Exemple #1
0
def interp(plugin, nuin):
    family = nuin.value(0)
    res_id = nuin.value(1);
    pattrs = (ctypes.POINTER(mnl.Attr) * (nfqnl.NFQA_MAX + 1)).from_buffer(nuin.value(2))

    ph = pattrs[nfqnl.NFQA_PACKET_HDR].contents.get_payload_as(nfqnl.NfqnlMsgPacketHdr)
    packet_id = socket.ntohl(ph.packet_id)
    log.info("res_id: %d, qid: %d", res_id, packet_id)
    nfq_send_accept(res_id, packet_id)

    if pattrs[nfqnl.NFQA_PAYLOAD]:
        ip = IP(bytes(pattrs[nfqnl.NFQA_PAYLOAD].contents.get_payload_v()))
        log.info(ip.summary())

    if pattrs[nfqnl.NFQA_IFINDEX_INDEV]:
        ifin = pattrs[nfqnl.NFQA_IFINDEX_INDEV].contents.get_u32()
        log.info("indev: %d", socket.ntohl(ifin));
    if pattrs[nfqnl.NFQA_IFINDEX_OUTDEV]:
        ifout = pattrs[nfqnl.NFQA_IFINDEX_OUTDEV].contents.get_u32()
        log.info("outdev: %d", socket.ntohl(ifout));

    if pattrs[nfqnl.NFQA_CT]:
        ct = nfct.Conntrack()
        ct.payload_parse(pattrs[nfqnl.NFQA_CT].contents.get_payload_v(), family)
        s = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0)
        log.info("conntrack: %s", s)

    return nurs.NURS_RET_OK
Exemple #2
0
def interp(plugin, nuin):
    hook = nuin.value(0)
    family = nuin.value(1)
    protocol = nuin.value(2)
    pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_buffer(nuin.value(3))
    # pattrs = (ctypes.POINTER(mnl.Attr) * (nflog.NFULA_MAX + 1)).from_address(nuin.value(3))
    seq_global = 0
    if nuin.is_valid(4):
        seq_global = nuin.value(4)
    seq_local = 0
    if nuin.is_valid(5):
        seq_local = nuin.value(5)
    prefix = ""
    if nuin.is_valid(6):
        prefix = nuin.value(6)

    log.info("hook: %d, family: %d, protocol: %d, prefix: %s, seq - global: %d, local: %d",
             hook, family, protocol, prefix, seq_global, seq_local)

    if pattrs[nflog.NFULA_PAYLOAD] is not None:
        ip = IP(bytes(pattrs[nflog.NFULA_PAYLOAD].contents.get_payload_v()))
        log.info(ip.summary())

    if pattrs[nflog.NFULA_CT]:
        ct = nfct.Conntrack()
        ct.payload_parse(pattrs[nflog.NFULA_CT].contents.get_payload_v(), family)
        b = ct.snprintf(4096, nfct.NFCT_T_UNKNOWN, nfct.NFCT_O_DEFAULT, 0)
        log.info("conntrack: %s", str(b))

    return nurs.NURS_RET_OK
Exemple #3
0
def build_msg():
    if world.proto == "v6":
        msg = IPv6(dst=world.cfg["dns6_addr"])/UDP(sport=world.cfg["dns_port"], dport=world.cfg["dns_port"])
    else:
        msg = IP(dst=world.cfg["dns4_addr"])/UDP(sport=world.cfg["dns_port"], dport=world.cfg["dns_port"])
    msg.trid = random.randint(0, 256*256*256)
    world.climsg.append(msg/world.dns_query)
Exemple #4
0
 def forwardDNS(orig_pkt):
     print "Forwarding: " + orig_pkt[DNSQR].qname
     response = sr1(IP(dst="8.8.8.8") / UDP(sport=orig_pkt[UDP].sport) / \
                    DNS(rd=1, id=orig_pkt[DNS].id, qd=DNSQR(qname=orig_pkt[DNSQR].qname)), verbose=0)
     respPkt = IP(dst=orig_pkt[IP].src) / UDP(dport=orig_pkt[UDP].sport) / DNS()
     respPkt[DNS] = response[DNS]
     send(respPkt, verbose=0)
     return "Responding: " + respPkt.summary()
Exemple #5
0
def send_ack(sp,acknum):
    logger.debug("SEND_ACK")
    pkt = IP(version=4L,ihl=5L,tos=0x0,len=52,id=sp[IP].id,flags="DF", frag=0L,ttl=sp[IP].ttl,
             proto="tcp",src=sp[IP].src,dst=sp[IP].dst,options=[]) /\
             TCP(sport=sp[TCP].sport,dport=sp[TCP].dport,seq=sp[TCP].seq,ack=acknum,dataofs=8L,
             reserved=0L,flags="A",window=0,urgptr=0,options=[('NOP', None), ('NOP', None),
             sp[TCP].options[2]])
  
    del sp[TCP].chksum
    del sp[IP].chksum
    # this will re-generate the checksums for IP/TCP
    pkt = pkt.__class__(str(pkt))
    # FIXME
    sendp(Ether(dst="00:00:00:00:00:01")/pkt[IP], iface="eth1",verbose=0)
    logger.debug("sent ACK: %s" % acknum)
Exemple #6
0
 def verify_encrypted(self, p, sa, rxs):
     for rx in rxs:
         try:
             pkt = sa.decrypt(rx[IP])
             if not pkt.haslayer(IP):
                 pkt = IP(pkt[Raw].load)
             self.assert_packet_checksums_valid(pkt)
             self.assert_equal(pkt[IP].dst, self.pg0.remote_ip4)
             self.assert_equal(pkt[IP].src, self.pg0.local_ip4)
             self.assertTrue(pkt.haslayer(GRE))
             e = pkt[Ether]
             self.assertEqual(e[Ether].dst, self.omac)
             self.assertEqual(e[IP].dst, "1.1.1.2")
         except (IndexError, AssertionError):
             self.logger.debug(ppp("Unexpected packet:", rx))
             try:
                 self.logger.debug(ppp("Decrypted packet:", pkt))
             except:
                 pass
             raise
Exemple #7
0
def snoop_create(pkt):
    global dcache # data cache
    global acache # ack cache
    global lastseq
    global transmit
    logger.debug("SNOOP_CREATE")

    sp = IP(pkt.get_payload())
    ips = (sp["IP"].getfieldval('src'),sp["IP"].getfieldval('dst'))
    logger.debug("\tIP: %s" % str(ips))
    ports = (sp["TCP"].getfieldval('sport'),sp["IP"].getfieldval('dport'))
    logger.debug("\tPORTS: %s" % str(ports))
    flow = (ips,ports)
    logger.debug("\tFLOW: %s" % str(flow))
    seqnum = int(sp["TCP"].getfieldval('seq'))
    acknum = int(sp["TCP"].getfieldval('ack'))
    inv_flow = ((ips[1],ips[0]),(ports[1],ports[0]))

    logger.debug("\tseq: %s, ack:%s" % (seqnum,acknum))

    # handle the SYN
    lastseq[flow] = (seqnum,acknum)

    # if "S" in sp.sprintf('%TCP.flags%'):
    # dcache.insert(flow,seqnum,sp)

    # this will get called if and only if there is an S
    # so this is a SA packet
    if "A" in sp.sprintf('%TCP.flags%'):
        # verify
        # dcache.remove(inv_flow,acknum-1)
        # acache.insert(flow,acknum,sp)
        lastseq[inv_flow] = (acknum,seqnum)

    fin_hand[flow] = False
    fin_hand[inv_flow] = False

    pkt.accept()
    logger.debug("lastseq: %s" % str(lastseq))
    logger.debug("dcache:\n%s" % dcache)
    print_accept()
Exemple #8
0
import logging
import threading

logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.layers.inet import IP, TCP, UDP, ICMP
from scapy.all import *

target = str(input("Please Enter The Target IP: "))
from_port = int(input("From Port: "))
to_port = int(input("To Port: "))
print(f"Scanning {target} for Open TCP Ports\n")

port_list = range(from_port, to_port)

sport = RandShort()

for x in port_list:
    pkt = sr1(IP(dst=target) / TCP(sport=sport, dport=x, flags="S"),
              timeout=0.5,
              verbose=0)
    if pkt != None:
        if pkt.haslayer(TCP):
            if pkt[TCP].flags == 18:
                print(f"[+] Port {str(x)} Is Open")

print('Scan Is Completed!\n')
Exemple #9
0
    def test_qos_mpls(self):
        """ QoS Mark/Record MPLS """

        #
        # 255 QoS for all input values
        #
        from_ext = 7
        from_ip = 6
        from_mpls = 5
        from_vlan = 4
        output = [scapy.compat.chb(from_ext)] * 256
        os1 = b''.join(output)
        output = [scapy.compat.chb(from_vlan)] * 256
        os2 = b''.join(output)
        output = [scapy.compat.chb(from_mpls)] * 256
        os3 = b''.join(output)
        output = [scapy.compat.chb(from_ip)] * 256
        os4 = b''.join(output)
        rows = [{
            'outputs': os1
        }, {
            'outputs': os2
        }, {
            'outputs': os3
        }, {
            'outputs': os4
        }]

        self.vapi.qos_egress_map_update(1, rows)

        #
        # a route with 1 MPLS label
        #
        route_10_0_0_1 = VppIpRoute(self, "10.0.0.1", 32, [
            VppRoutePath(
                self.pg1.remote_ip4, self.pg1.sw_if_index, labels=[32])
        ])
        route_10_0_0_1.add_vpp_config()

        #
        # a route with 3 MPLS labels
        #
        route_10_0_0_3 = VppIpRoute(self, "10.0.0.3", 32, [
            VppRoutePath(
                self.pg1.remote_ip4, self.pg1.sw_if_index, labels=[63, 33, 34])
        ])
        route_10_0_0_3.add_vpp_config()

        #
        # enable IP QoS recording on the input Pg0 and MPLS egress marking
        # on Pg1
        #
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.IP, 1)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
                                          QOS_SOURCE.MPLS, 1, 1)

        #
        # packet that will get one label added and 3 labels added resp.
        #
        p_1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
               IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
               UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
        p_3 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
               IP(src=self.pg0.remote_ip4, dst="10.0.0.3", tos=1) /
               UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        rx = self.send_and_expect(self.pg0, p_1 * 65, self.pg1)

        #
        # only 3 bits of ToS value in MPLS make sure tos is correct
        # and the label and EOS bit have not been corrupted
        #
        for p in rx:
            self.assertEqual(p[MPLS].cos, from_ip)
            self.assertEqual(p[MPLS].label, 32)
            self.assertEqual(p[MPLS].s, 1)
        rx = self.send_and_expect(self.pg0, p_3 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[MPLS].cos, from_ip)
            self.assertEqual(p[MPLS].label, 63)
            self.assertEqual(p[MPLS].s, 0)
            h = p[MPLS].payload
            self.assertEqual(h[MPLS].cos, from_ip)
            self.assertEqual(h[MPLS].label, 33)
            self.assertEqual(h[MPLS].s, 0)
            h = h[MPLS].payload
            self.assertEqual(h[MPLS].cos, from_ip)
            self.assertEqual(h[MPLS].label, 34)
            self.assertEqual(h[MPLS].s, 1)

