def interp(plugin, nuin):
family = nuin.value(0)
res_id = nuin.value(1);
pattrs = (ctypes.POINTER(mnl.Attr) * (nfqnl.NFQA_MAX + 1)).from_buffer(nuin.value(2))
ph = pattrs[nfqnl.NFQA_PACKET_HDR].contents.get_payload_as(nfqnl.NfqnlMsgPacketHdr)
packet_id = socket.ntohl(ph.packet_id)
log.info("res_id: %d, qid: %d", res_id, packet_id)
nfq_send_accept(res_id, packet_id)
if pattrs[nfqnl.NFQA_PAYLOAD]:
ip = IP(bytes(pattrs[nfqnl.NFQA_PAYLOAD].contents.get_payload_v()))
log.info(ip.summary())
if pattrs[nfqnl.NFQA_IFINDEX_INDEV]:
ifin = pattrs[nfqnl.NFQA_IFINDEX_INDEV].contents.get_u32()
log.info("indev: %d", socket.ntohl(ifin));
if pattrs[nfqnl.NFQA_IFINDEX_OUTDEV]:
ifout = pattrs[nfqnl.NFQA_IFINDEX_OUTDEV].contents.get_u32()
log.info("outdev: %d", socket.ntohl(ifout));
if pattrs[nfqnl.NFQA_CT]:
ct = nfct.Conntrack()
ct.payload_parse(pattrs[nfqnl.NFQA_CT].contents.get_payload_v(), family)
s = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0)
log.info("conntrack: %s", s)
return nurs.NURS_RET_OK
def interp(plugin, nuin):
hook = nuin.value(0)
family = nuin.value(1)
protocol = nuin.value(2)
pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_buffer(nuin.value(3))
# pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_address(nuin.value(3))
seq_global = 0
if nuin.is_valid(4):
seq_global = nuin.value(4)
seq_local = 0
if nuin.is_valid(5):
seq_local = nuin.value(5)
prefix = ""
if nuin.is_valid(6):
prefix = nuin.value(6)
log.info("hook: %d, family: %d, protocol: %d, prefix: %s, seq - global: %d, local: %d",
hook, family, protocol, prefix, seq_global, seq_local)
if pattrs[nflog.NFULA_PAYLOAD] is not None:
ip = IP(bytes(pattrs[nflog.NFULA_PAYLOAD].contents.get_payload_v()))
log.info(ip.summary())
if pattrs[nflog.NFULA_CT]:
ct = nfct.Conntrack()
ct.payload_parse(pattrs[nflog.NFULA_CT].contents.get_payload_v(), family)
b = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0)
log.info("conntrack: %s", str(b))
return nurs.NURS_RET_OK
def build_msg():
if world.proto == "v6":
msg = IPv6(dst=world.cfg["dns6_addr"])/UDP(sport=world.cfg["dns_port"], dport=world.cfg["dns_port"])
else:
msg = IP(dst=world.cfg["dns4_addr"])/UDP(sport=world.cfg["dns_port"], dport=world.cfg["dns_port"])
msg.trid = random.randint(0, 256*256*256)
world.climsg.append(msg/world.dns_query)
def forwardDNS(orig_pkt):
print "Forwarding: " + orig_pkt[DNSQR].qname
response = sr1(IP(dst="8.8.8.8") / UDP(sport=orig_pkt[UDP].sport) / \
DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0)
respPkt = IP(dst=orig_pkt[IP].src) / UDP(dport=orig_pkt[UDP].sport) / DNS()
respPkt[DNS] = response[DNS]
send(respPkt, verbose=0)
return "Responding: " + respPkt.summary()
def send_ack(sp,acknum):
logger.debug("SEND_ACK")
pkt = IP(version=4L,ihl=5L,tos=0x0,len=52,id=sp[IP].id,flags="DF", frag=0L,ttl=sp[IP].ttl,
proto="tcp",src=sp[IP].src,dst=sp[IP].dst,options=[]) /\
TCP(sport=sp[TCP].sport,dport=sp[TCP].dport,seq=sp[TCP].seq,ack=acknum,dataofs=8L,
reserved=0L,flags="A",window=0,urgptr=0,options=[('NOP', None), ('NOP', None),
sp[TCP].options[2]])
del sp[TCP].chksum
del sp[IP].chksum
# this will re-generate the checksums for IP/TCP
pkt = pkt.__class__(str(pkt))
# FIXME
sendp(Ether(dst="00:00:00:00:00:01")/pkt[IP], iface="eth1",verbose=0)
logger.debug("sent ACK: %s" % acknum)
def verify_encrypted(self, p, sa, rxs):
for rx in rxs:
try:
pkt = sa.decrypt(rx[IP])
if not pkt.haslayer(IP):
pkt = IP(pkt[Raw].load)
self.assert_packet_checksums_valid(pkt)
self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
self.assertTrue(pkt.haslayer(GRE))
e = pkt[Ether]
self.assertEqual(e[Ether].dst, self.omac)
self.assertEqual(e[IP].dst, "1.1.1.2")
except (IndexError, AssertionError):
self.logger.debug(ppp("Unexpected packet:", rx))
try:
self.logger.debug(ppp("Decrypted packet:", pkt))
except:
pass
raise
def snoop_create(pkt):
global dcache # data cache
global acache # ack cache
global lastseq
global transmit
logger.debug("SNOOP_CREATE")
sp = IP(pkt.get_payload())
ips = (sp["IP"].getfieldval('src'),sp["IP"].getfieldval('dst'))
logger.debug("\tIP: %s" % str(ips))
ports = (sp["TCP"].getfieldval('sport'),sp["IP"].getfieldval('dport'))
logger.debug("\tPORTS: %s" % str(ports))
flow = (ips,ports)
logger.debug("\tFLOW: %s" % str(flow))
seqnum = int(sp["TCP"].getfieldval('seq'))
acknum = int(sp["TCP"].getfieldval('ack'))
inv_flow = ((ips[1],ips[0]),(ports[1],ports[0]))
logger.debug("\tseq: %s, ack:%s" % (seqnum,acknum))
# handle the SYN
lastseq[flow] = (seqnum,acknum)
# if "S" in sp.sprintf('%TCP.flags%'):
# dcache.insert(flow,seqnum,sp)
# this will get called if and only if there is an S
# so this is a SA packet
if "A" in sp.sprintf('%TCP.flags%'):
# verify
# dcache.remove(inv_flow,acknum-1)
# acache.insert(flow,acknum,sp)
lastseq[inv_flow] = (acknum,seqnum)
fin_hand[flow] = False
fin_hand[inv_flow] = False
pkt.accept()
logger.debug("lastseq: %s" % str(lastseq))
logger.debug("dcache:\n%s" % dcache)
print_accept()
import logging
import threading
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.layers.inet import IP, TCP, UDP, ICMP
from scapy.all import *
target = str(input("Please Enter The Target IP: "))
from_port = int(input("From Port: "))
to_port = int(input("To Port: "))
print(f"Scanning {target} for Open TCP Ports\n")
port_list = range(from_port, to_port)
sport = RandShort()
for x in port_list:
pkt = sr1(IP(dst=target) / TCP(sport=sport, dport=x, flags="S"),
timeout=0.5,
verbose=0)
if pkt != None:
if pkt.haslayer(TCP):
if pkt[TCP].flags == 18:
print(f"[+] Port {str(x)} Is Open")
print('Scan Is Completed!\n')
def test_qos_mpls(self):
""" QoS Mark/Record MPLS """
#
# 255 QoS for all input values
#
from_ext = 7
from_ip = 6
from_mpls = 5
from_vlan = 4
output = [scapy.compat.chb(from_ext)] * 256
os1 = b''.join(output)
output = [scapy.compat.chb(from_vlan)] * 256
os2 = b''.join(output)
output = [scapy.compat.chb(from_mpls)] * 256
os3 = b''.join(output)
output = [scapy.compat.chb(from_ip)] * 256
os4 = b''.join(output)
rows = [{
'outputs': os1
}, {
'outputs': os2
}, {
'outputs': os3
}, {
'outputs': os4
}]
self.vapi.qos_egress_map_update(1, rows)
#
# a route with 1 MPLS label
#
route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32, [
VppRoutePath(
self.pg1.remote_ip4, self.pg1.sw_if_index, labels=[32])
])
route_10_0_0_1.add_vpp_config()
#
# a route with 3 MPLS labels
#
route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32, [
VppRoutePath(
self.pg1.remote_ip4, self.pg1.sw_if_index, labels=[63, 33, 34])
])
route_10_0_0_3.add_vpp_config()
#
# enable IP QoS recording on the input Pg0 and MPLS egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP, 1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.MPLS, 1, 1)
#
# packet that will get one label added and 3 labels added resp.
#
p_1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
p_3 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.3", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_1 * 65, self.pg1)
#
# only 3 bits of ToS value in MPLS make sure tos is correct
# and the label and EOS bit have not been corrupted
#
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 32)
self.assertEqual(p[MPLS].s, 1)
rx = self.send_and_expect(self.pg0, p_3 * 65, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_ip)
self.assertEqual(p[MPLS].label, 63)
self.assertEqual(p[MPLS].s, 0)
h = p[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 33)
self.assertEqual(h[MPLS].s, 0)
h = h[MPLS].payload
self.assertEqual(h[MPLS].cos, from_ip)
self.assertEqual(h[MPLS].label, 34)
self.assertEqual(h[MPLS].s, 1)
#
# enable MPLS QoS recording on the input Pg0 and IP egress marking
# on Pg1
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.MPLS, 1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 1)
#
# MPLS x-connect - COS according to pg1 map
#
route_32_eos = VppMplsRoute(self, 32, 1, [
VppRoutePath(self.pg1.remote_ip4,
self.pg1.sw_if_index,
labels=[VppMplsLabel(33)])
])
route_32_eos.add_vpp_config()
p_m1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=32, cos=3, ttl=2) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_m1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[MPLS].cos, from_mpls)
self.assertEqual(p[MPLS].label, 33)
self.assertEqual(p[MPLS].s, 1)
#
# MPLS deag - COS is copied from MPLS to IP
#
route_33_eos = VppMplsRoute(
self, 33, 1, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=0)])
route_33_eos.add_vpp_config()
route_10_0_0_4 = VppIpRoute(
self, "10.0.0.4", 32,
[VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
route_10_0_0_4.add_vpp_config()
p_m2 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
MPLS(label=33, ttl=2, cos=3) /
IP(src=self.pg0.remote_ip4, dst="10.0.0.4", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg0, p_m2 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, from_mpls)
#
# cleanup
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP, 0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.MPLS, 1, 0)
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.MPLS, 0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 0)
self.vapi.qos_egress_map_delete(1)
def test_igmp_router(self):
""" IGMP Router Functions """
#
# Drop reports when not enabled
#
p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Allow New Sources",
maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))
p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Block Old Sources",
maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))
self.send(self.pg0, p_j)
self.assertFalse(self.vapi.igmp_dump())
#
# drop the default timer values so these tests execute in a
# reasonable time frame
#
self.vapi.cli("test igmp timers query 1 src 3 leave 1")
#
# enable router functions on the interface
#
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
1,
IGMP_MODE.ROUTER)
self.vapi.want_igmp_events(1)
#
# wait for router to send general query
#
for ii in range(3):
capture = self.pg0.get_capture(1, timeout=2)
self.verify_general_query(capture[0])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
#
# re-send the report. VPP should now hold state for the new group
# VPP sends a notification that a new group has been joined
#
self.send(self.pg0, p_j)
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.1", 1))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 1))
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 2)
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", "10.1.1.1"))
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", "10.1.1.2"))
#
# wait for the per-source timer to expire
# the state should be reaped
# VPP sends a notification that the group has been left
#
self.assertTrue(wait_for_igmp_event(self, 4, self.pg0,
"239.1.1.1", "10.1.1.1", 0))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 0))
self.assertFalse(self.vapi.igmp_dump())
#
# resend the join. wait for two queries and then send a current-state
# record to include all sources. this should reset the expiry time
# on the sources and thus they will still be present in 2 seconds time.
# If the source timer was not refreshed, then the state would have
# expired in 3 seconds.
#
self.send(self.pg0, p_j)
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.1", 1))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 1))
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 2)
capture = self.pg0.get_capture(2, timeout=3)
self.verify_general_query(capture[0])
self.verify_general_query(capture[1])
p_cs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Mode Is Include",
maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))
self.send(self.pg0, p_cs)
self.sleep(2)
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 2)
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", "10.1.1.1"))
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", "10.1.1.2"))
#
# wait for the per-source timer to expire
# the state should be reaped
#
self.assertTrue(wait_for_igmp_event(self, 4, self.pg0,
"239.1.1.1", "10.1.1.1", 0))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 0))
self.assertFalse(self.vapi.igmp_dump())
#
# resend the join, then a leave. Router sends a group+source
# specific query containing both sources
#
self.send(self.pg0, p_j)
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.1", 1))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 1))
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 2)
self.send(self.pg0, p_l)
capture = self.pg0.get_capture(1, timeout=3)
self.verify_group_query(capture[0], "239.1.1.1",
["10.1.1.1", "10.1.1.2"])
#
# the group specific query drops the timeout to leave (=1) seconds
#
self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
"239.1.1.1", "10.1.1.1", 0))
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.1", "10.1.1.2", 0))
self.assertFalse(self.vapi.igmp_dump())
self.assertFalse(self.vapi.igmp_dump())
#
# a TO_EX({}) / IN_EX({}) is treated like a (*,G) join
#
p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Change To Exclude Mode", maddr="239.1.1.2"))
self.send(self.pg0, p_j)
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.2", "0.0.0.0", 1))
p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Mode Is Exclude", maddr="239.1.1.3"))
self.send(self.pg0, p_j)
self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
"239.1.1.3", "0.0.0.0", 1))
