summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoranonym <anonym@riseup.net>2017-03-19 00:37:23 +0100
committeranonym <anonym@riseup.net>2017-03-19 02:49:51 +0100
commit112b34da0648706850d3f780dc620c8de444c33e (patch)
tree96fde7a89bdfecac94d1f970be761f7dbe649e24
parentfdd50f83f44aa9f46f08ab8bbedf646b2efb3a06 (diff)
Test suite: try possible fix for #11508.
Yup, it seems that all along I've just missed that we could have IPv6Packet:s in `ip_packet`, and their source is accessed by `.ipv6_saddr`, not `ip_saddr` (that's for IPv4Packet). So, let's just try and see which one of the two each `ip_packet` has, because one of them must be there! Also, given that UDPPacket can be either IPv4 or IPv6 it seems safest to try to parse each packet as IPv6Packet first -- that way we keep looking at transport layer protocols for IPv4 only, and treat everything IPv6 as the same, which makes sense, since we should block all IPv6, so everything should be treated the same at all times. Refs: #11508
-rw-r--r--features/support/helpers/firewall_helper.rb23
1 files changed, 13 insertions, 10 deletions
diff --git a/features/support/helpers/firewall_helper.rb b/features/support/helpers/firewall_helper.rb
index 97f0eeb..62d9856 100644
--- a/features/support/helpers/firewall_helper.rb
+++ b/features/support/helpers/firewall_helper.rb
@@ -19,7 +19,10 @@ def pcap_connections_helper(pcap_file, opts = {})
end
sport = nil
dport = nil
- if PacketFu::TCPPacket.can_parse?(p)
+ if PacketFu::IPv6Packet.can_parse?(p)
+ ip_packet = PacketFu::IPv6Packet.parse(p)
+ protocol = 'ipv6'
+ elsif PacketFu::TCPPacket.can_parse?(p)
ip_packet = PacketFu::TCPPacket.parse(p)
protocol = 'tcp'
sport = ip_packet.tcp_sport
@@ -35,9 +38,6 @@ def pcap_connections_helper(pcap_file, opts = {})
elsif PacketFu::IPPacket.can_parse?(p)
ip_packet = PacketFu::IPPacket.parse(p)
protocol = 'ip'
- elsif PacketFu::IPv6Packet.can_parse?(p)
- ip_packet = PacketFu::IPv6Packet.parse(p)
- protocol = 'ipv6'
else
raise "Found something that cannot be parsed"
end
@@ -52,16 +52,19 @@ def pcap_connections_helper(pcap_file, opts = {})
sport: sport,
dport: dport,
}
- # It seems *Packet.parse can return an IP packet without source
- # and/or destination address. (#11508)
+
begin
packet_info[:saddr] = ip_packet.ip_saddr
packet_info[:daddr] = ip_packet.ip_daddr
rescue NoMethodError
- # noop
- end
- if not(packet_info.has_key?(:saddr)) || not(packet_info.has_key?(:daddr))
- puts "We were hit by #11508. PacketFu bug? Packet info: #{packet_info}"
+ begin
+ packet_info[:saddr] = ip_packet.ipv6_saddr
+ packet_info[:daddr] = ip_packet.ipv6_daddr
+ rescue NoMethodError
+ puts "We were hit by #11508. PacketFu bug? Packet info: #{ip_packet}"
+ packet_info[:saddr] = nil
+ packet_info[:daddr] = nil
+ end
end
connections << packet_info
end