diff options
-rw-r--r-- | regress/sys/netinet6/nd6/Makefile | 111 | ||||
-rw-r--r-- | regress/sys/netinet6/nd6/nd6_ar.py | 48 | ||||
-rw-r--r-- | regress/sys/netinet6/nd6/nd6_dad.py | 48 | ||||
-rw-r--r-- | regress/sys/netinet6/nd6/nd6_nud.py | 48 | ||||
-rw-r--r-- | regress/sys/netinet6/nd6/nd6_una.py | 32 |
5 files changed, 287 insertions, 0 deletions
diff --git a/regress/sys/netinet6/nd6/Makefile b/regress/sys/netinet6/nd6/Makefile new file mode 100644 index 00000000000..3b0d54a4585 --- /dev/null +++ b/regress/sys/netinet6/nd6/Makefile @@ -0,0 +1,111 @@ +# $OpenBSD: Makefile,v 1.1 2012/01/31 00:14:02 bluhm Exp $ + +# The following ports must be installed: +# +# python-2.7 interpreted object-oriented programming language +# py-libdnet python interface to libdnet +# scapy powerful interactive packet manipulation in python + +# This test needs a manual setup of two machines +# Set up machines: SRC DST +# SRC is the machine where this makefile is running. +# DST is running OpenBSD with pf to test the neighbor discovery states. +# +# +---+ 1 +---+ +# |SRC| ----> |DST| +# +---+ +---+ +# out in + +# Configure Addresses on the machines. +# Adapt interface and addresse variables to your local setup. +# +SRC_IF = tun0 +SRC_MAC = fe:e1:ba:d1:56:1f +DST_MAC = 52:54:00:12:34:50 + +SRC_OUT6 = fdd7:e83e:66bc:211:fce1:baff:fed1:561f +DST_IN6 = fdd7:e83e:66bc:211:5054:ff:fe12:3450 + +# pf rules on DST should look like this: +# +# block log +# pass inet6 proto icmp6 icmp6-type echoreq keep state +# pass inet6 proto icmp6 icmp6-type neighbrsol keep state +# pass inet6 proto icmp6 icmp6-type neighbradv keep state + +# RFC 4861 7. describes the following test cases for ND: +# +# Duplicate Address Detection +# - request NS from unspecified address to target solicitated-node multicast +# - response NA from interface address to all-nodes multicast +# +# Address Resolution +# - request NS from interface address to target solicitated-node multicast +# - response NA from interface address to source of NS +# +# Unsolicited Neighbor Advertisements +# - request NA from interface address to all-nodes multicast +# +# Neighbor Unreachability Detection +# - request NS from interface address to target unicast +# - response NA from interface address to source of NS + +depend: addr.py + +# Create python include file containing the addresses. +addr.py: Makefile + rm -f $@ $@.tmp + echo 'SRC_IF = "${SRC_IF}"' >>$@.tmp + echo 'SRC_MAC = "${SRC_MAC}"' >>$@.tmp + echo 'DST_MAC = "${DST_MAC}"' >>$@.tmp +.for var in SRC_OUT DST_IN + echo '${var} = "${${var}}"' >>$@.tmp + echo '${var}6 = "${${var}6}"' >>$@.tmp +.endfor + mv $@.tmp $@ + +# Clear neighbor cache and ping all addresses. This ensures that +# the ip addresses are configured and all routing table are set up +# to allow bidirectional packet flow. +TARGETS += ping6 +run-regress-ping6: + @echo '\n======== $@ ========' + sudo ndp -c +.for ip in SRC_OUT DST_IN + @echo Check ping6 ${ip}6: + ping6 -n -c 1 ${${ip}6} +.endfor + +# Send hand-crafted duplicate address detection neighbor solicitation packet +TARGETS += nd6_dad +run-regress-nd6_dad: addr.py + @echo '\n======== $@ ========' + @echo Check duplicate address detection + ${SUDO} python2.7 nd6_dad.py + +# Send hand-crafted address resolution neighbor solicitation packet +TARGETS += nd6_ar +run-regress-nd6_ar: addr.py + @echo '\n======== $@ ========' + @echo Check address resolution + ${SUDO} python2.7 nd6_ar.py + +# Send hand-crafted unsolicited neighbor advertisement packet +TARGETS += nd6_una +run-regress-nd6_una: addr.py + @echo '\n======== $@ ========' + @echo Check unsolicited neighbor advertisement + ${SUDO} python2.7 nd6_una.py + +# Send hand-crafted neighbor unreachability detection solicitation packet +TARGETS += nd6_nud +run-regress-nd6_nud: addr.py + @echo '\n======== $@ ========' + @echo Check neighbor unreachability detection + ${SUDO} python2.7 nd6_nud.py + +REGRESS_TARGETS = ${TARGETS:S/^/run-regress-/} + +CLEANFILES += addr.py *.pyc *.log + +.include <bsd.regress.mk> diff --git a/regress/sys/netinet6/nd6/nd6_ar.py b/regress/sys/netinet6/nd6/nd6_ar.py new file mode 100644 index 00000000000..2c138951b9f --- /dev/null +++ b/regress/sys/netinet6/nd6/nd6_ar.py @@ -0,0 +1,48 @@ +#!