Merge branch 'master' into releasev1.32

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 278 insertions, 0 deletions

diff --git a/test/fuzzer.py b/test/fuzzer.py
new file mode 100755
index 0000000..766122c
--- /dev/null
+++ b/test/fuzzer.py
@@ -0,0 +1,278 @@
+#!/usr/bin/env python2.7
+"""
+    This is a python ICMP/Ping script,
+    which can be used to fuzz the proxy/forwarder
+    to detect security issues.
+
+    This script was originally taken from:
+    https://gist.githubusercontent.com/pklaus/856268/raw/a4e295d0dbd1140bddc90616e93ab3b19718a87b/ping.py
+"""
+
+import os
+import time
+import socket
+import struct
+import select
+import random
+import asyncore
+
+UINT_MAX=4294967295
+USHORT_MAX=65535
+ICMP_ECHO_REQUEST = 8
+ICMP_PROTO = socket.getprotobyname('icmp')
+ERROR_DESCR = {
+    1:     ' - Note that ICMP messages can only be '
+           'sent from processes running as root.',
+    10013: ' - Note that ICMP messages can only be sent by'
+           ' users or processes with administrator rights.'
+}
+
+__all__ = ['create_packet', 'do_one', 'verbose_ping', 'PingQuery',
+           'multi_ping_query']
+
+
+def checksum(source_string):
+    # I'm not too confident that this is right but testing seems to
+    # suggest that it gives the same answers as in_cksum in ping.c.
+    sum = 0
+    count_to = (len(source_string) / 2) * 2
+    count = 0
+    while count < count_to:
+        this_val = ord(source_string[count + 1])*256+ord(source_string[count])
+        sum = sum + this_val
+        sum = sum & 0xffffffff # Necessary?
+        count = count + 2
+    if count_to < len(source_string):
+        sum = sum + ord(source_string[len(source_string) - 1])
+        sum = sum & 0xffffffff # Necessary?
+    sum = (sum >> 16) + (sum & 0xffff)
+    sum = sum + (sum >> 16)
+    answer = ~sum
+    answer = answer & 0xffff
+    # Swap bytes. Bugger me if I know why.
+    answer = answer >> 8 | (answer << 8 & 0xff00)
+    return answer
+
+
+def create_packet(id, data=None):
+    """Create a new echo request packet based on the given "id"."""
+    # Header is type (8), code (8), checksum (16), id (16), sequence (16)
+    header = struct.pack('bbHHh', ICMP_ECHO_REQUEST, 0, 0, id, 1)
+    if data is None:
+        data = 192 * 'Q'
+    # Calculate the checksum on the data and the dummy header.
+    my_checksum = checksum(header + data)
+    # Now that we have the right checksum, we put that in. It's just easier
+    # to make up a new header than to stuff it into the dummy.
+    header = struct.pack('bbHHh', ICMP_ECHO_REQUEST, 0,
+                         socket.htons(my_checksum), id, 1)
+    return header + data
+
+
+def do_one(dest_addr, timeout=1, data=None):
+    """
+    Sends one ping to the given "dest_addr" which can be an ip or hostname.
+    "timeout" can be any integer or float except negatives and zero.
+
+    Returns either the delay (in seconds) or None on timeout and an invalid
+    address, respectively.
+
+    """
+    try:
+        my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, ICMP_PROTO)
+    except socket.error as e:
+        if e.errno in ERROR_DESCR:
+            # Operation not permitted
+            raise socket.error(''.join((e.args[1], ERROR_DESCR[e.errno])))
+        raise # raise the original error
+    try:
+        host = socket.gethostbyname(dest_addr)
+    except socket.gaierror:
+        return
+    # Maximum for an unsigned short int c object counts to 65535 so
+    # we have to sure that our packet id is not greater than that.
+    packet_id = int((id(timeout) * random.random()) % 65535)
+    packet = create_packet(packet_id, data)
+    while packet:
+        # The icmp protocol does not use a port, but the function
+        # below expects it, so we just give it a dummy port.
+        sent = my_socket.sendto(packet, (dest_addr, 1))
+        packet = packet[sent:]
+    delay = receive_ping(my_socket, packet_id, time.time(), timeout)
+    my_socket.close()
+    return delay
+
+
+def receive_ping(my_socket, packet_id, time_sent, timeout):
+    # Receive the ping from the socket.
+    time_left = timeout
+    while True:
+        started_select = time.time()
+        ready = select.select([my_socket], [], [], time_left)
+        how_long_in_select = time.time() - started_select
+        if ready[0] == []: # Timeout
+            return
+        time_received = time.time()
+        rec_packet, addr = my_socket.recvfrom(1024)
+        icmp_header = rec_packet[20:28]
+        type, code, checksum, p_id, sequence = struct.unpack(
+            'bbHHh', icmp_header)
+        if p_id == packet_id:
+            return time_received - time_sent
+        time_left -= time_received - time_sent
+        if time_left <= 0:
+            return
+
+
+def verbose_ping(dest_addr, data=None, timeout=2, count=4):
+    """
+    Sends one ping to the given "dest_addr" which can be an ip or hostname.
+
+    "timeout" can be any integer or float except negatives and zero.
+    "count" specifies how many pings will be sent.
+
+    Displays the result on the screen.
+ 
+    """
+    for i in range(count):
+        print('ping {}...'.format(dest_addr))
+        delay = do_one(dest_addr, timeout, data)
+        if delay == None:
+            print('failed. (Timeout within {} seconds.)'.format(timeout))
+        else:
+            delay = round(delay * 1000.0, 4)
+            print('get ping in {} milliseconds.'.format(delay))
+    print('')
+
+
+class PingQuery(asyncore.dispatcher):
+    def __init__(self, host, p_id, timeout=0.5, ignore_errors=False, data=None):
+        """
+       Derived class from "asyncore.dispatcher" for sending and
+       receiving an icmp echo request/reply.
+       
+       Usually this class is used in conjunction with the "loop"
+       function of asyncore.
+       
+       Once the loop is over, you can retrieve the results with
+       the "get_result" method. Assignment is possible through
+       the "get_host" method.
+       
+       "host" represents the address under which the server can be reached.
+       "timeout" is the interval which the host gets granted for its reply.
+       "p_id" must be any unique integer or float except negatives and zeros.
+       
+       If "ignore_errors" is True, the default behaviour of asyncore
+       will be overwritten with a function which does just nothing.
+       
+       """
+        asyncore.dispatcher.__init__(self)
+        try:
+            self.create_socket(socket.AF_INET, socket.SOCK_RAW, ICMP_CODE)
+        except socket.error as e:
+            if e.errno in ERROR_DESCR:
+                # Operation not permitted
+                raise socket.error(''.join((e.args[1], ERROR_DESCR[e.errno])))
+            raise # raise the original error
+        self.time_received = 0
+        self.time_sent = 0
+        self.timeout = timeout
+        # Maximum for an unsigned short int c object counts to 65535 so
+        # we have to sure that our packet id is not greater than that.
+        self.packet_id = int((id(timeout) / p_id) % 65535)
+        self.host = host
+        self.packet = create_packet(self.packet_id, data)
+        if ignore_errors:
+            # If it does not care whether an error occured or not.
+            self.handle_error = self.do_not_handle_errors
+            self.handle_expt = self.do_not_handle_errors
+
+    def writable(self):
+        return self.time_sent == 0
+
+    def handle_write(self):
+        self.time_sent = time.time()
+        while self.packet:
+            # The icmp protocol does not use a port, but the function
+            # below expects it, so we just give it a dummy port.
+            sent = self.sendto(self.packet, (self.host, 1))
+            self.packet = self.packet[sent:]
+
+    def readable(self):
+        # As long as we did not sent anything, the channel has to be left open.
+        if (not self.writable()
+            # Once we sent something, we should periodically check if the reply
+            # timed out.
+            and self.timeout < (time.time() - self.time_sent)):
+            self.close()
+            return False
+        # If the channel should not be closed, we do not want to read something
+        # until we did not sent anything.
+        return not self.writable()
+
+    def handle_read(self):
+        read_time = time.time()
+        packet, addr = self.recvfrom(1024)
+        header = packet[20:28]
+        type, code, checksum, p_id, sequence = struct.unpack("bbHHh", header)
+        if p_id == self.packet_id:
+            # This comparison is necessary because winsocks do not only get
+            # the replies for their own sent packets.
+            self.time_received = read_time
+            self.close()
+
+    def get_result(self):
+        """Return the ping delay if possible, otherwise None."""
+        if self.time_received > 0:
+            return self.time_received - self.time_sent
+
+    def get_host(self):
+        """Return the host where to the request has or should been sent."""
+        return self.host
+
+    def do_not_handle_errors(self):
+        # Just a dummy handler to stop traceback printing, if desired.
+        pass
+
+    def create_socket(self, family, type, proto):
+        # Overwritten, because the original does not support the "proto" arg.
+        sock = socket.socket(family, type, proto)
+        sock.setblocking(0)
+        self.set_socket(sock)
+        # Part of the original but is not used. (at least at python 2.7)
+        # Copied for possible compatiblity reasons.
+        self.family_and_type = family, type
+
+    # If the following methods would not be there, we would see some very
+    # "useful" warnings from asyncore, maybe. But we do not want to, or do we?
+    def handle_connect(self):
+        pass
+
+    def handle_accept(self):
+        pass
+
+    def handle_close(self):
+        self.close()
+
+def build_pt_pkt(ip, port, state, ack, seq, rsv, data):
+    if type(ip) is int:
+        dst_ip = ip
+    elif type(ip) is str:
+        dst_ip = struct.unpack('<L', socket.inet_aton(ip))[0]
+    else:
+        raise Exception('ip is not of type str|int')
+    dst_port = int(port)
+    return struct.pack('!IIIIIIHH',
+        0xdeadc0de, dst_ip, dst_port, state, ack, len(data),
+        seq, rsv) + data
+
+
+if __name__ == '__main__':
+    # Testing
+    while True:
+        pt_pkt = build_pt_pkt('127.0.0.1', '22', 1, 2,
+            random.randint(0, USHORT_MAX),
+            random.randint(0, USHORT_MAX), 'blah')
+
+        verbose_ping('127.0.0.1', pt_pkt, 1, 1)
+        random.seed(time.clock())