def test_acl_priority_other_a2(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt2_cfg["capture"][0], self.pkt2_cfg["capture"][1], \
self.pkt2_cfg["capture"][2], self.pkt2_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg["send"][1], self.pkt2_cfg["send"][2]
read_name, read_id = self.pkt2_cfg["read"][0], self.pkt2_cfg["read"][1]
# 下发配置并检查结果
for key in self.case2_step:
fun.cmd(self.case2_step[key][0], 'gw')
re = fun.cmd(self.case2_step[key][1], 'gw')
assert self.case2_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在,drop生效,报文应该不存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap not in pcap_file
def test_selabel_category_cipso_icmp_type8(self):
# 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg["send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
# fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt1_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
def test_selabel_cipso_mode_BIBA(self):
# 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg[
"send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_name, read_id = self.pkt3_cfg["read"][0], self.pkt3_cfg["read"][1]
read_cmd = fun.pkt_read(read_name, read_id)
print(read_cmd)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt3_cfg["expect"][0]
assert exp == read_re
def test_selabel_category_cipso_icmp_type8(self):
#下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
#服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][
0], self.pkt1_cfg['capture'][1], self.pkt1_cfg['capture'][
2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
#发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
def test_report_acl_labelPassPac_count_protocol_ICMP(self):
# 开启acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step1:
print('ip:',baseinfo.gwManageIp)
re = fun.cmd(self.case3_step1[key][0],'gw')
print('re:',re)
assert self.case3_step1[key][1] in re
# 下发acl策略并检查结果-----查询失败问题待调查
fun.send(Exc_rmb, message.AddAclPolicy_labelPassPac['AddAclPolicy'], domain_rmb, base_path)
# for key in self.case3_step2:
# print('ip:',baseinfo.gwManageIp)
# re = fun.cmd(self.case3_step2[key][0],'gw',thread=1)
# print('key:',self.case3_step2[key][0])
# print('re:',re)
# assert self.case3_step2[key][1] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 客户端发送正常请求报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg["send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c',thread=1)
print('tcpreplay命令发送成功')
# jsac.agentjsac.info.log文件查看命中统计数
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step1'][0], '检查拒绝数', 300, flag='存在')
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step2'][0], '检查拒绝数', 300, flag='存在')
for key in self.case3_step3:
re = fun.cmd(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1 ",'gw')
print('re:', re)
assert self.case3_step3['step1'][0] in re
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
print('pcap_file:',pcap_file)
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_3))
print('step wait')
# 关闭acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step4:
re = fun.cmd(self.case3_step4[key][0], 'gw')
print('re:', re)
assert self.case3_step4[key][1] in re
# 移除掉acl策略并检查结果
fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'], domain_rmb, base_path)
def test_selabel_category_cipso_scp_upload(self):
# 下发配置并检查结果
# for key in self.case1_step:
# fun.cmd(self.case1_step[key][0],'gw')
# re = fun.cmd(self.case1_step[key][1],'gw')
# assert self.case1_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 创建文件
fun.cmd(f"dd if=/dev/zero of=/opt/pkt/{txt} bs=1M count=100", 'c')
fun.wait_data(f"ls /opt/pkt/ |grep txt",
'c',
self.pkt2_cfg['txt'][0],
'检查服务端文件是否创建成功',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 'c')
assert txt in pcap_file
print('客户端创建文件成功')
# 发送文件
c_scp, c_dip = self.pkt1_cfg["scp"][0], self.pkt1_cfg["scp"][1]
scp_cmd = fun.pkt_scp(c_scp, c_dip)
print('scp_cmd:', scp_cmd)
fun.cmd(scp_cmd, 'c', thread=1)
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap",
's',
self.pkt1_cfg['capture'][3],
'检查服务端抓包结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
# 检查文件是否存在
fun.wait_data(f"ls /opt/pkt/ | grep txt",
's',
self.pkt1_cfg['txt'][0],
'检查文件结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 's')
assert txt in pcap_file
print('scp上传文件成功')
def test_acl_priority_quintet_same_a1(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][
0], self.pkt1_cfg["capture"][1], self.pkt1_cfg["capture"][
2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
#切换卡面为0,下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# # 切换卡面为1,下发配置并检查结果
