def test_match_tcp_generators():
assert MatchTcpFlags.match_ack() == MatchTcpFlags(
TcpFlags(ack=True), useAck=True)
assert MatchTcpFlags.match_rst() == MatchTcpFlags(
TcpFlags(rst=True), useRst=True)
assert len(MatchTcpFlags.match_established()) == 2
assert MatchTcpFlags.match_established() == [MatchTcpFlags.match_ack(),
MatchTcpFlags.match_rst()]
def test_header_constraints_serialization():
hc = HeaderConstraints()
hcd = hc.dict()
fields = set(map(attrgetter("name"), attr.fields(HeaderConstraints))) - {
"firewallClassifications"
} | {"flowStates"}
for field in fields:
assert hcd[field] is None
hc = HeaderConstraints(srcIps="1.1.1.1")
assert hc.dict()["srcIps"] == "1.1.1.1"
hc = HeaderConstraints(dstPorts=["10-20", "33-33"])
assert hc.dict()["dstPorts"] == "10-20,33-33"
hc = HeaderConstraints(dstPorts="10-20,33")
assert hc.dict()["dstPorts"] == "10-20,33"
for dp in [10, "10", [10], ["10"]]:
hc = HeaderConstraints(dstPorts=dp)
assert hc.dict()["dstPorts"] == "10"
hc = HeaderConstraints(applications="dns,ssh")
assert hc.dict()["applications"] == ["dns", "ssh"]
hc = HeaderConstraints(applications=["dns", "ssh"])
assert hc.dict()["applications"] == ["dns", "ssh"]
hc = HeaderConstraints(ipProtocols=" , dns,")
assert hc.dict()["ipProtocols"] == ["dns"]
hc = HeaderConstraints(ipProtocols=["tcp", "udp"])
assert hc.dict()["ipProtocols"] == ["tcp", "udp"]
match_syn = MatchTcpFlags(tcpFlags=TcpFlags(syn=True), useSyn=True)
hc1 = HeaderConstraints(tcpFlags=match_syn)
hc2 = HeaderConstraints(tcpFlags=[match_syn])
assert hc1.dict() == hc2.dict()
with pytest.raises(ValueError):
HeaderConstraints(applications="")
def test_header_constraints_of():
hc = HeaderConstraints.of(
Flow(
ipProtocol='ICMP',
icmpCode=7,
srcIp="1.1.1.1",
dstIp="2.2.2.2",
dscp=0,
dstPort=0,
srcPort=0,
ecn=0,
fragmentOffset=0,
icmpVar=0,
ingressInterface='',
ingressNode='',
ingressVrf='',
packetLength=0,
state='new',
tag='tag',
tcpFlagsAck=0,
tcpFlagsCwr=0,
tcpFlagsEce=0,
tcpFlagsFin=0,
tcpFlagsPsh=0,
tcpFlagsRst=0,
tcpFlagsSyn=0,
tcpFlagsUrg=0,
))
assert hc.srcIps == "1.1.1.1"
assert hc.dstIps == "2.2.2.2"
assert hc.ipProtocols == ['ICMP']
assert hc.icmpCodes == '7'
assert hc.srcPorts is None
assert hc.dstPorts is None
assert hc.tcpFlags is None
hc = HeaderConstraints.of(
Flow(
ipProtocol='TCP',
srcPort=1000,
dstPort=2000,
tcpFlagsAck=True,
srcIp="1.1.1.1",
dstIp="2.2.2.2",
dscp=0,
ecn=0,
fragmentOffset=0,
icmpCode=0,
icmpVar=0,
ingressInterface='',
ingressNode='',
ingressVrf='',
packetLength=0,
state='new',
tag='tag',
tcpFlagsCwr=0,
tcpFlagsEce=0,
tcpFlagsFin=0,
tcpFlagsPsh=0,
tcpFlagsRst=0,
tcpFlagsSyn=0,
tcpFlagsUrg=0,
))
assert hc.srcIps == "1.1.1.1"
assert hc.dstIps == "2.2.2.2"
assert hc.ipProtocols == ['TCP']
assert hc.icmpCodes is None
assert hc.icmpTypes is None
assert hc.srcPorts == '1000'
assert hc.dstPorts == '2000'
assert hc.tcpFlags == [
MatchTcpFlags(
TcpFlags(ack=True),
useAck=True,
useCwr=True,
useEce=True,
useFin=True,
usePsh=True,
useRst=True,
useSyn=True,
useUrg=True,
)
]
def test_match_tcp_generators():
assert MatchTcpFlags.match_ack() == MatchTcpFlags(TcpFlags(ack=True),
useAck=True)
assert MatchTcpFlags.match_rst() == MatchTcpFlags(TcpFlags(rst=True),
useRst=True)
assert MatchTcpFlags.match_syn() == MatchTcpFlags(TcpFlags(syn=True),
useSyn=True)
assert MatchTcpFlags.match_synack() == MatchTcpFlags(TcpFlags(ack=True,
syn=True),
useAck=True,
useSyn=True)
assert len(MatchTcpFlags.match_established()) == 2
assert MatchTcpFlags.match_established() == [
MatchTcpFlags.match_ack(),
MatchTcpFlags.match_rst(),
]
assert MatchTcpFlags.match_not_established() == [
MatchTcpFlags(useAck=True,
useRst=True,
tcpFlags=TcpFlags(ack=False, rst=False))
]
