git: 8968ad84e959 - stable/13 - netpfil tests: improve sniffer.py

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Sun, 29 Jan 2023 07:50:50 UTC
The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=8968ad84e959d31d059c4c2990fe2d7554613ac0

commit 8968ad84e959d31d059c4c2990fe2d7554613ac0
Author:     Kajetan Staszkiewicz <vegeta@tuxpowered.net>
AuthorDate: 2023-01-20 01:40:34 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-01-29 05:37:46 +0000

    netpfil tests: improve sniffer.py
    
    Multiple improvements to sniffer.py:
    
    * Remove ambiguity of configuring recvif, it must be now explicitly specified.
    * Don't catch exceptions around creating the sniffer, let it properly
      fail and display the whole stack trace.
    * Count correct packets so that duplicates can be found.
    
    MFC after:      1 week
    Sponsored by:   InnoGames GmbH
    Differential Revision:  https://reviews.freebsd.org/D38120
    
    (cherry picked from commit a39dedeb31052ec74b0cd394d56f8d7cc8534645)
---
 tests/sys/net/pcp.py                       |  4 ++--
 tests/sys/net/stp.py                       |  4 ++--
 tests/sys/netpfil/common/pft_icmp_check.py |  4 ++--
 tests/sys/netpfil/common/pft_ping.py       | 10 +++++-----
 tests/sys/netpfil/common/sniffer.py        | 20 +++++++-------------
 tests/sys/netpfil/pf/CVE-2019-5598.py      |  4 ++--
 6 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/tests/sys/net/pcp.py b/tests/sys/net/pcp.py
index cea88faaf438..c0b6d4efc3b0 100644
--- a/tests/sys/net/pcp.py
+++ b/tests/sys/net/pcp.py
@@ -61,11 +61,11 @@ def main():
 
 	args = parser.parse_args()
 
-	sniffer = Sniffer(args, check_pcp, recvif=args.recvif[0], timeout=20)
+	sniffer = Sniffer(args, check_pcp, args.recvif[0], timeout=20)
 
 	sniffer.join()
 
-	if sniffer.foundCorrectPacket:
+	if sniffer.correctPackets:
 		sys.exit(0)
 
 	sys.exit(1)
diff --git a/tests/sys/net/stp.py b/tests/sys/net/stp.py
index 3e7d011efdd1..dc6634fb7279 100644
--- a/tests/sys/net/stp.py
+++ b/tests/sys/net/stp.py
@@ -100,14 +100,14 @@ def main():
 
 	args = parser.parse_args()
 
-	sniffer = Sniffer(args, check_stp)
+	sniffer = Sniffer(args, check_stp, args.recvif[0])
 
 	invalid_stp(args.sendif[0])
 
 	sniffer.join()
 
 	# The 'correct' packet is a corrupt STP packet, so it shouldn't turn up.
-	if sniffer.foundCorrectPacket:
+	if sniffer.correctPackets:
 		sys.exit(1)
 
 if __name__ == '__main__':
diff --git a/tests/sys/netpfil/common/pft_icmp_check.py b/tests/sys/netpfil/common/pft_icmp_check.py
index e3c5b927aa63..070465a198f7 100644
--- a/tests/sys/netpfil/common/pft_icmp_check.py
+++ b/tests/sys/netpfil/common/pft_icmp_check.py
@@ -96,14 +96,14 @@ def main():
 	args = parser.parse_args()
 	sniffer = None
 	if not args.recvif is None:
-		sniffer = Sniffer(args, check_icmp_too_big)
+		sniffer = Sniffer(args, check_icmp_too_big, args.recvif[0])
 
 	ping(args.sendif[0], args.to[0], args)
 
 	if sniffer:
 		sniffer.join()
 
-		if sniffer.foundCorrectPacket:
+		if sniffer.correctPackets:
 			sys.exit(0)
 		else:
 			sys.exit(1)
diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index 9cc7c5d5c5c0..20d4164c6e3e 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -290,16 +290,16 @@ def main():
 		if args.tcpsyn:
 			checkfn=check_tcpsyn
 
