def start(self):
# save thread
# https://stackoverflow.com/questions/49492550/start-another-process-in-background-and-capture-output-in-python
# https://stackoverflow.com/questions/16768290/understanding-popen-communicate
# https://stackoverflow.com/questions/375427/non-blocking-read-on-a-subprocess-pipe-in-python
params = {
key: value["value"]
for key, value in self._dict["parameters"].items()
}
args = self._dict["properties"]["argstring"]["value"] % params
args = args.split()
self.cmd = [self._dict["properties"]["path"]["value"]] + args
log.info("Executing: %s" % ' '.join(self.cmd))
with netns.NetNS(nsname=LG_NS):
self._p = subprocess.Popen(['stdbuf', '-o0'] + self.cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
bufsize=1,
close_fds=True)
self._q = Queue()
self._tout = Process(target=enqueue_output,
args=(self._p.stdout, self._q))
self._tout.daemon = True # thread dies with the program
self._tout.start()
self._terr = Process(target=enqueue_output,
args=(self._p.stderr, self._q))
self._terr.daemon = True # thread dies with the program
self._terr.start()
def router_ports_querry(router_id):
with netns.NetNS(nsname=router_id):
prerouting = iptc.easy.dump_chain('nat',
'custom-PREROUTING',
ipv6=False)
postrouting = iptc.easy.dump_chain('nat',
'custom-POSTROUTING',
ipv6=False)
server_nat_ports = {}
mapping_ports = {}
router_nat_ports = []
# list vm_port which vm opened (vms)
for rule in postrouting:
dst = rule['dst'][:-3]
if dst in server_nat_ports:
server_nat_ports[dst].append(rule['tcp']['dport'])
else:
server_nat_ports[dst] = []
server_nat_ports[dst].append(rule['tcp']['dport'])
for rule in prerouting:
src = rule['target']['DNAT']['to-destination']
dport = rule['tcp']['dport']
# the port which router opened (vmy)
router_nat_ports.append(dport)
# mapping the vm_port_opened with router_port_opened
mapping_ports[src] = dport
return server_nat_ports, mapping_ports, router_nat_ports
def run_config_api_thread(self):
nspid = self.pid
with netns.NetNS(nspid=nspid):
api = ConfigAPI(self.name, self)
kwargs = {"host": "::", "port": 80}
api_thread = Thread(target=api.run, kwargs=kwargs)
api_thread.daemon = True
api_thread.start()
def handle_request(self, request: HttpParser) -> None:
nspid = self.nspid
with netns.NetNS(nspid=nspid):
with socket_connection(self.upstream) as conn:
conn.send(request.build())
data = conn.recv(DEFAULT_BUFFER_SIZE)
while (data):
self.client.queue(memoryview(data))
data = conn.recv(DEFAULT_BUFFER_SIZE)
def test_Dhcp_Discover_Decline(do_assert = True):
ns = "br1"
global evpn
mac = helper.randomMAC()
results = helper.parse_dhcp_pool_show(evpn)
print("\n")
if len(results['Available IP addresses']):
ip = results['Available IP addresses'][0]
print("\tFound Free IP %s" % ip)
else:
print("\\tNo Free IP available")
if do_assert:
assert(0)
with netns.NetNS(nsname=ns):
#from scapy.all import *
conf.iface = ns+"-veth0"
#conf.iface = "veth1"
conf.verb = 0
fam,hw = get_if_raw_hwaddr(conf.iface)
global dhcp_server_ip
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\
IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\
UDP(sport=68,dport=67)/\
BOOTP(yiaddr=ip, chaddr=hw)/\
DHCP(options=[("message-type", 'discover'),("server_id",\
dhcp_server_ip), "end"])
print pkt.command()
sendp(pkt, iface=conf.iface)
print("\tSent DHCP Discover for IP %s" % ip)
time.sleep(1)
results = helper.parse_dhcp_pool_show(evpn)
if (not helper.array_value_exits(results['Allocated IP addresses'], ip)):