#
# A 'allow sources' for {} should be ignored as it should
# never be sent.
#
p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Allow New Sources", maddr="239.1.1.4"))
self.send(self.pg0, p_j)
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.2", "0.0.0.0"))
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.3", "0.0.0.0"))
self.assertFalse(find_igmp_state(dump, self.pg0,
"239.1.1.4", "0.0.0.0"))
#
# a TO_IN({}) and IS_IN({}) are treated like a (*,G) leave
#
self.vapi.cli("set logging class igmp level debug")
p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Change To Include Mode", maddr="239.1.1.2"))
self.send(self.pg0, p_l)
self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
"239.1.1.2", "0.0.0.0", 0))
p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Version 3 Membership Report") /
IGMPv3mr(numgrp=1) /
IGMPv3gr(rtype="Mode Is Include", maddr="239.1.1.3"))
self.send(self.pg0, p_l)
self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
"239.1.1.3", "0.0.0.0", 0))
self.assertFalse(self.vapi.igmp_dump(self.pg0.sw_if_index))
#
# disable router config
#
self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
0,
IGMP_MODE.ROUTER)
def test_ip_sub_nets(self):
""" IP Sub Nets """
#
# Configure a covering route to forward so we know
# when we are dropping
#
cover_route = VppIpRoute(
self, "10.0.0.0", 8,
[VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
cover_route.add_vpp_config()
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(dst="10.10.10.10", src=self.pg0.local_ip4) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.pg1.add_stream(p)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
#
# Configure some non-/24 subnets on an IP interface
#
ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10")
self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, ip_addr_n,
16)
pn = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(dst="10.10.0.0", src=self.pg0.local_ip4) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pb = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(dst="10.10.255.255", src=self.pg0.local_ip4) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_assert_no_replies(self.pg1, pn, "IP Network address")
self.send_and_assert_no_replies(self.pg1, pb, "IP Broadcast address")
# remove the sub-net and we are forwarding via the cover again
self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index,
ip_addr_n,
16,
is_add=0)
self.pg1.add_stream(pn)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
self.pg1.add_stream(pb)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
#
# A /31 is a special case where the 'other-side' is an attached host
# packets to that peer generate ARP requests
#
ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10")
self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, ip_addr_n,
31)
pn = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(dst="10.10.10.11", src=self.pg0.local_ip4) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.pg1.add_stream(pn)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg0.get_capture(1)
rx[ARP]
# remove the sub-net and we are forwarding via the cover again
self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index,
ip_addr_n,
31,
is_add=0)
self.pg1.add_stream(pn)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx = self.pg1.get_capture(1)
def print_and_accept(pkt):
ip = IP(pkt.get_payload())
ip.show()
pkt.set_payload(str(ip))
pkt.accept()
def __init__(self):
base_pkt = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67,chksum=0) \
/BOOTP(chaddr=b'123456',xid=55555,yiaddr='1.2.3.4')/DHCP(options=[("message-type","discover"), ("server_id", '1.2.3.4'),"end"])
FastParser.__init__(self, base_pkt)
self.add_field('Ethernet.dst', 'dstmac')
self.add_field('Ethernet.src', 'srcmac')
self.add_field('IP.ihl', 'ihl', fmt="!B")
self.add_field('IP.dst', 'dstip')
self.add_field('IP.src', 'srcip')
self.add_field('IP.chksum', 'chksum')
self.add_field('BOOTP.xid', 'xid')
self.add_field('BOOTP.chaddr', 'chaddr')
self.add_field('BOOTP.ciaddr', 'ciaddr')
self.add_field('BOOTP.yiaddr', 'yiaddr')
self.add_field('DHCP options.options',
'options',
getter=self.get_options,
setter=self.set_options)
msg_types = [
{
'id': 1,
'name': 'discover'
},
{
'id': 2,
'name': 'offer'
},
{
'id': 3,
'name': 'request'
},
]
self.msg_types = {}
for t in msg_types:
self.msg_types[t['id']] = t
self.msg_types[t['name']] = t
opts = [
{
'id': 53,
'name': 'message-type',
'type': 'byte'
},
{
'id': 54,
'name': 'server_id',
'type': 'int'
},
{
'id': 50,
'name': 'requested_addr',
'type': 'int'
},
{
'id': 51,
'name': 'lease-time',
'type': 'int'
},
{
'id': 58,
'name': 'renewal_time',
'type': 'int'
},
{
'id': 59,
'name': 'rebinding_time',
'type': 'int'
},
{
'id': 1,
'name': 'subnet_mask',
'type': 'int'
},
{
'id': 15,
'name': 'domain',
'type': 'str'
},
]
self.opts = {}
for opt in opts:
self.opts[opt['id']] = opt
self.opts[opt['name']] = opt
def test_ip_deag(self):
""" IP Deag Routes """
#
# Create a table to be used for:
# 1 - another destination address lookup
# 2 - a source address lookup
#
table_dst = VppIpTable(self, 1)
table_src = VppIpTable(self, 2)
table_dst.add_vpp_config()
table_src.add_vpp_config()
#
# Add a route in the default table to point to a deag/
# second lookup in each of these tables
#
route_to_dst = VppIpRoute(
self, "1.1.1.1", 32,
[VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)])
route_to_src = VppIpRoute(self, "1.1.1.2", 32, [
VppRoutePath(
"0.0.0.0", 0xffffffff, nh_table_id=2, is_source_lookup=1)
])
route_to_dst.add_vpp_config()
route_to_src.add_vpp_config()
#
# packets to these destination are dropped, since they'll
# hit the respective default routes in the second table
#
p_dst = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src="5.5.5.5", dst="1.1.1.1") /
TCP(sport=1234, dport=1234) / Raw('\xa5' * 100))
p_src = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src="2.2.2.2", dst="1.1.1.2") /
TCP(sport=1234, dport=1234) / Raw('\xa5' * 100))
pkts_dst = p_dst * 257
pkts_src = p_src * 257
self.send_and_assert_no_replies(self.pg0, pkts_dst, "IP in dst table")
self.send_and_assert_no_replies(self.pg0, pkts_src, "IP in src table")
#
# add a route in the dst table to forward via pg1
#
route_in_dst = VppIpRoute(
self,
"1.1.1.1",
32, [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)],
table_id=1)
route_in_dst.add_vpp_config()
self.send_and_expect(self.pg0, pkts_dst, self.pg1)
#
# add a route in the src table to forward via pg2
#
route_in_src = VppIpRoute(
self,
"2.2.2.2",
32, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)],
table_id=2)
route_in_src.add_vpp_config()
self.send_and_expect(self.pg0, pkts_src, self.pg2)
class scapy(object):
SCAPY_LAYERS = {
'ether': Ether(dst="ff:ff:ff:ff:ff:ff"),
'vlan': Dot1Q(),
'etag': Dot1BR(),
'1588': Ether(type=0x88f7),
'arp': ARP(),
'ipv4': IP(),
'ipv4ihl': IP(ihl=10),
'ipv4_ext': IP(frag=5),
'ipv6': IPv6(src="::1"),
'ipv6_ext': IPv6(src="::1", nh=43) / IPv6ExtHdrRouting(),
'ipv6_ext2': IPv6() / IPv6ExtHdrRouting(),
'udp': UDP(),
'tcp': TCP(),
'sctp': SCTP(),
'icmp': ICMP(),
'gre': GRE(),
'raw': Raw(),
'vxlan': Vxlan(),
'inner_mac': Ether(),
'inner_vlan': Dot1Q(),
'inner_ipv4': IP(),
'inner_ipv4_ext': IP(),
'inner_ipv6': IPv6(src="::1"),
'inner_ipv6_ext': IPv6(src="::1"),
'inner_tcp': TCP(),
'inner_udp': UDP(),
'inner_sctp': SCTP(),
'inner_icmp': ICMP(),
'lldp': LLDP() / LLDPManagementAddress(),
'ip_frag': IP(frag=5),
'ipv6_frag': IPv6(src="::1") / IPv6ExtHdrFragment(),
'ip_in_ip': IP() / IP(),
'ip_in_ip_frag': IP() / IP(frag=5),
'ipv6_in_ip': IP() / IPv6(src="::1"),
'ipv6_frag_in_ip': IP() / IPv6(src="::1", nh=44) / IPv6ExtHdrFragment(),
'nvgre': NVGRE(),
'geneve': "Not Implement",
}
def __init__(self):
self.pkt = None
pass
def assign_pkt(self, pkt):
self.pkt = pkt
def add_layers(self, layers):
self.pkt = None
for layer in layers:
if self.pkt is not None:
self.pkt = self.pkt / self.SCAPY_LAYERS[layer]
else:
self.pkt = self.SCAPY_LAYERS[layer]
def ether(self, pkt_layer, dst="ff:ff:ff:ff:ff:ff", src="00:00:20:00:00:00", type=None):
if pkt_layer.name != "Ethernet":
return
pkt_layer.dst = dst
pkt_layer.src = src
if type is not None:
pkt_layer.type = type
def vlan(self, pkt_layer, vlan, prio=0, type=None):
if pkt_layer.name != "802.1Q":
return
pkt_layer.vlan = int(vlan)
pkt_layer.prio = prio
if type is not None:
pkt_layer.type = type
def strip_vlan(self, element):
value = None
if self.pkt.haslayer('Dot1Q') is 0:
return None
if element == 'vlan':
value = int(str(self.pkt[Dot1Q].vlan))
return value
def etag(self, pkt_layer, ECIDbase=0, prio=0, type=None):
if pkt_layer.name != "802.1BR":
return
pkt_layer.ECIDbase = int(ECIDbase)
pkt_layer.prio = prio
if type is not None:
pkt_layer.type = type
def strip_etag(self, element):
value = None
if self.pkt.haslayer('Dot1BR') is 0:
return None
if element == 'ECIDbase':
value = int(str(self.pkt[Dot1BR].ECIDbase))
return value
def strip_layer2(self, element):
value = None
layer = self.pkt.getlayer(0)
if layer is None:
return None
if element == 'src':
value = layer.src
elif element == 'dst':
value = layer.dst
elif element == 'type':
value = layer.type
return value
def strip_layer3(self, element):
value = None
layer = self.pkt.getlayer(1)
if layer is None:
return None
if element == 'src':
value = layer.src
elif element == 'dst':
value = layer.dst
else:
value = layer.getfieldval(element)
return value
def strip_layer4(self, element):
value = None
layer = self.pkt.getlayer(2)
if layer is None:
return None
if element == 'src':
value = layer.sport
elif element == 'dst':
value = layer.dport
else:
value = layer.getfieldval(element)
return value
def ipv4(self, pkt_layer, frag=0, src="127.0.0.1", proto=None, tos=0, dst="127.0.0.1", chksum=None, len=None, version=4, flags=None, ihl=None, ttl=64, id=1, options=None):
pkt_layer.frag = frag
pkt_layer.src = src
if proto is not None:
pkt_layer.proto = proto
pkt_layer.tos = tos
pkt_layer.dst = dst
if chksum is not None:
pkt_layer.chksum = chksum
if len is not None:
pkt_layer.len = len
pkt_layer.version = version
if flags is not None:
pkt_layer.flags = flags
if ihl is not None:
pkt_layer.ihl = ihl
pkt_layer.ttl = ttl
pkt_layer.id = id
if options is not None:
pkt_layer.options = options
def ipv6(self, pkt_layer, version=6, tc=0, fl=0, plen=0, nh=0, hlim=64, src="::1", dst="::1"):
"""
Configure IPv6 protocal.
