597.py b/tests/sys/netpfil/pf/CVE-2019-5597.py
index 524d26d72b2d..68579e99590c 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5597.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5597.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
 
 import random
 import scapy.all as sp
@@ -18,7 +18,8 @@ def main():
     padding = 8
     fid = random.randint(0,100000)
     frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0)
-    frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding/8)
+    foff_1 = (int)(padding/8)
+    frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=foff_1)
     
     pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \
             / sp.Raw('XXXX' * 199) \
diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py
index 1a019ea23fab..1a2619f7e52f 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5598.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5598.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
 
 import argparse
 import scapy.all as sp
@@ -38,18 +38,18 @@ def main():
 
 	args = parser.parse_args()
 
-        # Send the allowed packet to establish state
-        udp = sp.Ether() / \
-            sp.IP(src=args.src[0], dst=args.to[0]) / \
-            sp.UDP(dport=53, sport=1234)
-        sp.sendp(udp, iface=args.sendif[0], verbose=False)
+	# Send the allowed packet to establish state
+	udp = sp.Ether() / \
+	    sp.IP(src=args.src[0], dst=args.to[0]) / \
+	    sp.UDP(dport=53, sport=1234)
+	sp.sendp(udp, iface=args.sendif[0], verbose=False)
 
 	# Start sniffing on recvif
 	sniffer = Sniffer(args, check_icmp_error)
 
 	# Send the bad error packet
 	icmp_reachable = sp.Ether() / \
-            sp.IP(src=args.src[0], dst=args.to[0]) / \
+	    sp.IP(src=args.src[0], dst=args.to[0]) / \
 	    sp.ICMP(type=3, code=3) / \
 	    sp.IP(src="4.3.2.1", dst="1.2.3.4") / \
 	    sp.UDP(dport=53, sport=1234)

More information about the dev-commits-src-all mailing list