diff options
| author |   bluhm <bluhm@openbsd.org> | 2020-12-25 22:59:27 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2020-12-25 22:59:27 +0000 |
| commit | 6ba48214dc89c6ce42b98299ae30c802db6f3bf6 (patch) | |
| tree | 1ab4ca308b6dc1ed813321ecdbc2029a97a70fd3 | |
| parent | Wrap long lines. (diff) | |
| download | wireguard-openbsd-6ba48214dc89c6ce42b98299ae30c802db6f3bf6.tar.xz wireguard-openbsd-6ba48214dc89c6ce42b98299ae30c802db6f3bf6.zip | |
Send fragment that reaches beyond max packet length. pf ignores
it, but stack somehow puts it into the fragment queue.
| -rw-r--r-- | regress/sys/netinet/frag/Makefile | 6 | ||||
| -rw-r--r-- | regress/sys/netinet/frag/frag_maxpacket0.py | 55 |
2 files changed, 60 insertions, 1 deletions
diff --git a/regress/sys/netinet/frag/Makefile b/regress/sys/netinet/frag/Makefile index ba046da1758..b147e89ba26 100644 --- a/regress/sys/netinet/frag/Makefile +++ b/regress/sys/netinet/frag/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.8 2020/12/25 18:25:43 bluhm Exp $ +# $OpenBSD: Makefile,v 1.9 2020/12/25 22:59:27 bluhm Exp $ # The following ports must be installed: # @@ -88,6 +88,10 @@ stamp-pf: addr.py pf.conf REGRESS_TARGETS = FRAG_SCRIPTS !!= cd ${.CURDIR} && ls -1 frag*.py +run-stack-frag_maxpacket0.py: + # the stack allows fragments with data behind maximum packt length + @echo DISABLED + run-stack-frag_mf0long.py: # the stack allows fragments with data behind a fragment without MF @echo DISABLED diff --git a/regress/sys/netinet/frag/frag_maxpacket0.py b/regress/sys/netinet/frag/frag_maxpacket0.py new file mode 100644 index 00000000000..b5adbe7808e --- /dev/null +++ b/regress/sys/netinet/frag/frag_maxpacket0.py @@ -0,0 +1,55 @@ +#!/usr/local/bin/python3 + +print("send first ping fragment that ends behind ip max packet size") + +# IP_MAXPACKET | +# |----| +# |--------| +# |----| + +import os +from addr import * +from scapy.all import * + +pid=os.getpid() +eid=pid & 0xffff +payload=b"ABCDEFGHIJKLMNOP" +packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \ + ICMP(type='echo-request', id=eid)/payload +frag=[] +fid=pid & 0xffff +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=8191)/bytes(packet)[36:44]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + flags='MF')/bytes(packet)[20:36]) +frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid, + frag=2)/bytes(packet)[36:44]) +eth=[] +for f in frag: + eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f) + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=LOCAL_IF) + os._exit(0) + +ans=sniff(iface=LOCAL_IF, timeout=3, filter= + "ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp") +for a in ans: + if a and a.type == ETH_P_IP and \ + a.payload.proto == 1 and \ + a.payload.frag == 0 and a.payload.flags == 0 and \ + icmptypes[a.payload.payload.type] == 'echo-reply': + id=a.payload.payload.id + print("id=%#x" % (id)) + if id != eid: + print("WRONG ECHO REPLY ID") + exit(2) + data=a.payload.payload.payload.load + print("payload=%s" % (data)) + if data == payload: + exit(0) + print("PAYLOAD!=%s" % (payload)) + exit(1) +print("NO ECHO REPLY") +exit(2) |