-# $OpenBSD: Makefile,v 1.4 2022/04/29 17:27:37 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2022/04/29 18:58:33 bluhm Exp $
# Copyright (c) 2022 Alexander Bluhm <bluhm@openbsd.org>
#
REGRESS_TARGETS += run-bpf-ext
run-bpf-ext: stamp-stop
# Check that icmp6 packet with extension headers were blocked
- fgrep ' fe80::${N2}: HBH icmp6' pflog0.tcpdump
- fgrep ' fe80::${N2}: DSTOPT icmp6' pflog0.tcpdump
+ fgrep ' fe80::${N2}: HBH icmp6:' pflog0.tcpdump
+ fgrep ' fe80::${N2}: DSTOPT icmp6:' pflog0.tcpdump
! grep fe80::${N1} pflog0.tcpdump
# icmp with options
${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_pad.py N1
${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_pad.py N2
+REGRESS_TARGETS += run-icmp-max
+run-icmp-max: stamp-bpf
+ ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_max.py N1
+ ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp_max.py N2
+
+REGRESS_TARGETS += run-icmp6-max
+run-icmp6-max: stamp-bpf
+ ${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp6_hop_max.py N1
+ ${SUDO} /sbin/route -T ${N2} exec ${PYTHON}icmp6_hop_max.py N2
+
REGRESS_TARGETS += run-icmp-ra
run-icmp-ra: stamp-bpf
${SUDO} /sbin/route -T ${N1} exec ${PYTHON}icmp_ra.py N1
# Check that icmp packet with options were blocked
grep ' 127.0.0.${N2}:.* optlen=4 NOP NOP NOP NOP)' pflog0.tcpdump
grep ' 127.0.0.${N2}:.* optlen=4 NOP EOL-2)' pflog0.tcpdump
+ grep ' 127.0.0.${N2}:.* optlen=40 NOP ' pflog0.tcpdump
grep ' 127.0.0.${N2}:.* optlen=8 NOP IPOPT-148{4} NOP ' pflog0.tcpdump
grep ' 127.0.0.${N2}:.* optlen=4 IPOPT-3{4})' pflog0.tcpdump
- grep ' fe80::${N2}: HBH icmp6' pflog0.tcpdump
- grep ' fe80::${N2}: HBH (rtalert: 0x0000) icmp6' pflog0.tcpdump
- grep ' fe80::${N2}: HBH (type 0x03: len=0) icmp6' pflog0.tcpdump
+ grep ' fe80::${N2}: HBH icmp6:.* (len 28,' pflog0.tcpdump
+ grep ' fe80::${N2}: HBH icmp6:.* (len 284,' pflog0.tcpdump
+ grep ' fe80::${N2}: HBH (rtalert: 0x0000) icmp6:' pflog0.tcpdump
+ grep ' fe80::${N2}: HBH (type 0x03: len=0) icmp6:' pflog0.tcpdump
! grep '127.0.0.${N1}' pflog0.tcpdump
! grep 'fe80::${N1}' pflog0.tcpdump
--- /dev/null
+#!/usr/local/bin/python3
+
+print("send icmp6 with hop by hop header with maxium padding")
+
+import os
+import sys
+from struct import pack
+from addr import *
+from scapy.all import *
+
+if len(sys.argv) != 2:
+ print("usage: icmp6_hop_max.py Nn")
+ exit(2)
+
+N=sys.argv[1]
+IF=eval("IF_"+N);
+ADDR6=eval("ADDR6_"+N);
+
+pid=os.getpid()
+eid=pid & 0xffff
+payload=b"ABCDEFGHIJKLMNOP"
+packet=IPv6(src=ADDR6, dst=ADDR6)/ \
+ IPv6ExtHdrHopByHop(options=[PadN(optdata=255*b"\x11")])/ \
+ ICMPv6Unknown(type=6, code=0, msgbody=payload)
+
+# send does not work for some reason, add the bpf loopback layer manually
+#send(packet)
+bpf=pack('!I', 24) + bytes(packet)
+sendp(bpf, iface=IF)
eid=pid & 0xffff
payload=b"ABCDEFGHIJKLMNOP"
packet=IPv6(src=ADDR6, dst=ADDR6)/ \
- IPv6ExtHdrHopByHop(options=[Pad1(),PadN(optlen=2),Pad1()])/ \
+ IPv6ExtHdrHopByHop(options=[Pad1(),PadN(optdata=b"\x11\x22"),Pad1()])/ \
ICMPv6Unknown(type=6, code=0, msgbody=payload)
# send does not work for some reason, add the bpf loopback layer manually
eid=pid & 0xffff
payload=b"ABCDEFGHIJKLMNOP"
packet=IPv6(src=ADDR6, dst=ADDR6)/ \
- IPv6ExtHdrHopByHop(options=[Pad1(),Pad1(),RouterAlert(),PadN(optlen=6)])/ \
+ IPv6ExtHdrHopByHop(options=[Pad1(),Pad1(),RouterAlert(),\
+ PadN(optdata=b"\x11\x22\x33\x44\x55\x66")])/ \
ICMPv6Unknown(type=6, code=0, msgbody=payload)
# send does not work for some reason, add the bpf loopback layer manually
--- /dev/null
+#!/usr/local/bin/python3
+
+print("send icmp with maximum length option")
+
+import os
+import sys
+from addr import *
+from scapy.all import *
+
+if len(sys.argv) != 2:
+ print("usage: icmp_max.py Nn")
+ exit(2)
+
+N=sys.argv[1]
+IF=eval("IF_"+N);
+ADDR=eval("ADDR_"+N);
+
+pid=os.getpid()
+eid=pid & 0xffff
+payload=b"ABCDEFGHIJKLMNOP"
+packet=IP(src=ADDR, dst=ADDR, options=40*b"\001")/ \
+ ICMP(type=6, id=eid)/payload
+
+send(packet, iface=IF)
projects / openbsd / commitdiff