netpfil tests: Improve pft_ping.py
ClosedPublic
Actions

Authored by vegeta_tuxpowered.net on Jan 19 2023, 5:51 PM.

Details

Reviewers

Commits

rG4c3c6c9271c0: netpfil tests: improve pft_ping.py
rGf57218e469a7: netpfil tests: improve pft_ping.py

Summary

Part 2 of 5 of tests for D38025

Multiple improvements to pft_ping.py:

Automatically use IPv6 when IPv6 addresses are used, --ip6 is not needed.
Building of ping requests and parsing of ping replies is done layer by layer. This way most arguments are available both for IPv6 and IPv4, for ICMP and TCP.
Use argument groups for improved readability.
Change ToS and TTL argument name to TC and HL to reflect the modern IPv6 nomenclature. The arguments still set related IPv4 header fields properly.
Instead of sniffing for the very specific case of duplicated packets, allow for sniffing on multiple interfaces.
Report which sniffer has failed by setting bits of error code.
Raise meaningful exceptions when irrecoverable errors happen.
Make IPv4 fragmentation flags configurable.
Make IPv6 HL / IPv4 TTL configurable.
Make TCP MSS configurable.
Make TCP sequence number configurable.
Make ICMP payload size configurable.
Add debug output.
Move command line argument parsing out of network functions.
Make the code somehow PEP-8 compliant.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

vegeta_tuxpowered.net created this revision.Jan 19 2023, 5:51 PM

Herald added subscribers: glebius, melifaro, farrokhi. · View Herald TranscriptJan 19 2023, 5:51 PM

vegeta_tuxpowered.net requested review of this revision.Jan 19 2023, 5:51 PM

vegeta_tuxpowered.net updated this revision to Diff 115319.

vegeta_tuxpowered.net edited the summary of this revision. (Show Details)Jan 20 2023, 10:23 AM

vegeta_tuxpowered.net edited the summary of this revision. (Show Details)Jan 20 2023, 10:38 AM

This seems mostly good, but I've had to add these changes to avoid a few test failures:

diff --git a/tests/sys/netpfil/common/tos.sh b/tests/sys/netpfil/common/tos.sh
index 452c6a002bbf..bd5e657ecf72 100644
--- a/tests/sys/netpfil/common/tos.sh
+++ b/tests/sys/netpfil/common/tos.sh
@@ -68,7 +68,7 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --expect-tos 36
+               --expect-tc 36

        # Check if the firewall is able to set the ToS bits
        # and persists the EN bits (if already set)
@@ -82,8 +82,8 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 3 \
-               --expect-tos 39
+               --send-tc 3 \
+               --expect-tc 39

        # Check if the firewall is able to filter the
        # packets based on the ToS value
@@ -97,13 +97,13 @@ tos_body()
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 36
+               --send-tc 36

        atf_check -s exit:0 $(atf_get_srcdir)/pft_ping.py \
                --sendif ${epair_send}a \
                --to 198.51.100.3 \
                --recvif ${epair_recv}a \
-               --send-tos 32
+               --send-tc 32
 }

 tos_cleanup()
diff --git a/tests/sys/netpfil/pf/checksum.sh b/tests/sys/netpfil/pf/checksum.sh
index 836bc1233963..9060e763d18d 100644
--- a/tests/sys/netpfil/pf/checksum.sh
+++ b/tests/sys/netpfil/pf/checksum.sh
@@ -64,15 +64,15 @@ unaligned_body()
                --sendif ${epair_in}a \
                --to 198.51.100.2 \
                --recvif ${epair_out}b \
-               --tcpsyn
+               --ping-type tcpsyn

        # And unaligned
        atf_check -s exit:0 ${common_dir}/pft_ping.py \
                --sendif ${epair_in}a \
                --to 198.51.100.2 \
                --recvif ${epair_out}b \
-               --tcpsyn \
-               --tcpopt_unaligned
+               --ping-type tcpsyn \
+               --send-tcpopt-unaligned
 }

 unaligned_cleanup()