print("\tIP %s did not get allocated" % ip)
if do_assert:
assert(0)
else:
print("\tIP %s did get allocated" % ip)
global dhcp_server_ip
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\
IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\
UDP(sport=68,dport=67)/\
BOOTP(chaddr=hw)/\
DHCP(options=[("message-type", 'decline'),("server_id", \
dhcp_server_ip), "end"])
sendp(pkt, iface=conf.iface)
time.sleep(1)
results = helper.parse_dhcp_pool_show(evpn)
if (not helper.array_value_exits(results['Declined IP addresses'], ip)):
print("\tIP %s did not get Declined" % ip)
if do_assert:
assert(0)
return False
else:
print("\tIP %s did get Declined" % ip)
return True
def add_pat(server_ip, router_id, server_port, router_port, gateway):
with netns.NetNS(nsname=router_id):
nat = iptc.Table(iptc.Table.NAT)
prerouting_chain = iptc.Chain(nat, "custom-PREROUTING")
postrouting_chain = iptc.Chain(nat, "custom-POSTROUTING")
prerouting_rule, postrouting_rule = NatAgent.__agent__.create_rules(
server_ip, server_port, router_port, gateway)
prerouting_chain.insert_rule(prerouting_rule)
postrouting_chain.insert_rule(postrouting_rule)
nat.close()
nat._cache.clear()
def get_ip_route():
cmd = 'ip route show'
try:
if LG_NS_MODE:
with netns.NetNS(nsname=LG_NS):
result = subprocess.check_output(cmd.split())
else:
result = subprocess.check_output(cmd.split())
except Exception:
log.exception("Exception while getting IP route")
return ""
return result.decode()
def get_ip_config():
try:
cmd = 'ip address show'
if LG_NS_MODE:
with netns.NetNS(nsname=LG_NS):
result = subprocess.check_output(cmd.split())
else:
result = subprocess.check_output(cmd.split())
except Exception:
log.exception("Exception while getting IP config")
return ""
return result.decode()
def get_ss():
cmd = 'ss -ntulp'
try:
if LG_NS_MODE:
with netns.NetNS(nsname=LG_NS):
result = subprocess.check_output(cmd.split())
else:
result = subprocess.check_output(cmd.split())
except Exception:
log.exception("Exception while getting netstat")
return ""
return result.decode()
def check_namespace(_ns_):
try:
with netns.NetNS(nsname=_ns_):
nat = iptc.Table(iptc.Table.NAT)
check_custom_prerouting = next(
(i for i in nat.chains if i.name == 'custom-PREROUTING'),
None)
check_custom_postrouting = next(
(i for i in nat.chains if i.name == 'custom-POSTROUTING'),
None)
if check_custom_prerouting is None:
print('custom-prerouting false')
#nat.create_chain('custom-PREROUTING')
else:
print('custom-pre true')
if check_custom_postrouting is None:
print('custom-post-routing false')
#nat.create_chain('custom-POSTROUTING')
else:
print('custom-pos true')
pre_chain = iptc.Chain(iptc.Table(iptc.Table.NAT),
"PREROUTING")
post_chain = iptc.Chain(iptc.Table(iptc.Table.NAT),
"POSTROUTING")
check_prerouting = next(
(i for i in pre_chain.rules
if i.target.name == 'custom-PREROUTING'), None)
check_postrouting = next(
(i for i in post_chain.rules
if i.target.name == 'custom-POSTROUTING'), None)
if check_prerouting is None:
print('check prerouting jump false')
#rule_goto = { 'target': {'goto': 'custom-PREROUTING'}}
#iptc.easy.insert_rule('nat','PREROUTING',rule_goto)
else:
print('check prerouting jump true')
if check_postrouting is None:
print('check postrouting jump false')
#rule_goto = { 'target': {'goto': 'custom-POSTROUTING'}}
#iptc.easy.insert_rule('nat','POSTROUTING',rule_goto)
else:
print('check postrouting jump true')
nat.close()
nat._cache.clear()
except Exception as e:
