diff options
author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-04-29 18:58:34 +0000 |
---|---|---|
committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-04-29 18:58:34 +0000 |
commit | 6a35bb26fd716030cbacadc2d7e89cb234c1fc94 (patch) | |
tree | d917438a49da782a96537dcf2a2761f834cc5972 /regress/sys/net/pf_opts | |
parent | 748d3ea8c2c9cc181ea24b415a184009316c4835 (diff) |
Send IP options with maximum length to check for overflow.
Diffstat (limited to 'regress/sys/net/pf_opts')
-rw-r--r-- | regress/sys/net/pf_opts/Makefile | 24 | ||||
-rw-r--r-- | regress/sys/net/pf_opts/icmp6_hop_max.py | 29 | ||||
-rw-r--r-- | regress/sys/net/pf_opts/icmp6_hop_pad.py | 2 | ||||
-rw-r--r-- | regress/sys/net/pf_opts/icmp6_hop_ra.py | 3 | ||||
-rw-r--r-- | regress/sys/net/pf_opts/icmp_max.py | 24 |
5 files changed, 74 insertions, 8 deletions
diff --git a/regress/sys/net/pf_opts/Makefile b/regress/sys/net/pf_opts/Makefile index 1917596dfc4..55088a8596c 100644 --- a/regress/sys/net/pf_opts/Makefile +++ b/regress/sys/net/pf_opts/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.4 2022/04/29 17:27:37 bluhm Exp $ +# $OpenBSD: Makefile,v 1.5 2022/04/29 18:58:33 bluhm Exp $ # Copyright (c) 2022 Alexander Bluhm <bluhm@openbsd.org> # @@ -235,8 +235,8 @@ run-icmp6-dst: stamp-bpf REGRESS_TARGETS += run-bpf-ext run-bpf-ext: stamp-stop # Check that icmp6 packet with extension headers were blocked - fgrep ' fe80::${N2}: HBH icmp6' pflog0.tcpdump - fgrep ' fe80::${N2}: DSTOPT icmp6' pflog0.tcpdump + fgrep ' fe80::${N2}: HBH icmp6:' pflog0.tcpdump + fgrep ' fe80::${N2}: DSTOPT icmp6:' pflog0.tcpdump ! grep fe80::${N1} pflog0.tcpdump # icmp with options @@ -256,6 +256,16 @@ run-icmp6-pad: stamp-bpf ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_pad.py N1 ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_pad.py N2 +REGRESS_TARGETS += run-icmp-max +run-icmp-max: stamp-bpf + ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_max.py N1 + ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_max.py N2 + +REGRESS_TARGETS += run-icmp6-max +run-icmp6-max: stamp-bpf + ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_max.py N1 + ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_max.py N2 + REGRESS_TARGETS += run-icmp-ra run-icmp-ra: stamp-bpf ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_ra.py N1 @@ -281,11 +291,13 @@ run-bpf-opts: stamp-stop # Check that icmp packet with options were blocked grep ' 127.0.0.${N2}:.* optlen=4 NOP NOP NOP NOP)' pflog0.tcpdump grep ' 127.0.0.${N2}:.* optlen=4 NOP EOL-2)' pflog0.tcpdump + grep ' 127.0.0.${N2}:.* optlen=40 NOP ' pflog0.tcpdump grep ' 127.0.0.${N2}:.* optlen=8 NOP IPOPT-148{4} NOP ' pflog0.tcpdump grep ' 127.0.0.${N2}:.* optlen=4 IPOPT-3{4})' pflog0.tcpdump - grep ' fe80::${N2}: HBH icmp6' pflog0.tcpdump - grep ' fe80::${N2}: HBH (rtalert: 0x0000) icmp6' pflog0.tcpdump - grep ' fe80::${N2}: HBH (type 0x03: len=0) icmp6' pflog0.tcpdump + grep ' fe80::${N2}: HBH icmp6:.* (len 28,' pflog0.tcpdump + grep ' fe80::${N2}: HBH icmp6:.