"""
pkt_layer.version = version
pkt_layer.tc = tc
pkt_layer.fl = fl
if plen:
pkt_layer.plen = plen
if nh:
pkt_layer.nh = nh
pkt_layer.src = src
pkt_layer.dst = dst
def tcp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
pkt_layer.sport = src
pkt_layer.dport = dst
if len is not None:
pkt_layer.len = len
if chksum is not None:
pkt_layer.chksum = chksum
def udp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
pkt_layer.sport = src
pkt_layer.dport = dst
if len is not None:
pkt_layer.len = len
if chksum is not None:
pkt_layer.chksum = chksum
def sctp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
pkt_layer.sport = src
pkt_layer.dport = dst
if len is not None:
pkt_layer.len = len
if chksum is not None:
pkt_layer.chksum = chksum
def raw(self, pkt_layer, payload=None):
if payload is not None:
pkt_layer.load = ''
for hex1, hex2 in payload:
pkt_layer.load += struct.pack("=B", int('%s%s' % (hex1, hex2), 16))
def gre(self, pkt_layer, proto=None):
if proto is not None:
pkt_layer.proto = proto
def vxlan(self, pkt_layer, vni=0):
pkt_layer.vni = vni
def read_pcap(self, file):
pcap_pkts = []
try:
pcap_pkts = rdpcap(file)
except:
pass
return pcap_pkts
def write_pcap(self, file):
try:
wrpcap(file, self.pkt)
except:
pass
def send_pcap_pkt(self, crb=None, file='', intf='', count=1):
if intf == '' or file == '' or crb is None:
print "Invalid option for send packet by scapy"
return
content = 'pkts=rdpcap(\"%s\");sendp(pkts, iface=\"%s\", count=\"%s\" );exit()' % (file, intf, count)
cmd_file = '/tmp/scapy_%s.cmd' % intf
crb.create_file(content, cmd_file)
crb.send_expect("scapy -c scapy_%s.cmd &" % intf, "# ")
def print_summary(self):
print "Send out pkt %s" % self.pkt.summary()
def send_pkt(self, intf='', count=1):
self.print_summary()
if intf != '':
# wait few seconds for link ready
countdown = 600
while countdown:
link_st = subprocess.check_output("ip link show %s" % intf,
stderr=subprocess.STDOUT,
shell=True)
if "LOWER_UP" in link_st:
break
else:
time.sleep(0.01)
countdown -= 1
continue
# fix fortville can't receive packets with 00:00:00:00:00:00
if self.pkt.getlayer(0).src == "00:00:00:00:00:00":
self.pkt.getlayer(0).src = get_if_hwaddr(intf)
sendp(self.pkt, iface=intf, count=count)
#!/usr/bin/env python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
from scapy.layers.dns import DNS, DNSQR, DNSRR
from scapy.layers.inet import IP, UDP, TCP
__author__ = 'michael salerno'
#id: 108512298
if not os.geteuid() == 0:
sys.exit('Script must be run as root')
pkt = IP(dst="www.slashdot.org") / TCP() / "GET /index.html HTTP/1.0 \n\n"
ans, unans = sr(pkt, multi=2, timeout=1, verbose=1)
def test_pipe(self):
""" Pipes """
pipes = [VppPipe(self), VppPipe(self, 10)]
for p in pipes:
p.add_vpp_config()
p.admin_up()
#
# L2 cross-connect pipe0 east with pg0 and west with pg1
#
self.vapi.sw_interface_set_l2_xconnect(self.pg0.sw_if_index,
pipes[0].east,
enable=1)
self.vapi.sw_interface_set_l2_xconnect(pipes[0].east,
self.pg0.sw_if_index,
enable=1)
self.vapi.sw_interface_set_l2_xconnect(self.pg1.sw_if_index,
pipes[0].west,
enable=1)
self.vapi.sw_interface_set_l2_xconnect(pipes[0].west,
self.pg1.sw_if_index,
enable=1)
# test bi-directional L2 flow pg0<->pg1
p = (Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 100))
self.send_and_expect(self.pg0, p * 65, self.pg1)
self.send_and_expect(self.pg1, p * 65, self.pg0)
#
# Attach ACL to ensure features are run on the pipe
#
rule_1 = ({
'is_permit': 0,
'is_ipv6': 0,
'proto': 17,
'srcport_or_icmptype_first': 1234,
'srcport_or_icmptype_last': 1234,
'src_ip_prefix_len': 32,
'src_ip_addr': inet_pton(AF_INET, "1.1.1.1"),
'dstport_or_icmpcode_first': 1234,
'dstport_or_icmpcode_last': 1234,
'dst_ip_prefix_len': 32,
'dst_ip_addr': inet_pton(AF_INET, "1.1.1.2")
})
acl = self.vapi.acl_add_replace(acl_index=4294967295, r=[rule_1])
# Apply the ACL on the pipe on output
self.vapi.acl_interface_set_acl_list(pipes[0].east, 0, [acl.acl_index])
self.send_and_assert_no_replies(self.pg0, p * 65)
self.send_and_expect(self.pg1, p * 65, self.pg0)
# remove from output and apply on input
self.vapi.acl_interface_set_acl_list(pipes[0].east, 0, [])
self.vapi.acl_interface_set_acl_list(pipes[0].west, 1, [acl.acl_index])
self.send_and_assert_no_replies(self.pg0, p * 65)
self.send_and_expect(self.pg1, p * 65, self.pg0)
self.vapi.acl_interface_set_acl_list(pipes[0].west, 0, [])
self.send_and_expect(self.pg0, p * 65, self.pg1)
self.send_and_expect(self.pg1, p * 65, self.pg0)
#
# L3 routes in two separate tables so a pipe can be used to L3
# x-connect
#
tables = []
tables.append(VppIpTable(self, 1))
tables.append(VppIpTable(self, 2))
for t in tables:
t.add_vpp_config()
self.pg2.set_table_ip4(1)
self.pg2.config_ip4()
self.pg2.resolve_arp()
self.pg3.set_table_ip4(2)
self.pg3.config_ip4()
self.pg3.resolve_arp()
routes = []
routes.append(
VppIpRoute(
self,
"1.1.1.1",
32, [VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)],
table_id=2))
routes.append(
VppIpRoute(self,
"1.1.1.1",
32, [VppRoutePath("0.0.0.0", pipes[1].east)],
table_id=1))
routes.append(
VppIpRoute(self,
"1.1.1.2",
32, [VppRoutePath("0.0.0.0", pipes[1].west)],
table_id=2))
routes.append(
VppIpRoute(
self,
"1.1.1.2",
32, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)],
table_id=1))
for r in routes:
r.add_vpp_config()
p_east = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) /
IP(src="1.1.1.2", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
# bind the pipe ends to the correct tables
self.vapi.sw_interface_set_table(pipes[1].west, 0, 2)
self.vapi.sw_interface_set_table(pipes[1].east, 0, 1)
# IP is not enabled on the pipes at this point
self.send_and_assert_no_replies(self.pg2, p_east * 65)
# IP enable the Pipes by making them unnumbered
pipes[0].set_unnumbered(self.pg2.sw_if_index)
pipes[1].set_unnumbered(self.pg3.sw_if_index)
self.send_and_expect(self.pg2, p_east * 65, self.pg3)
# and the return path
p_west = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) /
IP(src="1.1.1.1", dst="1.1.1.2") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
self.send_and_expect(self.pg3, p_west * 65, self.pg2)
#
# Use ACLs to test features run on the Pipes
#
self.vapi.acl_interface_set_acl_list(pipes[1].east, 0, [acl.acl_index])
self.send_and_assert_no_replies(self.pg2, p_east * 65)
self.send_and_expect(self.pg3, p_west * 65, self.pg2)
# remove from output and apply on input
self.vapi.acl_interface_set_acl_list(pipes[1].east, 0, [])
self.vapi.acl_interface_set_acl_list(pipes[1].west, 1, [acl.acl_index])
self.send_and_assert_no_replies(self.pg2, p_east * 65)
self.send_and_expect(self.pg3, p_west * 65, self.pg2)
self.vapi.acl_interface_set_acl_list(pipes[1].west, 0, [])
self.send_and_expect(self.pg2, p_east * 65, self.pg3)
self.send_and_expect(self.pg3, p_west * 65, self.pg2)
# cleanup (so the tables delete)
self.pg2.unconfig_ip4()
self.pg2.set_table_ip4(0)
self.pg3.unconfig_ip4()
self.pg3.set_table_ip4(0)
self.vapi.sw_interface_set_table(pipes[1].west, 0, 0)
self.vapi.sw_interface_set_table(pipes[1].east, 0, 0)
def ikescan(ip):
return sr(
IP(dst=ip) / UDP() / ISAKMP(init_cookie=RandString(8), exch_type=2) /
ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal()))
def high_push(self, msg):
from scapy.layers.inet import IP, UDP
p = IP(dst=self.ip) / UDP(sport=1234, dport=self.port) / msg
self._send(p)
async def run_test_nic(dut):
tb = TB(dut)
await tb.init()
tb.log.info("Init driver")
await tb.driver.init_dev(tb.dev.functions[0].pcie_id)
await tb.driver.interfaces[0].open()
# enable queues
tb.log.info("Enable queues")
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
for k in range(tb.driver.interfaces[0].tx_queue_count):
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr+4*k, 0x00000003)
# wait for all writes to complete
await tb.rc.mem_read(tb.driver.hw_addr, 4)
tb.log.info("Init complete")
tb.log.info("Send and receive single packet")
data = bytearray([x % 256 for x in range(1024)])
await tb.driver.interfaces[0].start_xmit(data, 0)
pkt = await tb.port_mac[0].tx.recv()
tb.log.info("Packet: %s", pkt)
await tb.port_mac[0].rx.send(pkt)
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.log.info("RX and TX checksum tests")
payload = bytes([x % 256 for x in range(256)])
eth = Ether(src='5A:51:52:53:54:55', dst='DA:D1:D2:D3:D4:D5')
ip = IP(src='192.168.1.100', dst='192.168.1.101')
udp = UDP(sport=1, dport=2)
test_pkt = eth / ip / udp / payload
test_pkt2 = test_pkt.copy()
test_pkt2[UDP].chksum = scapy.utils.checksum(bytes(test_pkt2[UDP]))
await tb.driver.interfaces[0].start_xmit(test_pkt2.build(), 0, 34, 6)
pkt = await tb.port_mac[0].tx.recv()
tb.log.info("Packet: %s", pkt)
await tb.port_mac[0].rx.send(pkt)
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
assert Ether(pkt.data).build() == test_pkt.build()
tb.log.info("Multiple small packets")
count = 64
pkts = [bytearray([(x+k) % 256 for x in range(60)]) for k in range(count)]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.loopback_enable = False
tb.log.info("Multiple large packets")
count = 64
pkts = [bytearray([(x+k) % 256 for x in range(1514)]) for k in range(count)]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.loopback_enable = False
tb.log.info("Jumbo frames")
count = 64
pkts = [bytearray([(x+k) % 256 for x in range(9014)]) for k in range(count)]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.loopback_enable = False
await Timer(1000, 'ns')
tb.log.info("TDMA")
count = 16
pkts = [bytearray([(x+k) % 256 for x in range(1514)]) for k in range(count)]
tb.loopback_enable = True
# configure TDMA scheduler
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_FNS, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_NS, 40000)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_SEC_L, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_SEC_H, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_FNS, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_NS, 10000)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_SEC_L, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_SEC_H, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_FNS, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_NS, 5000)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_SEC_L, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_SEC_H, 0)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_CTRL, 0x00000001)
# enable queues with global enable off
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
for k in range(tb.driver.interfaces[0].tx_queue_count):
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr+4*k, 0x00000001)
# configure slots
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*0, 0x00000001)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*1, 0x00000002)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*2, 0x00000004)
await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*3, 0x00000008)
await tb.rc.mem_read(tb.driver.hw_addr, 4) # wait for all writes to complete
# send packets
for k in range(count):
await tb.driver.interfaces[0].start_xmit(pkts[k], k % 4)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
# assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.loopback_enable = False
tb.log.info("Read statistics counters")
await Timer(2000, 'ns')
lst = []
for k in range(64):
lst.append(await tb.rc.mem_read_dword(tb.driver.hw_addr+0x010000+k*8))
print(lst)
await RisingEdge(dut.clk)
await RisingEdge(dut.clk)
def _modify(self, packet):
pkt = IP(packet.get_payload()) # Scapy compatible String
# This will break the connection between the client and the server
if self._breakcon:
if not (self._isbroken(pkt)):
packet.drop()
else:
print colored("[*] Session broken", 'red', attrs=['bold'])
self._breakcon = False
return
# This case will handle encrypted sessions
if self._encrypted:
if self._modify_pkts == 2:
self._encrypted = False
print colored("[*] Session forzed to go unencrypted",
'red',
attrs=['bold'])
return
else:
pkt = self._encrypted_session(pkt)
# Accepting the packet
self._accept(packet, str(pkt))
return
# This data will be usefull in case of a tcp session simulation
if pkt[TCP].sport == 445:
self._sseq = pkt[TCP].seq
self._sack = pkt[TCP].ack
self._snextseq = self._nextseqcalc(pkt)
elif pkt[TCP].dport == 445:
self._dseq = pkt[TCP].seq
self._dack = pkt[TCP].ack
self._dnextseq = self._nextseqcalc(pkt)
# TCP session simulation is required
if self._insert:
if pkt[TCP].sport == 445:
pkt[TCP].seq = self._dack
pkt[TCP].ack = self._dnextseq
pkt = self._recalculate(pkt)
