git: 8c45c8982a07 - stable/12 - Upgrade (scapy) py2 tests to work on py3.
Kristof Provost
kp at FreeBSD.org
Sun Jan 3 22:18:48 UTC 2021
The branch stable/12 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=8c45c8982a071c8e9878fb4cc755e6a2e3f31718
commit 8c45c8982a071c8e9878fb4cc755e6a2e3f31718
Author: Bjoern A. Zeeb <bz at FreeBSD.org>
AuthorDate: 2019-10-26 21:19:55 +0000
Commit: Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-01-03 20:26:50 +0000
Upgrade (scapy) py2 tests to work on py3.
In order to move python2 out of the test framework to avoid py2 vs. py3
confusions upgrade the remaining test cases using scapy to work with py3.
That means only one version of scapy needs to be installed in the CI system.
It also gives a path forward for testing i386 issues observed in the CI
system with some of these tests.
Fixes are:
- Use default python from environment (which is 3.x these days).
- properly ident some lines as common for the rest of the file to avoid
errors.
- cast the calculated offset to an int as the division result is considered
a float which is not accepted input.
- when comparing payload to a magic number make sure we always add the
payload properly to the packet and do not try to compare string in
the result but convert the data payload back into an integer.
- fix print formating.
Discussed with: lwhsu, kp (taking it off his todo :)
MFC after: 2 weeks
(cherry picked from commit f0297f121aee3ff9ae6de9d445fc4a7981385d05)
---
tests/sys/netpfil/common/pft_ping.py | 14 +++++++-------
tests/sys/netpfil/pf/CVE-2019-5597.py | 5 +++--
tests/sys/netpfil/pf/CVE-2019-5598.py | 14 +++++++-------
3 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index e77d0835134f..da8edd9f7b63 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
import argparse
import scapy.all as sp
@@ -34,15 +34,15 @@ def check_ping4_request(args, packet):
raw = packet.getlayer(sp.Raw)
if not raw:
return False
- if raw.load != str(PAYLOAD_MAGIC):
+ if int(raw.load) != PAYLOAD_MAGIC:
return False
# Wait to check expectations until we've established this is the packet we
# sent.
if args.expect_tos:
if ip.tos != int(args.expect_tos[0]):
- print "Unexpected ToS value %d, expected %s" \
- % (ip.tos, args.expect_tos[0])
+ print("Unexpected ToS value %d, expected %d" \
+ % (ip.tos, int(args.expect_tos[0])))
return False
return True
@@ -62,7 +62,7 @@ def check_ping6_request(args, packet):
icmp = packet.getlayer(sp.ICMPv6EchoRequest)
if not icmp:
return False
- if icmp.data != str(PAYLOAD_MAGIC):
+ if int(icmp.data) != PAYLOAD_MAGIC:
return False
return True
@@ -71,7 +71,7 @@ def ping(send_if, dst_ip, args):
ether = sp.Ether()
ip = sp.IP(dst=dst_ip)
icmp = sp.ICMP(type='echo-request')
- raw = sp.Raw(str(PAYLOAD_MAGIC))
+ raw = sp.raw(str(PAYLOAD_MAGIC))
if args.send_tos:
ip.tos = int(args.send_tos[0])
@@ -82,7 +82,7 @@ def ping(send_if, dst_ip, args):
def ping6(send_if, dst_ip, args):
ether = sp.Ether()
ip6 = sp.IPv6(dst=dst_ip)
- icmp = sp.ICMPv6EchoRequest(data=PAYLOAD_MAGIC)
+ icmp = sp.ICMPv6EchoRequest(data=sp.raw(str(PAYLOAD_MAGIC)))
req = ether / ip6 / icmp
sp.sendp(req, iface=send_if, verbose=False)
diff --git a/tests/sys/netpfil/pf/CVE-2019-5597.py b/tests/sys/netpfil/pf/CVE-2019-5597.py
index 524d26d72b2d..68579e99590c 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5597.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5597.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
import random
import scapy.all as sp
@@ -18,7 +18,8 @@ def main():
padding = 8
fid = random.randint(0,100000)
frag_0 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=1, offset=0)
- frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=padding/8)
+ foff_1 = (int)(padding/8)
+ frag_1 = sp.IPv6ExtHdrFragment(id=fid, nh=UDP_PROTO, m=0, offset=foff_1)
pkt1_opts = sp.AH(nh=AH_PROTO, payloadlen=200) \
/ sp.Raw('XXXX' * 199) \
diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py
index 1a019ea23fab..1a2619f7e52f 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5598.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5598.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python2.7
+#!/usr/bin/env python
import argparse
import scapy.all as sp
@@ -38,18 +38,18 @@ def main():
args = parser.parse_args()
- # Send the allowed packet to establish state
- udp = sp.Ether() / \
- sp.IP(src=args.src[0], dst=args.to[0]) / \
- sp.UDP(dport=53, sport=1234)
- sp.sendp(udp, iface=args.sendif[0], verbose=False)
+ # Send the allowed packet to establish state
+ udp = sp.Ether() / \
+ sp.IP(src=args.src[0], dst=args.to[0]) / \
+ sp.UDP(dport=53, sport=1234)
+ sp.sendp(udp, iface=args.sendif[0], verbose=False)
# Start sniffing on recvif
sniffer = Sniffer(args, check_icmp_error)
# Send the bad error packet
icmp_reachable = sp.Ether() / \
- sp.IP(src=args.src[0], dst=args.to[0]) / \
+ sp.IP(src=args.src[0], dst=args.to[0]) / \
sp.ICMP(type=3, code=3) / \
sp.IP(src="4.3.2.1", dst="1.2.3.4") / \
sp.UDP(dport=53, sport=1234)
More information about the dev-commits-src-all
mailing list