def encap_mcast(self, pkt, src_ip, src_mac, vni):
"""
Encapsulate the original payload frame by adding VXLAN header with its
UDP, IP and Ethernet fields
"""
return (Ether(src=src_mac, dst=self.mcast_mac) /
IPv6(src=src_ip, dst=self.mcast_ip6) /
UDP(sport=self.dport, dport=self.dport, chksum=0) /
VXLAN(vni=vni, flags=self.flags) / pkt)
def encapsulate(self, pkt, vni):
"""
Encapsulate the original payload frame by adding VXLAN header with its
UDP, IP and Ethernet fields
"""
return (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) /
UDP(sport=self.dport, dport=self.dport, chksum=0) /
VXLAN(vni=vni, flags=self.flags) / pkt)
def test_encap(self):
""" Packet Tracer Filter Test with encap """
# the packet we are trying to match
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / UDP() /
VXLAN() / Ether() / IP() / UDP() / GENEVE(vni=1234) / Ether() /
IP(src='192.168.4.167') / UDP() / Raw('\xa5' * 100))
#
# compute filter mask & value
# we compute it by XOR'ing a template packet with a modified packet
# we need to set checksums to 0 to make sure scapy will not recompute
# them
#
tmpl = (Ether() / IP(chksum=0) / UDP(chksum=0) / VXLAN() / Ether() /
IP(chksum=0) / UDP(chksum=0) / GENEVE(vni=0) / Ether() /
IP(src='0.0.0.0', chksum=0))
ori = raw(tmpl)
# the mask
tmpl[GENEVE].vni = 0xffffff
user = tmpl[GENEVE].payload
user[IP].src = '255.255.255.255'
new = raw(tmpl)
mask = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new)))
# this does not match (wrong vni)
tmpl[GENEVE].vni = 1
user = tmpl[GENEVE].payload
user[IP].src = '192.168.4.167'
new = raw(tmpl)
match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new)))
self.assert_classify(mask, match, [p] * 11, 0)
# this must match
tmpl[GENEVE].vni = 1234
new = raw(tmpl)
match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new)))
self.assert_classify(mask, match, [p] * 17)
def test_mask__mask_has_problem_with_conditional_fields(self):
pkt = VXLAN(flags=0x80, gpflags=0x23, gpid=0x1234, vni=0x1337)
mask_pkt = Mask(pkt)
mask_pkt.set_do_not_care_packet(VXLAN, "gpid")
assert mask_pkt.mask == [
255,
255,
0,
0,
255,
255,
255,
255,
], "Only gpid field should be masked"
from scapy.layers.inet import IP, UDP, TCP, Ether
from scapy.layers.vxlan import VXLAN
from scapy.all import *
from typing import Generator
# ----------------------------------------------------------------
# Build 6 packets.
# ----------------------------------------------------------------
packets: Packet = Ether() / IP() / VXLAN() / UDP()
packets.ttl = (10, 12) # TTL from 10 to 12.
packets.dport = [80, 453] # Destination port 80 and 453.
print(f"Number of packets: {len(list(packets)):d}")
packet: Packet
for packet in packets:
print(packet.sprintf("%IP.src%:%IP.sport% > %IP.dst%:%IP.dport%"))
if TCP in packet:
print("This packet has a TCP packet")
if UDP in packet:
print("This packet has a UDP packet")
print("")
# ----------------------------------------------------------------
# Print the description of the first packet.
# ----------------------------------------------------------------
p: Packet = list(packets)[0]
p.show()
# ----------------------------------------------------------------
# Build packets: condensed notation
def main():
"""Send packet from one traffic generator interface to the other."""
args = TrafficScriptArg([
u"tg_if1_mac",
u"dut_if1_mac",
u"flow_type",
u"proto",
], [u"src_ip", u"dst_ip", u"src_port", u"dst_port", u"value"])
tx_if = args.get_arg(u"tx_if")
tx_src_mac = args.get_arg(u"tg_if1_mac")
tx_dst_mac = args.get_arg(u"dut_if1_mac")
flow_type = args.get_arg(u"flow_type")
proto = args.get_arg(u"proto")
src = args.get_arg(u"src_ip")
dst = args.get_arg(u"dst_ip")
sport = eval(args.get_arg(u"src_port"))
dport = eval(args.get_arg(u"dst_port"))
value = eval(args.get_arg(u"value"))
txq = TxQueue(tx_if)
if flow_type == u"IP4":
pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) /
IP(src=src, dst=dst))
elif flow_type == u"IP6":
pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) /
IPv6(src=src, dst=dst))
elif flow_type == u"ETHER":
pkt_raw = Ether(src=tx_src_mac, dst=tx_dst_mac)
else:
raise ValueError(f"Flow type error: {flow_type}")
if proto == u"TCP":
pkt_raw /= TCP(sport=sport, dport=dport)
elif proto == u"UDP":
pkt_raw /= UDP(sport=sport, dport=dport)
elif proto == u"AH":
pkt_raw /= AH(spi=value)
elif proto == u"ESP":
pkt_raw /= ESP(spi=value)
elif proto == u"GTPU":
pkt_raw /= (UDP() / GTP_U_Header(teid=value) /
IP(src=u"192.168.10.20"))
elif proto == u"L2TPV3":
value_hex = hex(value).replace('0x', (8 - len(hex(value)) + 2) * '0')
session_id = binascii.a2b_hex(value_hex)
pkt_raw.proto = 115
pkt_raw /= Raw(session_id)
elif proto == u"VXLAN":
pkt_raw /= (UDP() / VXLAN(vni=value))
elif proto == u"ARP":
pkt_raw.type = value
pkt_raw /= ARP()
else:
raise ValueError(f"Flow proto error: {proto}")
pkt_raw /= Raw()
txq.send(pkt_raw)
sys.exit(0)