The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a39dedeb31052ec74b0cd394d56f8d7cc8534645
commit a39dedeb31052ec74b0cd394d56f8d7cc8534645 Author: Kajetan Staszkiewicz <[email protected]> AuthorDate: 2023-01-20 01:40:34 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2023-01-22 03:26:32 +0000 netpfil tests: improve sniffer.py Multiple improvements to sniffer.py: * Remove ambiguity of configuring recvif, it must be now explicitly specified. * Don't catch exceptions around creating the sniffer, let it properly fail and display the whole stack trace. * Count correct packets so that duplicates can be found. MFC after: 1 week Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D38120 --- tests/sys/net/pcp.py | 4 ++-- tests/sys/net/stp.py | 4 ++-- tests/sys/netpfil/common/pft_icmp_check.py | 4 ++-- tests/sys/netpfil/common/pft_ping.py | 10 +++++----- tests/sys/netpfil/common/sniffer.py | 20 +++++++------------- tests/sys/netpfil/pf/CVE-2019-5598.py | 4 ++-- 6 files changed, 20 insertions(+), 26 deletions(-) diff --git a/tests/sys/net/pcp.py b/tests/sys/net/pcp.py index cea88faaf438..c0b6d4efc3b0 100644 --- a/tests/sys/net/pcp.py +++ b/tests/sys/net/pcp.py @@ -61,11 +61,11 @@ def main(): args = parser.parse_args() - sniffer = Sniffer(args, check_pcp, recvif=args.recvif[0], timeout=20) + sniffer = Sniffer(args, check_pcp, args.recvif[0], timeout=20) sniffer.join() - if sniffer.foundCorrectPacket: + if sniffer.correctPackets: sys.exit(0) sys.exit(1) diff --git a/tests/sys/net/stp.py b/tests/sys/net/stp.py index 3e7d011efdd1..dc6634fb7279 100644 --- a/tests/sys/net/stp.py +++ b/tests/sys/net/stp.py @@ -100,14 +100,14 @@ def main(): args = parser.parse_args() - sniffer = Sniffer(args, check_stp) + sniffer = Sniffer(args, check_stp, args.recvif[0]) invalid_stp(args.sendif[0]) sniffer.join() # The 'correct' packet is a corrupt STP packet, so it shouldn't turn up. - if sniffer.foundCorrectPacket: + if sniffer.correctPackets: sys.exit(1) if __name__ == '__main__': diff --git a/tests/sys/netpfil/common/pft_icmp_check.py b/tests/sys/netpfil/common/pft_icmp_check.py index e3c5b927aa63..070465a198f7 100644 --- a/tests/sys/netpfil/common/pft_icmp_check.py +++ b/tests/sys/netpfil/common/pft_icmp_check.py @@ -96,14 +96,14 @@ def main(): args = parser.parse_args() sniffer = None if not args.recvif is None: - sniffer = Sniffer(args, check_icmp_too_big) + sniffer = Sniffer(args, check_icmp_too_big, args.recvif[0]) ping(args.sendif[0], args.to[0], args) if sniffer: sniffer.join() - if sniffer.foundCorrectPacket: + if sniffer.correctPackets: sys.exit(0) else: sys.exit(1) diff --git a/tests/sys/netpfil/common/pft_ping.py b/tests/sys/netpfil/common/pft_ping.py index 9ed6a00cab34..ba64b9a0cb73 100644 --- a/tests/sys/netpfil/common/pft_ping.py +++ b/tests/sys/netpfil/common/pft_ping.py @@ -317,16 +317,16 @@ def main(): if args.tcpsyn: checkfn=check_tcpsyn - sniffer = Sniffer(args, checkfn) + sniffer = Sniffer(args, checkfn, args.recvif[0]) replysniffer = None if not args.replyif is None: checkfn=check_ping_reply - replysniffer = Sniffer(args, checkfn, recvif=args.replyif[0]) + replysniffer = Sniffer(args, checkfn, args.replyif[0]) dupsniffer = None if args.checkdup is not None: - dupsniffer = Sniffer(args, check_dup, recvif=args.checkdup[0]) + dupsniffer = Sniffer(args, check_dup, args.checkdup[0]) if args.tcpsyn: tcpsyn(args.sendif[0], args.to[0], args) @@ -344,7 +344,7 @@ def main(): if sniffer: sniffer.join() - if sniffer.foundCorrectPacket: + if sniffer.correctPackets: sys.exit(0) else: sys.exit(1) @@ -352,7 +352,7 @@ def main(): if replysniffer: replysniffer.join() - if replysniffer.foundCorrectPacket: + if replysniffer.correctPackets: sys.exit(0) else: sys.exit(1) diff --git a/tests/sys/netpfil/common/sniffer.py b/tests/sys/netpfil/common/sniffer.py index 5e09a2e4db37..cee6f73e22dc 100644 --- a/tests/sys/netpfil/common/sniffer.py +++ b/tests/sys/netpfil/common/sniffer.py @@ -31,18 +31,15 @@ import scapy.all as sp import sys class Sniffer(threading.Thread): - def __init__(self, args, check_function, recvif=None, timeout=3): + def __init__(self, args, check_function, recvif, timeout=3): threading.Thread.__init__(self) self._sem = threading.Semaphore(0) self._args = args self._timeout = timeout - if recvif is not None: - self._recvif = recvif - else: - self._recvif = args.recvif[0] + self._recvif = recvif self._check_function = check_function - self.foundCorrectPacket = False + self.correctPackets = 0 self.start() if not self._sem.acquire(timeout=30): @@ -51,7 +48,7 @@ class Sniffer(threading.Thread): def _checkPacket(self, packet): ret = self._check_function(self._args, packet) if ret: - self.foundCorrectPacket = True + self.correctPackets += 1 return ret def _startedCb(self): @@ -59,9 +56,6 @@ class Sniffer(threading.Thread): def run(self): self.packets = [] - try: - self.packets = sp.sniff(iface=self._recvif, - stop_filter=self._checkPacket, timeout=self._timeout, - started_callback=self._startedCb) - except Exception as e: - print(e, file=sys.stderr) + self.packets = sp.sniff(iface=self._recvif, + stop_filter=self._checkPacket, timeout=self._timeout, + started_callback=self._startedCb) diff --git a/tests/sys/netpfil/pf/CVE-2019-5598.py b/tests/sys/netpfil/pf/CVE-2019-5598.py index 603a1aef376f..b72c04c5e19b 100644 --- a/tests/sys/netpfil/pf/CVE-2019-5598.py +++ b/tests/sys/netpfil/pf/CVE-2019-5598.py @@ -72,7 +72,7 @@ def main(): sp.sendp(udp, iface=args.sendif[0], verbose=False) # Start sniffing on recvif - sniffer = Sniffer(args, check_icmp_error) + sniffer = Sniffer(args, check_icmp_error, args.recvif[0]) # Send the bad error packet icmp_reachable = sp.Ether() / \ @@ -83,7 +83,7 @@ def main(): sp.sendp(icmp_reachable, iface=args.sendif[0], verbose=False) sniffer.join() - if sniffer.foundCorrectPacket: + if sniffer.correctPackets: sys.exit(1) sys.exit(0)
