Adapt the IPv6 routing header type 0 tests to the current behaviour.

As header scanning is back, there is always a icmp6 parameter problem
response.  Add tests that hide the routing header behind an atomic
fragment header to get the RFC 5095 behaviour.  One test puts the
routing header into the second fragment so that it cannot be detected
without reassembly.

7 files changed, 234 insertions, 25 deletions

diff --git a/regress/sys/netinet6/rh0/Makefile b/regress/sys/netinet6/rh0/Makefile
index d777fa01523..b5bfc26faf2 100644
--- a/regress/sys/netinet6/rh0/Makefile
+++ b/regress/sys/netinet6/rh0/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 2013/11/13 23:13:04 bluhm Exp $
+#	$OpenBSD: Makefile,v 1.4 2013/11/17 20:16:27 bluhm Exp $
 
 # The following ports must be installed:
 #
@@ -99,6 +99,34 @@ run-regress-rh0-route: addr.py
 	@echo Check routing header type 0 to be source routed
 	${SUDO} ${PYTHON}rh0_route.py
 
+# Send with fragment and routing header type 0 but empty address list
+TARGETS +=	rh0-frag-empty
+run-regress-rh0-frag-empty: addr.py
+	@echo '\n======== $@ ========'
+	@echo Check fragment and routing header type 0 with empty address list
+	${SUDO} ${PYTHON}rh0_frag_empty.py
+
+TARGETS +=	rh0-frag-final
+# Send with fragment and routing header type 0 to the final destination
+run-regress-rh0-frag-final: addr.py
+	@echo '\n======== $@ ========'
+	@echo Check fragment and routing header type 0 to the final destination
+	${SUDO} ${PYTHON}rh0_frag_final.py
+
+TARGETS +=	rh0-frag-route
+# Send with fragment and routing header type 0 to be source routed
+run-regress-rh0-frag-route: addr.py
+	@echo '\n======== $@ ========'
+	@echo Check fragment and routing header type 0 to be source routed
+	${SUDO} ${PYTHON}rh0_frag_route.py
+
+TARGETS +=	rh0-frag2
+# Send with fragment and routing header type 0 to be source routed
+run-regress-rh0-frag2: addr.py
+	@echo '\n======== $@ ========'
+	@echo Check routing header type 0 in the second fragment
+	${SUDO} ${PYTHON}rh0_frag2.py
+
 REGRESS_TARGETS =	${TARGETS:S/^/run-regress-/}
 
 CLEANFILES +=		addr.py *.pyc *.log
@@ -115,5 +143,8 @@ check-setup:
 	ping6 -n -c 1 ${DST_OUT6}
 	route -n get -inet6 ${SRT_IN6} | grep 'gateway: ${DST_IN6}$$'
 	ndp -n ${DST_IN6} | grep ' ${DST_MAC} '
+.if defined(REMOTE_SSH)
+	ssh ${REMOTE_SSH} ${SUDO} pfctl -si | grep '^Status: Disabled '
+.endif
 
 .include <bsd.regress.mk>
diff --git a/regress/sys/netinet6/rh0/rh0_empty.py b/regress/sys/netinet6/rh0/rh0_empty.py
index f757b9b9e67..68c5ed55ad1 100644
--- a/regress/sys/netinet6/rh0/rh0_empty.py
+++ b/regress/sys/netinet6/rh0/rh0_empty.py
@@ -1,7 +1,7 @@
 #!/usr/local/bin/python2.7
 # send a ping6 packet with routing header type 0
 # the address list is empty
-# we expect an echo reply, as there are no more hops
+# we expect a parameter problem from header scanning
 
 import os
 from addr import *
@@ -24,18 +24,18 @@ ans=sniff(iface=SRC_IF, timeout=3, filter=
 for a in ans:
 	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
 	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
-	    icmp6types[a.payload.payload.type] == 'Echo Reply':
-		reply=a.payload.payload
-		id=reply.id
-		print "id=%#x" % (id)
-		if id != pid:
-			print "WRONG ECHO REPLY ID"
+	    icmp6types[a.payload.payload.type] == 'Parameter problem':
+		pprob=a.payload.payload
+		code=pprob.code
+		print "code=%#d" % (code)
+		if code != 0:
+			print "WRONG PARAMETER PROBLEM CODE"
 			exit(2)
-		data=reply.data
-		print "payload=%s" % (data)
-		if data != payload:
-			print "WRONG PAYLOAD"
+		ptr=pprob.ptr
+		print "ptr=%#d" % (ptr)
+		if ptr != 42:
+			print "WRONG PARAMETER PROBLEM POINTER"
 			exit(2)
 		exit(0)
-print "NO ICMP6 ECHO REPLY"
+print "NO ICMP6 PARAMETER PROBLEM"
 exit(1)
diff --git a/regress/sys/netinet6/rh0/rh0_final.py b/regress/sys/netinet6/rh0/rh0_final.py
index dc5299333a3..14d282539d2 100644
--- a/regress/sys/netinet6/rh0/rh0_final.py
+++ b/regress/sys/netinet6/rh0/rh0_final.py
@@ -1,7 +1,7 @@
 #!/usr/local/bin/python2.7
 # send a ping6 packet with routing header type 0
 # the address pointer is at the final destination
-# we expect an echo reply, as there are no more hops
+# we expect a parameter problem from header scanning
 