# Pretty print
if self._verbosity == 1:
self._prettyprint_tcp(pkt[TCP].sport, pkt[TCP].dport,
pkt[TCP].seq, pkt[TCP].ack,
self._dnextseq)
elif pkt[TCP].dport == 445:
pkt[TCP].seq = self._sack
pkt[TCP].ack = self._snextseq
pkt = self._recalculate(pkt)
# Pretty print
if self._verbosity == 1:
self._prettyprint_tcp(pkt[TCP].sport, pkt[TCP].dport,
pkt[TCP].seq, pkt[TCP].ack,
self._snextseq)
winregpkt = WinregPkt(pkt)
if winregpkt.payload is not None and winregpkt.opnum is not None:
# Open Key packet
if winregpkt.opnum == 15:
if self._verbosity == 1:
print "\n### New OpenKey packet arrive! ###"
custom_pkt = self._openkey(pkt)
if self._userkey is not None:
self._accept(packet, str(custom_pkt))
# If last packet was an open key for creating a new key and the
# attacker has modified the path or the name
if self._newpath is True or self._keycreated is True:
self._keycreated = False
self._newpath = False
self._userkey = None
return
# Create Key packet
elif winregpkt.opnum == 6:
if self._verbosity == 1:
print "\n### New CreateKey packet arrive! ###"
custom_pkt = self._createkey(pkt)
if self._usernewkey is not None:
self._accept(packet, str(custom_pkt))
return
# Set Value packet
elif winregpkt.opnum == 22:
if self._verbosity == 1:
print "\n### New SetValue package arrive! ###"
custom_pkt = self._setvalue(pkt)
if self._uservalue is not None:
if self._verbosity is not None and self._verbosity == 1:
custom_pkt.show()
self._accept(packet, str(custom_pkt))
return
# Get Version packet
elif winregpkt.opnum == 26:
self._getversion(pkt)
self._accept(packet, str(pkt))
def test_flood(self):
""" L2 Flood Tests """
#
# Create a single bridge Domain
#
self.vapi.bridge_domain_add_del(bd_id=1)
#
# add each interface to the BD. 3 interfaces per split horizon group
#
for i in self.pg_interfaces[0:4]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=0)
for i in self.pg_interfaces[4:8]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=1)
for i in self.pg_interfaces[8:12]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=2)
for i in self.bvi_interfaces:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=2,
port_type=L2_PORT_TYPE.BVI)
p = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:de:ad:be:ef") /
IP(src="10.10.10.10", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
#
# input on pg0 expect copies on pg1->11
# this is in SHG=0 so its flooded to all, expect the pg0 since that's
# the ingress link
#
self.pg0.add_stream(p * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:12]:
rx0 = i.get_capture(65, timeout=1)
#
# input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
# and pg8->11 (SHG=2)
#
self.pg4.add_stream(p * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[:4]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[8:12]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[4:8]:
i.assert_nothing_captured(remark="Different SH group")
#
# An IP route so the packet that hits the BVI is sent out of pg12
#
ip_route = VppIpRoute(
self, "1.1.1.1", 32,
[VppRoutePath(self.pg12.remote_ip4, self.pg12.sw_if_index)])
ip_route.add_vpp_config()
self.logger.info(self.vapi.cli("sh bridge 1 detail"))
#
# input on pg0 expect copies on pg1->12
# this is in SHG=0 so its flooded to all, expect the pg0 since that's
# the ingress link
#
self.pg0.add_stream(p * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:]:
rx0 = i.get_capture(65, timeout=1)
#
# input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
# and pg8->12 (SHG=2)
#
self.pg4.add_stream(p * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[:4]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[8:13]:
rx0 = i.get_capture(65, timeout=1)
for i in self.pg_interfaces[4:8]:
i.assert_nothing_captured(remark="Different SH group")
#
# cleanup
#
for i in self.pg_interfaces[:12]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
enable=0)
for i in self.bvi_interfaces:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=2,
port_type=L2_PORT_TYPE.BVI,
enable=0)
self.vapi.bridge_domain_add_del(bd_id=1, is_add=0)
def send_packet():
pkt = Ether() / IP(dst=TARGET_DEST, ttl=64, proto=6)
send_sock.send(bytes(pkt))
async def run_test_nic(dut):
tb = TB(dut)
await tb.init()
tb.log.info("Init driver")
await tb.driver.init_dev(tb.dev.functions[0].pcie_id)
await tb.driver.interfaces[0].open()
# await driver.interfaces[1].open()
# enable queues
tb.log.info("Enable queues")
await tb.rc.mem_write_dword(
tb.driver.interfaces[0].ports[0].hw_addr +
mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
for k in range(tb.driver.interfaces[0].tx_queue_count):
await tb.rc.mem_write_dword(
tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr + 4 * k,
0x00000003)
# wait for all writes to complete
await tb.rc.mem_read(tb.driver.hw_addr, 4)
tb.log.info("Init complete")
tb.log.info("Send and receive single packet")
data = bytearray([x % 256 for x in range(1024)])
await tb.driver.interfaces[0].start_xmit(data, 0)
pkt = await tb.qsfp0_mac.tx.recv()
tb.log.info("Packet: %s", pkt)
await tb.qsfp0_mac.rx.send(pkt)
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
pkt.data[14:])) & 0xffff
# await tb.driver.interfaces[1].start_xmit(data, 0)
# pkt = await tb.qsfp1_mac.tx.recv()
# tb.log.info("Packet: %s", pkt)
# await tb.qsfp1_mac.rx.send(pkt)
# pkt = await tb.driver.interfaces[1].recv()
# tb.log.info("Packet: %s", pkt)
# assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
tb.log.info("RX and TX checksum tests")
payload = bytes([x % 256 for x in range(256)])
eth = Ether(src='5A:51:52:53:54:55', dst='DA:D1:D2:D3:D4:D5')
ip = IP(src='192.168.1.100', dst='192.168.1.101')
udp = UDP(sport=1, dport=2)
test_pkt = eth / ip / udp / payload
test_pkt2 = test_pkt.copy()
test_pkt2[UDP].chksum = scapy.utils.checksum(bytes(test_pkt2[UDP]))
await tb.driver.interfaces[0].start_xmit(test_pkt2.build(), 0, 34, 6)
pkt = await tb.qsfp0_mac.tx.recv()
tb.log.info("Packet: %s", pkt)
await tb.qsfp0_mac.rx.send(pkt)
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
pkt.data[14:])) & 0xffff
assert Ether(pkt.data).build() == test_pkt.build()
tb.log.info("Multiple small packets")
count = 64
pkts = [
bytearray([(x + k) % 256 for x in range(60)]) for k in range(count)
]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
pkt.data[14:])) & 0xffff
tb.loopback_enable = False
tb.log.info("Multiple large packets")
count = 64
pkts = [
bytearray([(x + k) % 256 for x in range(1514)]) for k in range(count)
]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
pkt.data[14:])) & 0xffff
tb.loopback_enable = False
tb.log.info("Jumbo frames")
count = 64
pkts = [
bytearray([(x + k) % 256 for x in range(9014)]) for k in range(count)
]
tb.loopback_enable = True
for p in pkts:
await tb.driver.interfaces[0].start_xmit(p, 0)
for k in range(count):
pkt = await tb.driver.interfaces[0].recv()
tb.log.info("Packet: %s", pkt)
assert pkt.data == pkts[k]
assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
pkt.data[14:])) & 0xffff
tb.loopback_enable = False
await RisingEdge(dut.clk_250mhz)
await RisingEdge(dut.clk_250mhz)
def send_dhcp_packet(
self,
mac: MacAddress,
vlan: str,
state: DHCPState,
dhcp_desc: DHCPDescriptor = None,
):
"""
Send DHCP packet and record state in dhcp_client_state.
Args:
mac: MAC address of interface
state: state of DHCP packet
dhcp_desc: DHCP protocol state.
Returns:
"""
ciaddr = None
# generate DHCP request packet
if state == DHCPState.DISCOVER:
dhcp_opts = [("message-type", "discover")]
dhcp_desc = DHCPDescriptor(
mac=mac,
ip="",
vlan=vlan,
state_requested=DHCPState.DISCOVER,
)
self._msg_xid = self._msg_xid + 1
pkt_xid = self._msg_xid
elif state == DHCPState.REQUEST:
dhcp_opts = [
("message-type", "request"),
("requested_addr", dhcp_desc.ip),
("server_id", dhcp_desc.server_ip),
]
dhcp_desc.state_requested = DHCPState.REQUEST
pkt_xid = dhcp_desc.xid
ciaddr = dhcp_desc.ip
elif state == DHCPState.RELEASE:
dhcp_opts = [
("message-type", "release"),
("server_id", dhcp_desc.server_ip),
]
dhcp_desc.state_requested = DHCPState.RELEASE
self._msg_xid = self._msg_xid + 1
pkt_xid = self._msg_xid
ciaddr = dhcp_desc.ip
else:
LOG.warning(
"Unknown egress request mac %s state %s",
str(mac),
state,
)
return
dhcp_opts.append("end")
dhcp_desc.xid = pkt_xid
with self._dhcp_notify:
self.dhcp_client_state[mac.as_redis_key(vlan)] = dhcp_desc
pkt = Ether(src=str(mac), dst="ff:ff:ff:ff:ff:ff")
if vlan and vlan != "0":
pkt /= Dot1Q(vlan=int(vlan))
pkt /= IP(src="0.0.0.0", dst="255.255.255.255")
pkt /= UDP(sport=68, dport=67)
pkt /= BOOTP(op=1, chaddr=mac.as_hex(), xid=pkt_xid, ciaddr=ciaddr)
pkt /= DHCP(options=dhcp_opts)
LOG.debug("DHCP pkt xmit %s", pkt.show(dump=True))
sendp(pkt, iface=self._dhcp_interface, verbose=0)
def send_message(self, server, message):
f = open('dns.json')
data = json.load(f)
f.close()
message = handle.encrypt(message)
self.threadSignal.emit(message)
found_domain = False
start_time = time.time()
# RUMORE
request_number = random.randint(5, 10)
for i in range(0, request_number):
number_random = random.randint(0, len(data) - 1)
fake_domain = data[number_random]["dominio"]
ip = data[number_random]["ip"]
answer = sr1(IP(dst=server) / UDP(sport=RandShort(), dport=53) /
DNS(id=random.randint(0, 65535),
rd=1,
qd=DNSQR(qname=fake_domain),
an=DNSRR(rrname=fake_domain, rdata=ip)),
verbose=0)
self.threadSignal.emit(repr(answer[DNS]))
# time.sleep(random.randint(2, 10))
while not found_domain:
number_random = random.randint(0, len(data) - 1)
fake_domain = data[number_random]["dominio"]
ip = data[number_random]["ip"]
if handle_glob.countConsonantsandVolwes(fake_domain)[
0] % 2 == 0 and handle_glob.countConsonantsandVolwes(
fake_domain)[1] >= 4:
found_domain = True
ttl = random.randint(2468, 10468)
ttl_binary = bin(ttl)[2:].zfill(16)
len_binary = bin(len(message))[2:].zfill(8)
# pattern = random.randint(0, 15)
# pattern_bin = bin(pattern)[2:].zfill(4)
pattern_bin = config.get('CONFIG', 'pattern')
binary = ''
j = 0
k = 0
for i in range(0, len(ttl_binary)):
if i % 2 != 0:
binary += len_binary[j]
j += 1
elif i < 8 and i % 2 == 0:
binary += pattern_bin[k]
k += 1
else:
binary += ttl_binary[i]
answer = sr1(
IP(dst=server) / UDP(sport=RandShort(), dport=53) /
DNS(id=random.randint(0, 65535),
rd=1,
qd=DNSQR(qname=fake_domain),
an=DNSRR(ttl=int(binary, 2), rrname=fake_domain, rdata=ip)),
verbose=0)
self.threadSignal.emit(repr(answer[DNS]))
# time.sleep(random.randint(2, 10))
chunks = list(self.chunkstring(message, 16))
for message in chunks:
for i in range(0, len(message)):
found_domain = False
while not found_domain:
number_random = random.randint(0, len(data) - 1)
fake_domain = data[number_random]["dominio"]
if handle_glob.countConsonantsandVolwes(
fake_domain
)[0] % 2 == 0 and handle_glob.countConsonantsandVolwes(
fake_domain)[1] >= 4:
found_domain = True
dns_id = random.randint(0, 65535)
binary_temp = bin(dns_id)[2:].zfill(16)
binary = ''
message_binary = bin(ord(message[i]))[2:].zfill(8)
sequence_number = bin(i)[2:].zfill(4)
j = 0
k = 0
z = 0
for i in range(0, len(binary_temp)):
if i % 2 == 0:
binary += message_binary[j]
j += 1
elif i < 8 and i % 2 != 0:
binary += sequence_number[k]
k += 1
else:
binary += pattern_bin[z]
z += 1
new_dns_id = int(binary, 2)
answer = sr1(
IP(dst=server) / UDP(sport=RandShort(), dport=53) /
DNS(id=new_dns_id, rd=1, qd=DNSQR(qname=fake_domain)),
verbose=0)
self.threadSignal.emit(repr(answer[DNS]))
# time.sleep(random.randint(2, 10))
# RUMORE
request_number = random.randint(1, 3)
for i in range(0, request_number):
number_random = random.randint(0, len(data) - 1)
fake_domain = data[number_random]["dominio"]
answer = sr1(IP(dst=server) /
UDP(sport=RandShort(), dport=53) /
DNS(id=random.randint(0, 65535),
rd=1,
qd=DNSQR(qname=fake_domain)),
verbose=0)
self.threadSignal.emit(repr(answer[DNS]))
# time.sleep(random.randint(2, 10))
end_time = (time.time() - start_time)
self.threadSignal.emit("END in " + str(end_time) + " seconds")
def snoop(pkt):
global first_pkt
logger.debug("SNOOP")
sp = IP(pkt.get_payload())
seqnum = int(sp["TCP"].getfieldval('seq'))
acknum = int(sp["TCP"].getfieldval('ack'))
ips = (sp["IP"].getfieldval('src'),sp["IP"].getfieldval('dst'))
#Tear down and create states
# if you see an F in flags it means FIN, clean up all connection info.
logger.info("\tflags: %3s | src:%s dst:%s | seq:%s ack:%s" %\
(sp.sprintf('%TCP.flags%'),str(ips[0]),str(ips[1]),seqnum,acknum))
if "F" in sp.sprintf('%TCP.flags%') or "R" in sp.sprintf('%TCP.flags%'):
logger.debug("\tFIN detected, cleaning.")