-		sniffer = Sniffer(args, checkfn)
+		sniffer = Sniffer(args, checkfn, args.recvif[0])
 
 	replysniffer = None
 	if not args.replyif is None:
 		checkfn=check_ping_reply
-		replysniffer = Sniffer(args, checkfn, recvif=args.replyif[0])
+		replysniffer = Sniffer(args, checkfn, args.replyif[0])
 
 	dupsniffer = None
 	if args.checkdup is not None:
-		dupsniffer = Sniffer(args, check_dup, recvif=args.checkdup[0])
+		dupsniffer = Sniffer(args, check_dup, args.checkdup[0])
 
 	if args.tcpsyn:
 		tcpsyn(args.sendif[0], args.to[0], args)
@@ -317,7 +317,7 @@ def main():
 	if sniffer:
 		sniffer.join()
 
-		if sniffer.foundCorrectPacket:
+		if sniffer.correctPackets:
 			sys.exit(0)
 		else:
 			sys.exit(1)
@@ -325,7 +325,7 @@ def main():
 	if replysniffer:
 		replysniffer.join()
 
-		if replysniffer.foundCorrectPacket:
+		if replysniffer.correctPackets:
 			sys.exit(0)
 		else:
 			sys.exit(1)
diff --git a/tests/sys/netpfil/common/sniffer.py b/tests/sys/netpfil/common/sniffer.py
index 5e09a2e4db37..cee6f73e22dc 100644
--- a/tests/sys/netpfil/common/sniffer.py
+++ b/tests/sys/netpfil/common/sniffer.py
@@ -31,18 +31,15 @@ import scapy.all as sp
 import sys
 
 class Sniffer(threading.Thread):
-	def __init__(self, args, check_function, recvif=None, timeout=3):
+	def __init__(self, args, check_function, recvif, timeout=3):
 		threading.Thread.__init__(self)
 
 		self._sem = threading.Semaphore(0)
 		self._args = args
 		self._timeout = timeout
-		if recvif is not None:
-			self._recvif = recvif
-		else:
-			self._recvif = args.recvif[0]
+		self._recvif = recvif
 		self._check_function = check_function
-		self.foundCorrectPacket = False
+		self.correctPackets = 0
 
 		self.start()
 		if not self._sem.acquire(timeout=30):
@@ -51,7 +48,7 @@ class Sniffer(threading.Thread):
 	def _checkPacket(self, packet):
 		ret = self._check_function(self._args, packet)
 		if ret:
-			self.foundCorrectPacket = True
+			self.correctPackets += 1
 		return ret
 
 	def _startedCb(self):
@@ -59,9 +56,6 @@ class Sniffer(threading.Thread):
 
 	def run(self):
 		self.packets = []
-		try:
-			self.packets = sp.sniff(iface=self._recvif,
-					stop_filter=self._checkPacket, timeout=self._timeout,
-					started_callback=self._startedCb)
-		except Exception as e:
-			print(e, file=sys.stderr)
+		self.packets = sp.sniff(iface=self._recvif,
+			stop_filter=self._checkPacket, timeout=self._timeout,
+			started_callback=self._startedCb)
diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py
index 603a1aef376f..b72c04c5e19b 100644
--- a/tests/sys/netpfil/pf/CVE-2019-5598.py
+++ b/tests/sys/netpfil/pf/CVE-2019-5598.py
@@ -72,7 +72,7 @@ def main():
 	sp.sendp(udp, iface=args.sendif[0], verbose=False)
 
 	# Start sniffing on recvif
-	sniffer = Sniffer(args, check_icmp_error)
+	sniffer = Sniffer(args, check_icmp_error, args.recvif[0])
 
 	# Send the bad error packet
 	icmp_reachable = sp.Ether() / \
@@ -83,7 +83,7 @@ def main():
 	sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False)
 
 	sniffer.join()
-	if sniffer.foundCorrectPacket:
+	if sniffer.correctPackets:
 		sys.exit(1)
 
 	sys.exit(0)