mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
tests: Add ebtables rules for ProxyARP
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
a95c6973aa
commit
19cbe06238
@ -2775,6 +2775,28 @@ def _test_proxyarp_open(dev, apdev, params):
|
||||
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
|
||||
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
|
||||
|
||||
for chain in [ 'FORWARD', 'OUTPUT' ]:
|
||||
subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
|
||||
'-d', 'Broadcast', '-o', apdev[0]['ifname'],
|
||||
'-j', 'DROP'])
|
||||
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
|
||||
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
|
||||
'--ip6-icmp-type', 'neighbor-solicitation',
|
||||
'-o', apdev[0]['ifname'], '-j', 'DROP'])
|
||||
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
|
||||
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
|
||||
'--ip6-icmp-type', 'neighbor-advertisement',
|
||||
'-o', apdev[0]['ifname'], '-j', 'DROP'])
|
||||
subprocess.call(['ebtables', '-A', chain,
|
||||
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
|
||||
'--ip6-icmp-type', 'router-solicitation',
|
||||
'-o', apdev[0]['ifname'], '-j', 'DROP'])
|
||||
# Multicast Listener Report Message
|
||||
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
|
||||
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
|
||||
'--ip6-icmp-type', '143',
|
||||
'-o', apdev[0]['ifname'], '-j', 'DROP'])
|
||||
|
||||
cmd = {}
|
||||
cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
|
||||
'-w', cap_br, '-s', '2000'],
|
||||
@ -2994,6 +3016,10 @@ def _test_proxyarp_open(dev, apdev, params):
|
||||
logger.info("After disconnect: " + str(matches))
|
||||
if len(matches) > 0:
|
||||
raise Exception("Unexpected neighbor entries after disconnect")
|
||||
cmd = subprocess.Popen(['ebtables', '-L', '--Lc'], stdout=subprocess.PIPE)
|
||||
res = cmd.stdout.read()
|
||||
cmd.stdout.close()
|
||||
logger.info("ebtables results:\n" + res)
|
||||
|
||||
def test_proxyarp_open(dev, apdev, params):
|
||||
"""ProxyARP with open network"""
|
||||
@ -3001,6 +3027,8 @@ def test_proxyarp_open(dev, apdev, params):
|
||||
try:
|
||||
res = _test_proxyarp_open(dev, apdev, params)
|
||||
finally:
|
||||
subprocess.call(['ebtables', '-F', 'FORWARD'])
|
||||
subprocess.call(['ebtables', '-F', 'OUTPUT'])
|
||||
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
|
||||
stderr=open('/dev/null', 'w'))
|
||||
subprocess.call(['brctl', 'delbr', 'ap-br0'],
|
||||
|
@ -49,6 +49,18 @@ echo 'adm:x:0:' > /etc/group
|
||||
echo 'admin:x:0:' >> /etc/group
|
||||
# root should exist
|
||||
echo 'root:x:0:0:root:/tmp:/bin/bash' > /etc/passwd
|
||||
cat > /etc/ethertypes <<EOF
|
||||
IPv4 0800 ip ip4
|
||||
ARP 0806 ether-arp
|
||||
IPv6 86DD ip6
|
||||
EOF
|
||||
cat > /etc/protocols <<EOF
|
||||
ip 0 IP
|
||||
icmp 1 ICMP
|
||||
tcp 6 TCP
|
||||
udp 17 UDP
|
||||
ipv6-icmp 58 IPv6-ICMP
|
||||
EOF
|
||||
|
||||
# local network is needed for some tests
|
||||
ip link set lo up
|
||||
|
Loading…
Reference in New Issue
Block a user