# snoop_clean(pkt)
# pkt.accept()
# return
# create flow information in SYN rather than in ack and data.
elif "S" in sp.sprintf('%TCP.flags%'):
logger.debug("\tSYN detected, creating flow.")
snoop_create(pkt)
return
ports = (sp["TCP"].getfieldval('sport'),sp["IP"].getfieldval('dport'))
flow = (ips,ports)
inv_flow = ((ips[1],ips[0]),(ports[1],ports[0]))
# handle the last ACK in 3-way handshake
if not fin_hand[flow]:
snoop_create(pkt)
fin_hand[flow] = True
fin_hand[inv_flow] = True
first_pkt[flow] = True
first_pkt[inv_flow] = True
return
try:
prev_seq = lastseq[flow][0]
prev_ack = lastseq[flow][1]
logger.debug("\tprev ack: %s | current ack: %s" % (prev_ack,acknum))
logger.debug("\tprev seq: %s | current seq: %s" % (prev_seq,seqnum))
# if seqnum is less or greather than previous, we will accept and forward
if seqnum > prev_seq:
logger.debug("\tData detected")
first_pkt[flow] = False
# snoop data will catch the piggys
snoop_data(pkt)
return
elif acknum > prev_ack:
logger.debug("\tACK")
first_pkt[flow] = False
snoop_ack(pkt)
return
# if the acknum is greater or less than, we will accept greater and reject lower
else:
if flow in first_pkt and first_pkt[flow]:
#FIXME, this packet never gets acked.
logger.debug("\tFirst Packet")
first_pkt[flow] = False
if first_pkt[inv_flow]:
accept_packet(pkt,flow,seqnum,acknum,0)
else:
accept_packet(pkt,flow,seqnum,acknum,1)
return
else:
logger.debug("Out of date.")
if dcache.get(flow,seqnum):
logger.debug("\t\tflow: %s, in dcache: %s, DATA" % (flow,dcache.get(flow,seqnum)))
snoop_data(pkt)
elif acache.get(flow,acknum-1):
logger.debug("\t\tflow: %s, in acache: %s, ACK" % (flow,acache.get(flow,acknum)))
snoop_ack(pkt)
# again our assumptions are that the data link side is not lossy, ack side is with iperf.
else:
logger.debug("flow: %s, inv_flow: %s" % (flow,inv_flow))
logger.debug("seq: %s, ack: %s" % (seqnum,acknum))
if dcache.get(inv_flow,acknum-1):
snoop_ack(pkt)
else:
snoop_data(pkt)
except Exception, e:
logger.error("ERROR IN SNOOP HANDLE")
logger.error(str(e))
logger.error(traceback.format_exc())
def test_ip_input(self):
""" IP Input Exceptions """
# i can't find a way in scapy to construct an IP packet
# with a length less than the IP header length
#
# Packet too short - this is forwarded
#
p_short = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, len=40) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg0, p_short * 65, self.pg1)
#
# Packet too long - this is dropped
#
p_long = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, len=400) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_assert_no_replies(self.pg0, p_long * 65, "too long")
#
# bad chksum - this is dropped
#
p_chksum = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, chksum=400) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_assert_no_replies(self.pg0, p_chksum * 65,
"bad checksum")
#
# bad version - this is dropped
#
p_ver = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, version=3) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_assert_no_replies(self.pg0, p_ver * 65,
"funky version")
#
# fragment offset 1 - this is dropped
#
p_frag = (
Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, frag=1) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_assert_no_replies(self.pg0, p_frag * 65,
"frag offset")
#
# TTL expired packet
#
p_ttl = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, ttl=1) /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
rx = self.send_and_expect(self.pg0, p_ttl * 65, self.pg0)
rx = rx[0]
icmp = rx[ICMP]
self.assertEqual(icmptypes[icmp.type], "time-exceeded")
self.assertEqual(icmpcodes[icmp.type][icmp.code],
"ttl-zero-during-transit")
self.assertEqual(icmp.src, self.pg0.remote_ip4)
self.assertEqual(icmp.dst, self.pg1.remote_ip4)
#
# MTU exceeded
#
p_mtu = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4,
dst=self.pg1.remote_ip4,
ttl=10,
flags='DF') / UDP(sport=1234, dport=1234) /
Raw('\xa5' * 2000))
self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [1500, 0, 0, 0])
rx = self.send_and_expect(self.pg0, p_mtu * 65, self.pg0)
rx = rx[0]
icmp = rx[ICMP]
self.assertEqual(icmptypes[icmp.type], "dest-unreach")
self.assertEqual(icmpcodes[icmp.type][icmp.code],
"fragmentation-needed")
self.assertEqual(icmp.src, self.pg0.remote_ip4)
self.assertEqual(icmp.dst, self.pg1.remote_ip4)
self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [2500, 0, 0, 0])
rx = self.send_and_expect(self.pg0, p_mtu * 65, self.pg1)
# Reset MTU for subsequent tests
self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [9000, 0, 0, 0])
def test_igmp_host(self):
""" IGMP Host functions """
#
# Enable interface for host functions
#
self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
1,
IGMP_MODE.HOST)
#
# Add one S,G of state and expect a state-change event report
# indicating the addition of the S,G
#
h1 = self.add_group(self.pg0, IgmpSG("239.1.1.1", ["1.1.1.1"]))
# search for the corresponding state created in VPP
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 1)
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", "1.1.1.1"))
#
# Send a general query (to the all router's address)
# expect VPP to respond with a membership report.
# Pad the query with 0 - some devices in the big wild
# internet are prone to this.
#
p_g = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='224.0.0.1', tos=0xc0) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="0.0.0.0") /
Raw(b'\x00' * 10))
self.send(self.pg0, p_g)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
#
# Group specific query
#
p_gs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1"))
self.send(self.pg0, p_gs)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
#
# A group and source specific query, with the source matching
# the source VPP has
#
p_gs1 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1", srcaddrs=["1.1.1.1"]))
self.send(self.pg0, p_gs1)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
#
# A group and source specific query that reports more sources
# than the packet actually has.
#
p_gs2 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1", numsrc=4, srcaddrs=["1.1.1.1"]))
self.send_and_assert_no_replies(self.pg0, p_gs2, timeout=10)
#
# A group and source specific query, with the source NOT matching
# the source VPP has. There should be no response.
#
p_gs2 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1", srcaddrs=["1.1.1.2"]))
self.send_and_assert_no_replies(self.pg0, p_gs2, timeout=10)
#
# A group and source specific query, with the multiple sources
# one of which matches the source VPP has.
# The report should contain only the source VPP has.
#
p_gs3 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1",
srcaddrs=["1.1.1.1", "1.1.1.2", "1.1.1.3"]))
self.send(self.pg0, p_gs3)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
#
# Two source and group specific queries in quick succession, the
# first does not have VPPs source the second does. then vice-versa
#
self.send(self.pg0, [p_gs2, p_gs1])
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
self.send(self.pg0, [p_gs1, p_gs2])
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h1.sg, "Mode Is Include")])
#
# remove state, expect the report for the removal
#
self.remove_group(h1)
dump = self.vapi.igmp_dump()
self.assertFalse(dump)
#
# A group with multiple sources
#
h2 = self.add_group(self.pg0,
IgmpSG("239.1.1.1",
["1.1.1.1", "1.1.1.2", "1.1.1.3"]))
# search for the corresponding state created in VPP
dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
self.assertEqual(len(dump), 3)
for s in h2.sg.saddrs:
self.assertTrue(find_igmp_state(dump, self.pg0,
"239.1.1.1", s))
#
# Send a general query (to the all router's address)
# expect VPP to respond with a membership report will all sources
#
self.send(self.pg0, p_g)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h2.sg, "Mode Is Include")])
#
# Group and source specific query; some present some not
#
p_gs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
options=[IPOption(copy_flag=1, optclass="control",
option="router_alert")]) /
IGMPv3(type="Membership Query", mrcode=100) /
IGMPv3mq(gaddr="239.1.1.1",
srcaddrs=["1.1.1.1", "1.1.1.2", "1.1.1.4"]))
self.send(self.pg0, p_gs)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(
IgmpSG('239.1.1.1', ["1.1.1.1", "1.1.1.2"]),
"Mode Is Include")])
#
# add loads more groups
#
h3 = self.add_group(self.pg0,
IgmpSG("239.1.1.2",
["2.1.1.1", "2.1.1.2", "2.1.1.3"]))
h4 = self.add_group(self.pg0,
IgmpSG("239.1.1.3",
["3.1.1.1", "3.1.1.2", "3.1.1.3"]))
h5 = self.add_group(self.pg0,
IgmpSG("239.1.1.4",
["4.1.1.1", "4.1.1.2", "4.1.1.3"]))
h6 = self.add_group(self.pg0,
IgmpSG("239.1.1.5",
["5.1.1.1", "5.1.1.2", "5.1.1.3"]))
h7 = self.add_group(self.pg0,
IgmpSG("239.1.1.6",
["6.1.1.1", "6.1.1.2",
"6.1.1.3", "6.1.1.4",
"6.1.1.5", "6.1.1.6",
"6.1.1.7", "6.1.1.8",
"6.1.1.9", "6.1.1.10",
"6.1.1.11", "6.1.1.12",
"6.1.1.13", "6.1.1.14",
"6.1.1.15", "6.1.1.16"]))
#
# general query.
# the order the groups come in is not important, so what is
# checked for is what VPP is sending today.
#
self.send(self.pg0, p_g)
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h3.sg, "Mode Is Include"),
IgmpRecord(h2.sg, "Mode Is Include"),
IgmpRecord(h6.sg, "Mode Is Include"),
IgmpRecord(h4.sg, "Mode Is Include"),
IgmpRecord(h5.sg, "Mode Is Include"),
IgmpRecord(h7.sg, "Mode Is Include")])
#
# modify a group to add and remove some sources
#
h7.sg = IgmpSG("239.1.1.6",
["6.1.1.1", "6.1.1.2",
"6.1.1.5", "6.1.1.6",
"6.1.1.7", "6.1.1.8",
"6.1.1.9", "6.1.1.10",
"6.1.1.11", "6.1.1.12",
"6.1.1.13", "6.1.1.14",
"6.1.1.15", "6.1.1.16",
"6.1.1.17", "6.1.1.18"])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
h7.add_vpp_config()
capture = self.pg0.get_capture(1, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(IgmpSG("239.1.1.6",
["6.1.1.17", "6.1.1.18"]),
"Allow New Sources"),
IgmpRecord(IgmpSG("239.1.1.6",
["6.1.1.3", "6.1.1.4"]),
"Block Old Sources")])
#
# add an additional groups with many sources so that each group
# consumes the link MTU. We should therefore see multiple state
# state reports when queried.
#
self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [560, 0, 0, 0])
src_list = []
for i in range(128):
src_list.append("10.1.1.%d" % i)
h8 = self.add_group(self.pg0,
IgmpSG("238.1.1.1", src_list))
h9 = self.add_group(self.pg0,
IgmpSG("238.1.1.2", src_list))
self.send(self.pg0, p_g)
capture = self.pg0.get_capture(4, timeout=10)
self.verify_report(capture[0],
[IgmpRecord(h3.sg, "Mode Is Include"),
IgmpRecord(h2.sg, "Mode Is Include"),
IgmpRecord(h6.sg, "Mode Is Include"),
IgmpRecord(h4.sg, "Mode Is Include"),
IgmpRecord(h5.sg, "Mode Is Include")])
self.verify_report(capture[1],
[IgmpRecord(h8.sg, "Mode Is Include")])
self.verify_report(capture[2],
[IgmpRecord(h7.sg, "Mode Is Include")])
self.verify_report(capture[3],
[IgmpRecord(h9.sg, "Mode Is Include")])
#
# drop the MTU further (so a 128 sized group won't fit)
#
self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [512, 0, 0, 0])
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
h10 = VppHostState(self,
IGMP_FILTER.INCLUDE,
self.pg0.sw_if_index,
IgmpSG("238.1.1.3", src_list))
h10.add_vpp_config()
capture = self.pg0.get_capture(2, timeout=10)
# wait for a little bit
self.sleep(1)
#
# remove state, expect the report for the removal
# the dump should be empty
#
self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [600, 0, 0, 0])
self.remove_group(h8)
self.remove_group(h9)
self.remove_group(h2)
self.remove_group(h3)
self.remove_group(h4)
self.remove_group(h5)
self.remove_group(h6)
self.remove_group(h7)
self.remove_group(h10)
self.logger.info(self.vapi.cli("sh igmp config"))
self.assertFalse(self.vapi.igmp_dump())
#
# TODO
# ADD STATE ON MORE INTERFACES
#
self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
0,
IGMP_MODE.HOST)
def test_qos_ip(self):
""" QoS Mark/Record IP """
#
# for table 1 map the n=0xff possible values of input QoS mark,
# n to 1-n
#
output = [scapy.compat.chb(0)] * 256
for i in range(0, 255):
output[i] = scapy.compat.chb(255 - i)
os = b''.join(output)
rows = [{
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}]
self.vapi.qos_egress_map_update(1, rows)
#
# For table 2 (and up) use the value n for everything
#
output = [scapy.compat.chb(2)] * 256
os = b''.join(output)
rows = [{
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}]
self.vapi.qos_egress_map_update(2, rows)
output = [scapy.compat.chb(3)] * 256
os = b''.join(output)
rows = [{
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}]
self.vapi.qos_egress_map_update(3, rows)
output = [scapy.compat.chb(4)] * 256
os = b''.join(output)
rows = [{
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}]
self.vapi.qos_egress_map_update(4, rows)
self.vapi.qos_egress_map_update(5, rows)
self.vapi.qos_egress_map_update(6, rows)
self.vapi.qos_egress_map_update(7, rows)
self.logger.info(self.vapi.cli("sh qos eg map"))
#
# Bind interface pgN to table n
#
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 1)
self.vapi.qos_mark_enable_disable(self.pg2.sw_if_index, QOS_SOURCE.IP,
2, 1)
self.vapi.qos_mark_enable_disable(self.pg3.sw_if_index, QOS_SOURCE.IP,
3, 1)
self.vapi.qos_mark_enable_disable(self.pg4.sw_if_index, QOS_SOURCE.IP,
4, 1)
#
# packets ingress on Pg0
#
p_v4 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
p_v6 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IPv6(src=self.pg0.remote_ip6, dst=self.pg1.remote_ip6, tc=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
#
# Since we have not yet enabled the recording of the input QoS
# from the input iP header, the egress packet's ToS will be unchanged
#
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 1)
rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 1)
#
# Enable QoS recording on IP input for pg0
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP, 1)
#
# send the same packets, this time expect the input TOS of 1
# to be mapped to pg1's egress value of 254
#
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 254)
#
# different input ToS to test the mapping
#
p_v4[IP].tos = 127
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 128)
p_v6[IPv6].tc = 127
rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 128)
p_v4[IP].tos = 254
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 1)
p_v6[IPv6].tc = 254
rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 1)
#
# send packets out the other interfaces to test the maps are
# correctly applied
#
p_v4[IP].dst = self.pg2.remote_ip4
