tests/sys/netpfil/pf/icmp.sh

   1 # $FreeBSD$
   2
   3 . $(atf_get_srcdir)/utils.subr
   4
   5 common_dir=$(atf_get_srcdir)/../common
   6
   7 atf_test_case "cve_2019_5598" "cleanup"
   8 cve_2019_5598_head()
   9 {
  10         atf_set descr 'Test CVE-2019-5598'
  11         atf_set require.user root
  12         atf_set require.progs scapy
  13 }
  14
  15 cve_2019_5598_body()
  16 {
  17         pft_init
  18
  19         epair_in=$(vnet_mkepair)
  20         epair_out=$(vnet_mkepair)
  21         ifconfig ${epair_in}a 192.0.2.1/24 up
  22         ifconfig ${epair_out}a up
  23
  24         vnet_mkjail alcatraz ${epair_in}b ${epair_out}b
  25         jexec alcatraz ifconfig ${epair_in}b 192.0.2.2/24 up
  26         jexec alcatraz ifconfig ${epair_out}b 198.51.100.2/24 up
  27         jexec alcatraz sysctl net.inet.ip.forwarding=1
  28         jexec alcatraz arp -s 198.51.100.3 00:01:02:03:04:05
  29         jexec alcatraz route add default 198.51.100.3
  30         route add -net 198.51.100.0/24 192.0.2.2
  31
  32         jexec alcatraz pfctl -e
  33         pft_set_rules alcatraz "block all" \
  34                 "pass in proto udp to 198.51.100.3 port 53" \
  35                 "pass out proto udp to 198.51.100.3 port 53"
  36
  37         atf_check -s exit:0 env PYTHONPATH=${common_dir} \
  38                 $(atf_get_srcdir)/CVE-2019-5598.py \
  39                 --sendif ${epair_in}a \
  40                 --recvif ${epair_out}a \
  41                 --src 192.0.2.1 \
  42                 --to 198.51.100.3
  43 }
  44
  45 cve_2019_5598_cleanup()
  46 {
  47         pft_cleanup
  48 }
  49
  50 atf_init_test_cases()
  51 {
  52         atf_add_test_case "cve_2019_5598"
  53 }