print(e)
def learn_ip(ip, count):
ns = "br2"
with netns.NetNS(nsname=ns):
#from scapy.all import *
conf.iface = "br2-veth0"
conf.verb=0
conf.loglevel=error
pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\
ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc=ip, pdst=ip,
hwsrc='01:02:03:04:05:06', op=2)
while(count > 1):
sendp(pkt)
count = count -1
"""
def send_rcv(ns, pkt, cnt=5, loop=True):
ans = []
with netns.NetNS(nsname=ns):
#subprocess.call(['ip', 'a'])
conf.verb = 0
conf.iface = ns + "-veth0"
conf.iface6 = ns + "-veth0"
logging.debug("%s, pkt: %s, cnt:%d" %
(conf.iface, pkt.command(), cnt))
if loop:
ans, u = srploop(pkt, iface=conf.iface, timeout=5, count=cnt)
else:
ans, u = srp(pkt, iface=conf.iface, timeout=5)
return ans
def test_Dhcp_Alloc():
thread = Thread(target=listen)
thread.start()
print("\n")
ns = "br1"
global ovs
alloc_list = {}
for i in range(0, 2):
#mac = brs[ns+'-veth1']['vports'][i]
mac = helper.randomMAC()
results = helper.parse_dhcp_pool_show(evpn)
if len(results['Available IP addresses']):
ip = results['Available IP addresses'][0]
print("found Free IP %s" % ip)
else:
print("no Free IP available")
assert(0)
print mac
e = evpns[brs[ns+'-veth1']['evpn']]['properties']
with netns.NetNS(nsname=ns):
conf.iface = ns+"-veth0"
conf.verb = 0
fam,hw = get_if_raw_hwaddr(conf.iface)
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\
IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\
UDP(sport=68,dport=67)/\
BOOTP(yiaddr=ip, chaddr=RandString(12, "0123456789abcdef"))/\
DHCP(options=[("message-type", 'discover'),
("requested_addr", ip),
("server_id", e['gw_ip']),
"end"])
print pkt.command()
a, u = srp(pkt, iface=conf.iface)
print("\tSent DHCP Discover for IP %s" % ip)
print a
print u
time.sleep(1)
results = helper.parse_dhcp_pool_show(evpn)
if (not helper.array_value_exits(results['Allocated IP addresses'], ip)):
print("\tIP %s did not get allocated" % ip)
assert(0)
else:
print("\tIP %s did get allocated" % ip)
alloc_list[ip] = mac
print alloc_list
"""
def send_grat_arp(ns, ip):
#ns = "br2"
#print "****learn_ip "+ip
cnt = 0
with netns.NetNS(nsname=ns):
#subprocess.call(['ip', 'a'])
#print conf
conf.iface = ns + "-veth0"
pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\
ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc=ip, pdst=ip,\
hwsrc=randomMAC(), op=2)
while (True):
#print "\nsending ..."+str(cnt)
sendp(pkt)
time.sleep(1)
cnt = cnt + 1
def learn_ip(ns, ip):
from scapy.all import *
#ns = "br2"
print "****learn_ip " + ip
cnt = 0
with netns.NetNS(nsname=ns):
subprocess.call(['ip', 'a'])
print conf
conf.iface = ns + "-veth0"
pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\
ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc='1.1.1.15', pdst='1.1.1.15',\
hwsrc=randomMAC(), op=2)
while (True):
print "\nsending ..." + str(cnt)
sendp(pkt)
time.sleep(4)
cnt = cnt + 1
def iptables_raw(table, chain=""):
if ' ' in table or (chain and ' ' in chain):
logging.error('Spaces not allowed in table or chain name')
return []
if chain:
chain = chain + " --line-numbers"
cmd = 'iptables -t %s -L %s -v -n' % (table, chain)
try:
if LG_NS_MODE:
with netns.NetNS(nsname=LG_NS):
rules = subprocess.check_output(cmd.split())
else:
rules = subprocess.check_output(cmd.split())
except Exception:
log.exception("Exception while executing iptables")
return b""
return rules
def send_dhcp_request(ns, mac, gw_ip, req_ip):
loging.info("sending dhcp req MAC: %s" % mac)
