lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 24 Jun 2019 17:47:32 -0400
From:   Alexander Aring <aring@...atatu.com>
To:     Lucas Bates <lucasb@...atatu.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, jhs@...atatu.com,
        kernel@...atatu.com, xiyou.wangcong@...il.com, jiri@...nulli.us,
        mleitner@...hat.com, vladbu@...lanox.com, dcaratti@...hat.com
Subject: Re: [RFC PATCH net-next 1/1] tc-testing: Scapy plugin and JSON
 verification for tdc

Hi Lucas,

On Sun, Jun 09, 2019 at 10:20:32PM -0400, Lucas Bates wrote:
> This is a draft version of two new tdc features.
> 
> First, the scapy plugin. This requires the scapy Python module
> installed on the system (plugin was tested against v2.4.2).
> The intent is to install a given rule (as the command under test)
> and then generate packets to create statistics for that rule.
> The stats are checked in the verify phase.
> 
> A new "scapy" entry appears in the test cases, which currently
> have three requirements: the source interface for the packets,
> the number of packets to be sent, and a string that is processed
> by scapy's eval() function to construct the packets.

eval() is not a function of scapy, it is a python thing.
You need to be careful with that, people can introduce weird code. Since
everything is here under review I think it is okay... so far we don't
introduce a tdc restful API for that.

> 
> Limitations: For now, only one type of packet can be crafted
> per test case. Also, knowledge of scapy's syntax is required.
> 

Why not add a list of eval() strings and send them out in order?

> Secondly, we add JSON processing as a method of performing the
> verification stage. Each test case can now have a "matchPattern"
> or "matchJSON" field which governs the method tdc will use to
> process the results. The intent is to make it easier to handle
> the verify stage by not requiring complex regular expressions
> 
> matchJSON has two fields, path and value. Path is a list of
> strings and integers which indicate the path through the nested
> JSON data - an asterisk is also acceptable in place of
> a number if the specific index of a list is unknown.
> 

Can you provide an example?

> This structure may not be the best method of handling JSON
> verification - suggestions have been made that include using a
> third party module to process the JSON, but that creates an
> external dependency for tdc.
> 
> To try the sample tests in this patch:
> 
> 1) Ensure nsPlugin and scapyPlugin are linked in the plugins/
>    subdirectory
> 2) Run:
>     sudo ./tdc.py -f tc-tests/actions/scapy-example.json -n
> 
> The second test is designed to fail.
> 
> Comments and discussion are encouraged!

Can you please split these patches according to your commit message.

1. JSON processing (new core feature?)
2. scapy plugin (should not touch core code)
3. scapy example

- Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