        #
        # enable MPLS QoS recording on the input Pg0 and IP egress marking
        # on Pg1
        #
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.MPLS, 1)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 1)

        #
        # MPLS x-connect - COS according to pg1 map
        #
        route_32_eos = VppMplsRoute(self, 32, 1, [
            VppRoutePath(self.pg1.remote_ip4,
                         self.pg1.sw_if_index,
                         labels=[VppMplsLabel(33)])
        ])
        route_32_eos.add_vpp_config()

        p_m1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                MPLS(label=32, cos=3, ttl=2) /
                IP(src=self.pg0.remote_ip4, dst="10.0.0.1", tos=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        rx = self.send_and_expect(self.pg0, p_m1 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[MPLS].cos, from_mpls)
            self.assertEqual(p[MPLS].label, 33)
            self.assertEqual(p[MPLS].s, 1)

        #
        # MPLS deag - COS is copied from MPLS to IP
        #
        route_33_eos = VppMplsRoute(
            self, 33, 1, [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=0)])
        route_33_eos.add_vpp_config()

        route_10_0_0_4 = VppIpRoute(
            self, "10.0.0.4", 32,
            [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
        route_10_0_0_4.add_vpp_config()

        p_m2 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                MPLS(label=33, ttl=2, cos=3) /
                IP(src=self.pg0.remote_ip4, dst="10.0.0.4", tos=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        rx = self.send_and_expect(self.pg0, p_m2 * 65, self.pg1)

        for p in rx:
            self.assertEqual(p[IP].tos, from_mpls)

        #
        # cleanup
        #
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.IP, 0)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index,
                                          QOS_SOURCE.MPLS, 1, 0)
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.MPLS, 0)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 0)
        self.vapi.qos_egress_map_delete(1)
Exemple #10
0
    def test_igmp_router(self):
        """ IGMP Router Functions """

        #
        # Drop reports when not enabled
        #
        p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Allow New Sources",
                        maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))
        p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Block Old Sources",
                        maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))

        self.send(self.pg0, p_j)
        self.assertFalse(self.vapi.igmp_dump())

        #
        # drop the default timer values so these tests execute in a
        # reasonable time frame
        #
        self.vapi.cli("test igmp timers query 1 src 3 leave 1")

        #
        # enable router functions on the interface
        #
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
                                      1,
                                      IGMP_MODE.ROUTER)
        self.vapi.want_igmp_events(1)

        #
        # wait for router to send general query
        #
        for ii in range(3):
            capture = self.pg0.get_capture(1, timeout=2)
            self.verify_general_query(capture[0])
            self.pg_enable_capture(self.pg_interfaces)
            self.pg_start()

        #
        # re-send the report. VPP should now hold state for the new group
        # VPP sends a notification that a new group has been joined
        #
        self.send(self.pg0, p_j)

        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 1))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 1))
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 2)
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.1", "10.1.1.1"))
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.1", "10.1.1.2"))

        #
        # wait for the per-source timer to expire
        # the state should be reaped
        # VPP sends a notification that the group has been left
        #
        self.assertTrue(wait_for_igmp_event(self, 4, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 0))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 0))
        self.assertFalse(self.vapi.igmp_dump())

        #
        # resend the join. wait for two queries and then send a current-state
        # record to include all sources. this should reset the expiry time
        # on the sources and thus they will still be present in 2 seconds time.
        # If the source timer was not refreshed, then the state would have
        # expired in 3 seconds.
        #
        self.send(self.pg0, p_j)
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 1))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 1))
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 2)

        capture = self.pg0.get_capture(2, timeout=3)
        self.verify_general_query(capture[0])
        self.verify_general_query(capture[1])

        p_cs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0,
                   options=[IPOption(copy_flag=1, optclass="control",
                                     option="router_alert")]) /
                IGMPv3(type="Version 3 Membership Report") /
                IGMPv3mr(numgrp=1) /
                IGMPv3gr(rtype="Mode Is Include",
                         maddr="239.1.1.1", srcaddrs=["10.1.1.1", "10.1.1.2"]))

        self.send(self.pg0, p_cs)

        self.sleep(2)
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 2)
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.1", "10.1.1.1"))
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.1", "10.1.1.2"))

        #
        # wait for the per-source timer to expire
        # the state should be reaped
        #
        self.assertTrue(wait_for_igmp_event(self, 4, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 0))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 0))
        self.assertFalse(self.vapi.igmp_dump())

        #
        # resend the join, then a leave. Router sends a group+source
        # specific query containing both sources
        #
        self.send(self.pg0, p_j)

        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 1))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 1))
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 2)

        self.send(self.pg0, p_l)
        capture = self.pg0.get_capture(1, timeout=3)
        self.verify_group_query(capture[0], "239.1.1.1",
                                ["10.1.1.1", "10.1.1.2"])

        #
        # the group specific query drops the timeout to leave (=1) seconds
        #
        self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
                                            "239.1.1.1", "10.1.1.1", 0))
        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.1", "10.1.1.2", 0))
        self.assertFalse(self.vapi.igmp_dump())
        self.assertFalse(self.vapi.igmp_dump())

        #
        # a TO_EX({}) / IN_EX({}) is treated like a (*,G) join
        #
        p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Change To Exclude Mode", maddr="239.1.1.2"))

        self.send(self.pg0, p_j)

        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.2", "0.0.0.0", 1))

        p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Mode Is Exclude", maddr="239.1.1.3"))

        self.send(self.pg0, p_j)

        self.assertTrue(wait_for_igmp_event(self, 1, self.pg0,
                                            "239.1.1.3", "0.0.0.0", 1))

        #
        # A 'allow sources' for {} should be ignored as it should
        # never be sent.
        #
        p_j = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Allow New Sources", maddr="239.1.1.4"))

        self.send(self.pg0, p_j)

        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.2", "0.0.0.0"))
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.3", "0.0.0.0"))
        self.assertFalse(find_igmp_state(dump, self.pg0,
                                         "239.1.1.4", "0.0.0.0"))

        #
        # a TO_IN({}) and IS_IN({}) are treated like a (*,G) leave
        #
        self.vapi.cli("set logging class igmp level debug")
        p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Change To Include Mode", maddr="239.1.1.2"))

        self.send(self.pg0, p_l)
        self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
                                            "239.1.1.2", "0.0.0.0", 0))

        p_l = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst="224.0.0.22", tos=0xc0, ttl=1,
                  options=[IPOption(copy_flag=1, optclass="control",
                                    option="router_alert")]) /
               IGMPv3(type="Version 3 Membership Report") /
               IGMPv3mr(numgrp=1) /
               IGMPv3gr(rtype="Mode Is Include", maddr="239.1.1.3"))

        self.send(self.pg0, p_l)

        self.assertTrue(wait_for_igmp_event(self, 2, self.pg0,
                                            "239.1.1.3", "0.0.0.0", 0))
        self.assertFalse(self.vapi.igmp_dump(self.pg0.sw_if_index))

        #
        # disable router config
        #
        self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
                                      0,
                                      IGMP_MODE.ROUTER)
Exemple #11
0
    def test_ip_sub_nets(self):
        """ IP Sub Nets """

        #
        # Configure a covering route to forward so we know
        # when we are dropping
        #
        cover_route = VppIpRoute(
            self, "10.0.0.0", 8,
            [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
        cover_route.add_vpp_config()

        p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
             IP(dst="10.10.10.10", src=self.pg0.local_ip4) /
             UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.pg1.add_stream(p)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)

        #
        # Configure some non-/24 subnets on an IP interface
        #
        ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10")

        self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, ip_addr_n,
                                               16)

        pn = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
              IP(dst="10.10.0.0", src=self.pg0.local_ip4) /
              UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        pb = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
              IP(dst="10.10.255.255", src=self.pg0.local_ip4) /
              UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg1, pn, "IP Network address")
        self.send_and_assert_no_replies(self.pg1, pb, "IP Broadcast address")

        # remove the sub-net and we are forwarding via the cover again
        self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index,
                                               ip_addr_n,
                                               16,
                                               is_add=0)
        self.pg1.add_stream(pn)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)
        self.pg1.add_stream(pb)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)

        #
        # A /31 is a special case where the 'other-side' is an attached host
        # packets to that peer generate ARP requests
        #
        ip_addr_n = socket.inet_pton(socket.AF_INET, "10.10.10.10")

        self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index, ip_addr_n,
                                               31)

        pn = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
              IP(dst="10.10.10.11", src=self.pg0.local_ip4) /
              UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.pg1.add_stream(pn)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg0.get_capture(1)
        rx[ARP]

        # remove the sub-net and we are forwarding via the cover again
        self.vapi.sw_interface_add_del_address(self.pg0.sw_if_index,
                                               ip_addr_n,
                                               31,
                                               is_add=0)
        self.pg1.add_stream(pn)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        rx = self.pg1.get_capture(1)
Exemple #12
0
def print_and_accept(pkt):
    ip = IP(pkt.get_payload())
    ip.show()
    pkt.set_payload(str(ip))
    pkt.accept()
Exemple #13
0
    def __init__(self):
        base_pkt = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67,chksum=0) \
                         /BOOTP(chaddr=b'123456',xid=55555,yiaddr='1.2.3.4')/DHCP(options=[("message-type","discover"), ("server_id", '1.2.3.4'),"end"])

        FastParser.__init__(self, base_pkt)

        self.add_field('Ethernet.dst', 'dstmac')
        self.add_field('Ethernet.src', 'srcmac')

        self.add_field('IP.ihl', 'ihl', fmt="!B")
        self.add_field('IP.dst', 'dstip')
        self.add_field('IP.src', 'srcip')
        self.add_field('IP.chksum', 'chksum')

        self.add_field('BOOTP.xid', 'xid')
        self.add_field('BOOTP.chaddr', 'chaddr')
        self.add_field('BOOTP.ciaddr', 'ciaddr')
        self.add_field('BOOTP.yiaddr', 'yiaddr')
        self.add_field('DHCP options.options',
                       'options',
                       getter=self.get_options,
                       setter=self.set_options)

        msg_types = [
            {
                'id': 1,
                'name': 'discover'
            },
            {
                'id': 2,
                'name': 'offer'
            },
            {
                'id': 3,
                'name': 'request'
            },
        ]

        self.msg_types = {}

        for t in msg_types:
            self.msg_types[t['id']] = t
            self.msg_types[t['name']] = t

        opts = [
            {
                'id': 53,
                'name': 'message-type',
                'type': 'byte'
            },
            {
                'id': 54,
                'name': 'server_id',
                'type': 'int'
            },
            {
                'id': 50,
                'name': 'requested_addr',
                'type': 'int'
            },
            {
                'id': 51,
                'name': 'lease-time',
                'type': 'int'
            },
            {
                'id': 58,
                'name': 'renewal_time',
                'type': 'int'
            },
            {
                'id': 59,
                'name': 'rebinding_time',
                'type': 'int'
            },
            {
                'id': 1,
                'name': 'subnet_mask',
                'type': 'int'
            },
            {
                'id': 15,
                'name': 'domain',
                'type': 'str'
            },
        ]

        self.opts = {}

        for opt in opts:
            self.opts[opt['id']] = opt
            self.opts[opt['name']] = opt
Exemple #14
0
    def test_ip_deag(self):
        """ IP Deag Routes """

