diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-10-20 16:31:37 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-10-20 16:31:37 +0000 |
| commit | de0a526b621c8de73fee138d4b7a6d08e00d7336 (patch) | |
| tree | 1dbab0e28575c1a754d08ae7e286e484f7c4d80c | |
| parent | 0x%llu is a bad idea, make that 0x%llx; (diff) | |
| download | wireguard-openbsd-de0a526b621c8de73fee138d4b7a6d08e00d7336.tar.xz wireguard-openbsd-de0a526b621c8de73fee138d4b7a6d08e00d7336.zip | |
Make the test faster. Move all the packet matching code into the
pcap filter. That means the first packet sniffed is the correct
one. In the success case, we can stop without waiting for a timeout.
OK sashan@
| -rw-r--r-- | regress/sys/net/pf_state/Makefile | 4 | ||||
| -rw-r--r-- | regress/sys/net/pf_state/challenge_ack.py | 46 |
2 files changed, 21 insertions, 29 deletions
diff --git a/regress/sys/net/pf_state/Makefile b/regress/sys/net/pf_state/Makefile index fa58810dd72..eb4d1543f6c 100644 --- a/regress/sys/net/pf_state/Makefile +++ b/regress/sys/net/pf_state/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1.1.1 2016/10/19 16:39:50 bluhm Exp $ +# $OpenBSD: Makefile,v 1.2 2016/10/20 16:31:37 bluhm Exp $ # The following ports must be installed: # @@ -87,7 +87,7 @@ PYTHON = PYTHONPATH=${.OBJDIR} python2.7 -u ${.CURDIR}/ TARGETS += challenge-ack run-regress-challenge-ack: stamp-pfctl @echo '\n======== $@ ========' - ${SUDO} ${PYTHON}challenge_ack.py ${FAKE_NET_ADDR} ${REMOTE_ADDR} + ${SUDO} ${PYTHON}challenge_ack.py REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} diff --git a/regress/sys/net/pf_state/challenge_ack.py b/regress/sys/net/pf_state/challenge_ack.py index 1e73492b877..4140686f907 100644 --- a/regress/sys/net/pf_state/challenge_ack.py +++ b/regress/sys/net/pf_state/challenge_ack.py @@ -6,8 +6,6 @@ import threading from addr import * from scapy.all import * -# usage: challenge_ack.py src dst - # # we can not use scapy's sr() function as receive side # ignores the packet we expect to see. Packet is ignored @@ -15,20 +13,22 @@ from scapy.all import * # seq = 1000000, while response sent back by PF has ack, # which fits regular session opened by 'syn'. # -class Sniff(threading.Thread): +class Sniff1(threading.Thread): + filter = None captured = None + packet = None def run(self): - self.captured = sniff(iface=LOCAL_IF, - filter='tcp src port 7', timeout=3) + self.captured = sniff(iface=LOCAL_IF, filter=self.filter, + count=1, timeout=5) + if self.captured: + self.packet = self.captured[0] -srcaddr=sys.argv[1] -dstaddr=sys.argv[2] -port=os.getpid() & 0xffff +fake_port=os.getpid() & 0xffff -ip=IP(src=srcaddr, dst=dstaddr) +ip=IP(src=FAKE_NET_ADDR, dst=REMOTE_ADDR) print "Send SYN packet, receive SYN+ACK" -syn=TCP(sport=port, dport='echo', seq=1, flags='S', window=(2**16)-1) +syn=TCP(sport=fake_port, dport='echo', seq=1, flags='S', window=(2**16)-1) synack=sr1(ip/syn, iface=LOCAL_IF, timeout=5) print "Send ACK packet to finish handshake." @@ -37,27 +37,19 @@ ack=TCP(sport=synack.dport, dport=synack.sport, seq=2, flags='A', send(ip/ack, iface=LOCAL_IF) print "Connection is established, send bogus SYN, expect challenge ACK" -bogus_syn=TCP(sport=port, dport='echo', seq=1000000, flags='S', +bogus_syn=TCP(sport=fake_port, dport='echo', seq=1000000, flags='S', window=(2**16)-1) -sniffer = Sniff(); +sniffer = Sniff1(); +sniffer.filter= "src %s and tcp port echo and dst %s and tcp port %u " \ + "and tcp[tcpflags] = tcp-ack" % (REMOTE_ADDR, FAKE_NET_ADDR, fake_port) sniffer.start() -challenge_ack=send(ip/bogus_syn, iface=LOCAL_IF) -sniffer.join(timeout=5) - -if sniffer.captured == None: - print "ERROR: no packet received" - exit(1) - -challenge_ack = None +send(ip/bogus_syn, iface=LOCAL_IF) +sniffer.join(timeout=7) -for p in sniffer.captured: - if p.haslayer(TCP) and p.getlayer(TCP).sport == 7 and \ - p.getlayer(TCP).flags == 16: - challenge_ack = p - break +challenge_ack = sniffer.packet -if challenge_ack == None: - print "No ACK has been seen" +if challenge_ack is None: + print "ERROR: no matching ACK packet received" exit(1) if challenge_ack.getlayer(TCP).seq != (synack.seq + 1): |