* (len 284,' pflog0.tcpdump + grep ' fe80::${N2}: HBH (rtalert: 0x0000) icmp6:' pflog0.tcpdump + grep ' fe80::${N2}: HBH (type 0x03: len=0) icmp6:' pflog0.tcpdump ! grep '127.0.0.${N1}' pflog0.tcpdump ! grep 'fe80::${N1}' pflog0.tcpdump diff --git a/regress/sys/net/pf_opts/icmp6_hop_max.py b/regress/sys/net/pf_opts/icmp6_hop_max.py new file mode 100644 index 00000000000..9ebed74e3d0 --- /dev/null +++ b/regress/sys/net/pf_opts/icmp6_hop_max.py @@ -0,0 +1,29 @@ +#!/usr/local/bin/python3 + +print("send icmp6 with hop by hop header with maxium padding") + +import os +import sys +from struct import pack +from addr import * +from scapy.all import * + +if len(sys.argv) != 2: + print("usage: icmp6_hop_max.py Nn") + exit(2) + +N=sys.argv[1] +IF=eval("IF_"+N); +ADDR6=eval("ADDR6_"+N); + +pid=os.getpid() +eid=pid & 0xffff +payload=b"ABCDEFGHIJKLMNOP" +packet=IPv6(src=ADDR6, dst=ADDR6)/ \ + IPv6ExtHdrHopByHop(options=[PadN(optdata=255*b"\x11")])/ \ + ICMPv6Unknown(type=6, code=0, msgbody=payload) + +# send does not work for some reason, add the bpf loopback layer manually +#send(packet) +bpf=pack('!I', 24) + bytes(packet) +sendp(bpf, iface=IF) diff --git a/regress/sys/net/pf_opts/icmp6_hop_pad.py b/regress/sys/net/pf_opts/icmp6_hop_pad.py index 4e996ca53a8..0629a284883 100644 --- a/regress/sys/net/pf_opts/icmp6_hop_pad.py +++ b/regress/sys/net/pf_opts/icmp6_hop_pad.py @@ -20,7 +20,7 @@ pid=os.getpid() eid=pid & 0xffff payload=b"ABCDEFGHIJKLMNOP" packet=IPv6(src=ADDR6, dst=ADDR6)/ \ - IPv6ExtHdrHopByHop(options=[Pad1(),PadN(optlen=2),Pad1()])/ \ + IPv6ExtHdrHopByHop(options=[Pad1(),PadN(optdata=b"\x11\x22"),Pad1()])/ \ ICMPv6Unknown(type=6, code=0, msgbody=payload) # send does not work for some reason, add the bpf loopback layer manually diff --git a/regress/sys/net/pf_opts/icmp6_hop_ra.py b/regress/sys/net/pf_opts/icmp6_hop_ra.py index 43b03e2458c..04027e2964a 100644 --- a/regress/sys/net/pf_opts/icmp6_hop_ra.py +++ b/regress/sys/net/pf_opts/icmp6_hop_ra.py @@ -20,7 +20,8 @@ pid=os.getpid() eid=pid & 0xffff payload=b"ABCDEFGHIJKLMNOP" packet=IPv6(src=ADDR6, dst=ADDR6)/ \ - IPv6ExtHdrHopByHop(options=[Pad1(),Pad1(),RouterAlert(),PadN(optlen=6)])/ \ + IPv6ExtHdrHopByHop(options=[Pad1(),Pad1(),RouterAlert(),\ + PadN(optdata=b"\x11\x22\x33\x44\x55\x66")])/ \ ICMPv6Unknown(type=6, code=0, msgbody=payload) # send does not work for some reason, add the bpf loopback layer manually diff --git a/regress/sys/net/pf_opts/icmp_max.py b/regress/sys/net/pf_opts/icmp_max.py new file mode 100644 index 00000000000..8c5aaee338f --- /dev/null +++ b/regress/sys/net/pf_opts/icmp_max.py @@ -0,0 +1,24 @@ +#!/usr/local/bin/python3 + +print("send icmp with maximum length option") + +import os +import sys +from addr import * +from scapy.all import * + +if len(sys.argv) != 2: + print("usage: icmp_max.py Nn") + exit(2) + +N=sys.argv[1] +IF=eval("IF_"+N); +ADDR=eval("ADDR_"+N); + +pid=os.getpid() +eid=pid & 0xffff +payload=b"ABCDEFGHIJKLMNOP" +packet=IP(src=ADDR, dst=ADDR, options=40*b"\001")/ \ + ICMP(type=6, id=eid)/payload + +send(packet, iface=IF) |