6 files changed, 221 insertions, 180 deletions
diff --git a/test/packetimpact/testbench/BUILD b/test/packetimpact/testbench/BUILD
index 5a0ee1367..983c2c030 100644
--- a/test/packetimpact/testbench/BUILD
+++ b/test/packetimpact/testbench/BUILD
@@ -21,7 +21,6 @@ go_library(
         "//pkg/tcpip/header",
         "//pkg/tcpip/seqnum",
         "//pkg/usermem",
-        "//test/packetimpact/netdevs",
         "//test/packetimpact/proto:posix_server_go_proto",
         "@com_github_google_go_cmp//cmp:go_default_library",
         "@com_github_google_go_cmp//cmp/cmpopts:go_default_library",
diff --git a/test/packetimpact/testbench/connections.go b/test/packetimpact/testbench/connections.go
index 919b4fd25..576577310 100644
--- a/test/packetimpact/testbench/connections.go
+++ b/test/packetimpact/testbench/connections.go
@@ -17,7 +17,6 @@ package testbench
 import (
 	"fmt"
 	"math/rand"
-	"net"
 	"testing"
 	"time"
 
@@ -42,7 +41,7 @@ func portFromSockaddr(sa unix.Sockaddr) (uint16, error) {
 // pickPort makes a new socket and returns the socket FD and port. The domain
 // should be AF_INET or AF_INET6. The caller must close the FD when done with
 // the port if there is no error.
-func pickPort(domain, typ int) (fd int, port uint16, err error) {
+func (n *DUTTestNet) pickPort(domain, typ int) (fd int, port uint16, err error) {
 	fd, err = unix.Socket(domain, typ, 0)
 	if err != nil {
 		return -1, 0, fmt.Errorf("creating socket: %w", err)
@@ -58,11 +57,11 @@ func pickPort(domain, typ int) (fd int, port uint16, err error) {
 	switch domain {
 	case unix.AF_INET:
 		var sa4 unix.SockaddrInet4
-		copy(sa4.Addr[:], net.ParseIP(LocalIPv4).To4())
+		copy(sa4.Addr[:], n.LocalIPv4)
 		sa = &sa4
 	case unix.AF_INET6:
-		sa6 := unix.SockaddrInet6{ZoneId: uint32(LocalInterfaceID)}
-		copy(sa6.Addr[:], net.ParseIP(LocalIPv6).To16())
+		sa6 := unix.SockaddrInet6{ZoneId: n.LocalDevID}
+		copy(sa6.Addr[:], n.LocalIPv6)
 		sa = &sa6
 	default:
 		return -1, 0, fmt.Errorf("invalid domain %d, it should be one of unix.AF_INET or unix.AF_INET6", domain)
@@ -117,19 +116,12 @@ type etherState struct {
 var _ layerState = (*etherState)(nil)
 
 // newEtherState creates a new etherState.
-func newEtherState(out, in Ether) (*etherState, error) {
-	lMAC, err := tcpip.ParseMACAddress(LocalMAC)
-	if err != nil {
-		return nil, fmt.Errorf("parsing local MAC: %q: %w", LocalMAC, err)
-	}
-
-	rMAC, err := tcpip.ParseMACAddress(RemoteMAC)
-	if err != nil {
-		return nil, fmt.Errorf("parsing remote MAC: %q: %w", RemoteMAC, err)
-	}
+func (n *DUTTestNet) newEtherState(out, in Ether) (*etherState, error) {
+	lmac := tcpip.LinkAddress(n.LocalMAC)
+	rmac := tcpip.LinkAddress(n.RemoteMAC)
 	s := etherState{
-		out: Ether{SrcAddr: &lMAC, DstAddr: &rMAC},
-		in:  Ether{SrcAddr: &rMAC, DstAddr: &lMAC},
+		out: Ether{SrcAddr: &lmac, DstAddr: &rmac},
+		in:  Ether{SrcAddr: &rmac, DstAddr: &lmac},
 	}
 	if err := s.out.merge(&out); err != nil {
 		return nil, err
@@ -169,9 +161,9 @@ type ipv4State struct {
 var _ layerState = (*ipv4State)(nil)
 
 // newIPv4State creates a new ipv4State.
-func newIPv4State(out, in IPv4) (*ipv4State, error) {
-	lIP := tcpip.Address(net.ParseIP(LocalIPv4).To4())
-	rIP := tcpip.Address(net.ParseIP(RemoteIPv4).To4())
+func (n *DUTTestNet) newIPv4State(out, in IPv4) (*ipv4State, error) {
+	lIP := tcpip.Address(n.LocalIPv4)
+	rIP := tcpip.Address(n.RemoteIPv4)
 	s := ipv4State{
 		out: IPv4{SrcAddr: &lIP, DstAddr: &rIP},
 		in:  IPv4{SrcAddr: &rIP, DstAddr: &lIP},
@@ -214,9 +206,9 @@ type ipv6State struct {
 var _ layerState = (*ipv6State)(nil)
 