/usr/local/bin/python2.7 +# send Address Resolution neighbor solicitation +# expect an neighbor advertisement answer and check it + +import os +from addr import * +from scapy.all import * + +# link-local solicited-node multicast address +def nsma(a): + n = inet_pton(socket.AF_INET6, a) + return inet_ntop(socket.AF_INET6, in6_getnsma(n)) + +# ethernet multicast address of multicast address +def nsmac(a): + n = inet_pton(socket.AF_INET6, a) + return in6_getnsmac(n) + +# ethernet multicast address of solicited-node multicast address +def nsmamac(a): + return nsmac(nsma(a)) + +# link-local address +def lla(m): + return "fe80::"+in6_mactoifaceid(m) + +ip=IPv6(src=SRC_OUT6, dst=nsma(DST_IN6))/ICMPv6ND_NS(tgt=DST_IN6) +eth=Ether(src=SRC_MAC, dst=nsmamac(DST_IN6))/ip + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Neighbor Advertisement': + tgt=a.payload.payload.tgt + print "target=%s" % (tgt) + if tgt == DST_IN6: + exit(0) + print "TARGET!=%s" % (DST_IN6) + exit(1) +print "NO NEIGHBOR ADVERTISEMENT" +exit(2) diff --git a/regress/sys/netinet6/nd6/nd6_dad.py b/regress/sys/netinet6/nd6/nd6_dad.py new file mode 100644 index 00000000000..054b06f0864 --- /dev/null +++ b/regress/sys/netinet6/nd6/nd6_dad.py @@ -0,0 +1,48 @@ +#!/usr/local/bin/python2.7 +# send Duplicate Address Detection neighbor solicitation +# expect an neighbor advertisement answer and check it + +import os +from addr import * +from scapy.all import * + +# link-local solicited-node multicast address +def nsma(a): + n = inet_pton(socket.AF_INET6, a) + return inet_ntop(socket.AF_INET6, in6_getnsma(n)) + +# ethernet multicast address of multicast address +def nsmac(a): + n = inet_pton(socket.AF_INET6, a) + return in6_getnsmac(n) + +# ethernet multicast address of solicited-node multicast address +def nsmamac(a): + return nsmac(nsma(a)) + +# link-local address +def lla(m): + return "fe80::"+in6_mactoifaceid(m) + +ip=IPv6(src="::", dst=nsma(DST_IN6))/ICMPv6ND_NS(tgt=DST_IN6) +eth=Ether(src=SRC_MAC, dst=nsmamac(DST_IN6))/ip + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+lla(DST_MAC)+" and dst ff02::1 and icmp6") +for a in ans: + if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Neighbor Advertisement': + tgt=a.payload.payload.tgt + print "target=%s" % (tgt) + if tgt == DST_IN6: + exit(0) + print "TARGET!=%s" % (DST_IN6) + exit(1) +print "NO NEIGHBOR ADVERTISEMENT" +exit(2) diff --git a/regress/sys/netinet6/nd6/nd6_nud.py b/regress/sys/netinet6/nd6/nd6_nud.py new file mode 100644 index 00000000000..b7a7c1a9cf0 --- /dev/null +++ b/regress/sys/netinet6/nd6/nd6_nud.py @@ -0,0 +1,48 @@ +#!/usr/local/bin/python2.7 +# send Neighbor Unreachability Detection neighbor solicitation +# expect an neighbor advertisement answer and check it + +import os +from addr import * +from scapy.all import * + +# link-local solicited-node multicast address +def nsma(a): + n = inet_pton(socket.AF_INET6, a) + return inet_ntop(socket.AF_INET6, in6_getnsma(n)) + +# ethernet multicast address of multicast address +def nsmac(a): + n = inet_pton(socket.AF_INET6, a) + return in6_getnsmac(n) + +# ethernet multicast address of solicited-node multicast address +def nsmamac(a): + return nsmac(nsma(a)) + +# link-local address +def lla(m): + return "fe80::"+in6_mactoifaceid(m) + +ip=IPv6(src=SRC_OUT6, dst=DST_IN6)/ICMPv6ND_NS(tgt=DST_IN6) +eth=Ether(src=SRC_MAC, dst=DST_MAC)/ip + +if os.fork() == 0: + time.sleep(1) + sendp(eth, iface=SRC_IF) + os._exit(0) + +ans=sniff(iface=SRC_IF, timeout=3, filter= + "ip6 and src "+DST_IN6+" and dst "+SRC_OUT6+" and icmp6") +for a in ans: + if a and a.type == scapy.layers.dot11.ETHER_TYPES.IPv6 and \ + ipv6nh[a.payload.nh] == 'ICMPv6' and \ + icmp6types[a.payload.payload.type] == 'Neighbor Advertisement': + tgt=a.payload.payload.tgt + print "target=%s" % (tgt) + if tgt == DST_IN6: + exit(0) + print "TARGET!=%s" % (DST_IN6) + exit(1) +print "NO NEIGHBOR ADVERTISEMENT" +exit(2) diff --git a/regress/sys/netinet6/nd6/nd6_una.py b/regress/sys/netinet6/nd6/nd6_una.py new file mode 100644 index 00000000000..a190a07c1ab --- /dev/null +++ b/regress/sys/netinet6/nd6/nd6_una.py @@ -0,0 +1,32 @@ +#!/usr/local/bin/python2.7 +# send Unsolicited Neighbor Advertisement + +import os +from addr import * +from scapy.all import * + +# link-local solicited-node multicast address +def nsma(a): + n = inet_pton(socket.AF_INET6, a) + return inet_ntop(socket.AF_INET6, in6_getnsma(n)) + +# ethernet multicast address of multicast address +def nsmac(a): + n = inet_pton(socket.AF_INET6, a) + return in6_getnsmac(n) + +# ethernet multicast address of solicited-node multicast address +def nsmamac(a): + return nsmac(nsma(a)) + +# link-local address +def lla(m): + return "fe80::"+in6_mactoifaceid(m) + +ip=IPv6(src=lla(SRC_MAC), dst="ff02::1")/ICMPv6ND_NA(tgt=SRC_OUT6) +eth=Ether(src=SRC_MAC, dst=nsmac("ff02::1"))/ip + +sendp(eth, iface=SRC_IF) +time.sleep(1) + +exit(0) |