# fun.cmd('export cardid=1', 'gw')
# for key in self.case1_step2:
# fun.cmd(self.case1_step2[key][0], 'gw')
# card1 = fun.cmd(self.case1_step2[key][1], 'gw')
# assert self.case1_step2[key][2] in card1
# 服务端抓取报文
# pcap_cmd = f'tcpdump -i {cap_iface} -w /opt/pkt/{cap_pcap} host {cap_filter}'
# print(pcap_cmd)
# fun.cmd(pcap_cmd,'s',thread=1)
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# #c从远程服务器读取文件
# pkt_read = fun.read(f'/opt/pkt/{cap_pcap}','read','r','','s')
# print(pkt_read) #b为二进制读取,后面的字符串为读取的内容
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
print(read_cmd)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_selabel_category_cipso_scp_download(self):
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt2_cfg['capture'][0], self.pkt2_cfg['capture'][1], \
self.pkt2_cfg['capture'][2], self.pkt2_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 创建文件
fun.cmd(f"dd if=/dev/zero of={txt} bs=1M count=100", 's')
fun.wait_data(f"ls /opt/pkt/ |grep txt",
's',
self.pkt2_cfg['txt'][0],
'检查服务端文件是否创建成功',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 's')
assert txt in pcap_file
print('服务端创建文件成功')
# 下载文件
scp_cmd = f"sshpass -p {info.serverPwd} scp -P 22 root@{info.serverIp}:/opt/pkt/{txt} /home/"
print('scp_cmd:', scp_cmd)
fun.cmd(scp_cmd, 'c', thread=1)
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap",
's',
self.pkt2_cfg['capture'][3],
'检查服务端抓包结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_2))
# 检查文件是否存在
fun.wait_data(f"ls /opt/pkt/ | grep txt",
'c',
self.pkt2_cfg['txt'][0],
'检查文件结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 'c')
assert txt in pcap_file
print('scp下载文件成功')
def test_acl_old_a1(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
# 下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd: ', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
print('cap_pcap: ', cap_pcap)
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
print('exp: ', exp)
assert exp == read_re
print('等待60s的老化时间')
time.sleep(70)
# 下发配置并检查结果
for key in self.case1_step1:
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] not in re
def test_ddos_sameSipDip_syn_flood(self):
# 下发配置并检查结果
fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb,
base_path)
for key in self.case1_step:
re0 = fun.cmd(self.case1_step[key][0], 'gw')
assert self.case1_step[key][2] in re0
for key in self.case1_step:
re1 = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re1
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 服务端开启http服务
fun.cmd(f"python2.7 -m SimpleHTTPServer {port_d}", 's', thread=1)
# 客户端发送攻击命令
fun.cmd(
f"hping3 -I {ciface} -a {pcap_dip} -S {pcap_dip} -p {port_attack} -i u1000",
'c',
thread=1)
fun_result = fun.cmd('ps -ef | grep hping3', 'c')
print(fun_result)
#检查hping3命令是否发送成功
assert self.pkt1_cfg["hping3"][0] in fun_result
print('hping3攻击命令下发成功')
# if self.pkt1_cfg["hping3"][0] in fun_result:
# print('hping3攻击命令下发成功')
# else:
# print('!!!hping3攻击命令下发失败!!!')
# exit()
# 客户端发送http请求
fun.cmd(f"curl http://{pcap_dip}:{port_d}", 'c', thread=1)
time.sleep(5)
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
def test_acl_compare_selabel_a1(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
#下发配置并检查结果
fun.cmd('export cardid=0&&defconf --action drop', 'gw')
fun.cmd('export cardid=1&&defconf --action drop', 'gw')
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
# 还原配置,防止抓不到包,断言失败,无法恢复环境
fun.cmd('export cardid=0&&defconf --action forward', 'gw')
fun.cmd('export cardid=1&&defconf --action forward', 'gw')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_a1(self):
#清空环境
for i in self.clr_env:
print(i)
dd = fun.cmd(i, 'gw_c', self.mac)
print(dd)
#设置初始环境
cap_iface, cap_filter, cap_num, cap_pcap = self.pre_env["capture"][
0], self.pre_env["capture"][1], self.pre_env["capture"][
2], self.pre_env["capture"][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 'gw_c', thread=1)
print('step wait')
time.sleep(3)
#下发配置并检查结果
for key in self.case_step:
fun.cmd(self.case_step[key][0], 'gw_c')
re = fun.cmd(self.case_step[key][1], 'gw_c')
assert self.case_step[key][2] in re
#发送报文
c_iface, c_num, c_pcap = self.pkt_cfg["send"][0], self.pkt_cfg["send"][
1], self.pkt_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'gw_s')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 'gw_c')
assert cap_pcap in pcap_file
#读包
read_name, read_id = self.pkt_cfg["read"][0], self.pkt_cfg["read"][1]
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 'gw_c')
print(read_re)
#获取期望结果
exp = self.pkt_cfg["expect"][0]
assert exp in read_re
def test_acl_category_0(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
# 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print("sniff_cmd: ", pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
print('read_cmd: {}'.format(read_cmd))
read_re = fun.cmd(read_cmd, 's')
print('read_re: '.format(read_re))