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg2)
for p in rx:
self.assertEqual(p[IP].tos, 2)
p_v4[IP].dst = self.pg3.remote_ip4
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg3)
for p in rx:
self.assertEqual(p[IP].tos, 3)
p_v6[IPv6].dst = self.pg3.remote_ip6
rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg3)
for p in rx:
self.assertEqual(p[IPv6].tc, 3)
#
# remove the map on pg2 and pg3, now expect an unchanged IP tos
#
self.vapi.qos_mark_enable_disable(self.pg2.sw_if_index, QOS_SOURCE.IP,
2, 0)
self.vapi.qos_mark_enable_disable(self.pg3.sw_if_index, QOS_SOURCE.IP,
3, 0)
self.logger.info(self.vapi.cli("sh int feat pg2"))
p_v4[IP].dst = self.pg2.remote_ip4
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg2)
for p in rx:
self.assertEqual(p[IP].tos, 254)
p_v4[IP].dst = self.pg3.remote_ip4
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg3)
for p in rx:
self.assertEqual(p[IP].tos, 254)
#
# still mapping out of pg1
#
p_v4[IP].dst = self.pg1.remote_ip4
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 1)
#
# disable the input recording on pg0
#
self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
QOS_SOURCE.IP, 0)
#
# back to an unchanged TOS value
#
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
#
# disable the egress map on pg1 and pg4
#
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 0)
self.vapi.qos_mark_enable_disable(self.pg4.sw_if_index, QOS_SOURCE.IP,
4, 0)
#
# unchanged Tos on pg1
#
rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
#
# clean-up the map
#
self.vapi.qos_egress_map_delete(1)
self.vapi.qos_egress_map_delete(4)
self.vapi.qos_egress_map_delete(2)
self.vapi.qos_egress_map_delete(3)
self.vapi.qos_egress_map_delete(5)
self.vapi.qos_egress_map_delete(6)
self.vapi.qos_egress_map_delete(7)
from scapy.layers.inet import IP
# import scapy.all.Ether
# import scapy.all.IP
# import scapy.all.TCP
a = IP(ttl=10)
print(a)
print(a.src)
a.dst = "192.168.16.152"
print("Packet", a)
print("sourcse", a.src)
del a.ttl
print("Packet", a)
print("Time to live", a.ttl)
print("Packet", IP())
print(IP(proto=55) / TCP())
print(IP() / TCP())
print(Ether() / IP() / TCP())
print(Ether() / IP() / TCP() / UDP())
print(IP(_))
def test_qos_vlan(self):
"""QoS mark/record VLAN """
#
# QoS for all input values
#
output = [scapy.compat.chb(0)] * 256
for i in range(0, 255):
output[i] = scapy.compat.chb(255 - i)
os = b''.join(output)
rows = [{
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}, {
'outputs': os
}]
self.vapi.qos_egress_map_update(1, rows)
sub_if = VppDot1QSubint(self, self.pg0, 11)
sub_if.admin_up()
sub_if.config_ip4()
sub_if.resolve_arp()
sub_if.config_ip6()
sub_if.resolve_ndp()
#
# enable VLAN QoS recording/marking on the input Pg0 subinterface and
#
self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN, 1)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index, QOS_SOURCE.VLAN,
1, 1)
#
# IP marking/recording on pg1
#
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP, 1)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 1)
#
# a routes to/from sub-interface
#
route_10_0_0_1 = VppIpRoute(
self, "10.0.0.1", 32,
[VppRoutePath(sub_if.remote_ip4, sub_if.sw_if_index)])
route_10_0_0_1.add_vpp_config()
route_10_0_0_2 = VppIpRoute(
self, "10.0.0.2", 32,
[VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
route_10_0_0_2.add_vpp_config()
route_2001_1 = VppIpRoute(
self,
"2001::1",
128, [
VppRoutePath(sub_if.remote_ip6,
sub_if.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)
],
is_ip6=1)
route_2001_1.add_vpp_config()
route_2001_2 = VppIpRoute(
self,
"2001::2",
128, [
VppRoutePath(self.pg1.remote_ip6,
self.pg1.sw_if_index,
proto=DpoProto.DPO_PROTO_IP6)
],
is_ip6=1)
route_2001_2.add_vpp_config()
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=1) /
IP(src="1.1.1.1", dst="10.0.0.2", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src="1.1.1.1", dst="10.0.0.1", tos=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IP].tos, 254)
p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
Dot1Q(vlan=11, prio=2) /
IPv6(src="2001::1", dst="2001::2", tc=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IPv6(src="3001::1", dst="2001::1", tc=1) /
UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)
for p in rx:
self.assertEqual(p[Dot1Q].prio, 6)
rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)
for p in rx:
self.assertEqual(p[IPv6].tc, 253)
#
# cleanup
#
sub_if.unconfig_ip4()
sub_if.unconfig_ip6()
self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
QOS_SOURCE.VLAN, 0)
self.vapi.qos_mark_enable_disable(sub_if.sw_if_index, QOS_SOURCE.VLAN,
1, 0)
self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
QOS_SOURCE.IP, 0)
self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
1, 0)
async def run_test(dut):
tb = TB(dut)
await tb.init()
tb.log.info("test UDP RX packet")
payload = bytes([x % 256 for x in range(256)])
eth = Ether(src='5a:51:52:53:54:55', dst='02:00:00:00:00:00')
ip = IP(src='192.168.1.100', dst='192.168.1.128')
udp = UDP(sport=5678, dport=1234)
test_pkt = eth / ip / udp / payload
test_frame = GmiiFrame.from_payload(test_pkt.build())
await tb.gmii_phy.rx.send(test_frame)
tb.log.info("receive ARP request")
rx_frame = await tb.gmii_phy.tx.recv()
rx_pkt = Ether(bytes(rx_frame.get_payload()))
tb.log.info("RX packet: %s", repr(rx_pkt))
assert rx_pkt.dst == 'ff:ff:ff:ff:ff:ff'
assert rx_pkt.src == test_pkt.dst
assert rx_pkt[ARP].hwtype == 1
assert rx_pkt[ARP].ptype == 0x0800
assert rx_pkt[ARP].hwlen == 6
assert rx_pkt[ARP].plen == 4
assert rx_pkt[ARP].op == 1
assert rx_pkt[ARP].hwsrc == test_pkt.dst
assert rx_pkt[ARP].psrc == test_pkt[IP].dst
assert rx_pkt[ARP].hwdst == '00:00:00:00:00:00'
assert rx_pkt[ARP].pdst == test_pkt[IP].src
tb.log.info("send ARP response")
eth = Ether(src=test_pkt.src, dst=test_pkt.dst)
arp = ARP(hwtype=1,
ptype=0x0800,
hwlen=6,
plen=4,
op=2,
hwsrc=test_pkt.src,
psrc=test_pkt[IP].src,
hwdst=test_pkt.dst,
pdst=test_pkt[IP].dst)
resp_pkt = eth / arp
resp_frame = GmiiFrame.from_payload(resp_pkt.build())
await tb.gmii_phy.rx.send(resp_frame)
tb.log.info("receive UDP packet")
rx_frame = await tb.gmii_phy.tx.recv()
rx_pkt = Ether(bytes(rx_frame.get_payload()))
tb.log.info("RX packet: %s", repr(rx_pkt))
assert rx_pkt.dst == test_pkt.src
assert rx_pkt.src == test_pkt.dst
assert rx_pkt[IP].dst == test_pkt[IP].src
assert rx_pkt[IP].src == test_pkt[IP].dst
assert rx_pkt[UDP].dport == test_pkt[UDP].sport
assert rx_pkt[UDP].sport == test_pkt[UDP].dport
assert rx_pkt[UDP].payload == test_pkt[UDP].payload
await RisingEdge(dut.clk_125mhz)
await RisingEdge(dut.clk_125mhz)
def main():
parser = OptionParser(usage="""%prog [options] <src> <dst>
src : Source ethernet interface. Ex: eth0
dst : Destination ethernet interface. Ex: eth1
""")
parser.add_option("-c",
"--criteria",
help="""
Load balance criteria: src-mac, dst-mac, src-dst-mac,
src-ip, dst-ip, src-dst-ip,
mpls-top-sec, mpls-top, mpls-sec,
src-tcp, dst-tcp, src-dst-tcp,
src-udp, dst-udp, src-dst-udp
""",
default="src-dst-mac",
action="store",
type="string",
dest="criteria")
parser.add_option("-i",
"--interval",
help="Define packet interval in milliseconds.",
default=100,
action="store",
type="int",
dest="interval")
parser.add_option(
"-n",
"--num_packets",
help="Send specified number of packets. Default: send indefinitely.",
default=0,
action="store",
type="int",
dest="num_packets")
parser.add_option("-d",
"--debug",
help="Enable L2tester debuging.",
default=False,
action="store_true",
dest="debug")
(options, args) = parser.parse_args()
if len(args) < 2:
parser.error("must specify interfaces to use")
if options.debug:
l2tester.Logger.config_log_level(l2tester.Logger.L2T_LOG_DEBUG)
if options.criteria not in [
"dst-ip", "dst-mac", "src-dst-ip", "src-dst-mac", "src-ip",
"src-mac", "src-udp", "dst-udp", "src-dst-udp", "src-tcp",
"dst-tcp", "src-dst-tcp", "mpls-top-sec", "mpls-top", "mpls-sec"
]:
parser.error("invalid criteria '{0}'".format(options.criteria))
if_src = args[0]
if_dst = args[1]
try:
if_src_action = l2tester.Action()
if_src_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_action.seed = 10
if_src_filter = l2tester.EthernetFilter()
if_dst_action = l2tester.Action()
if_dst_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_action.seed = 10
if_dst_filter = l2tester.EthernetFilter()
if 'udp' in options.criteria:
if_src_action.mask = 0xFFFF000000000000
if_src_action.range_first = 1
if_src_action.range_last = 0x03FF # Port 1023
if_src_filter.dst_mac = '10:00:01:02:03:FF'
if_src_filter.compile()
if_src_packet = Ether(
src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
src='192.168.42.01', dst='192.168.42.02') / UDP(
sport=18, dport=50) / Raw('\0' * 100)
if_dst_action.mask = 0xFFFF000000000000
if_dst_action.range_first = 1
if_dst_action.range_last = 0x03FF # Port 1023
if_dst_filter.src_mac = '10:00:01:02:03:FF'
if_dst_filter.compile()
if_dst_packet = Ether(
src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
src='192.168.42.02', dst='192.168.42.01') / UDP(
sport=50, dport=18) / Raw('\0' * 100)
if options.criteria == 'src-dst-udp':
# Source Interface generate random source and destination UDP port
if_src_extra_action = l2tester.Action()
if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_extra_action.mask = 0xFFFF000000000000
if_src_extra_action.byte = 34 # Source UDP port
if_src_extra_action.range_first = 1
if_src_extra_action.range_last = 0x03FF # Port 1023
if_src_action.byte = 36 # Destination UDP port
if_src_action.chain_action(if_src_extra_action)
# Destination Interface generate random source and destination UDP port (but seeds are inverted)
if_dst_extra_action = l2tester.Action()
if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_extra_action.mask = 0xFFFF000000000000
if_dst_extra_action.byte = 36 # Destination UDP port
if_dst_extra_action.range_first = 1
if_dst_extra_action.range_last = 0x03FF # Port 1023
if_dst_action.byte = 34 # Source UDP port
if_dst_action.chain_action(if_dst_extra_action)
elif options.criteria == 'src-udp':
if_src_action.byte = 34
if_dst_action.byte = 36
else: # options.criteria == 'dst-udp':
if_src_action.byte = 36
if_dst_action.byte = 34
if 'tcp' in options.criteria:
if_src_action.mask = 0xFFFF000000000000
if_src_action.range_first = 1
if_src_action.range_last = 0x03FF # Port 1023
if_src_filter.dst_mac = '10:00:01:02:03:FF'
if_src_filter.compile()
if_src_packet = Ether(
src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
src='192.168.42.01', dst='192.168.42.02') / TCP(
sport=21, dport=57) / Raw('\0' * 100)
if_dst_action.mask = 0xFFFF000000000000
if_dst_action.range_first = 1
if_dst_action.range_last = 0x03FF # Port 1023
if_dst_filter.src_mac = '10:00:01:02:03:FF'
if_dst_filter.compile()
if_dst_packet = Ether(
src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
src='192.168.42.02', dst='192.168.42.01') / TCP(
sport=57, dport=21) / Raw('\0' * 100)
if options.criteria == 'src-dst-tcp':
# Source Interface generate random source and destination UDP port
if_src_extra_action = l2tester.Action()
if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_extra_action.mask = 0xFFFF000000000000
if_src_extra_action.byte = 34 # Source TCP port
if_src_extra_action.range_first = 1
if_src_extra_action.range_last = 0x03FF # Port 1023
if_src_action.byte = 36 # Destination TCP port
if_src_action.chain_action(if_src_extra_action)
# Destination Interface generate random source and destination TCP port (but seeds are inverted)
if_dst_extra_action = l2tester.Action()
if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_extra_action.mask = 0xFFFF000000000000
if_dst_extra_action.byte = 36 # Destination TCP port
if_dst_extra_action.range_first = 1
if_dst_extra_action.range_last = 0x03FF # Port 1023
if_dst_action.byte = 34 # Source TCP port
if_dst_action.chain_action(if_dst_extra_action)
elif options.criteria == 'src-tcp':
if_src_action.byte = 34
if_dst_action.byte = 36
else: # options.criteria == 'dst-tcp'
if_src_action.byte = 36
if_dst_action.byte = 34
if 'ip' in options.criteria:
checksum_action = l2tester.Action()
checksum_action.byte = 24
checksum_action.type = l2tester.Action.ACTION_IPV4_CHECKSUM
if_src_action.mask = 0xFFFFFFFF00000000
if_src_action.range_first = 1
if_src_action.range_last = 0xE0000000 # Create random IPs smaller than first multicast 224.0.0.0
if_src_filter.dst_mac = '10:00:01:02:03:FF'
if_src_filter.compile()
if_src_packet = Ether(
src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
src='192.168.42.01', dst='192.168.42.02') / Raw('\0' * 100)
if_dst_action.mask = 0xFFFFFFFF00000000
if_dst_action.range_first = 1
if_dst_action.range_last = 0xE0000000 # Create random IPs smaller than first multicast 224.0.0.0
if_dst_filter.src_mac = '10:00:01:02:03:FF'
if_dst_filter.compile()
if_dst_packet = Ether(
src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
src='192.168.42.02', dst='192.168.42.01') / Raw('\0' * 100)
if options.criteria == 'src-dst-ip':
# Source Interface generate random source and destination IP
if_src_extra_action = l2tester.Action()
if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_extra_action.mask = 0xFFFFFFFF00000000
if_src_extra_action.byte = 26 # Source IP
if_src_extra_action.range_first = 1
if_src_extra_action.range_last = 0xE0000000 # Create random IPs smaller than first multicast 224.0.0.0
if_src_extra_action.chain_action(checksum_action)
if_src_action.byte = 30 # Destination IP
if_src_action.chain_action(if_src_extra_action)
# Destination Interface generate random source and destination IP (but seeds are inverted)
if_dst_extra_action = l2tester.Action()
if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_extra_action.mask = 0xFFFFFFFF00000000
if_dst_extra_action.byte = 30 # Destination IP
if_dst_extra_action.range_first = 1
if_dst_extra_action.range_last = 0xE0000000 # Create random IPs smaller than first multicast 224.0.0.0
if_dst_extra_action.chain_action(checksum_action)
if_dst_action.byte = 26 # Source IP
if_dst_action.chain_action(if_dst_extra_action)
else:
# For single IP, chain action directly to checksum.
if_src_action.chain_action(checksum_action)
if_dst_action.chain_action(checksum_action)
if options.criteria == 'dst-ip':
if_src_action.byte = 30 # Destination IP
if_dst_action.byte = 26 # Source IP
elif options.criteria == 'src-ip':
if_src_action.byte = 26 # Source IP
if_dst_action.byte = 30 # Destination IP
if 'mpls' in options.criteria:
if_src_action.mask = 0xFFFFF00000000000
if_src_action.range_first = 16 # Labels 0 to 15 are reserved.