macraw = mac.replace(':', '').decode('hex')
with netns.NetNS(nsname=ns):
conf.iface = ns + "-veth0"
conf.verb = 0
fam, hw = get_if_raw_hwaddr(conf.iface)
pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\
IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\
UDP(sport=68,dport=67)/\
BOOTP(yiaddr=req_ip, chaddr=macraw)/\
DHCP(options=[("message-type", 'request'),
("requested_addr", req_ip),
("server_id", gw_ip),
"end"])
logging.debug("pkt: %s" % pkt.command())
sendp(pkt, iface=conf.iface)
looging.info("\tSent DHCP Request for IP (%s)%s"\
% (ns+'-veth0', req_ip))
def send_pkt_sniff(ns, pkt, cnt=5, loop=True, sniff_filter=''):
ans = []
if len(sniff_filter):
logging.debug(sniff_filter)
conf.verb = 3
with netns.NetNS(nsname=ns):
#subprocess.call(['ip', 'a'])
conf.iface = ns + "-veth0"
conf.iface6 = ns + "-veth0"
logging.debug("%s, pkt: %s, cnt:%d" %
(conf.iface, pkt.command(), cnt))
if loop:
ans, u = srploop(pkt, iface=conf.iface, timeout=5, count=cnt)
logging.debug(ans.summary())
logging.debug(u.summary())
else:
sendp(pkt, iface=conf.iface)
if len(sniff_filter):
ans = sniff(iface=conf.iface,
timeout=5,
filter=sniff_filter)
return ans
def lg_exec(*args):
cmd = [os.path.join(
get_script_path(),
"lg-server",
"bin",
args[0],
)] + list(args[1:])
my_env = {**os.environ.copy(), **py_env}
try:
if LG_NS_MODE:
with netns.NetNS(nsname=LG_NS):
output = subprocess.check_output(cmd,
env=my_env,
stderr=subprocess.STDOUT)
else:
output = subprocess.check_output(cmd,
env=my_env,
stderr=subprocess.STDOUT)
except subprocess.CalledProcessError as e:
log.exception("Exception while running command: %s" % ' '.join(args))
log.error(e.output.decode())
return b""
return output
import iptc
import netns
from random import randint
with netns.NetNS(nsname='qrouter-03b72092-e8bb-473e-b671-e1dce6c4b73d'):
prerouting_chain = iptc.Chain(iptc.Table(iptc.Table.NAT),
"custom-PREROUTING")
old_rule = iptc.Rule()
old_rule.protocol = "tcp"
match = iptc.Match(old_rule, "tcp")
match.dport = '4022'
target = old_rule.create_target("DNAT")
target.to_destination = '192.168.20.220:22'
old_rule.add_match(match)
old_rule.target = target
prerouting_chain.insert_rule(old_rule)
postrouting_chain = iptc.Chain(iptc.Table(iptc.Table.NAT),
"custom-POSTROUTING")
new_rule = iptc.Rule()
new_rule.protocol = "tcp"
new_rule.dst = '192.168.20.220'
match = iptc.Match(new_rule, "tcp")
match.dport = '22'
new_rule.add_match(match)
new_rule.target = iptc.Target(new_rule, "MASQUERADE")
postrouting_chain.insert_rule(new_rule)
import iptc
import netns
from random import randint
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("--server", required=True, help="ip of vm")
parser.add_argument("--qrouter", required=True, help="router namespace")
parser.add_argument("--vmport", required=True, help="enter port vm")
#parser.add_argument("--interface",required=True, help="interface")
parser.add_argument("--gateway", required=True, help="gateway")
args = parser.parse_args()
with netns.NetNS(nsname=args.qrouter):
prerouting = iptc.easy.dump_chain('nat', 'custom-PREROUTING', ipv6=False)
postrouting = iptc.easy.dump_chain('nat', 'custom-POSTROUTING', ipv6=False)
vm_ports = {}
mapping_ports = {}
router_ports = []
# ports which vm opened
for rule in postrouting:
dst = rule['dst']
dst = dst[:-3]
if dst in vm_ports:
vm_ports[dst].append(rule['tcp']['dport'])
else:
vm_ports[dst] = []
vm_ports[dst].append(rule['tcp']['dport'])
for rule in prerouting: