git: d86ad92464a3 - stable/12 - pft_test.py: Support --replyif

Kristof Provost kp at FreeBSD.org
Thu May 27 21:06:31 UTC 2021 

The branch stable/12 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d86ad92464a3424dcfb5b10a205ef2d267e2dbc1

commit d86ad92464a3424dcfb5b10a205ef2d267e2dbc1
Author:     Kristof Provost <kp at FreeBSD.org>
AuthorDate: 2021-01-28 10:02:20 +0000
Commit:     Kristof Provost <kp at FreeBSD.org>
CommitDate: 2021-05-27 21:06:18 +0000

    pft_test.py: Support --replyif
    
    Partial cherry-picks from:
    
    (cherry picked from commit cd579b6fba46b9f5005358d1e82def7b26703224)
    (cherry picked from commit 6b52139eb8e8eda0ea263b24735556194f918642)
---
 tests/sys/netpfil/common/pft_ping.py | 84 ++++++++++++++++++++++++++++++++++++
 tests/sys/netpfil/common/sniffer.py  |  7 ++-
 2 files changed, 89 insertions(+), 2 deletions(-)

diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py
index badc451b9d57..ff4f19f43af7 100644
--- a/tests/sys/netpfil/common/pft_ping.py
+++ b/tests/sys/netpfil/common/pft_ping.py
@@ -36,6 +36,27 @@ from sniffer import Sniffer
 
 PAYLOAD_MAGIC = bytes.fromhex('42c0ffee')
 
+dup_found = 0
+
+def check_dup(args, packet):
+	"""
+	Verify that this is an ICMP packet, and that we only see one
+	"""
+	global dup_found
+
+	icmp = packet.getlayer(sp.ICMP)
+	if not icmp:
+		return False
+
+	raw = packet.getlayer(sp.Raw)
+	if not raw:
+		return False
+	if raw.load != PAYLOAD_MAGIC:
+		return False
+
+	dup_found = dup_found + 1
+	return False
+
 def check_ping_request(args, packet):
 	if args.ip6:
 		return check_ping6_request(args, packet)
@@ -96,6 +117,35 @@ def check_ping6_request(args, packet):
 
 	return True
 
+def check_ping_reply(args, packet):
+	return check_ping4_reply(args, packet)
+
+def check_ping4_reply(args, packet):
+	"""
+	Check that this is a reply to the ping request we sent
+	"""
+	dst_ip = args.to[0]
+
+	ip = packet.getlayer(sp.IP)
+	if not ip:
+		return False
+	if ip.src != dst_ip:
+		return False
+
+	icmp = packet.getlayer(sp.ICMP)
+	if not icmp:
+		return False
+	if sp.icmptypes[icmp.type] != 'echo-reply':
+		return False
+
+	raw = packet.getlayer(sp.Raw)
+	if not raw:
+		return False
+	if raw.load != PAYLOAD_MAGIC:
+		return False
+
+	return True
+
 def ping(send_if, dst_ip, args):
 	ether = sp.Ether()
 	ip = sp.IP(dst=dst_ip)
@@ -105,6 +155,9 @@ def ping(send_if, dst_ip, args):
 	if args.send_tos:
 		ip.tos = int(args.send_tos[0])
 
+	if args.fromaddr:
+		ip.src = args.fromaddr[0]
+
 	req = ether / ip / icmp / raw
 	sp.sendp(req, iface=send_if, verbose=False)
 
@@ -113,6 +166,9 @@ def ping6(send_if, dst_ip, args):
 	ip6 = sp.IPv6(dst=dst_ip)
 	icmp = sp.ICMPv6EchoRequest(data=sp.raw(PAYLOAD_MAGIC))
 
+	if args.fromaddr:
+		ip.src = args.fromaddr[0]
+
 	req = ether / ip6 / icmp
 	sp.sendp(req, iface=send_if, verbose=False)
 
@@ -170,12 +226,18 @@ def main():
 		required=True,
 		help='The interface through which the packet(s) will be sent')
 	parser.add_argument('--recvif', nargs=1,
+		help='The interface on which to expect the ICMP echo request')
+	parser.add_argument('--replyif', nargs=1,
 		help='The interface on which to expect the ICMP echo response')
+	parser.add_argument('--checkdup', nargs=1,
+		help='The interface on which to expect the duplicated ICMP packets')
 	parser.add_argument('--ip6', action='store_true',
 		help='Use IPv6')
 	parser.add_argument('--to', nargs=1,
 		required=True,
 		help='The destination IP address for the ICMP echo request')
+	parser.add_argument('--fromaddr', nargs=1,
+		help='The source IP address for the ICMP echo request')
 
 	# TCP options
 	parser.add_argument('--tcpsyn', action='store_true',
@@ -204,6 +266,15 @@ def main():
 
 		sniffer = Sniffer(args, checkfn)
 
+	replysniffer = None
+	if not args.replyif is None:
+		checkfn=check_ping_reply
+		replysniffer = Sniffer(args, checkfn, recvif=args.replyif[0])
+
+	dupsniffer = None
+	if args.checkdup is not None:
+		dupsniffer = Sniffer(args, check_dup, recvif=args.checkdup[0])
+
 	if args.tcpsyn:
 		tcpsyn(args.sendif[0], args.to[0], args)
 	else:
@@ -212,6 +283,11 @@ def main():
 		else:
 			ping(args.sendif[0], args.to[0], args)
 
+	if dupsniffer:
+		dupsniffer.join()
+		if dup_found != 1:
+			sys.exit(1)
+
 	if sniffer:
 		sniffer.join()
 
@@ -220,5 +296,13 @@ def main():
 		else:
 			sys.exit(1)
 
+	if replysniffer:
+		replysniffer.join()
+
+		if replysniffer.foundCorrectPacket:
+			sys.exit(0)
+		else:
+			sys.exit(1)
+
 if __name__ == '__main__':
 	main()
diff --git a/tests/sys/netpfil/common/sniffer.py b/tests/sys/netpfil/common/sniffer.py
index 58df32cce276..200ac750dd7f 100644
--- a/tests/sys/netpfil/common/sniffer.py
+++ b/tests/sys/netpfil/common/sniffer.py
@@ -30,11 +30,14 @@ import threading
 import scapy.all as sp
 
 class Sniffer(threading.Thread):
-	def __init__(self, args, check_function):
+	def __init__(self, args, check_function, recvif=None):
 		threading.Thread.__init__(self)
 
 		self._args = args
-		self._recvif = args.recvif[0]
+		if recvif is not None:
+			self._recvif = recvif
+		else:
+			self._recvif = args.recvif[0]
 		self._check_function = check_function
 		self.foundCorrectPacket = False

More information about the dev-commits-src-all mailing list