 // newIPv6State creates a new ipv6State.
-func newIPv6State(out, in IPv6) (*ipv6State, error) {
-	lIP := tcpip.Address(net.ParseIP(LocalIPv6).To16())
-	rIP := tcpip.Address(net.ParseIP(RemoteIPv6).To16())
+func (n *DUTTestNet) newIPv6State(out, in IPv6) (*ipv6State, error) {
+	lIP := tcpip.Address(n.LocalIPv6)
+	rIP := tcpip.Address(n.RemoteIPv6)
 	s := ipv6State{
 		out: IPv6{SrcAddr: &lIP, DstAddr: &rIP},
 		in:  IPv6{SrcAddr: &rIP, DstAddr: &lIP},
@@ -272,8 +264,8 @@ func SeqNumValue(v seqnum.Value) *seqnum.Value {
 }
 
 // newTCPState creates a new TCPState.
-func newTCPState(domain int, out, in TCP) (*tcpState, error) {
-	portPickerFD, localPort, err := pickPort(domain, unix.SOCK_STREAM)
+func (n *DUTTestNet) newTCPState(domain int, out, in TCP) (*tcpState, error) {
+	portPickerFD, localPort, err := n.pickPort(domain, unix.SOCK_STREAM)
 	if err != nil {
 		return nil, err
 	}
@@ -314,11 +306,11 @@ func (s *tcpState) incoming(received Layer) Layer {
 	if s.remoteSeqNum != nil {
 		newIn.SeqNum = Uint32(uint32(*s.remoteSeqNum))
 	}
-	if s.localSeqNum != nil && (*tcpReceived.Flags&header.TCPFlagAck) != 0 {
+	if seq, flags := s.localSeqNum, tcpReceived.Flags; seq != nil && flags != nil && *flags&header.TCPFlagAck != 0 {
 		// The caller didn't specify an AckNum so we'll expect the calculated one,
 		// but only if the ACK flag is set because the AckNum is not valid in a
 		// header if ACK is not set.
-		newIn.AckNum = Uint32(uint32(*s.localSeqNum))
+		newIn.AckNum = Uint32(uint32(*seq))
 	}
 	return &newIn
 }
@@ -376,8 +368,8 @@ type udpState struct {
 var _ layerState = (*udpState)(nil)
 
 // newUDPState creates a new udpState.
-func newUDPState(domain int, out, in UDP) (*udpState, error) {
-	portPickerFD, localPort, err := pickPort(domain, unix.SOCK_DGRAM)
+func (n *DUTTestNet) newUDPState(domain int, out, in UDP) (*udpState, error) {
+	portPickerFD, localPort, err := n.pickPort(domain, unix.SOCK_DGRAM)
 	if err != nil {
 		return nil, fmt.Errorf("picking port: %w", err)
 	}
@@ -606,14 +598,14 @@ func (conn *Connection) ExpectFrame(t *testing.T, layers Layers, timeout time.Du
 	var errs error
 	for {
 		var gotLayers Layers
-		if timeout = time.Until(deadline); timeout > 0 {
+		if timeout := time.Until(deadline); timeout > 0 {
 			gotLayers = conn.recvFrame(t, timeout)
 		}
 		if gotLayers == nil {
 			if errs == nil {
-				return nil, fmt.Errorf("got no frames matching %v during %s", layers, timeout)
+				return nil, fmt.Errorf("got no frames matching %s during %s", layers, timeout)
 			}
-			return nil, fmt.Errorf("got frames %w want %v during %s", errs, layers, timeout)
+			return nil, fmt.Errorf("got frames:\n%w want %s during %s", errs, layers, timeout)
 		}
 		if conn.match(layers, gotLayers) {
 			for i, s := range conn.layerStates {
@@ -623,7 +615,12 @@ func (conn *Connection) ExpectFrame(t *testing.T, layers Layers, timeout time.Du
 			}
 			return gotLayers, nil
 		}
-		errs = multierr.Combine(errs, &layersError{got: gotLayers, want: conn.incoming(gotLayers)})
+		want := conn.incoming(layers)
+		if err := want.merge(layers); err != nil {
+			errs = multierr.Combine(errs, err)
+		} else {
+			errs = multierr.Combine(errs, &layersError{got: gotLayers, want: want})
+		}
 	}
 }
 
@@ -639,26 +636,26 @@ func (conn *Connection) Drain(t *testing.T) {
 type TCPIPv4 Connection
 
 // NewTCPIPv4 creates a new TCPIPv4 connection with reasonable defaults.
-func NewTCPIPv4(t *testing.T, outgoingTCP, incomingTCP TCP) TCPIPv4 {
+func (n *DUTTestNet) NewTCPIPv4(t *testing.T, outgoingTCP, incomingTCP TCP) TCPIPv4 {
 	t.Helper()
 
