def write_handshake(self):
self.tcp_handshake = True
self.write_packets((
self.client_ip_base / TCP(
sport=self.client_port,
dport=self.server_port,
seq=self.client_seq-1,
flags="S"
),
self.server_ip_base / TCP(
sport=self.server_port,
dport=self.client_port,
seq=self.server_seq-1,
ack=self.client_seq,
flags="SA"
),
self.client_ip_base / TCP(
sport=self.client_port,
dport=self.server_port,
seq=self.client_seq,
ack=self.server_seq,
flags="A"
)
))
def test_iacl_proto_tcp_dport(self):
"""IP6 TCP destination port iACL test
Test scenario for basic protocol ACL with TCP and dport
- Create IPv6 stream for pg0 -> pg1 interface.
- Create iACL with TCP IP protocol and defined dport.
- Send and verify received packets on pg1 interface.
"""
# Basic iACL testing with TCP and dport
dport = 427
pkts = self.create_stream(self.pg0, self.pg1, self.pg_if_packet_sizes,
TCP(sport=1234, dport=dport))
self.pg0.add_stream(pkts)
key = "nh_tcp_dport"
self.create_classify_table(
key, self.build_ip6_mask(nh="ff", dst_port="ffff"))
self.create_classify_session(
self.acl_tbl_idx.get(key),
self.build_ip6_match(nh=socket.IPPROTO_TCP, dst_port=dport),
)
self.input_acl_set_interface(self.pg0, self.acl_tbl_idx.get(key))
self.acl_active_table = key
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
pkts = self.pg1.get_capture(len(pkts))
self.verify_capture(self.pg1, pkts, TCP)
self.pg0.assert_nothing_captured(remark="packets forwarded")
self.pg2.assert_nothing_captured(remark="packets forwarded")
def server(self, data: bytes):
if not self.tcp_handshake:
self.write_handshake()
seq = self.server_seq
self.server_seq = (seq + len(data)) & 0xff_ff_ff_ff
self.write_packets((
self.server_ip_base / TCP(
sport=self.server_port,
dport=self.client_port,
seq=seq,
ack=self.client_seq,
flags="A") / data,
self.client_ip_base / TCP (
sport=self.client_port,
dport=self.server_port,
seq=self.client_seq,
ack=self.server_seq,
flags="A"
)
))
