Page MenuHomeFreeBSD

netpfil tests: Improve pft_ping.py
ClosedPublic

Authored by vegeta_tuxpowered.net on Jan 19 2023, 5:51 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 9, 2:50 AM
Unknown Object (File)
Thu, Nov 7, 4:24 PM
Unknown Object (File)
Oct 2 2024, 9:42 PM
Unknown Object (File)
Oct 2 2024, 8:56 AM
Unknown Object (File)
Oct 2 2024, 8:56 AM
Unknown Object (File)
Sep 26 2024, 1:09 AM
Unknown Object (File)
Sep 21 2024, 5:19 AM
Unknown Object (File)
Sep 19 2024, 3:19 PM

Details

Summary

Part 2 of 5 of tests for D38025

Multiple improvements to pft_ping.py:

  • Automatically use IPv6 when IPv6 addresses are used, --ip6 is not needed.
  • Building of ping requests and parsing of ping replies is done layer by layer. This way most arguments are available both for IPv6 and IPv4, for ICMP and TCP.
  • Use argument groups for improved readability.
  • Change ToS and TTL argument name to TC and HL to reflect the modern IPv6 nomenclature. The arguments still set related IPv4 header fields properly.
  • Instead of sniffing for the very specific case of duplicated packets, allow for sniffing on multiple interfaces.
  • Report which sniffer has failed by setting bits of error code.
  • Raise meaningful exceptions when irrecoverable errors happen.
  • Make IPv4 fragmentation flags configurable.
  • Make IPv6 HL / IPv4 TTL configurable.
  • Make TCP MSS configurable.
  • Make TCP sequence number configurable.
  • Make ICMP payload size configurable.
  • Add debug output.
  • Move command line argument parsing out of network functions.
  • Make the code somehow PEP-8 compliant.

Sponsored by: InnoGames GmbH

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

This seems mostly good, but I've had to add these changes to avoid a few test failures:

diff --git a/tests/sys/netpfil/common/tos.sh b/tests/sys/netpfil/common/tos.sh
index 452c6a002bbf..bd5e657ecf72 100644
--- a/tests/sys/netpfil/common/tos.sh
+++ b/tests/sys/netpfil/common/tos.sh
@@ -68,7 +68,7 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --expect-tos 36
+               --expect-tc 36

        # Check if the firewall is able to set the ToS bits
        # and persists the EN bits (if already set)
@@ -82,8 +82,8 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 3 \
-               --expect-tos 39
+               --send-tc 3 \
+               --expect-tc 39

        # Check if the firewall is able to filter the
        # packets based on the ToS value
@@ -97,13 +97,13 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 36
+               --send-tc 36

        atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 32
+               --send-tc 32
 }

 tos_cleanup()
diff --git a/tests/sys/netpfil/pf/checksum.sh b/tests/sys/netpfil/pf/checksum.sh
index 836bc1233963..9060e763d18d 100644
--- a/tests/sys/netpfil/pf/checksum.sh
+++ b/tests/sys/netpfil/pf/checksum.sh
@@ -64,15 +64,15 @@ unaligned_body()
                --sendif ${epair_in}a \
                --to 198.51.100.2 \
                --recvif ${epair_out}b \
-               --tcpsyn
+               --ping-type tcpsyn

        # And unaligned
        atf_check -s exit:0 ${common_dir}/pft_ping.py \
                --sendif ${epair_in}a \
                --to 198.51.100.2 \
                --recvif ${epair_out}b \
-               --tcpsyn \
-               --tcpopt_unaligned
+               --ping-type tcpsyn \
+               --send-tcpopt-unaligned
 }

 unaligned_cleanup()

Split sniffer.correctPackets change into D38120.

In D38122#866272, @kp wrote:

This seems mostly good, but I've had to add these changes to avoid a few test failures:

Yeah, another thing wrongly split between commits. Those changes are probably in patch 5/5. Thank you for fixing it here.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 22 2023, 4:56 AM
This revision was automatically updated to reflect the committed changes.