-	etherState, err := newEtherState(Ether{}, Ether{})
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make etherState: %s", err)
 	}
-	ipv4State, err := newIPv4State(IPv4{}, IPv4{})
+	ipv4State, err := n.newIPv4State(IPv4{}, IPv4{})
 	if err != nil {
 		t.Fatalf("can't make ipv4State: %s", err)
 	}
-	tcpState, err := newTCPState(unix.AF_INET, outgoingTCP, incomingTCP)
+	tcpState, err := n.newTCPState(unix.AF_INET, outgoingTCP, incomingTCP)
 	if err != nil {
 		t.Fatalf("can't make tcpState: %s", err)
 	}
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
@@ -841,23 +838,23 @@ func (conn *TCPIPv4) Drain(t *testing.T) {
 type IPv4Conn Connection
 
 // NewIPv4Conn creates a new IPv4Conn connection with reasonable defaults.
-func NewIPv4Conn(t *testing.T, outgoingIPv4, incomingIPv4 IPv4) IPv4Conn {
+func (n *DUTTestNet) NewIPv4Conn(t *testing.T, outgoingIPv4, incomingIPv4 IPv4) IPv4Conn {
 	t.Helper()
 
-	etherState, err := newEtherState(Ether{}, Ether{})
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make EtherState: %s", err)
 	}
-	ipv4State, err := newIPv4State(outgoingIPv4, incomingIPv4)
+	ipv4State, err := n.newIPv4State(outgoingIPv4, incomingIPv4)
 	if err != nil {
 		t.Fatalf("can't make IPv4State: %s", err)
 	}
 
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
@@ -896,23 +893,23 @@ func (c *IPv4Conn) ExpectFrame(t *testing.T, frame Layers, timeout time.Duration
 type IPv6Conn Connection
 
 // NewIPv6Conn creates a new IPv6Conn connection with reasonable defaults.
-func NewIPv6Conn(t *testing.T, outgoingIPv6, incomingIPv6 IPv6) IPv6Conn {
+func (n *DUTTestNet) NewIPv6Conn(t *testing.T, outgoingIPv6, incomingIPv6 IPv6) IPv6Conn {
 	t.Helper()
 
-	etherState, err := newEtherState(Ether{}, Ether{})
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make EtherState: %s", err)
 	}
-	ipv6State, err := newIPv6State(outgoingIPv6, incomingIPv6)
+	ipv6State, err := n.newIPv6State(outgoingIPv6, incomingIPv6)
 	if err != nil {
 		t.Fatalf("can't make IPv6State: %s", err)
 	}
 
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
@@ -951,26 +948,26 @@ func (conn *IPv6Conn) ExpectFrame(t *testing.T, frame Layers, timeout time.Durat
 type UDPIPv4 Connection
 
 // NewUDPIPv4 creates a new UDPIPv4 connection with reasonable defaults.
-func NewUDPIPv4(t *testing.T, outgoingUDP, incomingUDP UDP) UDPIPv4 {
+func (n *DUTTestNet) NewUDPIPv4(t *testing.T, outgoingUDP, incomingUDP UDP) UDPIPv4 {
 	t.Helper()
 
-	etherState, err := newEtherState(Ether{}, Ether{})
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make etherState: %s", err)
 	}
-	ipv4State, err := newIPv4State(IPv4{}, IPv4{})
+	ipv4State, err := n.newIPv4State(IPv4{}, IPv4{})
 	if err != nil {
 		t.Fatalf("can't make ipv4State: %s", err)
 	}
-	udpState, err := newUDPState(unix.AF_INET, outgoingUDP, incomingUDP)
+	udpState, err := n.newUDPState(unix.AF_INET, outgoingUDP, incomingUDP)
 	if err != nil {
 		t.Fatalf("can't make udpState: %s", err)
 	}
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
@@ -1075,26 +1072,26 @@ func (conn *UDPIPv4) Drain(t *testing.T) {
 type UDPIPv6 Connection
 
 // NewUDPIPv6 creates a new UDPIPv6 connection with reasonable defaults.
-func NewUDPIPv6(t *testing.T, outgoingUDP, incomingUDP UDP) UDPIPv6 {
+func (n *DUTTestNet) NewUDPIPv6(t *testing.T, outgoingUDP, incomingUDP UDP) UDPIPv6 {
 	t.Helper()
 
-	etherState, err := newEtherState(Ether{}, Ether{})
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make etherState: %s", err)
 	}
-	ipv6State, err := newIPv6State(IPv6{}, IPv6{})
+	ipv6State, err := n.newIPv6State(IPv6{}, IPv6{})
 	if err != nil {
 		t.Fatalf("can't make IPv6State: %s", err)
 	}
-	udpState, err := newUDPState(unix.AF_INET6, outgoingUDP, incomingUDP)
+	udpState, err := n.newUDPState(unix.AF_INET6, outgoingUDP, incomingUDP)
 	if err != nil {
 		t.Fatalf("can't make udpState: %s", err)
 	}
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
@@ -1126,14 +1123,14 @@ func (conn *UDPIPv6) ipv6State(t *testing.T) *ipv6State {
 }
 
 // LocalAddr gets the local socket address of this connection.
-func (conn *UDPIPv6) LocalAddr(t *testing.T) *unix.SockaddrInet6 {
+func (conn *UDPIPv6) LocalAddr(t *testing.T, zoneID uint32) *unix.SockaddrInet6 {
 	t.Helper()
 
 	sa := &unix.SockaddrInet6{
 		Port: int(*conn.udpState(t).out.SrcPort),
 		// Local address is in perspective to the remote host, so it's scoped to the
 		// ID of the remote interface.
-		ZoneId: uint32(RemoteInterfaceID),
+		ZoneId: zoneID,
 	}
 	copy(sa.Addr[:], *conn.ipv6State(t).out.SrcAddr)
 	return sa
@@ -1203,24 +1200,24 @@ func (conn *UDPIPv6) Drain(t *testing.T) {
 type TCPIPv6 Connection
 
 // NewTCPIPv6 creates a new TCPIPv6 connection with reasonable defaults.
-func NewTCPIPv6(t *testing.T, outgoingTCP, incomingTCP TCP) TCPIPv6 {
-	etherState, err := newEtherState(Ether{}, Ether{})
+func (n *DUTTestNet) NewTCPIPv6(t *testing.T, outgoingTCP, incomingTCP TCP) TCPIPv6 {
+	etherState, err := n.newEtherState(Ether{}, Ether{})
 	if err != nil {
 		t.Fatalf("can't make etherState: %s", err)
 	}
-	ipv6State, err := newIPv6State(IPv6{}, IPv6{})
+	ipv6State, err := n.newIPv6State(IPv6{}, IPv6{})
 	if err != nil {
 		t.Fatalf("can't make ipv6State: %s", err)
 	}
-	tcpState, err := newTCPState(unix.AF_INET6, outgoingTCP, incomingTCP)
+	tcpState, err := n.newTCPState(unix.AF_INET6, outgoingTCP, incomingTCP)
 	if err != nil {
 		t.Fatalf("can't make tcpState: %s", err)
 	}
-	injector, err := NewInjector(t)
+	injector, err := n.NewInjector(t)
 	if err != nil {
 		t.Fatalf("can't make injector: %s", err)
 	}
-	sniffer, err := NewSniffer(t)
+	sniffer, err := n.NewSniffer(t)
 	if err != nil {
 		t.Fatalf("can't make sniffer: %s", err)
 	}
diff --git a/test/packetimpact/testbench/dut.go b/test/packetimpact/testbench/dut.go
index 6165ab293..66a0255b8 100644
--- a/test/packetimpact/testbench/dut.go
+++ b/test/packetimpact/testbench/dut.go
@@ -17,9 +17,8 @@ package testbench
 import (
 	"context"
 	"encoding/binary"
-	"flag"
+	"fmt"
 	"net"
-	"strconv"
 	"syscall"
 	"testing"
 	"time"
@@ -35,18 +34,26 @@ import (
 type DUT struct {
 	conn        *grpc.ClientConn
 	posixServer POSIXClient
+	Net         *DUTTestNet
 }
 
 // NewDUT creates a new connection with the DUT over gRPC.
 func NewDUT(t *testing.T) DUT {
 	t.Helper()
+	n := GetDUTTestNet()
+	dut := n.ConnectToDUT(t)
+	t.Cleanup(func() {
+		dut.TearDownConnection()
+		dut.Net.Release()
+	})
+	return dut
+}
 
-	flag.Parse()
-	if err := genPseudoFlags(); err != nil {
-		t.Fatal("generating psuedo flags:", err)
-	}
+// ConnectToDUT connects to DUT through gRPC.
+func (n *DUTTestNet) ConnectToDUT(t *testing.T) DUT {
+	t.Helper()
 
-	posixServerAddress := POSIXServerIP + ":" + strconv.Itoa(POSIXServerPort)
+	posixServerAddress := net.JoinHostPort(n.POSIXServerIP.String(), fmt.Sprintf("%d", n.POSIXServerPort))
 	conn, err := grpc.Dial(posixServerAddress, grpc.WithInsecure(), grpc.WithKeepaliveParams(keepalive.ClientParameters{Timeout: RPCKeepalive}))
 	if err != nil {
 		t.Fatalf("failed to grpc.Dial(%s): %s", posixServerAddress, err)
@@ -55,11 +62,12 @@ func NewDUT(t *testing.T) DUT {
 	return DUT{
 		conn:        conn,
 		posixServer: posixServer,
+		Net:         n,
 	}
 }
 
-// TearDown closes the underlying connection.
-func (dut *DUT) TearDown() {
+// TearDownConnection closes the underlying connection.
+func (dut *DUT) TearDownConnection() {
 	dut.conn.Close()
 }
 
