Update dhcp relay test for option82 stripping #6330
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Gang Lv ganglv@microsoft.com
7 tasks
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
qiluo-msft
reviewed
Sep 10, 2022
| def create_dhcp_offer_packet(self): | ||
| return testutils.dhcp_offer_packet(eth_server=self.server_iface_mac, |
There was a problem hiding this comment.
I replace this function to add option82, and I don't think we need it for test_dhcp_pkt_fwd.
qiluo-msft
reviewed
Sep 10, 2022
| @@ -284,13 +356,14 @@ def create_dhcp_offer_relayed_packet(self): | |||
| ('server_id', self.server_ip), | |||
| ('lease_time', self.LEASE_TIME), | |||
| ('subnet_mask', self.client_subnet), | |||
| ("vendor_class_id", "http://10.23.145.67:9876/abc/defghijk/lmnopqrst.bin".encode('utf-8')), | |||
There was a problem hiding this comment.
Is it a random URL?
If yes, can we use more fictional URL like [http://0.0.0.0/test/test.bin](http://0.0.0.0/test/test.bin`) ? #Closed
There was a problem hiding this comment.
http://0.0.0.0/test/test.bin is not long enough to overwrite option82.
There was a problem hiding this comment.
This information is priceless, and please add it as code comment or assert, in case future dev (even yourself) mistakenly break it.
The the sample is like [http://0.0.0.0/very_long_long_test/test.bin](http://0.0.0.0/very_long_long_test/test.bin`)
There was a problem hiding this comment.
We do not want to a true IP in the world hit by DDOS.
qiluo-msft
reviewed
Sep 10, 2022
| @@ -284,13 +356,14 @@ def create_dhcp_offer_relayed_packet(self): | |||
| ('server_id', self.server_ip), | |||
| ('lease_time', self.LEASE_TIME), | |||
| ('subnet_mask', self.client_subnet), | |||
| ("vendor_class_id", "http://10.23.145.67:9876/abc/defghijk/lmnopqrst.bin".encode('utf-8')), | |||
| ('end')]) | |||
|
|
|||
| # TODO: Need to add this to the packet creation functions in PTF code first! | |||
|
@saikrishnagajula Could you help review? |
kellyyeh
approved these changes
Sep 13, 2022
qiluo-msft
approved these changes
Sep 13, 2022
ganglyu
added a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Sep 16, 2022
Why I did it Current isc-dhcp uses below code to remove DHCP option: memmove(sp, op, op[1] + 2); sp += op[1] + 2; sp points to the option to be stripped, we can call it as option S. op points to the option after options S, we can call it as option O. DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value. In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result: Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove. But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp. How I did it Create patch from https://github.com/isc-projects/dhcp The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug. size_t mlen = op[1] + 2; memmove(sp, op, mlen); sp += mlen; How to verify it I have a PR for sonic-mgmt to cover this issue: sonic-net/sonic-mgmt#6330 Signed-off-by: Gang Lv ganglv@microsoft.com
qiluo-msft
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Sep 17, 2022
Why I did it Current isc-dhcp uses below code to remove DHCP option: memmove(sp, op, op[1] + 2); sp += op[1] + 2; sp points to the option to be stripped, we can call it as option S. op points to the option after options S, we can call it as option O. DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value. In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result: Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove. But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp. How I did it Create patch from https://github.com/isc-projects/dhcp The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug. size_t mlen = op[1] + 2; memmove(sp, op, mlen); sp += mlen; How to verify it I have a PR for sonic-mgmt to cover this issue: sonic-net/sonic-mgmt#6330 Signed-off-by: Gang Lv ganglv@microsoft.com
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
yxieca
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Sep 21, 2022
Why I did it Current isc-dhcp uses below code to remove DHCP option: memmove(sp, op, op[1] + 2); sp += op[1] + 2; sp points to the option to be stripped, we can call it as option S. op points to the option after options S, we can call it as option O. DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value. In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result: Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove. But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp. How I did it Create patch from https://github.com/isc-projects/dhcp The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug. size_t mlen = op[1] + 2; memmove(sp, op, mlen); sp += mlen; How to verify it I have a PR for sonic-mgmt to cover this issue: sonic-net/sonic-mgmt#6330 Signed-off-by: Gang Lv ganglv@microsoft.com
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
wangxin
pushed a commit
that referenced
this pull request
Sep 28, 2022
Signed-off-by: Gang Lv ganglv@microsoft.com What is the motivation for this PR? dhcp relay has an option82 related pr, and we need to update e2e test to verify this issue: sonic-net/sonic-buildimage#12033 How did you do it? Update dhcp offer packet, add option82 and another option. After dhcp relay, option82 should be stripped. How did you verify/test it? I used kvm to verify this test case.
