3 # SPDX-License-Identifier: BSD-2-Clause
5 # Copyright (c) 2021 Kristof Provost <kp@FreeBSD.org>
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
10 # 1. Redistributions of source code must retain the above copyright
11 # notice, this list of conditions and the following disclaimer.
12 # 2. Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 logging.getLogger("scapy").setLevel(logging.CRITICAL)
32 import scapy.all as sp
35 curdir = os.path.dirname(os.path.realpath(__file__))
36 netpfil_common = curdir + "/../netpfil/common"
37 sys.path.append(netpfil_common)
38 from sniffer import Sniffer
40 def check_stp(args, packet):
41 stp = packet.getlayer(sp.STP)
45 if stp.rootmac != "00:0c:29:01:01:01":
48 # Ensure we don't get confused by valid STP packets generated by if_bridge
49 if (stp.maxage >= 6 and stp.maxage <= 40) and \
50 (stp.hellotime >= 1 and stp.hellotime <= 2) and \
51 (stp.fwddelay >= 4 and stp.fwddelay <= 30):
54 print("This packet should have been dropped")
58 def invalid_stp(send_if):
59 llc = sp.Ether(src="00:0c:29:0b:91:0a", dst="01:80:C2:00:00:00") \
63 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
64 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
65 portid=0x8007, maxage=41, hellotime=2, fwddelay=30)
66 sp.sendp(stp, iface=send_if, verbose=False)
67 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
68 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
69 portid=0x8007, maxage=5, hellotime=2, fwddelay=30)
70 sp.sendp(stp, iface=send_if, verbose=False)
73 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
74 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
75 portid=0x8007, maxage=40, hellotime=3, fwddelay=30)
76 sp.sendp(stp, iface=send_if, verbose=False)
77 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
78 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
79 portid=0x8007, maxage=40, hellotime=1, fwddelay=30)
80 sp.sendp(stp, iface=send_if, verbose=False)
83 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
84 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
85 portid=0x8007, maxage=40, hellotime=2, fwddelay=31)
86 sp.sendp(stp, iface=send_if, verbose=False)
87 stp = llc / sp.STP(proto=0, rootid=32768, rootmac="00:0c:29:01:01:01", \
88 bridgeid=32768, bridgemac="00:0c:29:01:01:01", \
89 portid=0x8007, maxage=40, hellotime=2, fwddelay=3)
90 sp.sendp(stp, iface=send_if, verbose=False)
93 parser = argparse.ArgumentParser("stp.py",
94 description="STP test tool")
95 parser.add_argument('--sendif', nargs=1,
97 help='The interface through which the packet(s) will be sent')
98 parser.add_argument('--recvif', nargs=1,
99 help='The interface on which to expect the ICMP echo request')
101 args = parser.parse_args()
103 sniffer = Sniffer(args, check_stp, args.recvif[0])
105 invalid_stp(args.sendif[0])
109 # The 'correct' packet is a corrupt STP packet, so it shouldn't turn up.
110 if sniffer.correctPackets:
113 if __name__ == '__main__':