Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/tests/sys/netpfil/pf/icmp.sh
39507 views
1
#

2
# SPDX-License-Identifier: BSD-2-Clause

3
#

4
# Copyright (c) 2019 Kristof Provost <[email protected]>

5
#

6
# Redistribution and use in source and binary forms, with or without

7
# modification, are permitted provided that the following conditions

8
# are met:

9
# 1. Redistributions of source code must retain the above copyright

10
#    notice, this list of conditions and the following disclaimer.

11
# 2. Redistributions in binary form must reproduce the above copyright

12
#    notice, this list of conditions and the following disclaimer in the

13
#    documentation and/or other materials provided with the distribution.

14
#

15
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND

16
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

17
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

18
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

19
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

20
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

21
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

22
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

23
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

24
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

25
# SUCH DAMAGE.

26


27
. $(atf_get_srcdir)/utils.subr

28


29
common_dir=$(atf_get_srcdir)/../common

30


31
atf_test_case "cve_2019_5598" "cleanup"

32
cve_2019_5598_head()

33
{

34
	atf_set descr 'Test CVE-2019-5598'

35
	atf_set require.user root

36
	atf_set require.progs python3 scapy

37
}

38


39
cve_2019_5598_body()

40
{

41
	pft_init

42


43
	epair_in=$(vnet_mkepair)

44
	epair_out=$(vnet_mkepair)

45
	ifconfig ${epair_in}a 192.0.2.1/24 up

46
	ifconfig ${epair_out}a up

47


48
	vnet_mkjail alcatraz ${epair_in}b ${epair_out}b

49
	jexec alcatraz ifconfig ${epair_in}b 192.0.2.2/24 up

50
	jexec alcatraz ifconfig ${epair_out}b 198.51.100.2/24 up

51
	jexec alcatraz sysctl net.inet.ip.forwarding=1

52
	jexec alcatraz arp -s 198.51.100.3 00:01:02:03:04:05

53
	jexec alcatraz route add default 198.51.100.3

54
	route add -net 198.51.100.0/24 192.0.2.2

55


56
	jexec alcatraz pfctl -e

57
	pft_set_rules alcatraz "block all" \

58
		"pass in proto udp to 198.51.100.3 port 53" \

59
		"pass out proto udp to 198.51.100.3 port 53"

60


61
	atf_check -s exit:0 env PYTHONPATH=${common_dir} \

62
		$(atf_get_srcdir)/CVE-2019-5598.py \

63
		--sendif ${epair_in}a \

64
		--recvif ${epair_out}a \

65
		--src 192.0.2.1 \

66
		--to 198.51.100.3

67
}

68


69
cve_2019_5598_cleanup()

70
{

71
	pft_cleanup

72
}

73


74
atf_test_case "ttl_exceeded" "cleanup"

75
ttl_exceeded_head()

76
{

77
	atf_set descr 'Test that we correctly translate TTL exceeded back'

78
	atf_set require.user root

79
}

80


81
ttl_exceeded_body()

82
{

83
	pft_init

84


85
	epair_srv=$(vnet_mkepair)

86
	epair_int=$(vnet_mkepair)

87
	epair_cl=$(vnet_mkepair)

88


89
	vnet_mkjail srv ${epair_srv}a

90
	jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up

91
	jexec srv route add default 192.0.2.2

92


93
	vnet_mkjail int ${epair_srv}b ${epair_int}a

94
	jexec int sysctl net.inet.ip.forwarding=1

95
	jexec int ifconfig ${epair_srv}b 192.0.2.2/24 up

96
	jexec int ifconfig ${epair_int}a 203.0.113.2/24 up

97


98
	vnet_mkjail nat ${epair_int}b ${epair_cl}b

99
	jexec nat ifconfig ${epair_int}b 203.0.113.1/24 up

100
	jexec nat ifconfig ${epair_cl}b 198.51.100.2/24 up

101
	jexec nat sysctl net.inet.ip.forwarding=1

102
	jexec nat route add default 203.0.113.2

103


104
	vnet_mkjail cl ${epair_cl}a

105
	jexec cl ifconfig ${epair_cl}a 198.51.100.1/24 up

106
	jexec cl route add default 198.51.100.2

107


108
	jexec nat pfctl -e

109
	pft_set_rules nat \

110
	    "nat on ${epair_int}b from 198.51.100.0/24 -> (${epair_int}b)" \

111
	    "block" \

112
	    "pass inet proto udp" \

113
	    "pass inet proto icmp icmp-type { echoreq }"

114


115
	# Sanity checks

116
	atf_check -s exit:0 -o ignore \

117
	    jexec cl ping -c 1 198.51.100.2

118
	atf_check -s exit:0 -o ignore \

119
	    jexec cl ping -c 1 203.0.113.1

120
	atf_check -s exit:0 -o ignore \

121
	    jexec cl ping -c 1 203.0.113.2

122
	atf_check -s exit:0 -o ignore \

123
	    jexec cl ping -c 1 192.0.2.1

124


125
	echo "UDP"

126
	atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \

127
	    jexec cl traceroute 192.0.2.1

128
	jexec nat pfctl -Fs

129


130
	echo "ICMP"

131
	atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \

132
	    jexec cl traceroute -I 192.0.2.1

133
}

134


135
ttl_exceeded_cleanup()

136
{

137
	pft_cleanup

138
}

139


140
atf_init_test_cases()

141
{

142
	atf_add_test_case "cve_2019_5598"

143
	atf_add_test_case "ttl_exceeded"

144
}

145


146