wangxin
pushed a commit
that referenced
this pull request
Sep 28, 2022
Signed-off-by: Gang Lv ganglv@microsoft.com What is the motivation for this PR? dhcp relay has an option82 related pr, and we need to update e2e test to verify this issue: sonic-net/sonic-buildimage#12033 How did you do it? Update dhcp offer packet, add option82 and another option. After dhcp relay, option82 should be stripped. How did you verify/test it? I used kvm to verify this test case.
ganglyu
added a commit
that referenced
this pull request
Oct 8, 2022
What is the motivation for this PR? dhcp_relay_test.py has been upgraded to python3, so cherry-pick from master to 202012 does not work. So, I need to revert the commit, and create a new PR for 202012 branch. How did you do it? Revert changes for dhcp relay test How did you verify/test it? Run dhcp relay test.
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Oct 13, 2022
Why I did it Current isc-dhcp uses below code to remove DHCP option: memmove(sp, op, op[1] + 2); sp += op[1] + 2; sp points to the option to be stripped, we can call it as option S. op points to the option after options S, we can call it as option O. DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value. In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result: Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove. But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp. How I did it Create patch from https://github.com/isc-projects/dhcp The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug. size_t mlen = op[1] + 2; memmove(sp, op, mlen); sp += mlen; How to verify it I have a PR for sonic-mgmt to cover this issue: sonic-net/sonic-mgmt#6330 Signed-off-by: Gang Lv ganglv@microsoft.com
liushilongbuaa
pushed a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Oct 16, 2022
Why I did it Current isc-dhcp uses below code to remove DHCP option: memmove(sp, op, op[1] + 2); sp += op[1] + 2; sp points to the option to be stripped, we can call it as option S. op points to the option after options S, we can call it as option O. DHCP option is a typical type-length-value structure, the first byte is type, the second byte is length, and remain parts are value. In this case, option O length is bigger than option S, and more than 2 bytes, after the memmove, we will get this result: Now Option S and Option O are overwritten, op[1] was the length of Option O, and it's modified after memmove. But current implementation is still using op[1] as length to update sp (sp+=op[1]+2), so we get the wrong sp. How I did it Create patch from https://github.com/isc-projects/dhcp The new impelementation use mlen to store the length of Option O before memmove, that's how it fixed the bug. size_t mlen = op[1] + 2; memmove(sp, op, mlen); sp += mlen; How to verify it I have a PR for sonic-mgmt to cover this issue: sonic-net/sonic-mgmt#6330 Signed-off-by: Gang Lv ganglv@microsoft.com Signed-off-by: Gang Lv ganglv@microsoft.com Co-authored-by: ganglv <88995770+ganglyu@users.noreply.github.com>
Azarack
pushed a commit
to Azarack/sonic-mgmt
that referenced
this pull request
Oct 17, 2022
Signed-off-by: Gang Lv ganglv@microsoft.com What is the motivation for this PR? dhcp relay has an option82 related pr, and we need to update e2e test to verify this issue: sonic-net/sonic-buildimage#12033 How did you do it? Update dhcp offer packet, add option82 and another option. After dhcp relay, option82 should be stripped. How did you verify/test it? I used kvm to verify this test case.
6 tasks
allen-xf
pushed a commit
to allen-xf/sonic-mgmt
that referenced
this pull request
Oct 28, 2022
Signed-off-by: Gang Lv ganglv@microsoft.com What is the motivation for this PR? dhcp relay has an option82 related pr, and we need to update e2e test to verify this issue: sonic-net/sonic-buildimage#12033 How did you do it? Update dhcp offer packet, add option82 and another option. After dhcp relay, option82 should be stripped. How did you verify/test it? I used kvm to verify this test case.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Gang Lv ganglv@microsoft.com
Description of PR
Summary:
Fixes # (issue)
Type of change
Back port request
Approach
What is the motivation for this PR?
dhcp relay has an option82 related pr, and we need to update e2e test to verify this issue:
sonic-net/sonic-buildimage#12033
How did you do it?
Update dhcp offer packet, add option82 and another option. After dhcp relay, option82 should be stripped.
How did you verify/test it?
I used kvm to verify this test case.
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation