% Regression tests for Scapy BPF mode # More information at http://www.secdev.org/projects/UTscapy/ ############ ############ + Addresses manipulation functions = Get the packet IPv4 address configured on conf.iface get_if_raw_addr(conf.iface) = Get the MAC address of conf.iface get_if_hwaddr(conf.iface) = Get the MAC address of conf.loopback_name get_if_hwaddr(conf.loopback_name) == "00:00:00:00:00:00" ############ ############ + BPF related functions = Imports from scapy.arch.bpf.supersocket import L3bpfSocket, L2bpfListenSocket, L2bpfSocket = Get a BPF handler ~ needs_root from scapy.arch.bpf.supersocket import get_dev_bpf fd, _ = get_dev_bpf() = Attach a BPF filter ~ needs_root libpcap from scapy.arch.bpf.supersocket import attach_filter attach_filter(fd, "arp or icmp", conf.iface) = Get network interfaces list iflist = get_if_list() len(iflist) > 0 = Misc functions ~ needs_root from scapy.arch.bpf.supersocket import bpf_select l = bpf_select([L2bpfSocket()]) l = bpf_select([L2bpfSocket(), sys.stdin.fileno()]) ############ ############ + BPF sockets = L2bpfListenSocket - initialization variants ~ needs_root L2bpfListenSocket() L2bpfListenSocket(iface=conf.iface) L2bpfListenSocket(promisc=True) L2bpfListenSocket(filter="icmp") L2bpfListenSocket(iface=conf.iface, promisc=True, filter="icmp") = L2bpfListenSocket - set_*() ~ needs_root s = L2bpfListenSocket() s.set_promisc(0) s.set_nonblock(1) s.set_promisc(0) s.close() s = L2bpfListenSocket() s.set_nonblock(set_flag=False) s.set_nonblock(set_flag=True) s.set_nonblock(set_flag=False) s.close() = L2bpfListenSocket - get_*() ~ needs_root s = L2bpfListenSocket() blen = s.get_blen() blen > 0 and type(blen) == int s.close() s = L2bpfListenSocket() stats = s.get_stats() len(stats) == 2 and type(stats) == tuple s.close() = L2bpfListenSocket - other methods ~ needs_root s = L2bpfListenSocket() type(s.fileno()) == int s.close() s = L2bpfListenSocket() guessed = s.guess_cls() issubclass(guessed, Packet) s.close() = L2bpfListenSocket - read failure ~ needs_root from unittest import mock @mock.patch("scapy.arch.bpf.supersocket.os.read") def _test_osread(osread): osread.side_effect = OSError() s = L2bpfListenSocket() assert s.recv_raw() == (None, None, None) _test_osread() = L2bpfSocket - nonblock_recv() ~ needs_root s = L2bpfSocket() s.nonblock_recv() s.close() = L*bpfSocket - send() ~ needs_root s = L2bpfSocket() s.send(Ether()/IP(dst="8.8.8.8")/ICMP()) s = L3bpfSocket() s.send(IP(dst="8.8.8.8")/ICMP()) s = L3bpfSocket() s.assigned_interface = conf.loopback_name s.send(IP(dst="8.8.8.8")/ICMP()) = L3bpfSocket - send and sniff on loopback ~ needs_root localhost_ip = conf.ifaces[conf.loopback_name].ips[4][0] def cb(): # Send a ping to the loopback IP. s = L3bpfSocket(iface=conf.loopback_name) s.send(IP(dst=localhost_ip)/ICMP(seq=1001)) t = AsyncSniffer(iface=conf.loopback_name, started_callback=cb) t.start() time.sleep(1) t.stop() t.join(timeout=1) # We expect to see our packet and kernel's response. len(t.results.filter(lambda p: ( IP in p and ICMP in p and (p[IP].src == localhost_ip or p[IP].dst == localhost_ip) and p[ICMP].seq == 1001))) == 2