def encap_mcast(self, pkt, src_ip, src_mac, vni): """ Encapsulate the original payload frame by adding VXLAN header with its UDP, IP and Ethernet fields """ return (Ether(src=src_mac, dst=self.mcast_mac) / IPv6(src=src_ip, dst=self.mcast_ip6) / UDP(sport=self.dport, dport=self.dport, chksum=0) / VXLAN(vni=vni, flags=self.flags) / pkt)
def encapsulate(self, pkt, vni): """ Encapsulate the original payload frame by adding VXLAN header with its UDP, IP and Ethernet fields """ return (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IPv6(src=self.pg0.remote_ip6, dst=self.pg0.local_ip6) / UDP(sport=self.dport, dport=self.dport, chksum=0) / VXLAN(vni=vni, flags=self.flags) / pkt)
def test_encap(self): """ Packet Tracer Filter Test with encap """ # the packet we are trying to match p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / UDP() / VXLAN() / Ether() / IP() / UDP() / GENEVE(vni=1234) / Ether() / IP(src='192.168.4.167') / UDP() / Raw('\xa5' * 100)) # # compute filter mask & value # we compute it by XOR'ing a template packet with a modified packet # we need to set checksums to 0 to make sure scapy will not recompute # them # tmpl = (Ether() / IP(chksum=0) / UDP(chksum=0) / VXLAN() / Ether() / IP(chksum=0) / UDP(chksum=0) / GENEVE(vni=0) / Ether() / IP(src='0.0.0.0', chksum=0)) ori = raw(tmpl) # the mask tmpl[GENEVE].vni = 0xffffff user = tmpl[GENEVE].payload user[IP].src = '255.255.255.255' new = raw(tmpl) mask = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) # this does not match (wrong vni) tmpl[GENEVE].vni = 1 user = tmpl[GENEVE].payload user[IP].src = '192.168.4.167' new = raw(tmpl) match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) self.assert_classify(mask, match, [p] * 11, 0) # this must match tmpl[GENEVE].vni = 1234 new = raw(tmpl) match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) self.assert_classify(mask, match, [p] * 17)
def test_mask__mask_has_problem_with_conditional_fields(self): pkt = VXLAN(flags=0x80, gpflags=0x23, gpid=0x1234, vni=0x1337) mask_pkt = Mask(pkt) mask_pkt.set_do_not_care_packet(VXLAN, "gpid") assert mask_pkt.mask == [ 255, 255, 0, 0, 255, 255, 255, 255, ], "Only gpid field should be masked"
from scapy.layers.inet import IP, UDP, TCP, Ether from scapy.layers.vxlan import VXLAN from scapy.all import * from typing import Generator # ---------------------------------------------------------------- # Build 6 packets. # ---------------------------------------------------------------- packets: Packet = Ether() / IP() / VXLAN() / UDP() packets.ttl = (10, 12) # TTL from 10 to 12. packets.dport = [80, 453] # Destination port 80 and 453. print(f"Number of packets: {len(list(packets)):d}") packet: Packet for packet in packets: print(packet.sprintf("%IP.src%:%IP.sport% > %IP.dst%:%IP.dport%")) if TCP in packet: print("This packet has a TCP packet") if UDP in packet: print("This packet has a UDP packet") print("") # ---------------------------------------------------------------- # Print the description of the first packet. # ---------------------------------------------------------------- p: Packet = list(packets)[0] p.show() # ---------------------------------------------------------------- # Build packets: condensed notation
def main(): """Send packet from one traffic generator interface to the other.""" args = TrafficScriptArg([ u"tg_if1_mac", u"dut_if1_mac", u"flow_type", u"proto", ], [u"src_ip", u"dst_ip", u"src_port", u"dst_port", u"value"]) tx_if = args.get_arg(u"tx_if") tx_src_mac = args.get_arg(u"tg_if1_mac") tx_dst_mac = args.get_arg(u"dut_if1_mac") flow_type = args.get_arg(u"flow_type") proto = args.get_arg(u"proto") src = args.get_arg(u"src_ip") dst = args.get_arg(u"dst_ip") sport = eval(args.get_arg(u"src_port")) dport = eval(args.get_arg(u"dst_port")) value = eval(args.get_arg(u"value")) txq = TxQueue(tx_if) if flow_type == u"IP4": pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) / IP(src=src, dst=dst)) elif flow_type == u"IP6": pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) / IPv6(src=src, dst=dst)) elif flow_type == u"ETHER": pkt_raw = Ether(src=tx_src_mac, dst=tx_dst_mac) else: raise ValueError(f"Flow type error: {flow_type}") if proto == u"TCP": pkt_raw /= TCP(sport=sport, dport=dport) elif proto == u"UDP": pkt_raw /= UDP(sport=sport, dport=dport) elif proto == u"AH": pkt_raw /= AH(spi=value) elif proto == u"ESP": pkt_raw /= ESP(spi=value) elif proto == u"GTPU": pkt_raw /= (UDP() / GTP_U_Header(teid=value) / IP(src=u"192.168.10.20")) elif proto == u"L2TPV3": value_hex = hex(value).replace('0x', (8 - len(hex(value)) + 2) * '0') session_id = binascii.a2b_hex(value_hex) pkt_raw.proto = 115 pkt_raw /= Raw(session_id) elif proto == u"VXLAN": pkt_raw /= (UDP() / VXLAN(vni=value)) elif proto == u"ARP": pkt_raw.type = value pkt_raw /= ARP() else: raise ValueError(f"Flow proto error: {proto}") pkt_raw /= Raw() txq.send(pkt_raw) sys.exit(0)