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
print('期望值为: {}'.format(exp))
assert exp == read_re
def test_selabel_cipso_mode_BIBA(self):
# 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg[
"send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
# fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_3))
# 读包
read_name, read_id = self.pkt3_cfg["read"][0], self.pkt3_cfg["read"][1]
read_cmd = fun.pkt_read(read_name, read_id)
print('read_cmd:', read_cmd)
read_re = fun.cmd(read_cmd, 's')
print('read_re:', read_re)
# 获取期望结果
exp = self.pkt3_cfg["expect"][0]
assert exp == read_re
def test_acl_priority_quintet_same_a3(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg["capture"][
0], self.pkt3_cfg["capture"][1], self.pkt3_cfg["capture"][
2], self.pkt3_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg[
"send"][1], self.pkt3_cfg["send"][2]
read_name, read_id = self.pkt3_cfg["read"][0], self.pkt3_cfg["read"][1]
# 切换卡面为0,下发配置并检查结果
for key in self.case3_step1:
fun.cmd(self.case3_step1[key][0], 'gw')
re = fun.cmd(self.case3_step1[key][1], 'gw')
assert self.case3_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt3_cfg["expect"][0]
assert exp == read_re
def test_vxlan_acl_category_ff0f(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt8_cfg["capture"][0], self.pkt8_cfg["capture"][1], \
self.pkt8_cfg["capture"][2], self.pkt8_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt8_cfg["send"][0], self.pkt8_cfg[
"send"][1], self.pkt8_cfg["send"][2]
read_name, read_id = self.pkt8_cfg["read"][0], self.pkt8_cfg["read"][1]
# 下发配置并检查结果
for key in self.case8_step:
fun.cmd(self.case8_step[key][0], 'gw')
re = fun.cmd(self.case8_step[key][1], 'gw')
assert self.case8_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.vxlan_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt8_cfg["expect"][0]
assert exp == read_re
def test_mss_a1(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap1, cap_pcap2 = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3], self.pkt1_cfg["capture"][4]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name1, read_name2, read_id = self.pkt1_cfg["read"][
0], self.pkt1_cfg["read"][1], self.pkt1_cfg["read"][2]
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap1)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap1 in pcap_file
# 读包
read_cmd = fun.mss_read(read_name1, read_id)
read_re1 = fun.cmd(read_cmd, 's')
print(read_re1)
# 获取期望结果
exp1 = self.pkt1_cfg["expect1"][0]
assert exp1 == read_re1
# 下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap2)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap2 in pcap_file
# 读包
read_cmd = fun.mss_read(read_name2, read_id)
read_re2 = fun.cmd(read_cmd, 's')
print(read_re2)
# 获取期望结果
exp2 = self.pkt1_cfg["expect2"][0]
assert exp2 == read_re2
# 清空还原环境
for key in self.case1_step2:
fun.cmd(self.case1_step2[key][0], 'gw')
re = fun.cmd(self.case1_step2[key][1], 'gw')
assert self.case1_step2[key][2] in re
def test_acl_drop_a1(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap1, cap_pcap2, cap_pcap3 = self.pkt1_cfg["capture"][0], \
self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], \
self.pkt1_cfg["capture"][3], \
self.pkt1_cfg['capture'][4], \
self.pkt1_cfg['capture'][5]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg["send"][1], self.pkt1_cfg["send"][2]
read_name1, read_name2, read_name3, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1], \
self.pkt1_cfg['read'][2], self.pkt1_cfg['read'][3]
# 下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 服务端抓取报文
pre_cfg1 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap1)
print(pre_cfg1)
fun.cmd(pre_cfg1, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap1)
assert cap_pcap1 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name1, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
# 再次下发配置并检查结果
for key in self.case1_step2:
fun.cmd(self.case1_step2[key][0], 'gw')
re = fun.cmd(self.case1_step2[key][1], 'gw')
assert self.case1_step2[key][2] in re
pre_cfg2 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap2)
print(pre_cfg2)
fun.cmd(pre_cfg2, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap2)
assert cap_pcap2 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name2, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
# 再次下发配置并检查结果
for key in self.case1_step3:
fun.cmd(self.case1_step3[key][0], 'gw')
re = fun.cmd(self.case1_step3[key][1], 'gw')
assert self.case1_step3[key][2] in re
pre_cfg3 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap3)
print(pre_cfg3)
fun.cmd(pre_cfg3, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap3)
assert cap_pcap3 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name3, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re