        #
        # Create a table to be used for:
        #  1 - another destination address lookup
        #  2 - a source address lookup
        #
        table_dst = VppIpTable(self, 1)
        table_src = VppIpTable(self, 2)
        table_dst.add_vpp_config()
        table_src.add_vpp_config()

        #
        # Add a route in the default table to point to a deag/
        # second lookup in each of these tables
        #
        route_to_dst = VppIpRoute(
            self, "1.1.1.1", 32,
            [VppRoutePath("0.0.0.0", 0xffffffff, nh_table_id=1)])
        route_to_src = VppIpRoute(self, "1.1.1.2", 32, [
            VppRoutePath(
                "0.0.0.0", 0xffffffff, nh_table_id=2, is_source_lookup=1)
        ])
        route_to_dst.add_vpp_config()
        route_to_src.add_vpp_config()

        #
        # packets to these destination are dropped, since they'll
        # hit the respective default routes in the second table
        #
        p_dst = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                 IP(src="5.5.5.5", dst="1.1.1.1") /
                 TCP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        p_src = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                 IP(src="2.2.2.2", dst="1.1.1.2") /
                 TCP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        pkts_dst = p_dst * 257
        pkts_src = p_src * 257

        self.send_and_assert_no_replies(self.pg0, pkts_dst, "IP in dst table")
        self.send_and_assert_no_replies(self.pg0, pkts_src, "IP in src table")

        #
        # add a route in the dst table to forward via pg1
        #
        route_in_dst = VppIpRoute(
            self,
            "1.1.1.1",
            32, [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)],
            table_id=1)
        route_in_dst.add_vpp_config()
        self.send_and_expect(self.pg0, pkts_dst, self.pg1)

        #
        # add a route in the src table to forward via pg2
        #
        route_in_src = VppIpRoute(
            self,
            "2.2.2.2",
            32, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)],
            table_id=2)
        route_in_src.add_vpp_config()
        self.send_and_expect(self.pg0, pkts_src, self.pg2)
Exemple #15
0
class scapy(object):
    SCAPY_LAYERS = {
        'ether': Ether(dst="ff:ff:ff:ff:ff:ff"),
        'vlan': Dot1Q(),
        'etag': Dot1BR(),
        '1588': Ether(type=0x88f7),
        'arp': ARP(),
        'ipv4': IP(),
        'ipv4ihl': IP(ihl=10),
        'ipv4_ext': IP(frag=5),
        'ipv6': IPv6(src="::1"),
        'ipv6_ext': IPv6(src="::1", nh=43) / IPv6ExtHdrRouting(),
        'ipv6_ext2': IPv6() / IPv6ExtHdrRouting(),
        'udp': UDP(),
        'tcp': TCP(),
        'sctp': SCTP(),
        'icmp': ICMP(),
        'gre': GRE(),
        'raw': Raw(),
        'vxlan': Vxlan(),

        'inner_mac': Ether(),
        'inner_vlan': Dot1Q(),
        'inner_ipv4': IP(),
        'inner_ipv4_ext': IP(),
        'inner_ipv6': IPv6(src="::1"),
        'inner_ipv6_ext': IPv6(src="::1"),

        'inner_tcp': TCP(),
        'inner_udp': UDP(),
        'inner_sctp': SCTP(),
        'inner_icmp': ICMP(),

        'lldp': LLDP() / LLDPManagementAddress(),
        'ip_frag': IP(frag=5),
        'ipv6_frag': IPv6(src="::1") / IPv6ExtHdrFragment(),
        'ip_in_ip': IP() / IP(),
        'ip_in_ip_frag': IP() / IP(frag=5),
        'ipv6_in_ip': IP() / IPv6(src="::1"),
        'ipv6_frag_in_ip': IP() / IPv6(src="::1", nh=44) / IPv6ExtHdrFragment(),
        'nvgre': NVGRE(),
        'geneve': "Not Implement",
    }

    def __init__(self):
        self.pkt = None
        pass

    def assign_pkt(self, pkt):
        self.pkt = pkt

    def add_layers(self, layers):
        self.pkt = None
        for layer in layers:
            if self.pkt is not None:
                self.pkt = self.pkt / self.SCAPY_LAYERS[layer]
            else:
                self.pkt = self.SCAPY_LAYERS[layer]

    def ether(self, pkt_layer, dst="ff:ff:ff:ff:ff:ff", src="00:00:20:00:00:00", type=None):
        if pkt_layer.name != "Ethernet":
            return
        pkt_layer.dst = dst
        pkt_layer.src = src
        if type is not None:
            pkt_layer.type = type

    def vlan(self, pkt_layer, vlan, prio=0, type=None):
        if pkt_layer.name != "802.1Q":
            return
        pkt_layer.vlan = int(vlan)
        pkt_layer.prio = prio
        if type is not None:
            pkt_layer.type = type

    def strip_vlan(self, element):
        value = None

        if self.pkt.haslayer('Dot1Q') is 0:
            return None

        if element == 'vlan':
            value = int(str(self.pkt[Dot1Q].vlan))
        return value

    def etag(self, pkt_layer, ECIDbase=0, prio=0, type=None):
        if pkt_layer.name != "802.1BR":
            return
        pkt_layer.ECIDbase = int(ECIDbase)
        pkt_layer.prio = prio
        if type is not None:
            pkt_layer.type = type

    def strip_etag(self, element):
        value = None

        if self.pkt.haslayer('Dot1BR') is 0:
            return None

        if element == 'ECIDbase':
            value = int(str(self.pkt[Dot1BR].ECIDbase))
        return value

    def strip_layer2(self, element):
        value = None
        layer = self.pkt.getlayer(0)
        if layer is None:
            return None

        if element == 'src':
            value = layer.src
        elif element == 'dst':
            value = layer.dst
        elif element == 'type':
            value = layer.type

        return value

    def strip_layer3(self, element):
        value = None
        layer = self.pkt.getlayer(1)
        if layer is None:
            return None

        if element == 'src':
            value = layer.src
        elif element == 'dst':
            value = layer.dst
        else:
            value = layer.getfieldval(element)

        return value

    def strip_layer4(self, element):
        value = None
        layer = self.pkt.getlayer(2)
        if layer is None:
            return None

        if element == 'src':
            value = layer.sport
        elif element == 'dst':
            value = layer.dport
        else:
            value = layer.getfieldval(element)

        return value

    def ipv4(self, pkt_layer, frag=0, src="127.0.0.1", proto=None, tos=0, dst="127.0.0.1", chksum=None, len=None, version=4, flags=None, ihl=None, ttl=64, id=1, options=None):
        pkt_layer.frag = frag
        pkt_layer.src = src
        if proto is not None:
            pkt_layer.proto = proto
        pkt_layer.tos = tos
        pkt_layer.dst = dst
        if chksum is not None:
            pkt_layer.chksum = chksum
        if len is not None:
            pkt_layer.len = len
        pkt_layer.version = version
        if flags is not None:
            pkt_layer.flags = flags
        if ihl is not None:
            pkt_layer.ihl = ihl
        pkt_layer.ttl = ttl
        pkt_layer.id = id
        if options is not None:
            pkt_layer.options = options

    def ipv6(self, pkt_layer, version=6, tc=0, fl=0, plen=0, nh=0, hlim=64, src="::1", dst="::1"):
        """
        Configure IPv6 protocal.
        """
        pkt_layer.version = version
        pkt_layer.tc = tc
        pkt_layer.fl = fl
        if plen:
            pkt_layer.plen = plen
        if nh:
            pkt_layer.nh = nh
        pkt_layer.src = src
        pkt_layer.dst = dst

    def tcp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def udp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def sctp(self, pkt_layer, src=53, dst=53, len=None, chksum=None):
        pkt_layer.sport = src
        pkt_layer.dport = dst
        if len is not None:
            pkt_layer.len = len
        if chksum is not None:
            pkt_layer.chksum = chksum

    def raw(self, pkt_layer, payload=None):
        if payload is not None:
            pkt_layer.load = ''
            for hex1, hex2 in payload:
                pkt_layer.load += struct.pack("=B", int('%s%s' % (hex1, hex2), 16))

    def gre(self, pkt_layer, proto=None):
        if proto is not None:
            pkt_layer.proto = proto

    def vxlan(self, pkt_layer, vni=0):
        pkt_layer.vni = vni

    def read_pcap(self, file):
        pcap_pkts = []
        try:
            pcap_pkts = rdpcap(file)
        except:
            pass

        return pcap_pkts

    def write_pcap(self, file):
        try:
            wrpcap(file, self.pkt)
        except:
            pass

    def send_pcap_pkt(self, crb=None, file='', intf='', count=1):
        if intf == '' or file == '' or crb is None:
            print "Invalid option for send packet by scapy"
            return

        content = 'pkts=rdpcap(\"%s\");sendp(pkts, iface=\"%s\", count=\"%s\" );exit()' % (file, intf, count)
        cmd_file = '/tmp/scapy_%s.cmd' % intf

        crb.create_file(content, cmd_file)
        crb.send_expect("scapy -c scapy_%s.cmd &" % intf, "# ")

    def print_summary(self):
        print "Send out pkt %s" % self.pkt.summary()

    def send_pkt(self, intf='', count=1):
        self.print_summary()

        if intf != '':
            # wait few seconds for link ready
            countdown = 600
            while countdown:
                link_st = subprocess.check_output("ip link show %s" % intf,
                                                  stderr=subprocess.STDOUT,
                                                  shell=True)
                if "LOWER_UP" in link_st:
                    break
                else:
                    time.sleep(0.01)
                    countdown -= 1
                    continue

            # fix fortville can't receive packets with 00:00:00:00:00:00
            if self.pkt.getlayer(0).src == "00:00:00:00:00:00":
                self.pkt.getlayer(0).src = get_if_hwaddr(intf)
            sendp(self.pkt, iface=intf, count=count)
Exemple #16
0
#!/usr/bin/env python
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from scapy.all import *
from scapy.layers.dns import DNS, DNSQR, DNSRR
from scapy.layers.inet import IP, UDP, TCP

__author__ = 'michael salerno'
#id: 108512298

if not os.geteuid() == 0:
    sys.exit('Script must be run as root')

pkt = IP(dst="www.slashdot.org") / TCP() / "GET /index.html HTTP/1.0 \n\n"

ans, unans = sr(pkt, multi=2, timeout=1, verbose=1)
Exemple #17
0
    def test_pipe(self):
        """ Pipes """

        pipes = [VppPipe(self), VppPipe(self, 10)]

        for p in pipes:
            p.add_vpp_config()
            p.admin_up()

