From aa14a9f08e6df11ca0d52249dafd46da8bf788c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Tue, 10 Sep 2024 10:17:18 +0200 Subject: [PATCH] ICMP BPF filter - Fix BPF filter for ICMPv6 and use shorter form - Add tests for ICMP and ICMP6 --- src/bpft.c | 2 +- src/test/Makefile.am | 8 +++++--- src/test/gen_icmp.py | 10 ++++++++++ src/test/icmp.gold | 4 ++++ src/test/icmp.pcap | Bin 0 -> 160 bytes src/test/test_icmp.sh | 11 +++++++++++ 6 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 src/test/gen_icmp.py create mode 100644 src/test/icmp.gold create mode 100644 src/test/icmp.pcap create mode 100755 src/test/test_icmp.sh diff --git a/src/bpft.c b/src/bpft.c index 8ce1b56..4d3d2ad 100644 --- a/src/bpft.c +++ b/src/bpft.c @@ -86,7 +86,7 @@ void prepare_bpft(void) else len += text_add(&bpfl, "("); /* ( transports ... */ if (wanticmp) { - len += text_add(&bpfl, " ( ip proto 1 or ip proto 58 ) or"); + len += text_add(&bpfl, " ( icmp or icmp6 ) or"); } if (wantfrags) { len += text_add(&bpfl, " ( ip[6:2] & 0x1fff != 0 or ip6[6] = 44 ) or"); diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 1918400..91d11a5 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -16,11 +16,12 @@ CLEANFILES = test*.log test*.trs \ test13.out \ test14.out \ test_regex_match.out \ - edns.out + edns.out \ + test_icmp.out TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh test6.sh test7.sh \ test8.sh test9.sh test10.sh test11.sh test12.sh test13.sh test14.sh \ - test_regex_match.sh test_edns.sh + test_regex_match.sh test_edns.sh test_icmp.sh EXTRA_DIST = $(TESTS) \ dns.gold dns.pcap \ @@ -36,4 +37,5 @@ EXTRA_DIST = $(TESTS) \ dns6.pcap test10.gold \ test14.gold \ test_regex_match.gold \ - edns.pcap edns.gold + edns.pcap edns.gold \ + gen_icmp.py icmp.pcap icmp.gold diff --git a/src/test/gen_icmp.py b/src/test/gen_icmp.py new file mode 100644 index 0000000..afee206 --- /dev/null +++ b/src/test/gen_icmp.py @@ -0,0 +1,10 @@ +import sys +from scapy.all import * + +pcap = sys.argv[1] + +pkts = [] +pkts.append(Ether()/IPv6(dst="2001:db8:dead::1")/ICMPv6DestUnreach()) +pkts.append(Ether()/IP(dst="0.0.0.0")/ICMP(type=3)) + +wrpcap(pcap, pkts) \ No newline at end of file diff --git a/src/test/icmp.gold b/src/test/icmp.gold new file mode 100644 index 0000000..8c05b66 --- /dev/null +++ b/src/test/icmp.gold @@ -0,0 +1,4 @@ +[48] 2024-09-10 08:52:52.252793 [#0 icmp.pcap 4095] \ + [fd00::242:ac11:9].0 [2001:db8:dead::1].0 +[28] 2024-09-10 08:52:52.253461 [#1 icmp.pcap 4095] \ + [172.17.0.9].0 [0.0.0.0].0 diff --git a/src/test/icmp.pcap b/src/test/icmp.pcap new file mode 100644 index 0000000000000000000000000000000000000000..2aba75d227d59d2f25c55654c7565709649391ac GIT binary patch literal 160 zcmca|c+)~A1{MYw`2U}Qff2}g!to%j@-{Pr9gq#e|G|LCX^kKQXWQKbpa=tpmBU{U z4F(Vy1xDT-_twJ17#JBD+ literal 0 HcmV?d00001 diff --git a/src/test/test_icmp.sh b/src/test/test_icmp.sh new file mode 100755 index 0000000..43f44e8 --- /dev/null +++ b/src/test/test_icmp.sh @@ -0,0 +1,11 @@ +#!/bin/sh -xe + +test -e icmp.pcap || ln -s "$srcdir/icmp.pcap" icmp.pcap + +../dnscap -g -I -r icmp.pcap 2>test_icmp.out + +mv test_icmp.out test_icmp.out.old +grep -v "^libgcov profiling error:" test_icmp.out.old > test_icmp.out +rm test_icmp.out.old + +diff test_icmp.out "$srcdir/icmp.gold"