if_src_action.range_last = 0xFFFFF #Last valid label (2^20 - 1).
if_src_filter.dst_mac = '10:00:01:02:03:FF'
if_src_filter.compile()
if_src_packet = Ether(
src='10:00:01:02:03:04',
dst='10:00:01:02:03:FF') / MPLS(s=0) / MPLS() / IP(
src='192.168.42.01', dst='192.168.42.02') / ICMP() / Raw(
'\0' * 100)
if_dst_action.mask = 0xFFFFF00000000000
if_dst_action.range_first = 0x10 # Labels 0 to 15 are reserved.
if_dst_action.range_last = 0xFFFFF # Last valid label (2^20 - 1).
if_dst_filter.src_mac = '10:00:01:02:03:FF'
if_dst_filter.compile()
if_dst_packet = Ether(
src='10:00:01:02:03:FF',
dst='10:00:01:02:03:04') / MPLS(s=0) / MPLS() / IP(
src='192.168.42.02', dst='192.168.42.01') / ICMP() / Raw(
'\0' * 100)
if options.criteria == 'mpls-top-sec':
# Source Interface generates random MPLS top and second labels
if_src_extra_action = l2tester.Action()
if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_extra_action.mask = 0xFFFFF00000000000
if_src_extra_action.byte = 14 # Top label
if_src_extra_action.range_first = 0x10 # Labels 0 to 15 are reserved.
if_src_extra_action.range_last = 0xFFFFF # Last valid label (2^20 - 1).
if_src_action.byte = 18 # Second label
if_src_action.chain_action(if_src_extra_action)
# Destination Interface generates random MPLS top and second labels
if_dst_extra_action = l2tester.Action()
if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_extra_action.mask = 0xFFFFF00000000000
if_dst_extra_action.byte = 14 # Top label
if_dst_extra_action.range_first = 0x10 # Labels 0 to 15 are reserved.
if_dst_extra_action.range_last = 0xFFFFF # Last valid label (2^20 - 1).
if_dst_action.byte = 18 # Second label
if_dst_action.chain_action(if_dst_extra_action)
elif options.criteria == 'mpls-top':
if_src_action.byte = 14
if_dst_action.byte = 14
else: # options.criteria == 'mpls-sec':
if_src_action.byte = 18
if_dst_action.byte = 18
if 'mac' in options.criteria:
if_src_action.mask = 0xFEFFFFFFFFFF0000
if_src_filter.outer_tpid = 0x5010
if_src_filter.compile()
if_src_packet = Ether(src='10:00:01:02:03:01',
dst='10:00:01:02:03:02',
type=0x5010) / Raw('\0' * 100)
if_dst_action.mask = 0xFEFFFFFFFFFF0000
if_dst_filter.outer_tpid = 0x5011
if_dst_filter.compile()
if_dst_packet = Ether(src='10:00:01:02:03:02',
dst='10:00:01:02:03:01',
type=0x5011) / Raw('\0' * 100)
if options.criteria == 'src-dst-mac':
# Source Interface generate random source and destination MAC
if_src_extra_action = l2tester.Action()
if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_src_extra_action.mask = 0xFEFFFFFFFFFF0000
if_src_extra_action.byte = 6 # Source MAC
if_src_action.byte = 0 # Destination MAC
if_src_action.chain_action(if_src_extra_action)
# Destination Interface generate random source and destination MAC (but seeds are inverted)
if_dst_extra_action = l2tester.Action()
if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
if_dst_extra_action.mask = 0xFEFFFFFFFFFF0000
if_dst_extra_action.byte = 0 # Destination MAC
if_dst_action.byte = 6 # Source MAC
if_dst_action.chain_action(if_dst_extra_action)
elif options.criteria == 'dst-mac':
if_src_action.byte = 0 # Destination MAC
if_dst_action.byte = 6 # Source MAC
else: # options.criteria == 'src-mac'
if_src_action.byte = 6 # Destination MAC
if_dst_action.byte = 0 # Source MAC
src_to_dst_monitor = l2tester.TrafficFlow_Monitor(
if_src, if_dst, str(if_src_packet), options.interval,
if_src_action, if_src_filter)
if options.num_packets:
# Limited Mode
try:
sys.stdout.write("Learning MACs... ")
dst_to_src_monitor = l2tester.TrafficFlow_Monitor(
if_dst, if_src, str(if_dst_packet), options.interval,
if_dst_action, if_dst_filter)
dst_to_src_monitor.run(
options.num_packets if 'mac' in options.criteria else 1
) #Send more than one packet on the other direction only if criteria is by MAC
check_monitor_errors(dst_to_src_monitor)
sys.stdout.write("OK!\n")
sys.stdout.write("Sending random stream... ")
src_to_dst_monitor.run(options.num_packets)
check_monitor_errors(src_to_dst_monitor)
sys.stdout.write("OK!\n")
except Exception as e:
sys.stdout.write(str(e) + "\n")
return
else:
# Unlimited Mode
# Inverted stream is defined as simple sender (and not as monitor) because it will operate concurrently with monitored stream.
dst_to_src_sender = l2tester.Sender(if_dst, str(if_dst_packet))
dst_to_src_sender.set_action(if_dst_action)
dst_to_src_sender.manual_bandwidth(1, 1000000 * options.interval)
dst_to_src_sender.start()
print """
===============================================================================
Timestamp (ms) | Delta (ms) | Event
-------------------------------------------------------------------------------"""
last_event_ms = 0
src_to_dst_monitor.start()
while True:
try:
event = src_to_dst_monitor.iterate_event(0, True, 1000)
if event:
print " {0:>16} | {1:>16} | {2}".format(
event.timestamp_ms,
event.timestamp_ms - last_event_ms,
l2tester.TrafficFlow_Event.type_to_str(event.type))
last_event_ms = event.timestamp_ms
if event.type == l2tester.TrafficFlow_Event.TEST_FINISHED:
break
except KeyboardInterrupt:
src_to_dst_monitor.stop()
dst_to_src_sender.stop()
stats = l2tester.TrafficFlow_Statistics()
src_to_dst_monitor.get_statistics(stats)
print """
===============================================================================
Traffic Interruption
Total : {0} ms
Intervals : {1}
Loop Detection
Total : {2} ms
Intervals : {3}
Packets
Sent : {4}
Received : {5}
Dropped : {6}
{7}
===============================================================================
""".format(stats.traffic_interruption_ms, stats.traffic_interruption_intervals,
stats.loop_detected_ms, stats.loop_detected_intervals,
stats.sent_packets, stats.received_packets, stats.dropped_packets,
" ** MONITOR ABORTED **" if stats.error_detected else "")
except Exception as e:
print e
def test_uu_fwd(self):
""" UU Flood """
#
# Create a single bridge Domain
#
self.vapi.bridge_domain_add_del(bd_id=1, uu_flood=1)
#
# add each interface to the BD. 3 interfaces per split horizon group
#
for i in self.pg_interfaces[0:4]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
shg=0)
#
# an unknown unicast and broadcast packets
#
p_uu = (Ether(dst="00:00:00:c1:5c:00", src="00:00:de:ad:be:ef") /
IP(src="10.10.10.10", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
p_bm = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:de:ad:be:ef") /
IP(src="10.10.10.10", dst="1.1.1.1") /
UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
#
# input on pg0, expected copies on pg1->4
#
self.pg0.add_stream(p_uu * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:4]:
rx0 = i.get_capture(65, timeout=1)
self.pg0.add_stream(p_bm * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:4]:
rx0 = i.get_capture(65, timeout=1)
#
# use pg8 as the uu-fwd interface
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg8.sw_if_index,
bd_id=1,
shg=0,
port_type=L2_PORT_TYPE.UU_FWD)
#
# expect the UU packet on the uu-fwd interface and not be flooded
#
self.pg0.add_stream(p_uu * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx0 = self.pg8.get_capture(65, timeout=1)
for i in self.pg_interfaces[0:4]:
i.assert_nothing_captured(remark="UU not flooded")
self.pg0.add_stream(p_bm * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:4]:
rx0 = i.get_capture(65, timeout=1)
#
# remove the uu-fwd interface and expect UU to be flooded again
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg8.sw_if_index,
bd_id=1,
shg=0,
port_type=L2_PORT_TYPE.UU_FWD,
enable=0)
self.pg0.add_stream(p_uu * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
for i in self.pg_interfaces[1:4]:
rx0 = i.get_capture(65, timeout=1)
#
# change the BD config to not support UU-flood
#
self.vapi.bridge_flags(bd_id=1, is_set=0, flags=BRIDGE_FLAGS.UU_FLOOD)
self.send_and_assert_no_replies(self.pg0, p_uu)
#
# re-add the uu-fwd interface
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg8.sw_if_index,
bd_id=1,
shg=0,
port_type=L2_PORT_TYPE.UU_FWD)
self.logger.info(self.vapi.cli("sh bridge 1 detail"))
self.pg0.add_stream(p_uu * 65)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
rx0 = self.pg8.get_capture(65, timeout=1)
for i in self.pg_interfaces[0:4]:
i.assert_nothing_captured(remark="UU not flooded")
#
# remove the uu-fwd interface
#
self.vapi.sw_interface_set_l2_bridge(
rx_sw_if_index=self.pg8.sw_if_index,
bd_id=1,
shg=0,
port_type=L2_PORT_TYPE.UU_FWD,
enable=0)
self.send_and_assert_no_replies(self.pg0, p_uu)
#
# cleanup
#
for i in self.pg_interfaces[:4]:
self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
bd_id=1,
enable=0)
self.vapi.bridge_domain_add_del(bd_id=1, is_add=0)
def create_stream(self, mac_type, ip_type, packet_count,
src_if, dst_if, traffic, is_ip6, tags=PERMIT_TAGS):
# exact MAC and exact IP
# exact MAC and subnet of IPs
# exact MAC and wildcard IP
# wildcard MAC and exact IP
# wildcard MAC and subnet of IPs
# wildcard MAC and wildcard IP
# OUI restricted MAC and exact IP
# OUI restricted MAC and subnet of IPs
# OUI restricted MAC and wildcard IP
packets = []
macip_rules = []
acl_rules = []
ip_permit = ""
mac_permit = ""
dst_mac = ""
mac_rule = "00:00:00:00:00:00"
mac_mask = "00:00:00:00:00:00"
for p in range(0, packet_count):
remote_dst_index = p % len(dst_if.remote_hosts)
remote_dst_host = dst_if.remote_hosts[remote_dst_index]
dst_port = 1234 + p
src_port = 4321 + p
is_permit = self.PERMIT if p % 3 == 0 else self.DENY
denyMAC = True if not is_permit and p % 3 == 1 else False
denyIP = True if not is_permit and p % 3 == 2 else False
if not is_permit and ip_type == self.WILD_IP:
denyMAC = True
if not is_permit and mac_type == self.WILD_MAC:
denyIP = True
if traffic == self.BRIDGED:
if is_permit:
src_mac = remote_dst_host._mac
dst_mac = 'de:ad:00:00:00:00'
src_ip4 = remote_dst_host.ip4
dst_ip4 = src_if.remote_ip4
src_ip6 = remote_dst_host.ip6
dst_ip6 = src_if.remote_ip6
ip_permit = src_ip6 if is_ip6 else src_ip4
mac_permit = src_mac
if denyMAC:
mac = src_mac.split(':')
mac[0] = format(int(mac[0], 16)+1, "02x")
src_mac = ":".join(mac)
if is_ip6:
src_ip6 = ip_permit
else:
src_ip4 = ip_permit
if denyIP:
if ip_type != self.WILD_IP:
src_mac = mac_permit
src_ip4 = remote_dst_host.ip4
dst_ip4 = src_if.remote_ip4
src_ip6 = remote_dst_host.ip6
dst_ip6 = src_if.remote_ip6
else:
if is_permit:
src_mac = remote_dst_host._mac
dst_mac = src_if.local_mac
src_ip4 = src_if.remote_ip4
dst_ip4 = remote_dst_host.ip4
src_ip6 = src_if.remote_ip6
dst_ip6 = remote_dst_host.ip6
ip_permit = src_ip6 if is_ip6 else src_ip4
mac_permit = src_mac
if denyMAC:
mac = src_mac.split(':')
mac[0] = format(int(mac[0], 16) + 1, "02x")
src_mac = ":".join(mac)
if is_ip6:
src_ip6 = ip_permit
else:
src_ip4 = ip_permit
if denyIP:
src_mac = remote_dst_host._mac
if ip_type != self.WILD_IP:
src_mac = mac_permit
src_ip4 = remote_dst_host.ip4
dst_ip4 = src_if.remote_ip4
src_ip6 = remote_dst_host.ip6
dst_ip6 = src_if.remote_ip6
if is_permit:
info = self.create_packet_info(src_if, dst_if)
payload = self.info_to_payload(info)
else:
payload = "to be blocked"
if mac_type == self.WILD_MAC:
mac = src_mac.split(':')
for i in range(1, 5):
mac[i] = format(random.randint(0, 255), "02x")
src_mac = ":".join(mac)
# create packet
packet = Ether(src=src_mac, dst=dst_mac)
ip_rule = src_ip6 if is_ip6 else src_ip4
if is_ip6:
if ip_type != self.EXACT_IP:
sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
if ip_type == self.WILD_IP:
sub_ip[0] = random.randint(240, 254)
sub_ip[1] = random.randint(230, 239)
sub_ip[14] = random.randint(100, 199)
sub_ip[15] = random.randint(200, 255)
elif ip_type == self.SUBNET_IP:
if denyIP:
sub_ip[2] = str(int(sub_ip[2]) + 1)
sub_ip[14] = random.randint(100, 199)
sub_ip[15] = random.randint(200, 255)
src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
packet /= IPv6(src=src_ip6, dst=dst_ip6)
else:
if ip_type != self.EXACT_IP:
sub_ip = ip_rule.split('.')
if ip_type == self.WILD_IP:
sub_ip[0] = str(random.randint(1, 49))
sub_ip[1] = str(random.randint(50, 99))
sub_ip[2] = str(random.randint(100, 199))
sub_ip[3] = str(random.randint(200, 255))
elif ip_type == self.SUBNET_IP:
if denyIP:
sub_ip[1] = str(int(sub_ip[1])+1)
sub_ip[2] = str(random.randint(100, 199))
sub_ip[3] = str(random.randint(200, 255))
src_ip4 = ".".join(sub_ip)
packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)
packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)
packet[Raw].load += " mac:"+src_mac
size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
if isinstance(src_if, VppSubInterface):
size = size + 4
if isinstance(src_if, VppDot1QSubint):
if src_if is self.subifs[0]:
if tags == self.PERMIT_TAGS:
packet = src_if.add_dot1q_layer(packet, 10)
else:
packet = src_if.add_dot1q_layer(packet, 11)
else:
if tags == self.PERMIT_TAGS:
packet = src_if.add_dot1q_layer(packet, 30)
else:
packet = src_if.add_dot1q_layer(packet, 33)
elif isinstance(src_if, VppDot1ADSubint):
if src_if is self.subifs[1]:
if tags == self.PERMIT_TAGS:
packet = src_if.add_dot1ad_layer(packet, 300, 400)
else:
packet = src_if.add_dot1ad_layer(packet, 333, 444)
else:
if tags == self.PERMIT_TAGS:
packet = src_if.add_dot1ad_layer(packet, 600, 700)
else:
packet = src_if.add_dot1ad_layer(packet, 666, 777)
self.extend_packet(packet, size)
packets.append(packet)
# create suitable MACIP rule
if mac_type == self.EXACT_MAC:
mac_rule = src_mac
mac_mask = "ff:ff:ff:ff:ff:ff"
elif mac_type == self.WILD_MAC:
mac_rule = "00:00:00:00:00:00"
mac_mask = "00:00:00:00:00:00"
elif mac_type == self.OUI_MAC:
mac = src_mac.split(':')
mac[3] = mac[4] = mac[5] = '00'
mac_rule = ":".join(mac)
mac_mask = "ff:ff:ff:00:00:00"
if is_ip6:
if ip_type == self.WILD_IP:
ip = "0::0"
else:
ip = src_ip6
if ip_type == self.SUBNET_IP:
sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
for i in range(8, 16):
sub_ip[i] = 0
ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
else:
if ip_type == self.WILD_IP:
ip = "0.0.0.0"
else:
ip = src_ip4
if ip_type == self.SUBNET_IP:
sub_ip = ip.split('.')
sub_ip[2] = sub_ip[3] = '0'
ip = ".".join(sub_ip)
prefix_len = 128 if is_ip6 else 32
if ip_type == self.WILD_IP:
prefix_len = 0
elif ip_type == self.SUBNET_IP:
prefix_len = 64 if is_ip6 else 16
ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)
# create suitable ACL rule
if is_permit:
rule_l4_sport = packet[UDP].sport
rule_l4_dport = packet[UDP].dport
rule_family = AF_INET6 if packet.haslayer(IPv6) else AF_INET
rule_prefix_len = 128 if packet.haslayer(IPv6) else 32
rule_l3_layer = IPv6 if packet.haslayer(IPv6) else IP
if packet.haslayer(IPv6):
rule_l4_proto = packet[UDP].overload_fields[IPv6]['nh']
else:
rule_l4_proto = packet[IP].proto
acl_rule = {
'is_permit': is_permit,
'is_ipv6': is_ip6,
'src_ip_addr': inet_pton(rule_family,
packet[rule_l3_layer].src),
'src_ip_prefix_len': rule_prefix_len,
'dst_ip_addr': inet_pton(rule_family,
packet[rule_l3_layer].dst),
'dst_ip_prefix_len': rule_prefix_len,
'srcport_or_icmptype_first': rule_l4_sport,
'srcport_or_icmptype_last': rule_l4_sport,
'dstport_or_icmpcode_first': rule_l4_dport,
'dstport_or_icmpcode_last': rule_l4_dport,
'proto': rule_l4_proto}
acl_rules.append(acl_rule)
if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
continue
if is_permit:
macip_rule = ({
'is_permit': is_permit,
'is_ipv6': is_ip6,
'src_ip_addr': ip_rule,
'src_ip_prefix_len': prefix_len,
'src_mac': mac_rule.replace(':', '').decode('hex'),
'src_mac_mask': mac_mask.replace(':', '').decode('hex')})
macip_rules.append(macip_rule)
# deny all other packets
if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
macip_rule = ({'is_permit': 0,
'is_ipv6': is_ip6,
'src_ip_addr': "",
'src_ip_prefix_len': 0,
'src_mac': "",
'src_mac_mask': ""})
macip_rules.append(macip_rule)
acl_rule = {'is_permit': 0,
'is_ipv6': is_ip6}
acl_rules.append(acl_rule)
return {'stream': packets,
'macip_rules': macip_rules,
'acl_rules': acl_rules}
# print(f"---> IP address discovered: {res[0].payload.pdst}")
#
# # DISCOVER HOSTS ON NETWORKING USING ICMP PING
# # print("\n\n----- Discovery hosts on network using ICMP ping ---------------------")
# # ans, unans = scapy.sr(IP(dst="192.168.254.1-254")/ICMP(), timeout=1)
# # ans.summary()
# TCP PORT SCAN
print("\n\n----- See what ports are open on a device --------------------")
while True:
ip = input("IP address on which to scan ports: ")
if not ip:
print("\n----- Ending port scanning")
break
# answers, unans = scapy.sr(IP(dst="192.168.254.254")/TCP(flags="S", sport=666, dport=[22, 80, 21, 443]), timeout=1)
answers, unans = scapy.sr(IP(dst=ip) /
TCP(flags="S", sport=666, dport=(1, 1024)),
timeout=10)
for answered in answers:
print(f"---> open port: {answered[0].summary()}")
print()
for un_answered in unans:
print(f"---> closed port: {un_answered[0].summary()}")
print("\n----- Open/Closed port totals --------------------")
print(f"\tOpen ports: {len(answers)}")
print(f"\tClosed ports: {len(unans)}")
def getIPv4Flow(self, id):
return (IP(dst="90.0.%u.%u" % (id / 255, id % 255),
src="40.0.%u.%u" % (id / 255, id % 255)) /
UDP(sport=10000 + id, dport=20000 + id))
def create_stream(self,
src_ip_if,
dst_ip_if,
reverse,
packet_sizes,
is_ip6,
expect_blocked,
expect_established,
add_extension_header,
icmp_stateful=False):
pkts = []
rules = []
permit_rules = []
permit_and_reflect_rules = []
total_packet_count = 8
for i in range(0, total_packet_count):
modulo = (i // 2) % 2
icmp_type_delta = i % 2
icmp_code = i
is_udp_packet = (modulo == 0)
if is_udp_packet and icmp_stateful:
continue
is_reflectable_icmp = (icmp_stateful and icmp_type_delta == 0
and not is_udp_packet)
is_reflected_icmp = is_reflectable_icmp and expect_established
can_reflect_this_packet = is_udp_packet or is_reflectable_icmp
is_permit = i % 2
remote_dst_index = i % len(dst_ip_if.remote_hosts)
remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
if is_permit == 1:
info = self.create_packet_info(src_ip_if, dst_ip_if)
payload = self.info_to_payload(info)
else:
to_be_blocked = False
if (expect_blocked and not expect_established):
to_be_blocked = True
if (not can_reflect_this_packet):
to_be_blocked = True
if to_be_blocked:
payload = "to be blocked"
else:
info = self.create_packet_info(src_ip_if, dst_ip_if)
payload = self.info_to_payload(info)
if reverse:
dst_mac = 'de:ad:00:00:00:00'
src_mac = remote_dst_host._mac
dst_ip6 = src_ip_if.remote_ip6
src_ip6 = remote_dst_host.ip6
dst_ip4 = src_ip_if.remote_ip4
src_ip4 = remote_dst_host.ip4
dst_l4 = 1234 + i
src_l4 = 4321 + i
else:
dst_mac = src_ip_if.local_mac
src_mac = src_ip_if.remote_mac
src_ip6 = src_ip_if.remote_ip6
dst_ip6 = remote_dst_host.ip6
src_ip4 = src_ip_if.remote_ip4
dst_ip4 = remote_dst_host.ip4
src_l4 = 1234 + i
dst_l4 = 4321 + i
if is_reflected_icmp:
icmp_type_delta = 1
# default ULP should be something we do not use in tests
ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
# potentially a chain of protocols leading to ULP
ulp = ulp_l4
if is_udp_packet:
if is_ip6:
ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
if add_extension_header:
# prepend some extension headers
ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
# uncomment below to test invalid ones
# ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
else:
ulp = ulp_l4
p = (Ether(dst=dst_mac, src=src_mac) /
IPv6(src=src_ip6, dst=dst_ip6) / ulp / Raw(payload))
else:
ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
# IPv4 does not allow extension headers,
# but we rather make it a first fragment
flags = 1 if add_extension_header else 0
ulp = ulp_l4
p = (Ether(dst=dst_mac, src=src_mac) /
IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
ulp / Raw(payload))
elif modulo == 1:
if is_ip6:
ulp_l4 = ICMPv6Unknown(type=128 + icmp_type_delta,
code=icmp_code)
ulp = ulp_l4
p = (Ether(dst=dst_mac, src=src_mac) /
IPv6(src=src_ip6, dst=dst_ip6) / ulp / Raw(payload))
else:
ulp_l4 = ICMP(type=8 - 8 * icmp_type_delta, code=icmp_code)
ulp = ulp_l4
p = (Ether(dst=dst_mac, src=src_mac) /
IP(src=src_ip4, dst=dst_ip4) / ulp / Raw(payload))
if i % 2 == 1:
info.data = p.copy()
size = packet_sizes[(i // 2) % len(packet_sizes)]
self.extend_packet(p, size)
pkts.append(p)
rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
rule_prefix_len = 128 if p.haslayer(IPv6) else 32
rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP
if p.haslayer(UDP):
rule_l4_sport = p[UDP].sport
rule_l4_dport = p[UDP].dport
else:
if p.haslayer(ICMP):
rule_l4_sport = p[ICMP].type
rule_l4_dport = p[ICMP].code
else:
rule_l4_sport = p[ICMPv6Unknown].type
rule_l4_dport = p[ICMPv6Unknown].code
if p.haslayer(IPv6):
rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
else:
rule_l4_proto = p[IP].proto
new_rule = {
'is_permit': is_permit,
'is_ipv6': p.haslayer(IPv6),
'src_ip_addr': inet_pton(rule_family, p[rule_l3_layer].src),
'src_ip_prefix_len': rule_prefix_len,
'dst_ip_addr': inet_pton(rule_family, p[rule_l3_layer].dst),
'dst_ip_prefix_len': rule_prefix_len,
'srcport_or_icmptype_first': rule_l4_sport,
'srcport_or_icmptype_last': rule_l4_sport,
'dstport_or_icmpcode_first': rule_l4_dport,
'dstport_or_icmpcode_last': rule_l4_dport,
'proto': rule_l4_proto,
}
rules.append(new_rule)
new_rule_permit = new_rule.copy()
new_rule_permit['is_permit'] = 1
permit_rules.append(new_rule_permit)
new_rule_permit_and_reflect = new_rule.copy()
if can_reflect_this_packet:
new_rule_permit_and_reflect['is_permit'] = 2
else:
new_rule_permit_and_reflect['is_permit'] = is_permit
permit_and_reflect_rules.append(new_rule_permit_and_reflect)
self.logger.info("create_stream pkt#%d: %s" % (i, payload))
return {
'stream': pkts,
'rules': rules,
'permit_rules': permit_rules,
'permit_and_reflect_rules': permit_and_reflect_rules
}
