From 3b0a7fd727d86138d39da4e25fb64f1e571b17d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20K=C5=82ak?= Date: Thu, 31 Oct 2024 10:52:06 +0100 Subject: [PATCH 1/2] Add randomized payloads to ping packets on docker When a ping command is started on the linux systems, the KILL_ID used later to kill it is also part of the icmp payload it is sending. --- nat-lab/tests/utils/connection/connection.py | 2 +- nat-lab/tests/utils/connection/docker_connection.py | 4 ++-- nat-lab/tests/utils/connection/ssh_connection.py | 2 +- nat-lab/tests/utils/ping.py | 11 ++++++++++- nat-lab/tests/utils/process/docker_process.py | 11 +++++------ 5 files changed, 19 insertions(+), 11 deletions(-) diff --git a/nat-lab/tests/utils/connection/connection.py b/nat-lab/tests/utils/connection/connection.py index 572d8c028..4ff6452cd 100644 --- a/nat-lab/tests/utils/connection/connection.py +++ b/nat-lab/tests/utils/connection/connection.py @@ -17,7 +17,7 @@ def __init__(self, target_os: TargetOS) -> None: self._target_os = target_os @abstractmethod - def create_process(self, command: List[str]) -> "Process": + def create_process(self, command: List[str], kill_id=None) -> "Process": pass @property diff --git a/nat-lab/tests/utils/connection/docker_connection.py b/nat-lab/tests/utils/connection/docker_connection.py index 4437d4e94..82e657cbe 100644 --- a/nat-lab/tests/utils/connection/docker_connection.py +++ b/nat-lab/tests/utils/connection/docker_connection.py @@ -33,8 +33,8 @@ def container_name(self) -> str: def target_name(self) -> str: return self.container_name() - def create_process(self, command: List[str]) -> "Process": - process = DockerProcess(self._container, command) + def create_process(self, command: List[str], kill_id=None) -> "Process": + process = DockerProcess(self._container, command, kill_id) print( datetime.now(), "Executing", diff --git a/nat-lab/tests/utils/connection/ssh_connection.py b/nat-lab/tests/utils/connection/ssh_connection.py index 59c1d9637..64813446b 100644 --- a/nat-lab/tests/utils/connection/ssh_connection.py +++ b/nat-lab/tests/utils/connection/ssh_connection.py @@ -16,7 +16,7 @@ def __init__(self, connection: asyncssh.SSHClientConnection, target_os: TargetOS self._connection = connection self._target_os = target_os - def create_process(self, command: List[str]) -> "Process": + def create_process(self, command: List[str], kill_id=None) -> "Process": print(datetime.now(), "Executing", command, "on", self.target_os) if self._target_os == TargetOS.Windows: escape_argument = cmd_exe_escape.escape_argument diff --git a/nat-lab/tests/utils/ping.py b/nat-lab/tests/utils/ping.py index 58ead27fd..b0eaceec7 100644 --- a/nat-lab/tests/utils/ping.py +++ b/nat-lab/tests/utils/ping.py @@ -1,5 +1,6 @@ import asyncio import re +import secrets from contextlib import asynccontextmanager from ipaddress import ip_address from typing import AsyncIterator, Optional @@ -43,8 +44,16 @@ def __init__(self, connection: Connection, ip: str) -> None: [("ping" if self._ip_proto == IPProto.IPv4 else "ping6"), ip] ) else: + kill_id = secrets.token_hex(8).upper() self._process = connection.create_process( - ["ping", ("-4" if self._ip_proto == IPProto.IPv4 else "-6"), ip] + [ + "ping", + ("-4" if self._ip_proto == IPProto.IPv4 else "-6"), + "-p", + kill_id, + ip, + ], + kill_id, ) self._next_ping_event = asyncio.Event() diff --git a/nat-lab/tests/utils/process/docker_process.py b/nat-lab/tests/utils/process/docker_process.py index a6b3f8e36..8dd0113af 100644 --- a/nat-lab/tests/utils/process/docker_process.py +++ b/nat-lab/tests/utils/process/docker_process.py @@ -1,6 +1,5 @@ import asyncio -import random -import string +import secrets import subprocess import sys from .process import Process, ProcessExecError, StreamCallback @@ -26,7 +25,9 @@ class DockerProcess(Process): str # Private ID added to find the process easily when it needs to be killed ) - def __init__(self, container: DockerContainer, command: List[str]) -> None: + def __init__( + self, container: DockerContainer, command: List[str], kill_id=None + ) -> None: self._container = container self._command = command self._stdout = "" @@ -35,9 +36,7 @@ def __init__(self, container: DockerContainer, command: List[str]) -> None: self._is_done = asyncio.Event() self._stream = None self._execute = None - self._kill_id = "".join( - random.choices(string.ascii_uppercase + string.digits, k=12) - ) + self._kill_id = kill_id if kill_id else secrets.token_hex(8).upper() async def execute( self, From e47b3a159e26da8468ff612060cd09e3a235ac12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20K=C5=82ak?= Date: Thu, 31 Oct 2024 13:10:57 +0100 Subject: [PATCH 2/2] Add randomized payloads to ping packets on mac vm --- .unreleased/tag-each-ping-in-nat-lab | 0 nat-lab/tests/utils/ping.py | 11 +++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 .unreleased/tag-each-ping-in-nat-lab diff --git a/.unreleased/tag-each-ping-in-nat-lab b/.unreleased/tag-each-ping-in-nat-lab new file mode 100644 index 000000000..e69de29bb diff --git a/nat-lab/tests/utils/ping.py b/nat-lab/tests/utils/ping.py index b0eaceec7..0622f2c2e 100644 --- a/nat-lab/tests/utils/ping.py +++ b/nat-lab/tests/utils/ping.py @@ -34,17 +34,20 @@ def __init__(self, connection: Connection, ip: str) -> None: self._ip = ip self._connection = connection self._ip_proto = testing.unpack_optional(get_ip_address_type(ip)) + kill_id = secrets.token_hex(8).upper() if connection.target_os == TargetOS.Windows: self._process = connection.create_process( ["ping", ("-4" if self._ip_proto == IPProto.IPv4 else "-6"), "-t", ip] ) elif connection.target_os == TargetOS.Mac: - self._process = connection.create_process( - [("ping" if self._ip_proto == IPProto.IPv4 else "ping6"), ip] - ) + self._process = connection.create_process([ + ("ping" if self._ip_proto == IPProto.IPv4 else "ping6"), + "-p", + kill_id, + ip, + ]) else: - kill_id = secrets.token_hex(8).upper() self._process = connection.create_process( [ "ping",