diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-11-21 18:15:02 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-11-21 18:15:02 +0000 |
| commit | 320944d68bb19dc39fa3b6ec8f19bbe849d49b96 (patch) | |
| tree | f4aa12bbf754097b840f530304b24355ab1b5ce4 | |
| parent | Implement better table features validation. With this we get free switchctl (diff) | |
| download | wireguard-openbsd-320944d68bb19dc39fa3b6ec8f19bbe849d49b96.tar.xz wireguard-openbsd-320944d68bb19dc39fa3b6ec8f19bbe849d49b96.zip | |
Test that IPv6 framents with invalid length or more-fragment bit
drop the whole fragment cache.
| -rw-r--r-- | regress/sys/netinet6/frag6/frag6_mf0atomic.py | 48 | ||||
| -rw-r--r-- | regress/sys/netinet6/frag6/frag6_mf0long.py | 51 | ||||
| -rw-r--r-- | regress/sys/netinet6/frag6/frag6_mf0middle.py | 49 | ||||
| -rw-r--r-- | regress/sys/netinet6/frag6/frag6_mf0short.py | 49 | ||||
| -rw-r--r-- | regress/sys/netinet6/frag6/frag6_mf1end.py | 49 |
5 files changed, 246 insertions, 0 deletions
diff --git a/regress/sys/netinet6/frag6/frag6_mf0atomic.py b/regress/sys/netinet6/frag6/frag6_mf0atomic.py new file mode 100644 index 00000000000..17380960506 --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_mf0atomic.py @@ -0,0 +1,48 @@ +#!/usr/local/bin/python2.7 + +print "ping6 fragments with an atomic fragment with mf=0 overlapping" + +# |---------| +# |XXXX| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:56]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid)/str(packet)[40:48]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/str(packet)[56:64]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + exit(0) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "NO ECHO REPLY" +exit(1) diff --git a/regress/sys/netinet6/frag6/frag6_mf0long.py b/regress/sys/netinet6/frag6/frag6_mf0long.py new file mode 100644 index 00000000000..da42c8a4116 --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_mf0long.py @@ -0,0 +1,51 @@ +#!/usr/local/bin/python2.7 + +print "ping6 fragment that overlaps longer than the last fragment with m=0" + +# |---------| +# |XXXXXXXXX| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +dummy="01234567" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/str(packet)[48:64]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/ \ + (str(packet)+dummy)[56:72]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:48]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + print "ECHO REPLY" + exit(1) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "no echo reply" +exit(0) diff --git a/regress/sys/netinet6/frag6/frag6_mf0middle.py b/regress/sys/netinet6/frag6/frag6_mf0middle.py new file mode 100644 index 00000000000..880012a197a --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_mf0middle.py @@ -0,0 +1,49 @@ +#!/usr/local/bin/python2.7 + +print "ping6 fragment with mf=0 that overlaps the first fragment" + +# |---------| +# |XXXX| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:56]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/str(packet)[48:56]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=2)/str(packet)[56:64]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + print "ECHO REPLY" + exit(1) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "no echo reply" +exit(0) diff --git a/regress/sys/netinet6/frag6/frag6_mf0short.py b/regress/sys/netinet6/frag6/frag6_mf0short.py new file mode 100644 index 00000000000..c94b29f2549 --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_mf0short.py @@ -0,0 +1,49 @@ +#!/usr/local/bin/python2.7 + +print "ping6 fragment with m=0 that overlaps the last fragment at beginning" + +# |---------| +# |XXXX| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/str(packet)[48:64]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/str(packet)[48:56]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:48]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + print "ECHO REPLY" + exit(1) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "no echo reply" +exit(0) diff --git a/regress/sys/netinet6/frag6/frag6_mf1end.py b/regress/sys/netinet6/frag6/frag6_mf1end.py new file mode 100644 index 00000000000..f130b8c1445 --- /dev/null +++ b/regress/sys/netinet6/frag6/frag6_mf1end.py @@ -0,0 +1,49 @@ +#!/usr/local/bin/python2.7 + +print "ping6 fragment with mf=1 that overlaps fragment with mf=0 at the end" + +# |---------| +# |XXXX| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() & 0xffff +payload="ABCDEFGHIJKLMNOP" +packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6EchoRequest(id=pid, data=payload) +frag=[] +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, offset=1)/str(packet)[48:64]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1, offset=2)/str(packet)[56:64]) +frag.append(IPv6ExtHdrFragment(nh=58, id=pid, m=1)/str(packet)[40:48]) +eth=[] +for f in frag: + pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f + eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == ETH_P_IPV6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Echo Reply': + id=a.payload.payload.id + print "id=%#x" % (id) + if id != pid: + print "WRONG ECHO REPLY ID" + exit(2) + data=a.payload.payload.data + print "payload=%s" % (data) + if data == payload: + print "ECHO REPLY" + exit(1) + print "PAYLOAD!=%s" % (payload) + exit(2) +print "no echo reply" +exit(0) |