 import os
 from addr import *
@@ -24,18 +24,18 @@ ans=sniff(iface=SRC_IF, timeout=3, filter=
 for a in ans:
 	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
 	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
-	    icmp6types[a.payload.payload.type] == 'Echo Reply':
-		reply=a.payload.payload
-		id=reply.id
-		print "id=%#x" % (id)
-		if id != pid:
-			print "WRONG ECHO REPLY ID"
+	    icmp6types[a.payload.payload.type] == 'Parameter problem':
+		pprob=a.payload.payload
+		code=pprob.code
+		print "code=%#d" % (code)
+		if code != 0:
+			print "WRONG PARAMETER PROBLEM CODE"
 			exit(2)
-		data=reply.data
-		print "payload=%s" % (data)
-		if data != payload:
-			print "WRONG PAYLOAD"
+		ptr=pprob.ptr
+		print "ptr=%#d" % (ptr)
+		if ptr != 42:
+			print "WRONG PARAMETER PROBLEM POINTER"
 			exit(2)
 		exit(0)
-print "NO ICMP6 ECHO REPLY"
+print "NO ICMP6 PARAMETER PROBLEM"
 exit(1)
diff --git a/regress/sys/netinet6/rh0/rh0_frag2.py b/regress/sys/netinet6/rh0/rh0_frag2.py
new file mode 100644
index 00000000000..667aa58eb77
--- /dev/null
+++ b/regress/sys/netinet6/rh0/rh0_frag2.py
@@ -0,0 +1,49 @@
+#!/usr/local/bin/python2.7
+# send a ping6 packet with routing header type 0
+# the address list is empty
+# hide the routing header in a second fragment to preclude header scan
+# we expect an echo reply, as there are no more hops
+
+import os
+from addr import *
+from scapy.all import *
+
+pid=os.getpid()
+payload="ABCDEFGHIJKLMNOP"
+packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/\
+    IPv6ExtHdrDestOpt()/\
+    IPv6ExtHdrRouting(addresses=[])/\
+    ICMPv6EchoRequest(id=pid, data=payload)
+frag=[]
+frag.append(IPv6ExtHdrFragment(nh=60, id=pid, m=1)/str(packet)[40:48])
+frag.append(IPv6ExtHdrFragment(nh=60, id=pid, offset=1)/str(packet)[48:80])
+eth=[]
+for f in frag:
+	pkt=IPv6(src=SRC_OUT6, dst=DST_IN6)/f
+	eth.append(Ether(src=SRC_MAC, dst=DST_MAC)/pkt)
+
+if os.fork() == 0:
+	time.sleep(1)
+	sendp(eth, iface=SRC_IF)
+	os._exit(0)
+
+ans=sniff(iface=SRC_IF, timeout=3, filter=
+    "ip6 and dst "+SRC_OUT6+" and icmp6")
+for a in ans:
+	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
+	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
+	    icmp6types[a.payload.payload.type] == 'Echo Reply':
+		reply=a.payload.payload
+		id=reply.id
+		print "id=%#x" % (id)
+		if id != pid:
+			print "WRONG ECHO REPLY ID"
+			exit(2)
+		data=reply.data
+		print "payload=%s" % (data)
+		if data != payload:
+			print "WRONG PAYLOAD"
+			exit(2)
+		exit(0)
+print "NO ICMP6 ECHO REPLY"
+exit(1)
diff --git a/regress/sys/netinet6/rh0/rh0_frag_empty.py b/regress/sys/netinet6/rh0/rh0_frag_empty.py
new file mode 100644
index 00000000000..cd940a42c8f
--- /dev/null
+++ b/regress/sys/netinet6/rh0/rh0_frag_empty.py
@@ -0,0 +1,43 @@
+#!/usr/local/bin/python2.7
+# send a ping6 packet with routing header type 0
+# the address list is empty
+# hide the routing header behind a fragment header to avoid header scan
+# we expect an echo reply, as there are no more hops
+
+import os
+from addr import *
+from scapy.all import *
+
+pid=os.getpid()
+payload="ABCDEFGHIJKLMNOP"
+packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/\
+    IPv6ExtHdrFragment(id=pid)/\
+    IPv6ExtHdrRouting(addresses=[])/\
+    ICMPv6EchoRequest(id=pid, data=payload)
+eth=Ether(src=SRC_MAC, dst=DST_MAC)/packet
+
+if os.fork() == 0:
+	time.sleep(1)
+	sendp(eth, iface=SRC_IF)
+	os._exit(0)
+
+ans=sniff(iface=SRC_IF, timeout=3, filter=
+    "ip6 and dst "+SRC_OUT6+" and icmp6")
+for a in ans:
+	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
+	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
+	    icmp6types[a.payload.payload.type] == 'Echo Reply':
+		reply=a.payload.payload
+		id=reply.id
+		print "id=%#x" % (id)
+		if id != pid:
+			print "WRONG ECHO REPLY ID"
+			exit(2)
+		data=reply.data
+		print "payload=%s" % (data)
+		if data != payload:
+			print "WRONG PAYLOAD"
+			exit(2)
+		exit(0)
+print "NO ICMP6 ECHO REPLY"
+exit(1)
diff --git a/regress/sys/netinet6/rh0/rh0_frag_final.py b/regress/sys/netinet6/rh0/rh0_frag_final.py
new file mode 100644
index 00000000000..71d12e61594
--- /dev/null
+++ b/regress/sys/netinet6/rh0/rh0_frag_final.py
@@ -0,0 +1,43 @@
+#!/usr/local/bin/python2.7
+# send a ping6 packet with routing header type 0
+# the address pointer is at the final destination
+# hide the routing header behind a fragment header to avoid header scan
+# we expect an echo reply, as there are no more hops
+
+import os
+from addr import *
+from scapy.all import *
+
+pid=os.getpid()
+payload="ABCDEFGHIJKLMNOP"
+packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/\
+    IPv6ExtHdrFragment(id=pid)/\
+    IPv6ExtHdrRouting(addresses=[SRT_IN6, SRT_OUT6], segleft=0)/\
+    ICMPv6EchoRequest(id=pid, data=payload)
+eth=Ether(src=SRC_MAC, dst=DST_MAC)/packet
+
+if os.fork() == 0:
+	time.sleep(1)
+	sendp(eth, iface=SRC_IF)
+	os._exit(0)
+
+ans=sniff(iface=SRC_IF, timeout=3, filter=
+    "ip6 and dst "+SRC_OUT6+" and icmp6")
+for a in ans:
+	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
+	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
+	    icmp6types[a.payload.payload.type] == 'Echo Reply':
+		reply=a.payload.payload
+		id=reply.id
+		print "id=%#x" % (id)
+		if id != pid:
+			print "WRONG ECHO REPLY ID"
+			exit(2)
+		data=reply.data
+		print "payload=%s" % (data)
+		if data != payload:
+			print "WRONG PAYLOAD"
+			exit(2)
+		exit(0)
+print "NO ICMP6 ECHO REPLY"
+exit(1)
diff --git a/regress/sys/netinet6/rh0/rh0_frag_route.py b/regress/sys/netinet6/rh0/rh0_frag_route.py
new file mode 100644
index 00000000000..86bdc728265
--- /dev/null
+++ b/regress/sys/netinet6/rh0/rh0_frag_route.py
@@ -0,0 +1,43 @@
+#!/usr/local/bin/python2.7
+# send a ping6 packet with routing header type 0
+# try to source route
+# hide the routing header behind a fragment header to avoid header scan
+# we expect an ICMP6 error, as we do not support source routing
+
+import os
+from addr import *
+from scapy.all import *
+
+pid=os.getpid()
+payload="ABCDEFGHIJKLMNOP"
+packet=IPv6(src=SRC_OUT6, dst=DST_IN6)/\
+    IPv6ExtHdrFragment(id=pid)/\
+    IPv6ExtHdrRouting(addresses=[SRT_IN6, SRT_OUT6], segleft=2)/\
+    ICMPv6EchoRequest(id=pid, data=payload)
+eth=Ether(src=SRC_MAC, dst=DST_MAC)/packet
+
+if os.fork() == 0:
+	time.sleep(1)
+	sendp(eth, iface=SRC_IF)
+	os._exit(0)
+
+ans=sniff(iface=SRC_IF, timeout=3, filter=
+    "ip6 and dst "+SRC_OUT6+" and icmp6")
+for a in ans:
+	if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \
+	    ipv6nh[a.payload.nh] == 'ICMPv6' and \
+	    icmp6types[a.payload.payload.type] == 'Parameter problem':
+		pprob=a.payload.payload
+		code=pprob.code
+		print "code=%#d" % (code)
+		if code != 0:
+			print "WRONG PARAMETER PROBLEM CODE"
+			exit(2)
+		ptr=pprob.ptr
+		print "ptr=%#d" % (ptr)
+		if ptr != 50:
+			print "WRONG PARAMETER PROBLEM POINTER"
+			exit(2)
+		exit(0)
+print "NO ICMP6 PARAMETER PROBLEM"
+exit(1)