@@ -132,7 +140,7 @@ func (dut *DUT) CreateBoundSocket(t *testing.T, typ, proto int32, addr net.IP) (
 		fd = dut.Socket(t, unix.AF_INET6, typ, proto)
 		sa := unix.SockaddrInet6{}
 		copy(sa.Addr[:], addr.To16())
-		sa.ZoneId = uint32(RemoteInterfaceID)
+		sa.ZoneId = dut.Net.RemoteDevID
 		dut.Bind(t, fd, &sa)
 	} else {
 		t.Fatalf("invalid IP address: %s", addr)
@@ -154,7 +162,7 @@ func (dut *DUT) CreateBoundSocket(t *testing.T, typ, proto int32, addr net.IP) (
 func (dut *DUT) CreateListener(t *testing.T, typ, proto, backlog int32) (int32, uint16) {
 	t.Helper()
 
-	fd, remotePort := dut.CreateBoundSocket(t, typ, proto, net.ParseIP(RemoteIPv4))
+	fd, remotePort := dut.CreateBoundSocket(t, typ, proto, dut.Net.RemoteIPv4)
 	dut.Listen(t, fd, backlog)
 	return fd, remotePort
 }
@@ -717,9 +725,9 @@ func (dut *DUT) SetSockLingerOption(t *testing.T, sockfd int32, timeout time.Dur
 	dut.SetSockOpt(t, sockfd, unix.SOL_SOCKET, unix.SO_LINGER, buf)
 }
 
-// Shutdown calls shutdown on the DUT and causes a fatal test failure if it doesn't
-// succeed. If more control over the timeout or error handling is needed, use
-// ShutdownWithErrno.
+// Shutdown calls shutdown on the DUT and causes a fatal test failure if it
+// doesn't succeed. If more control over the timeout or error handling is
+// needed, use ShutdownWithErrno.
 func (dut *DUT) Shutdown(t *testing.T, fd, how int32) error {
 	t.Helper()
 
diff --git a/test/packetimpact/testbench/layers.go b/test/packetimpact/testbench/layers.go
index 7401a1991..19e6b8d7d 100644
--- a/test/packetimpact/testbench/layers.go
+++ b/test/packetimpact/testbench/layers.go
@@ -298,14 +298,12 @@ func (l *IPv4) ToBytes() ([]byte, error) {
 	// An IPv4 header is variable length depending on the size of the Options.
 	hdrLen := header.IPv4MinimumSize
 	if l.Options != nil {
-		hdrLen += l.Options.SizeWithPadding()
+		if len(*l.Options)%4 != 0 {
+			return nil, fmt.Errorf("invalid header options '%x (len=%d)'; must be 32 bit aligned", *l.Options, len(*l.Options))
+		}
+		hdrLen += len(*l.Options)
 		if hdrLen > header.IPv4MaximumHeaderSize {
-			// While ToBytes can be called on packets that were received as well
-			// as packets locally generated, it is physically impossible for a
-			// received packet to overflow this value so any such failure must
-			// be the result of a local programming error and not remotely
-			// triggered. A panic is therefore appropriate.
-			panic(fmt.Sprintf("IPv4 Options %d bytes, Max %d", len(*l.Options), header.IPv4MaximumOptionsSize))
+			return nil, fmt.Errorf("IPv4 Options %d bytes, Max %d", len(*l.Options), header.IPv4MaximumOptionsSize)
 		}
 	}
 	b := make([]byte, hdrLen)
@@ -323,10 +321,6 @@ func (l *IPv4) ToBytes() ([]byte, error) {
 		DstAddr:        tcpip.Address(""),
 		Options:        nil,
 	}
-	// Leave an empty options slice as nil.
-	if hdrLen > header.IPv4MinimumSize {
-		fields.Options = *l.Options
-	}
 	if l.TOS != nil {
 		fields.TOS = *l.TOS
 	}
@@ -373,18 +367,31 @@ func (l *IPv4) ToBytes() ([]byte, error) {
 	if l.DstAddr != nil {
 		fields.DstAddr = *l.DstAddr
 	}
-	if l.Checksum != nil {
-		fields.Checksum = *l.Checksum
-	}
+
 	h.Encode(fields)
-	if l.Checksum == nil {
-		h.SetChecksum(^h.CalculateChecksum())
+
+	// Put raw option bytes from test definition in header. Options as raw bytes
+	// allows us to serialize malformed options, which is not possible with
+	// the provided serialization functions.
+	if l.Options != nil {
+		h.SetHeaderLength(h.HeaderLength() + uint8(len(*l.Options)))
+		if got, want := copy(h.Options(), *l.Options), len(*l.Options); got != want {
+			return nil, fmt.Errorf("failed to copy option bytes into header, got %d want %d", got, want)
+		}
 	}
+
 	// Encode cannot set this incorrectly so we need to overwrite what it wrote
 	// in order to test handling of a bad IHL value.
 	if l.IHL != nil {
 		h.SetHeaderLength(*l.IHL)
 	}
+
+	if l.Checksum == nil {
+		h.SetChecksum(^h.CalculateChecksum())
+	} else {
+		h.SetChecksum(*l.Checksum)
+	}
+
 	return h, nil
 }
 