        #
        # L2 cross-connect pipe0 east with pg0 and west with pg1
        #
        self.vapi.sw_interface_set_l2_xconnect(self.pg0.sw_if_index,
                                               pipes[0].east,
                                               enable=1)
        self.vapi.sw_interface_set_l2_xconnect(pipes[0].east,
                                               self.pg0.sw_if_index,
                                               enable=1)
        self.vapi.sw_interface_set_l2_xconnect(self.pg1.sw_if_index,
                                               pipes[0].west,
                                               enable=1)
        self.vapi.sw_interface_set_l2_xconnect(pipes[0].west,
                                               self.pg1.sw_if_index,
                                               enable=1)

        # test bi-directional L2 flow pg0<->pg1
        p = (Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
             IP(src="1.1.1.1", dst="1.1.1.2") / UDP(sport=1234, dport=1234) /
             Raw('\xa5' * 100))

        self.send_and_expect(self.pg0, p * 65, self.pg1)
        self.send_and_expect(self.pg1, p * 65, self.pg0)

        #
        # Attach ACL to ensure features are run on the pipe
        #
        rule_1 = ({
            'is_permit': 0,
            'is_ipv6': 0,
            'proto': 17,
            'srcport_or_icmptype_first': 1234,
            'srcport_or_icmptype_last': 1234,
            'src_ip_prefix_len': 32,
            'src_ip_addr': inet_pton(AF_INET, "1.1.1.1"),
            'dstport_or_icmpcode_first': 1234,
            'dstport_or_icmpcode_last': 1234,
            'dst_ip_prefix_len': 32,
            'dst_ip_addr': inet_pton(AF_INET, "1.1.1.2")
        })
        acl = self.vapi.acl_add_replace(acl_index=4294967295, r=[rule_1])

        # Apply the ACL on the pipe on output
        self.vapi.acl_interface_set_acl_list(pipes[0].east, 0, [acl.acl_index])
        self.send_and_assert_no_replies(self.pg0, p * 65)
        self.send_and_expect(self.pg1, p * 65, self.pg0)

        # remove from output and apply on input
        self.vapi.acl_interface_set_acl_list(pipes[0].east, 0, [])
        self.vapi.acl_interface_set_acl_list(pipes[0].west, 1, [acl.acl_index])
        self.send_and_assert_no_replies(self.pg0, p * 65)
        self.send_and_expect(self.pg1, p * 65, self.pg0)
        self.vapi.acl_interface_set_acl_list(pipes[0].west, 0, [])
        self.send_and_expect(self.pg0, p * 65, self.pg1)
        self.send_and_expect(self.pg1, p * 65, self.pg0)

        #
        # L3 routes in two separate tables so a pipe can be used to L3
        # x-connect
        #
        tables = []
        tables.append(VppIpTable(self, 1))
        tables.append(VppIpTable(self, 2))

        for t in tables:
            t.add_vpp_config()

        self.pg2.set_table_ip4(1)
        self.pg2.config_ip4()
        self.pg2.resolve_arp()
        self.pg3.set_table_ip4(2)
        self.pg3.config_ip4()
        self.pg3.resolve_arp()

        routes = []
        routes.append(
            VppIpRoute(
                self,
                "1.1.1.1",
                32, [VppRoutePath(self.pg3.remote_ip4, self.pg3.sw_if_index)],
                table_id=2))
        routes.append(
            VppIpRoute(self,
                       "1.1.1.1",
                       32, [VppRoutePath("0.0.0.0", pipes[1].east)],
                       table_id=1))
        routes.append(
            VppIpRoute(self,
                       "1.1.1.2",
                       32, [VppRoutePath("0.0.0.0", pipes[1].west)],
                       table_id=2))
        routes.append(
            VppIpRoute(
                self,
                "1.1.1.2",
                32, [VppRoutePath(self.pg2.remote_ip4, self.pg2.sw_if_index)],
                table_id=1))

        for r in routes:
            r.add_vpp_config()

        p_east = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) /
                  IP(src="1.1.1.2", dst="1.1.1.1") /
                  UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        # bind the pipe ends to the correct tables
        self.vapi.sw_interface_set_table(pipes[1].west, 0, 2)
        self.vapi.sw_interface_set_table(pipes[1].east, 0, 1)

        # IP is not enabled on the pipes at this point
        self.send_and_assert_no_replies(self.pg2, p_east * 65)

        # IP enable the Pipes by making them unnumbered
        pipes[0].set_unnumbered(self.pg2.sw_if_index)
        pipes[1].set_unnumbered(self.pg3.sw_if_index)

        self.send_and_expect(self.pg2, p_east * 65, self.pg3)

        # and the return path
        p_west = (Ether(src=self.pg3.remote_mac, dst=self.pg3.local_mac) /
                  IP(src="1.1.1.1", dst="1.1.1.2") /
                  UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        self.send_and_expect(self.pg3, p_west * 65, self.pg2)

        #
        # Use ACLs to test features run on the Pipes
        #
        self.vapi.acl_interface_set_acl_list(pipes[1].east, 0, [acl.acl_index])
        self.send_and_assert_no_replies(self.pg2, p_east * 65)
        self.send_and_expect(self.pg3, p_west * 65, self.pg2)

        # remove from output and apply on input
        self.vapi.acl_interface_set_acl_list(pipes[1].east, 0, [])
        self.vapi.acl_interface_set_acl_list(pipes[1].west, 1, [acl.acl_index])
        self.send_and_assert_no_replies(self.pg2, p_east * 65)
        self.send_and_expect(self.pg3, p_west * 65, self.pg2)
        self.vapi.acl_interface_set_acl_list(pipes[1].west, 0, [])
        self.send_and_expect(self.pg2, p_east * 65, self.pg3)
        self.send_and_expect(self.pg3, p_west * 65, self.pg2)

        # cleanup (so the tables delete)
        self.pg2.unconfig_ip4()
        self.pg2.set_table_ip4(0)
        self.pg3.unconfig_ip4()
        self.pg3.set_table_ip4(0)
        self.vapi.sw_interface_set_table(pipes[1].west, 0, 0)
        self.vapi.sw_interface_set_table(pipes[1].east, 0, 0)
Exemple #18
0
def ikescan(ip):
    return sr(
        IP(dst=ip) / UDP() / ISAKMP(init_cookie=RandString(8), exch_type=2) /
        ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal()))
Exemple #19
0
 def high_push(self, msg):
     from scapy.layers.inet import IP, UDP
     p = IP(dst=self.ip) / UDP(sport=1234, dport=self.port) / msg
     self._send(p)
Exemple #20
0
async def run_test_nic(dut):

    tb = TB(dut)

    await tb.init()

    tb.log.info("Init driver")
    await tb.driver.init_dev(tb.dev.functions[0].pcie_id)
    await tb.driver.interfaces[0].open()

    # enable queues
    tb.log.info("Enable queues")
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
    for k in range(tb.driver.interfaces[0].tx_queue_count):
        await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr+4*k, 0x00000003)

    # wait for all writes to complete
    await tb.rc.mem_read(tb.driver.hw_addr, 4)
    tb.log.info("Init complete")

    tb.log.info("Send and receive single packet")

    data = bytearray([x % 256 for x in range(1024)])

    await tb.driver.interfaces[0].start_xmit(data, 0)

    pkt = await tb.port_mac[0].tx.recv()
    tb.log.info("Packet: %s", pkt)

    await tb.port_mac[0].rx.send(pkt)

    pkt = await tb.driver.interfaces[0].recv()

    tb.log.info("Packet: %s", pkt)
    assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.log.info("RX and TX checksum tests")

    payload = bytes([x % 256 for x in range(256)])
    eth = Ether(src='5A:51:52:53:54:55', dst='DA:D1:D2:D3:D4:D5')
    ip = IP(src='192.168.1.100', dst='192.168.1.101')
    udp = UDP(sport=1, dport=2)
    test_pkt = eth / ip / udp / payload

    test_pkt2 = test_pkt.copy()
    test_pkt2[UDP].chksum = scapy.utils.checksum(bytes(test_pkt2[UDP]))

    await tb.driver.interfaces[0].start_xmit(test_pkt2.build(), 0, 34, 6)

    pkt = await tb.port_mac[0].tx.recv()
    tb.log.info("Packet: %s", pkt)

    await tb.port_mac[0].rx.send(pkt)

    pkt = await tb.driver.interfaces[0].recv()

    tb.log.info("Packet: %s", pkt)
    assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff
    assert Ether(pkt.data).build() == test_pkt.build()

    tb.log.info("Multiple small packets")

    count = 64

    pkts = [bytearray([(x+k) % 256 for x in range(60)]) for k in range(count)]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    tb.log.info("Multiple large packets")

    count = 64

    pkts = [bytearray([(x+k) % 256 for x in range(1514)]) for k in range(count)]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    tb.log.info("Jumbo frames")

    count = 64

    pkts = [bytearray([(x+k) % 256 for x in range(9014)]) for k in range(count)]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    await Timer(1000, 'ns')

    tb.log.info("TDMA")

    count = 16

    pkts = [bytearray([(x+k) % 256 for x in range(1514)]) for k in range(count)]

    tb.loopback_enable = True

    # configure TDMA scheduler
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_FNS,   0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_NS,    40000)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_SEC_L, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_SCHED_PERIOD_SEC_H, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_FNS,   0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_NS,    10000)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_SEC_L, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_TIMESLOT_PERIOD_SEC_H, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_FNS,   0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_NS,    5000)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_SEC_L, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_ACTIVE_PERIOD_SEC_H, 0)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_TDMA_CTRL, 0x00000001)

    # enable queues with global enable off
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].hw_addr+mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
    for k in range(tb.driver.interfaces[0].tx_queue_count):
        await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr+4*k, 0x00000001)

    # configure slots
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*0, 0x00000001)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*1, 0x00000002)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*2, 0x00000004)
    await tb.rc.mem_write_dword(tb.driver.interfaces[0].ports[0].schedulers[1].hw_addr+8*3, 0x00000008)

    await tb.rc.mem_read(tb.driver.hw_addr, 4)  # wait for all writes to complete

    # send packets
    for k in range(count):
        await tb.driver.interfaces[0].start_xmit(pkts[k], k % 4)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        # assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    tb.log.info("Read statistics counters")

    await Timer(2000, 'ns')

    lst = []

    for k in range(64):
        lst.append(await tb.rc.mem_read_dword(tb.driver.hw_addr+0x010000+k*8))

    print(lst)

    await RisingEdge(dut.clk)
    await RisingEdge(dut.clk)
Exemple #21
0
    def _modify(self, packet):

        pkt = IP(packet.get_payload())  # Scapy compatible String

        # This will break the connection between the client and the server
        if self._breakcon:
            if not (self._isbroken(pkt)):
                packet.drop()
            else:
                print colored("[*] Session broken", 'red', attrs=['bold'])
                self._breakcon = False
            return

        # This case will handle encrypted sessions
        if self._encrypted:
            if self._modify_pkts == 2:
                self._encrypted = False
                print colored("[*] Session forzed to go unencrypted",
                              'red',
                              attrs=['bold'])
                return
            else:
                pkt = self._encrypted_session(pkt)
            # Accepting the packet
            self._accept(packet, str(pkt))
            return

        # This data will be usefull in case of a tcp session simulation
        if pkt[TCP].sport == 445:
            self._sseq = pkt[TCP].seq
            self._sack = pkt[TCP].ack
            self._snextseq = self._nextseqcalc(pkt)

        elif pkt[TCP].dport == 445:
            self._dseq = pkt[TCP].seq
            self._dack = pkt[TCP].ack
            self._dnextseq = self._nextseqcalc(pkt)

        # TCP session simulation is required
        if self._insert:
            if pkt[TCP].sport == 445:
                pkt[TCP].seq = self._dack
                pkt[TCP].ack = self._dnextseq
                pkt = self._recalculate(pkt)
                # Pretty print
                if self._verbosity == 1:
                    self._prettyprint_tcp(pkt[TCP].sport, pkt[TCP].dport,
                                          pkt[TCP].seq, pkt[TCP].ack,
                                          self._dnextseq)

            elif pkt[TCP].dport == 445:
                pkt[TCP].seq = self._sack
                pkt[TCP].ack = self._snextseq
                pkt = self._recalculate(pkt)
                # Pretty print
                if self._verbosity == 1:
                    self._prettyprint_tcp(pkt[TCP].sport, pkt[TCP].dport,
                                          pkt[TCP].seq, pkt[TCP].ack,
                                          self._snextseq)

        winregpkt = WinregPkt(pkt)

        if winregpkt.payload is not None and winregpkt.opnum is not None:

            # Open Key packet
            if winregpkt.opnum == 15:
                if self._verbosity == 1:
                    print "\n### New OpenKey packet arrive! ###"
                custom_pkt = self._openkey(pkt)
                if self._userkey is not None:
                    self._accept(packet, str(custom_pkt))
                    # If last packet was an open key for creating a new key and the
                    # attacker has modified the path or the name
                    if self._newpath is True or self._keycreated is True:
                        self._keycreated = False
                        self._newpath = False
                        self._userkey = None
                    return

            # Create Key packet
            elif winregpkt.opnum == 6:
                if self._verbosity == 1:
                    print "\n### New CreateKey packet arrive! ###"
                custom_pkt = self._createkey(pkt)
                if self._usernewkey is not None:
                    self._accept(packet, str(custom_pkt))
                    return

            # Set Value packet
            elif winregpkt.opnum == 22:
                if self._verbosity == 1:
                    print "\n### New SetValue package arrive! ###"
                custom_pkt = self._setvalue(pkt)
                if self._uservalue is not None:
                    if self._verbosity is not None and self._verbosity == 1:
                        custom_pkt.show()
                    self._accept(packet, str(custom_pkt))
                    return

            # Get Version packet
            elif winregpkt.opnum == 26:
                self._getversion(pkt)

        self._accept(packet, str(pkt))
Exemple #22
0
    def test_flood(self):
        """ L2 Flood Tests """

        #
        # Create a single bridge Domain
        #
        self.vapi.bridge_domain_add_del(bd_id=1)

        #
        # add each interface to the BD. 3 interfaces per split horizon group
        #
        for i in self.pg_interfaces[0:4]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=0)
        for i in self.pg_interfaces[4:8]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=1)
        for i in self.pg_interfaces[8:12]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=2)
        for i in self.bvi_interfaces:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=2,
                                                 port_type=L2_PORT_TYPE.BVI)

        p = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:de:ad:be:ef") /
             IP(src="10.10.10.10", dst="1.1.1.1") /
             UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        #
        # input on pg0 expect copies on pg1->11
        # this is in SHG=0 so its flooded to all, expect the pg0 since that's
        # the ingress link
        #
        self.pg0.add_stream(p * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:12]:
            rx0 = i.get_capture(65, timeout=1)

        #
        # input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
        # and pg8->11 (SHG=2)
        #
        self.pg4.add_stream(p * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[:4]:
            rx0 = i.get_capture(65, timeout=1)
        for i in self.pg_interfaces[8:12]:
            rx0 = i.get_capture(65, timeout=1)
        for i in self.pg_interfaces[4:8]:
            i.assert_nothing_captured(remark="Different SH group")

        #
        # An IP route so the packet that hits the BVI is sent out of pg12
        #
        ip_route = VppIpRoute(
            self, "1.1.1.1", 32,
            [VppRoutePath(self.pg12.remote_ip4, self.pg12.sw_if_index)])
        ip_route.add_vpp_config()

        self.logger.info(self.vapi.cli("sh bridge 1 detail"))

        #
        # input on pg0 expect copies on pg1->12
        # this is in SHG=0 so its flooded to all, expect the pg0 since that's
        # the ingress link
        #
        self.pg0.add_stream(p * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:]:
            rx0 = i.get_capture(65, timeout=1)

        #
        # input on pg4 (SHG=1) expect copies on pg0->3 (SHG=0)
        # and pg8->12 (SHG=2)
        #
        self.pg4.add_stream(p * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[:4]:
            rx0 = i.get_capture(65, timeout=1)
        for i in self.pg_interfaces[8:13]:
            rx0 = i.get_capture(65, timeout=1)
        for i in self.pg_interfaces[4:8]:
            i.assert_nothing_captured(remark="Different SH group")

        #
        # cleanup
        #
        for i in self.pg_interfaces[:12]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 enable=0)
        for i in self.bvi_interfaces:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=2,
                                                 port_type=L2_PORT_TYPE.BVI,
                                                 enable=0)

        self.vapi.bridge_domain_add_del(bd_id=1, is_add=0)
Exemple #23
0
def send_packet():
    pkt = Ether() / IP(dst=TARGET_DEST, ttl=64, proto=6)
    send_sock.send(bytes(pkt))
Exemple #24
0
async def run_test_nic(dut):

    tb = TB(dut)

    await tb.init()

    tb.log.info("Init driver")
    await tb.driver.init_dev(tb.dev.functions[0].pcie_id)
    await tb.driver.interfaces[0].open()
    # await driver.interfaces[1].open()

    # enable queues
    tb.log.info("Enable queues")
    await tb.rc.mem_write_dword(
        tb.driver.interfaces[0].ports[0].hw_addr +
        mqnic.MQNIC_PORT_REG_SCHED_ENABLE, 0x00000001)
    for k in range(tb.driver.interfaces[0].tx_queue_count):
        await tb.rc.mem_write_dword(
            tb.driver.interfaces[0].ports[0].schedulers[0].hw_addr + 4 * k,
            0x00000003)

    # wait for all writes to complete
    await tb.rc.mem_read(tb.driver.hw_addr, 4)
    tb.log.info("Init complete")

    tb.log.info("Send and receive single packet")

    data = bytearray([x % 256 for x in range(1024)])

    await tb.driver.interfaces[0].start_xmit(data, 0)

    pkt = await tb.qsfp0_mac.tx.recv()
    tb.log.info("Packet: %s", pkt)

    await tb.qsfp0_mac.rx.send(pkt)

    pkt = await tb.driver.interfaces[0].recv()

    tb.log.info("Packet: %s", pkt)
    assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
        pkt.data[14:])) & 0xffff

    # await tb.driver.interfaces[1].start_xmit(data, 0)

    # pkt = await tb.qsfp1_mac.tx.recv()
    # tb.log.info("Packet: %s", pkt)

    # await tb.qsfp1_mac.rx.send(pkt)

    # pkt = await tb.driver.interfaces[1].recv()

    # tb.log.info("Packet: %s", pkt)
    # assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(pkt.data[14:])) & 0xffff

    tb.log.info("RX and TX checksum tests")

    payload = bytes([x % 256 for x in range(256)])
    eth = Ether(src='5A:51:52:53:54:55', dst='DA:D1:D2:D3:D4:D5')
    ip = IP(src='192.168.1.100', dst='192.168.1.101')
    udp = UDP(sport=1, dport=2)
    test_pkt = eth / ip / udp / payload

    test_pkt2 = test_pkt.copy()
    test_pkt2[UDP].chksum = scapy.utils.checksum(bytes(test_pkt2[UDP]))

    await tb.driver.interfaces[0].start_xmit(test_pkt2.build(), 0, 34, 6)

    pkt = await tb.qsfp0_mac.tx.recv()
    tb.log.info("Packet: %s", pkt)

    await tb.qsfp0_mac.rx.send(pkt)

    pkt = await tb.driver.interfaces[0].recv()

    tb.log.info("Packet: %s", pkt)
    assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
        pkt.data[14:])) & 0xffff
    assert Ether(pkt.data).build() == test_pkt.build()

    tb.log.info("Multiple small packets")

    count = 64

    pkts = [
        bytearray([(x + k) % 256 for x in range(60)]) for k in range(count)
    ]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
            pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    tb.log.info("Multiple large packets")

    count = 64

    pkts = [
        bytearray([(x + k) % 256 for x in range(1514)]) for k in range(count)
    ]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
            pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    tb.log.info("Jumbo frames")

    count = 64

    pkts = [
        bytearray([(x + k) % 256 for x in range(9014)]) for k in range(count)
    ]

    tb.loopback_enable = True

    for p in pkts:
        await tb.driver.interfaces[0].start_xmit(p, 0)

    for k in range(count):
        pkt = await tb.driver.interfaces[0].recv()

        tb.log.info("Packet: %s", pkt)
        assert pkt.data == pkts[k]
        assert pkt.rx_checksum == ~scapy.utils.checksum(bytes(
            pkt.data[14:])) & 0xffff

    tb.loopback_enable = False

    await RisingEdge(dut.clk_250mhz)
    await RisingEdge(dut.clk_250mhz)
Exemple #25
0
    def send_dhcp_packet(
        self,
        mac: MacAddress,
        vlan: str,
        state: DHCPState,
        dhcp_desc: DHCPDescriptor = None,
    ):
        """
        Send DHCP packet and record state in dhcp_client_state.

        Args:
            mac: MAC address of interface
            state: state of DHCP packet
            dhcp_desc: DHCP protocol state.
        Returns:
        """
        ciaddr = None

        # generate DHCP request packet
        if state == DHCPState.DISCOVER:
            dhcp_opts = [("message-type", "discover")]
            dhcp_desc = DHCPDescriptor(
                mac=mac,
                ip="",
                vlan=vlan,
                state_requested=DHCPState.DISCOVER,
            )
            self._msg_xid = self._msg_xid + 1
            pkt_xid = self._msg_xid
        elif state == DHCPState.REQUEST:
            dhcp_opts = [
                ("message-type", "request"),
                ("requested_addr", dhcp_desc.ip),
                ("server_id", dhcp_desc.server_ip),
            ]
            dhcp_desc.state_requested = DHCPState.REQUEST
            pkt_xid = dhcp_desc.xid
            ciaddr = dhcp_desc.ip
        elif state == DHCPState.RELEASE:
            dhcp_opts = [
                ("message-type", "release"),
                ("server_id", dhcp_desc.server_ip),
            ]
            dhcp_desc.state_requested = DHCPState.RELEASE
            self._msg_xid = self._msg_xid + 1
            pkt_xid = self._msg_xid
            ciaddr = dhcp_desc.ip
        else:
            LOG.warning(
                "Unknown egress request mac %s state %s",
                str(mac),
                state,
            )
            return

        dhcp_opts.append("end")
        dhcp_desc.xid = pkt_xid
        with self._dhcp_notify:
            self.dhcp_client_state[mac.as_redis_key(vlan)] = dhcp_desc

        pkt = Ether(src=str(mac), dst="ff:ff:ff:ff:ff:ff")
        if vlan and vlan != "0":
            pkt /= Dot1Q(vlan=int(vlan))
        pkt /= IP(src="0.0.0.0", dst="255.255.255.255")
        pkt /= UDP(sport=68, dport=67)
        pkt /= BOOTP(op=1, chaddr=mac.as_hex(), xid=pkt_xid, ciaddr=ciaddr)
        pkt /= DHCP(options=dhcp_opts)
        LOG.debug("DHCP pkt xmit %s", pkt.show(dump=True))

        sendp(pkt, iface=self._dhcp_interface, verbose=0)
    def send_message(self, server, message):
        f = open('dns.json')
        data = json.load(f)
        f.close()

        message = handle.encrypt(message)
        self.threadSignal.emit(message)

        found_domain = False

        start_time = time.time()

        # RUMORE
        request_number = random.randint(5, 10)
        for i in range(0, request_number):
            number_random = random.randint(0, len(data) - 1)
            fake_domain = data[number_random]["dominio"]
            ip = data[number_random]["ip"]

            answer = sr1(IP(dst=server) / UDP(sport=RandShort(), dport=53) /
                         DNS(id=random.randint(0, 65535),
                             rd=1,
                             qd=DNSQR(qname=fake_domain),
                             an=DNSRR(rrname=fake_domain, rdata=ip)),
                         verbose=0)
            self.threadSignal.emit(repr(answer[DNS]))
            # time.sleep(random.randint(2, 10))

        while not found_domain:
            number_random = random.randint(0, len(data) - 1)
            fake_domain = data[number_random]["dominio"]
            ip = data[number_random]["ip"]

            if handle_glob.countConsonantsandVolwes(fake_domain)[
                    0] % 2 == 0 and handle_glob.countConsonantsandVolwes(
                        fake_domain)[1] >= 4:
                found_domain = True

        ttl = random.randint(2468, 10468)
        ttl_binary = bin(ttl)[2:].zfill(16)
        len_binary = bin(len(message))[2:].zfill(8)
        # pattern = random.randint(0, 15)
        # pattern_bin = bin(pattern)[2:].zfill(4)
        pattern_bin = config.get('CONFIG', 'pattern')

        binary = ''
        j = 0
        k = 0
        for i in range(0, len(ttl_binary)):
            if i % 2 != 0:
                binary += len_binary[j]
                j += 1
            elif i < 8 and i % 2 == 0:
                binary += pattern_bin[k]
                k += 1
            else:
                binary += ttl_binary[i]

        answer = sr1(
            IP(dst=server) / UDP(sport=RandShort(), dport=53) /
            DNS(id=random.randint(0, 65535),
                rd=1,
                qd=DNSQR(qname=fake_domain),
                an=DNSRR(ttl=int(binary, 2), rrname=fake_domain, rdata=ip)),
            verbose=0)
        self.threadSignal.emit(repr(answer[DNS]))
        # time.sleep(random.randint(2, 10))

        chunks = list(self.chunkstring(message, 16))
        for message in chunks:
            for i in range(0, len(message)):
                found_domain = False

                while not found_domain:
                    number_random = random.randint(0, len(data) - 1)
                    fake_domain = data[number_random]["dominio"]

                    if handle_glob.countConsonantsandVolwes(
                            fake_domain
                    )[0] % 2 == 0 and handle_glob.countConsonantsandVolwes(
                            fake_domain)[1] >= 4:
                        found_domain = True

                dns_id = random.randint(0, 65535)
                binary_temp = bin(dns_id)[2:].zfill(16)
                binary = ''
                message_binary = bin(ord(message[i]))[2:].zfill(8)
                sequence_number = bin(i)[2:].zfill(4)
                j = 0
                k = 0
                z = 0
                for i in range(0, len(binary_temp)):
                    if i % 2 == 0:
                        binary += message_binary[j]
                        j += 1
                    elif i < 8 and i % 2 != 0:
                        binary += sequence_number[k]
                        k += 1
                    else:
                        binary += pattern_bin[z]
                        z += 1

                new_dns_id = int(binary, 2)

                answer = sr1(
                    IP(dst=server) / UDP(sport=RandShort(), dport=53) /
                    DNS(id=new_dns_id, rd=1, qd=DNSQR(qname=fake_domain)),
                    verbose=0)

                self.threadSignal.emit(repr(answer[DNS]))
                # time.sleep(random.randint(2, 10))

                # RUMORE
                request_number = random.randint(1, 3)
                for i in range(0, request_number):
                    number_random = random.randint(0, len(data) - 1)
                    fake_domain = data[number_random]["dominio"]
                    answer = sr1(IP(dst=server) /
                                 UDP(sport=RandShort(), dport=53) /
                                 DNS(id=random.randint(0, 65535),
                                     rd=1,
                                     qd=DNSQR(qname=fake_domain)),
                                 verbose=0)
                    self.threadSignal.emit(repr(answer[DNS]))
                    # time.sleep(random.randint(2, 10))

        end_time = (time.time() - start_time)
        self.threadSignal.emit("END in " + str(end_time) + " seconds")
Exemple #27
0
def snoop(pkt):
    global first_pkt
    logger.debug("SNOOP")
    sp = IP(pkt.get_payload())
    seqnum = int(sp["TCP"].getfieldval('seq'))
    acknum = int(sp["TCP"].getfieldval('ack'))
    ips = (sp["IP"].getfieldval('src'),sp["IP"].getfieldval('dst'))

    #Tear down and create states
    # if you see an F in flags it means FIN, clean up all connection info.
    logger.info("\tflags: %3s | src:%s dst:%s | seq:%s ack:%s" %\
        (sp.sprintf('%TCP.flags%'),str(ips[0]),str(ips[1]),seqnum,acknum))

    if "F" in sp.sprintf('%TCP.flags%') or "R" in sp.sprintf('%TCP.flags%'):
        logger.debug("\tFIN detected, cleaning.")
        # snoop_clean(pkt)
        # pkt.accept()
        # return
    # create flow information in SYN rather than in ack and data.
    elif "S" in sp.sprintf('%TCP.flags%'):
        logger.debug("\tSYN detected, creating flow.")
        snoop_create(pkt)
        return
  
    ports = (sp["TCP"].getfieldval('sport'),sp["IP"].getfieldval('dport'))
    flow = (ips,ports)
    inv_flow = ((ips[1],ips[0]),(ports[1],ports[0]))
    # handle the last ACK in 3-way handshake
    if not fin_hand[flow]:
        snoop_create(pkt)
        fin_hand[flow] = True
        fin_hand[inv_flow] = True
        first_pkt[flow] = True
        first_pkt[inv_flow] = True
        return

    try:
        prev_seq = lastseq[flow][0]
        prev_ack = lastseq[flow][1]
        logger.debug("\tprev ack: %s   | current ack: %s" % (prev_ack,acknum))
        logger.debug("\tprev seq: %s   | current seq: %s" % (prev_seq,seqnum))

        # if seqnum is less or greather than previous, we will accept and forward
        if seqnum > prev_seq:
            logger.debug("\tData detected")
            first_pkt[flow] = False
            # snoop data will catch the piggys
            snoop_data(pkt)
            return
        elif acknum > prev_ack:
            logger.debug("\tACK")
            first_pkt[flow] = False
            snoop_ack(pkt)
            return
    # if the acknum is greater or less than, we will accept greater and reject lower
        else:
            if flow in first_pkt and first_pkt[flow]:
                #FIXME, this packet never gets acked.
                logger.debug("\tFirst Packet")
                first_pkt[flow] = False
                if first_pkt[inv_flow]:
                    accept_packet(pkt,flow,seqnum,acknum,0)
                else:
                    accept_packet(pkt,flow,seqnum,acknum,1)
                return
            else:
                logger.debug("Out of date.")
                if dcache.get(flow,seqnum):
                    logger.debug("\t\tflow: %s, in dcache: %s, DATA" % (flow,dcache.get(flow,seqnum)))
                    snoop_data(pkt)
                elif acache.get(flow,acknum-1):
                    logger.debug("\t\tflow: %s, in acache: %s, ACK" % (flow,acache.get(flow,acknum)))
                    snoop_ack(pkt)
                    # again our assumptions are that the data link side is not lossy, ack side is with iperf.
                else:
                    logger.debug("flow: %s, inv_flow: %s" % (flow,inv_flow))
                    logger.debug("seq: %s, ack: %s" % (seqnum,acknum))
                if dcache.get(inv_flow,acknum-1):
                    snoop_ack(pkt)
                else:
                    snoop_data(pkt)

    except Exception, e:
        logger.error("ERROR IN SNOOP HANDLE")
        logger.error(str(e))
        logger.error(traceback.format_exc())
Exemple #28
0
    def test_ip_input(self):
        """ IP Input Exceptions """

        # i can't find a way in scapy to construct an IP packet
        # with a length less than the IP header length

        #
        # Packet too short - this is forwarded
        #
        p_short = (
            Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, len=40) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_expect(self.pg0, p_short * 65, self.pg1)

        #
        # Packet too long - this is dropped
        #
        p_long = (
            Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, len=400) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_assert_no_replies(self.pg0, p_long * 65, "too long")

        #
        # bad chksum - this is dropped
        #
        p_chksum = (
            Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, chksum=400) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_assert_no_replies(self.pg0, p_chksum * 65,
                                             "bad checksum")

        #
        # bad version - this is dropped
        #
        p_ver = (
            Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, version=3) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_assert_no_replies(self.pg0, p_ver * 65,
                                             "funky version")

        #
        # fragment offset 1 - this is dropped
        #
        p_frag = (
            Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
            IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, frag=1) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_assert_no_replies(self.pg0, p_frag * 65,
                                             "frag offset")

        #
        # TTL expired packet
        #
        p_ttl = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                 IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, ttl=1) /
                 UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        rx = self.send_and_expect(self.pg0, p_ttl * 65, self.pg0)

        rx = rx[0]
        icmp = rx[ICMP]

        self.assertEqual(icmptypes[icmp.type], "time-exceeded")
        self.assertEqual(icmpcodes[icmp.type][icmp.code],
                         "ttl-zero-during-transit")
        self.assertEqual(icmp.src, self.pg0.remote_ip4)
        self.assertEqual(icmp.dst, self.pg1.remote_ip4)

        #
        # MTU exceeded
        #
        p_mtu = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                 IP(src=self.pg0.remote_ip4,
                    dst=self.pg1.remote_ip4,
                    ttl=10,
                    flags='DF') / UDP(sport=1234, dport=1234) /
                 Raw('\xa5' * 2000))

        self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [1500, 0, 0, 0])

        rx = self.send_and_expect(self.pg0, p_mtu * 65, self.pg0)
        rx = rx[0]
        icmp = rx[ICMP]

        self.assertEqual(icmptypes[icmp.type], "dest-unreach")
        self.assertEqual(icmpcodes[icmp.type][icmp.code],
                         "fragmentation-needed")
        self.assertEqual(icmp.src, self.pg0.remote_ip4)
        self.assertEqual(icmp.dst, self.pg1.remote_ip4)

        self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [2500, 0, 0, 0])
        rx = self.send_and_expect(self.pg0, p_mtu * 65, self.pg1)

        # Reset MTU for subsequent tests
        self.vapi.sw_interface_set_mtu(self.pg1.sw_if_index, [9000, 0, 0, 0])
Exemple #29
0
    def test_igmp_host(self):
        """ IGMP Host functions """

        #
        # Enable interface for host functions
        #
        self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
                                      1,
                                      IGMP_MODE.HOST)

        #
        # Add one S,G of state and expect a state-change event report
        # indicating the addition of the S,G
        #
        h1 = self.add_group(self.pg0, IgmpSG("239.1.1.1", ["1.1.1.1"]))

        # search for the corresponding state created in VPP
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 1)
        self.assertTrue(find_igmp_state(dump, self.pg0,
                                        "239.1.1.1", "1.1.1.1"))

        #
        # Send a general query (to the all router's address)
        # expect VPP to respond with a membership report.
        # Pad the query with 0 - some devices in the big wild
        # internet are prone to this.
        #
        p_g = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
               IP(src=self.pg0.remote_ip4, dst='224.0.0.1', tos=0xc0) /
               IGMPv3(type="Membership Query", mrcode=100) /
               IGMPv3mq(gaddr="0.0.0.0") /
               Raw(b'\x00' * 10))

        self.send(self.pg0, p_g)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        #
        # Group specific query
        #
        p_gs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                   options=[IPOption(copy_flag=1, optclass="control",
                                     option="router_alert")]) /
                IGMPv3(type="Membership Query", mrcode=100) /
                IGMPv3mq(gaddr="239.1.1.1"))

        self.send(self.pg0, p_gs)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        #
        # A group and source specific query, with the source matching
        # the source VPP has
        #
        p_gs1 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                 IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                    options=[IPOption(copy_flag=1, optclass="control",
                                      option="router_alert")]) /
                 IGMPv3(type="Membership Query", mrcode=100) /
                 IGMPv3mq(gaddr="239.1.1.1", srcaddrs=["1.1.1.1"]))

        self.send(self.pg0, p_gs1)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        #
        # A group and source specific query that reports more sources
        # than the packet actually has.
        #
        p_gs2 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                 IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                    options=[IPOption(copy_flag=1, optclass="control",
                                      option="router_alert")]) /
                 IGMPv3(type="Membership Query", mrcode=100) /
                 IGMPv3mq(gaddr="239.1.1.1", numsrc=4, srcaddrs=["1.1.1.1"]))

        self.send_and_assert_no_replies(self.pg0, p_gs2, timeout=10)

        #
        # A group and source specific query, with the source NOT matching
        # the source VPP has. There should be no response.
        #
        p_gs2 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                 IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                    options=[IPOption(copy_flag=1, optclass="control",
                                      option="router_alert")]) /
                 IGMPv3(type="Membership Query", mrcode=100) /
                 IGMPv3mq(gaddr="239.1.1.1", srcaddrs=["1.1.1.2"]))

        self.send_and_assert_no_replies(self.pg0, p_gs2, timeout=10)

        #
        # A group and source specific query, with the multiple sources
        # one of which matches the source VPP has.
        # The report should contain only the source VPP has.
        #
        p_gs3 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                 IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                    options=[IPOption(copy_flag=1, optclass="control",
                                      option="router_alert")]) /
                 IGMPv3(type="Membership Query", mrcode=100) /
                 IGMPv3mq(gaddr="239.1.1.1",
                          srcaddrs=["1.1.1.1", "1.1.1.2", "1.1.1.3"]))

        self.send(self.pg0, p_gs3)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        #
        # Two source and group specific queries in quick succession, the
        # first does not have VPPs source the second does. then vice-versa
        #
        self.send(self.pg0, [p_gs2, p_gs1])
        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        self.send(self.pg0, [p_gs1, p_gs2])
        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h1.sg, "Mode Is Include")])

        #
        # remove state, expect the report for the removal
        #
        self.remove_group(h1)

        dump = self.vapi.igmp_dump()
        self.assertFalse(dump)

        #
        # A group with multiple sources
        #
        h2 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.1",
                                   ["1.1.1.1", "1.1.1.2", "1.1.1.3"]))

        # search for the corresponding state created in VPP
        dump = self.vapi.igmp_dump(self.pg0.sw_if_index)
        self.assertEqual(len(dump), 3)
        for s in h2.sg.saddrs:
            self.assertTrue(find_igmp_state(dump, self.pg0,
                                            "239.1.1.1", s))
        #
        # Send a general query (to the all router's address)
        # expect VPP to respond with a membership report will all sources
        #
        self.send(self.pg0, p_g)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(h2.sg, "Mode Is Include")])

        #
        # Group and source specific query; some present some not
        #
        p_gs = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
                IP(src=self.pg0.remote_ip4, dst='239.1.1.1', tos=0xc0,
                   options=[IPOption(copy_flag=1, optclass="control",
                                     option="router_alert")]) /
                IGMPv3(type="Membership Query", mrcode=100) /
                IGMPv3mq(gaddr="239.1.1.1",
                         srcaddrs=["1.1.1.1", "1.1.1.2", "1.1.1.4"]))

        self.send(self.pg0, p_gs)

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(
                               IgmpSG('239.1.1.1', ["1.1.1.1", "1.1.1.2"]),
                               "Mode Is Include")])

        #
        # add loads more groups
        #
        h3 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.2",
                                   ["2.1.1.1", "2.1.1.2", "2.1.1.3"]))
        h4 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.3",
                                   ["3.1.1.1", "3.1.1.2", "3.1.1.3"]))
        h5 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.4",
                                   ["4.1.1.1", "4.1.1.2", "4.1.1.3"]))
        h6 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.5",
                                   ["5.1.1.1", "5.1.1.2", "5.1.1.3"]))
        h7 = self.add_group(self.pg0,
                            IgmpSG("239.1.1.6",
                                   ["6.1.1.1", "6.1.1.2",
                                    "6.1.1.3", "6.1.1.4",
                                    "6.1.1.5", "6.1.1.6",
                                    "6.1.1.7", "6.1.1.8",
                                    "6.1.1.9", "6.1.1.10",
                                    "6.1.1.11", "6.1.1.12",
                                    "6.1.1.13", "6.1.1.14",
                                    "6.1.1.15", "6.1.1.16"]))

        #
        # general query.
        # the order the groups come in is not important, so what is
        # checked for is what VPP is sending today.
        #
        self.send(self.pg0, p_g)

        capture = self.pg0.get_capture(1, timeout=10)

        self.verify_report(capture[0],
                           [IgmpRecord(h3.sg, "Mode Is Include"),
                            IgmpRecord(h2.sg, "Mode Is Include"),
                            IgmpRecord(h6.sg, "Mode Is Include"),
                            IgmpRecord(h4.sg, "Mode Is Include"),
                            IgmpRecord(h5.sg, "Mode Is Include"),
                            IgmpRecord(h7.sg, "Mode Is Include")])

        #
        # modify a group to add and remove some sources
        #
        h7.sg = IgmpSG("239.1.1.6",
                       ["6.1.1.1", "6.1.1.2",
                        "6.1.1.5", "6.1.1.6",
                        "6.1.1.7", "6.1.1.8",
                        "6.1.1.9", "6.1.1.10",
                        "6.1.1.11", "6.1.1.12",
                        "6.1.1.13", "6.1.1.14",
                        "6.1.1.15", "6.1.1.16",
                        "6.1.1.17", "6.1.1.18"])

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()
        h7.add_vpp_config()

        capture = self.pg0.get_capture(1, timeout=10)
        self.verify_report(capture[0],
                           [IgmpRecord(IgmpSG("239.1.1.6",
                                              ["6.1.1.17", "6.1.1.18"]),
                                       "Allow New Sources"),
                            IgmpRecord(IgmpSG("239.1.1.6",
                                              ["6.1.1.3", "6.1.1.4"]),
                                       "Block Old Sources")])

        #
        # add an additional groups with many sources so that each group
        # consumes the link MTU. We should therefore see multiple state
        # state reports when queried.
        #
        self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [560, 0, 0, 0])

        src_list = []
        for i in range(128):
            src_list.append("10.1.1.%d" % i)

        h8 = self.add_group(self.pg0,
                            IgmpSG("238.1.1.1", src_list))
        h9 = self.add_group(self.pg0,
                            IgmpSG("238.1.1.2", src_list))

        self.send(self.pg0, p_g)

        capture = self.pg0.get_capture(4, timeout=10)

        self.verify_report(capture[0],
                           [IgmpRecord(h3.sg, "Mode Is Include"),
                            IgmpRecord(h2.sg, "Mode Is Include"),
                            IgmpRecord(h6.sg, "Mode Is Include"),
                            IgmpRecord(h4.sg, "Mode Is Include"),
                            IgmpRecord(h5.sg, "Mode Is Include")])
        self.verify_report(capture[1],
                           [IgmpRecord(h8.sg, "Mode Is Include")])
        self.verify_report(capture[2],
                           [IgmpRecord(h7.sg, "Mode Is Include")])
        self.verify_report(capture[3],
                           [IgmpRecord(h9.sg, "Mode Is Include")])

        #
        # drop the MTU further (so a 128 sized group won't fit)
        #
        self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [512, 0, 0, 0])

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        h10 = VppHostState(self,
                           IGMP_FILTER.INCLUDE,
                           self.pg0.sw_if_index,
                           IgmpSG("238.1.1.3", src_list))
        h10.add_vpp_config()

        capture = self.pg0.get_capture(2, timeout=10)
        # wait for a little bit
        self.sleep(1)

        #
        # remove state, expect the report for the removal
        # the dump should be empty
        #
        self.vapi.sw_interface_set_mtu(self.pg0.sw_if_index, [600, 0, 0, 0])
        self.remove_group(h8)
        self.remove_group(h9)
        self.remove_group(h2)
        self.remove_group(h3)
        self.remove_group(h4)
        self.remove_group(h5)
        self.remove_group(h6)
        self.remove_group(h7)
        self.remove_group(h10)

        self.logger.info(self.vapi.cli("sh igmp config"))
        self.assertFalse(self.vapi.igmp_dump())