@@ -498,13 +505,13 @@ func (l *IPv6) ToBytes() ([]byte, error) {
 		}
 	}
 	if l.NextHeader != nil {
-		fields.NextHeader = *l.NextHeader
+		fields.TransportProtocol = tcpip.TransportProtocolNumber(*l.NextHeader)
 	} else {
 		nh, err := nextHeaderByLayer(l.next())
 		if err != nil {
 			return nil, err
 		}
-		fields.NextHeader = nh
+		fields.TransportProtocol = tcpip.TransportProtocolNumber(nh)
 	}
 	if l.HopLimit != nil {
 		fields.HopLimit = *l.HopLimit
@@ -830,7 +837,9 @@ func (l *ICMPv6) ToBytes() ([]byte, error) {
 	if l.Code != nil {
 		h.SetCode(*l.Code)
 	}
-	copy(h.NDPPayload(), l.Payload)
+	if n := copy(h.MessageBody(), l.Payload); n != len(l.Payload) {
+		panic(fmt.Sprintf("copied %d bytes, expected to copy %d bytes", n, len(l.Payload)))
+	}
 	if l.Checksum != nil {
 		h.SetChecksum(*l.Checksum)
 	} else {
@@ -876,7 +885,7 @@ func parseICMPv6(b []byte) (Layer, layerParser) {
 		Type:     ICMPv6Type(h.Type()),
 		Code:     ICMPv6Code(h.Code()),
 		Checksum: Uint16(h.Checksum()),
-		Payload:  h.NDPPayload(),
+		Payload:  h.MessageBody(),
 	}
 	return &icmpv6, nil
 }
diff --git a/test/packetimpact/testbench/rawsockets.go b/test/packetimpact/testbench/rawsockets.go
index 193bb2dc8..1ac96626a 100644
--- a/test/packetimpact/testbench/rawsockets.go
+++ b/test/packetimpact/testbench/rawsockets.go
@@ -38,13 +38,27 @@ func htons(x uint16) uint16 {
 }
 
 // NewSniffer creates a Sniffer connected to *device.
-func NewSniffer(t *testing.T) (Sniffer, error) {
+func (n *DUTTestNet) NewSniffer(t *testing.T) (Sniffer, error) {
 	t.Helper()
 
+	ifInfo, err := net.InterfaceByName(n.LocalDevName)
+	if err != nil {
+		return Sniffer{}, err
+	}
+
+	var haddr [8]byte
+	copy(haddr[:], ifInfo.HardwareAddr)
+	sa := unix.SockaddrLinklayer{
+		Protocol: htons(unix.ETH_P_ALL),
+		Ifindex:  ifInfo.Index,
+	}
 	snifferFd, err := unix.Socket(unix.AF_PACKET, unix.SOCK_RAW, int(htons(unix.ETH_P_ALL)))
 	if err != nil {
 		return Sniffer{}, err
 	}
+	if err := unix.Bind(snifferFd, &sa); err != nil {
+		return Sniffer{}, err
+	}
 	if err := unix.SetsockoptInt(snifferFd, unix.SOL_SOCKET, unix.SO_RCVBUFFORCE, 1); err != nil {
 		t.Fatalf("can't set sockopt SO_RCVBUFFORCE to 1: %s", err)
 	}
@@ -60,7 +74,8 @@ func NewSniffer(t *testing.T) (Sniffer, error) {
 // packet too large for the buffer arrives, the test will get a fatal error.
 const maxReadSize int = 65536
 
-// Recv tries to read one frame until the timeout is up.
+// Recv tries to read one frame until the timeout is up. If the timeout given
+// is 0, then no read attempt will be made.
 func (s *Sniffer) Recv(t *testing.T, timeout time.Duration) []byte {
 	t.Helper()
 
@@ -73,9 +88,13 @@ func (s *Sniffer) Recv(t *testing.T, timeout time.Duration) []byte {
 		whole, frac := math.Modf(timeout.Seconds())
 		tv := unix.Timeval{
 			Sec:  int64(whole),
-			Usec: int64(frac * float64(time.Microsecond/time.Second)),
+			Usec: int64(frac * float64(time.Second/time.Microsecond)),
+		}
+		// The following should never happen, but having this guard here is better
+		// than blocking indefinitely in the future.
+		if tv.Sec == 0 && tv.Usec == 0 {
+			t.Fatal("setting SO_RCVTIMEO to 0 means blocking indefinitely")
 		}
-
 		if err := unix.SetsockoptTimeval(s.fd, unix.SOL_SOCKET, unix.SO_RCVTIMEO, &tv); err != nil {
 			t.Fatalf("can't setsockopt SO_RCVTIMEO: %s", err)
 		}
@@ -136,10 +155,10 @@ type Injector struct {
 }
 
 // NewInjector creates a new injector on *device.
-func NewInjector(t *testing.T) (Injector, error) {
+func (n *DUTTestNet) NewInjector(t *testing.T) (Injector, error) {
 	t.Helper()
 
-	ifInfo, err := net.InterfaceByName(LocalDevice)
+	ifInfo, err := net.InterfaceByName(n.LocalDevName)
 	if err != nil {
 		return Injector{}, err
 	}
@@ -147,7 +166,7 @@ func NewInjector(t *testing.T) (Injector, error) {
 	var haddr [8]byte
 	copy(haddr[:], ifInfo.HardwareAddr)
 	sa := unix.SockaddrLinklayer{
-		Protocol: unix.ETH_P_IP,
+		Protocol: htons(unix.ETH_P_IP),
 		Ifindex:  ifInfo.Index,
 		Halen:    uint8(len(ifInfo.HardwareAddr)),
 		Addr:     haddr,
diff --git a/test/packetimpact/testbench/testbench.go b/test/packetimpact/testbench/testbench.go
index c1db95d8c..891897d55 100644
--- a/test/packetimpact/testbench/testbench.go
+++ b/test/packetimpact/testbench/testbench.go
@@ -17,108 +17,105 @@
 package testbench
 
 import (
+	"encoding/json"
 	"flag"
 	"fmt"
 	"math/rand"
 	"net"
-	"os/exec"
 	"testing"
 	"time"
-
-	"gvisor.dev/gvisor/test/packetimpact/netdevs"
 )
 
 var (
 	// Native indicates that the test is being run natively.
 	Native = false
-	// LocalDevice is the device that testbench uses to inject traffic.
-	LocalDevice = ""
-	// RemoteDevice is the device name on the DUT, individual tests can
-	// use the name to construct tests.
-	RemoteDevice = ""
+	// RPCKeepalive is the gRPC keepalive.
+	RPCKeepalive = 10 * time.Second
+	// RPCTimeout is the gRPC timeout.
+	RPCTimeout = 100 * time.Millisecond
+
+	// dutTestNetsJSON is the json string that describes all the test networks to
+	// duts available to use.
+	dutTestNetsJSON string
+	// dutTestNets is the pool among which the testbench can choose a DUT to work
+	// with.
+	dutTestNets chan *DUTTestNet
+)
 
+// DUTTestNet describes the test network setup on dut and how the testbench
+// should connect with an existing DUT.
+type DUTTestNet struct {
+	// LocalMAC is the local MAC address on the test network.
+	LocalMAC net.HardwareAddr
+	// RemoteMAC is the DUT's MAC address on the test network.
+	RemoteMAC net.HardwareAddr
 	// LocalIPv4 is the local IPv4 address on the test network.
-	LocalIPv4 = ""
+	LocalIPv4 net.IP
 	// RemoteIPv4 is the DUT's IPv4 address on the test network.
-	RemoteIPv4 = ""
+	RemoteIPv4 net.IP
 	// IPv4PrefixLength is the network prefix length of the IPv4 test network.
-	IPv4PrefixLength = 0
-
+	IPv4PrefixLength int
 	// LocalIPv6 is the local IPv6 address on the test network.
-	LocalIPv6 = ""
+	LocalIPv6 net.IP
 	// RemoteIPv6 is the DUT's IPv6 address on the test network.
-	RemoteIPv6 = ""
+	RemoteIPv6 net.IP
+	// LocalDevID is the ID of the local interface on the test network.
+	LocalDevID uint32
+	// RemoteDevID is the ID of the remote interface on the test network.
+	RemoteDevID uint32
+	// LocalDevName is the device that testbench uses to inject traffic.
+	LocalDevName string
+	// RemoteDevName is the device name on the DUT, individual tests can
+	// use the name to construct tests.
+	RemoteDevName string
 
-	// LocalInterfaceID is the ID of the local interface on the test network.
-	LocalInterfaceID uint32
-	// RemoteInterfaceID is the ID of the remote interface on the test network.
-	//
-	// Not using uint32 because package flag does not support uint32.
-	RemoteInterfaceID uint64
-
-	// LocalMAC is the local MAC address on the test network.
-	LocalMAC = ""
-	// RemoteMAC is the DUT's MAC address on the test network.
-	RemoteMAC = ""
+	// The following two fields on actually on the control network instead
+	// of the test network, including them for convenience.
 
 	// POSIXServerIP is the POSIX server's IP address on the control network.
-	POSIXServerIP = ""
+	POSIXServerIP net.IP
 	// POSIXServerPort is the UDP port the POSIX server is bound to on the
 	// control network.
-	POSIXServerPort = 40000
-
-	// RPCKeepalive is the gRPC keepalive.
-	RPCKeepalive = 10 * time.Second
-	// RPCTimeout is the gRPC timeout.
-	RPCTimeout = 100 * time.Millisecond
-)
+	POSIXServerPort uint16
+}
 
-// RegisterFlags defines flags and associates them with the package-level
+// registerFlags defines flags and associates them with the package-level
 // exported variables above. It should be called by tests in their init
 // functions.
-func RegisterFlags(fs *flag.FlagSet) {
-	fs.StringVar(&POSIXServerIP, "posix_server_ip", POSIXServerIP, "ip address to listen to for UDP commands")
-	fs.IntVar(&POSIXServerPort, "posix_server_port", POSIXServerPort, "port to listen to for UDP commands")
+func registerFlags(fs *flag.FlagSet) {
+	fs.BoolVar(&Native, "native", Native, "whether the test is running natively")
 	fs.DurationVar(&RPCTimeout, "rpc_timeout", RPCTimeout, "gRPC timeout")
 	fs.DurationVar(&RPCKeepalive, "rpc_keepalive", RPCKeepalive, "gRPC keepalive")
-	fs.StringVar(&LocalIPv4, "local_ipv4", LocalIPv4, "local IPv4 address for test packets")
-	fs.StringVar(&RemoteIPv4, "remote_ipv4", RemoteIPv4, "remote IPv4 address for test packets")
-	fs.StringVar(&RemoteIPv6, "remote_ipv6", RemoteIPv6, "remote IPv6 address for test packets")
-	fs.StringVar(&RemoteMAC, "remote_mac", RemoteMAC, "remote mac address for test packets")
-	fs.StringVar(&LocalDevice, "local_device", LocalDevice, "local device to inject traffic")
-	fs.StringVar(&RemoteDevice, "remote_device", RemoteDevice, "remote device on the DUT")
-	fs.BoolVar(&Native, "native", Native, "whether the test is running natively")
-	fs.Uint64Var(&RemoteInterfaceID, "remote_interface_id", RemoteInterfaceID, "remote interface ID for test packets")
+	fs.StringVar(&dutTestNetsJSON, "dut_test_nets_json", dutTestNetsJSON, "path to the dut test nets json file")
 }
 
-// genPseudoFlags populates flag-like global config based on real flags.
-//
-// genPseudoFlags must only be called after flag.Parse.
-func genPseudoFlags() error {
-	out, err := exec.Command("ip", "addr", "show").CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("listing devices: %q: %w", string(out), err)
-	}
-	devs, err := netdevs.ParseDevices(string(out))
-	if err != nil {
-		return fmt.Errorf("parsing devices: %w", err)
+// Initialize initializes the testbench, it parse the flags and sets up the
+// pool of test networks for testbench's later use.
+func Initialize(fs *flag.FlagSet) {
+	registerFlags(fs)
+	flag.Parse()
+	if err := loadDUTTestNets(); err != nil {
+		panic(err)
 	}
+}
 
-	_, deviceInfo, err := netdevs.FindDeviceByIP(net.ParseIP(LocalIPv4), devs)
-	if err != nil {
-		return fmt.Errorf("can't find deviceInfo: %w", err)
+// loadDUTTestNets loads available DUT test networks from the json file, it
+// must be called after flag.Parse().
+func loadDUTTestNets() error {
+	var parsedTestNets []DUTTestNet
+	if err := json.Unmarshal([]byte(dutTestNetsJSON), &parsedTestNets); err != nil {
+		return fmt.Errorf("failed to unmarshal JSON: %w", err)
 	}
-
-	LocalMAC = deviceInfo.MAC.String()
-	LocalIPv6 = deviceInfo.IPv6Addr.String()
-	LocalInterfaceID = deviceInfo.ID
-
-	if deviceInfo.IPv4Net != nil {
-		IPv4PrefixLength, _ = deviceInfo.IPv4Net.Mask.Size()
-	} else {
-		IPv4PrefixLength, _ = net.ParseIP(LocalIPv4).DefaultMask().Size()
+	if got, want := len(parsedTestNets), 1; got < want {
+		return fmt.Errorf("got %d DUTs, the test requires at least %d DUTs", got, want)
+	}
+	// Using a buffered channel as semaphore
+	dutTestNets = make(chan *DUTTestNet, len(parsedTestNets))
+	for i := range parsedTestNets {
+		parsedTestNets[i].LocalIPv4 = parsedTestNets[i].LocalIPv4.To4()
+		parsedTestNets[i].RemoteIPv4 = parsedTestNets[i].RemoteIPv4.To4()
+		dutTestNets <- &parsedTestNets[i]
 	}
-
 	return nil
 }
 
@@ -132,3 +129,15 @@ func GenerateRandomPayload(t *testing.T, n int) []byte {
 	}
 	return buf
 }
+
+// GetDUTTestNet gets a usable DUTTestNet, the function will block until any
+// becomes available.
+func GetDUTTestNet() *DUTTestNet {
+	return <-dutTestNets
+}
+
+// Release releases the DUTTestNet back to the pool so that some other test
+// can use.
+func (n *DUTTestNet) Release() {
+	dutTestNets <- n
+}