        #
        # TODO
        #  ADD STATE ON MORE INTERFACES
        #

        self.vapi.igmp_enable_disable(self.pg0.sw_if_index,
                                      0,
                                      IGMP_MODE.HOST)
Exemple #30
0
    def test_qos_ip(self):
        """ QoS Mark/Record IP """

        #
        # for table 1 map the n=0xff possible values of input QoS mark,
        # n to 1-n
        #
        output = [scapy.compat.chb(0)] * 256
        for i in range(0, 255):
            output[i] = scapy.compat.chb(255 - i)
        os = b''.join(output)
        rows = [{
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }]

        self.vapi.qos_egress_map_update(1, rows)

        #
        # For table 2 (and up) use the value n for everything
        #
        output = [scapy.compat.chb(2)] * 256
        os = b''.join(output)
        rows = [{
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }]

        self.vapi.qos_egress_map_update(2, rows)

        output = [scapy.compat.chb(3)] * 256
        os = b''.join(output)
        rows = [{
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }]

        self.vapi.qos_egress_map_update(3, rows)

        output = [scapy.compat.chb(4)] * 256
        os = b''.join(output)
        rows = [{
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }]
        self.vapi.qos_egress_map_update(4, rows)
        self.vapi.qos_egress_map_update(5, rows)
        self.vapi.qos_egress_map_update(6, rows)
        self.vapi.qos_egress_map_update(7, rows)

        self.logger.info(self.vapi.cli("sh qos eg map"))

        #
        # Bind interface pgN to table n
        #
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 1)
        self.vapi.qos_mark_enable_disable(self.pg2.sw_if_index, QOS_SOURCE.IP,
                                          2, 1)
        self.vapi.qos_mark_enable_disable(self.pg3.sw_if_index, QOS_SOURCE.IP,
                                          3, 1)
        self.vapi.qos_mark_enable_disable(self.pg4.sw_if_index, QOS_SOURCE.IP,
                                          4, 1)

        #
        # packets ingress on Pg0
        #
        p_v4 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4, tos=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))
        p_v6 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                IPv6(src=self.pg0.remote_ip6, dst=self.pg1.remote_ip6, tc=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        #
        # Since we have not yet enabled the recording of the input QoS
        # from the input iP header, the egress packet's ToS will be unchanged
        #
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 1)
        rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IPv6].tc, 1)

        #
        # Enable QoS recording on IP input for pg0
        #
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.IP, 1)

        #
        # send the same packets, this time expect the input TOS of 1
        # to be mapped to pg1's egress value of 254
        #
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 254)
        rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IPv6].tc, 254)

        #
        # different input ToS to test the mapping
        #
        p_v4[IP].tos = 127
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 128)
        p_v6[IPv6].tc = 127
        rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IPv6].tc, 128)

        p_v4[IP].tos = 254
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 1)
        p_v6[IPv6].tc = 254
        rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IPv6].tc, 1)

        #
        # send packets out the other interfaces to test the maps are
        # correctly applied
        #
        p_v4[IP].dst = self.pg2.remote_ip4
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg2)
        for p in rx:
            self.assertEqual(p[IP].tos, 2)

        p_v4[IP].dst = self.pg3.remote_ip4
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg3)
        for p in rx:
            self.assertEqual(p[IP].tos, 3)

        p_v6[IPv6].dst = self.pg3.remote_ip6
        rx = self.send_and_expect(self.pg0, p_v6 * 65, self.pg3)
        for p in rx:
            self.assertEqual(p[IPv6].tc, 3)

        #
        # remove the map on pg2 and pg3, now expect an unchanged IP tos
        #
        self.vapi.qos_mark_enable_disable(self.pg2.sw_if_index, QOS_SOURCE.IP,
                                          2, 0)
        self.vapi.qos_mark_enable_disable(self.pg3.sw_if_index, QOS_SOURCE.IP,
                                          3, 0)
        self.logger.info(self.vapi.cli("sh int feat pg2"))

        p_v4[IP].dst = self.pg2.remote_ip4
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg2)
        for p in rx:
            self.assertEqual(p[IP].tos, 254)

        p_v4[IP].dst = self.pg3.remote_ip4
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg3)
        for p in rx:
            self.assertEqual(p[IP].tos, 254)

        #
        # still mapping out of pg1
        #
        p_v4[IP].dst = self.pg1.remote_ip4
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 1)

        #
        # disable the input recording on pg0
        #
        self.vapi.qos_record_enable_disable(self.pg0.sw_if_index,
                                            QOS_SOURCE.IP, 0)

        #
        # back to an unchanged TOS value
        #
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 254)

        #
        # disable the egress map on pg1 and pg4
        #
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 0)
        self.vapi.qos_mark_enable_disable(self.pg4.sw_if_index, QOS_SOURCE.IP,
                                          4, 0)

        #
        # unchanged Tos on pg1
        #
        rx = self.send_and_expect(self.pg0, p_v4 * 65, self.pg1)
        for p in rx:
            self.assertEqual(p[IP].tos, 254)

        #
        # clean-up the map
        #
        self.vapi.qos_egress_map_delete(1)
        self.vapi.qos_egress_map_delete(4)
        self.vapi.qos_egress_map_delete(2)
        self.vapi.qos_egress_map_delete(3)
        self.vapi.qos_egress_map_delete(5)
        self.vapi.qos_egress_map_delete(6)
        self.vapi.qos_egress_map_delete(7)
Exemple #31
0
from scapy.layers.inet import IP

# import scapy.all.Ether
# import scapy.all.IP
# import scapy.all.TCP

a = IP(ttl=10)
print(a)
print(a.src)
a.dst = "192.168.16.152"
print("Packet", a)
print("sourcse", a.src)
del a.ttl
print("Packet", a)
print("Time to live", a.ttl)
print("Packet", IP())
print(IP(proto=55) / TCP())
print(IP() / TCP())
print(Ether() / IP() / TCP())
print(Ether() / IP() / TCP() / UDP())
print(IP(_))
Exemple #32
0
    def test_qos_vlan(self):
        """QoS mark/record VLAN """

        #
        # QoS for all input values
        #
        output = [scapy.compat.chb(0)] * 256
        for i in range(0, 255):
            output[i] = scapy.compat.chb(255 - i)
        os = b''.join(output)
        rows = [{
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }, {
            'outputs': os
        }]

        self.vapi.qos_egress_map_update(1, rows)

        sub_if = VppDot1QSubint(self, self.pg0, 11)

        sub_if.admin_up()
        sub_if.config_ip4()
        sub_if.resolve_arp()
        sub_if.config_ip6()
        sub_if.resolve_ndp()

        #
        # enable VLAN QoS recording/marking on the input Pg0 subinterface and
        #
        self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
                                            QOS_SOURCE.VLAN, 1)
        self.vapi.qos_mark_enable_disable(sub_if.sw_if_index, QOS_SOURCE.VLAN,
                                          1, 1)

        #
        # IP marking/recording on pg1
        #
        self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
                                            QOS_SOURCE.IP, 1)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 1)

        #
        # a routes to/from sub-interface
        #
        route_10_0_0_1 = VppIpRoute(
            self, "10.0.0.1", 32,
            [VppRoutePath(sub_if.remote_ip4, sub_if.sw_if_index)])
        route_10_0_0_1.add_vpp_config()
        route_10_0_0_2 = VppIpRoute(
            self, "10.0.0.2", 32,
            [VppRoutePath(self.pg1.remote_ip4, self.pg1.sw_if_index)])
        route_10_0_0_2.add_vpp_config()
        route_2001_1 = VppIpRoute(
            self,
            "2001::1",
            128, [
                VppRoutePath(sub_if.remote_ip6,
                             sub_if.sw_if_index,
                             proto=DpoProto.DPO_PROTO_IP6)
            ],
            is_ip6=1)
        route_2001_1.add_vpp_config()
        route_2001_2 = VppIpRoute(
            self,
            "2001::2",
            128, [
                VppRoutePath(self.pg1.remote_ip6,
                             self.pg1.sw_if_index,
                             proto=DpoProto.DPO_PROTO_IP6)
            ],
            is_ip6=1)
        route_2001_2.add_vpp_config()

        p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                Dot1Q(vlan=11, prio=1) /
                IP(src="1.1.1.1", dst="10.0.0.2", tos=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
                IP(src="1.1.1.1", dst="10.0.0.1", tos=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)

        for p in rx:
            self.assertEqual(p[Dot1Q].prio, 6)

        rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)

        for p in rx:
            self.assertEqual(p[IP].tos, 254)

        p_v1 = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
                Dot1Q(vlan=11, prio=2) /
                IPv6(src="2001::1", dst="2001::2", tc=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        p_v2 = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
                IPv6(src="3001::1", dst="2001::1", tc=1) /
                UDP(sport=1234, dport=1234) / Raw(scapy.compat.chb(100) * 65))

        rx = self.send_and_expect(self.pg1, p_v2 * 65, self.pg0)

        for p in rx:
            self.assertEqual(p[Dot1Q].prio, 6)

        rx = self.send_and_expect(self.pg0, p_v1 * 65, self.pg1)

        for p in rx:
            self.assertEqual(p[IPv6].tc, 253)

        #
        # cleanup
        #
        sub_if.unconfig_ip4()
        sub_if.unconfig_ip6()

        self.vapi.qos_record_enable_disable(sub_if.sw_if_index,
                                            QOS_SOURCE.VLAN, 0)
        self.vapi.qos_mark_enable_disable(sub_if.sw_if_index, QOS_SOURCE.VLAN,
                                          1, 0)
        self.vapi.qos_record_enable_disable(self.pg1.sw_if_index,
                                            QOS_SOURCE.IP, 0)
        self.vapi.qos_mark_enable_disable(self.pg1.sw_if_index, QOS_SOURCE.IP,
                                          1, 0)
Exemple #33
0
async def run_test(dut):

    tb = TB(dut)

    await tb.init()

    tb.log.info("test UDP RX packet")

    payload = bytes([x % 256 for x in range(256)])
    eth = Ether(src='5a:51:52:53:54:55', dst='02:00:00:00:00:00')
    ip = IP(src='192.168.1.100', dst='192.168.1.128')
    udp = UDP(sport=5678, dport=1234)
    test_pkt = eth / ip / udp / payload

    test_frame = GmiiFrame.from_payload(test_pkt.build())

    await tb.gmii_phy.rx.send(test_frame)

    tb.log.info("receive ARP request")

    rx_frame = await tb.gmii_phy.tx.recv()

    rx_pkt = Ether(bytes(rx_frame.get_payload()))

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt.dst == 'ff:ff:ff:ff:ff:ff'
    assert rx_pkt.src == test_pkt.dst
    assert rx_pkt[ARP].hwtype == 1
    assert rx_pkt[ARP].ptype == 0x0800
    assert rx_pkt[ARP].hwlen == 6
    assert rx_pkt[ARP].plen == 4
    assert rx_pkt[ARP].op == 1
    assert rx_pkt[ARP].hwsrc == test_pkt.dst
    assert rx_pkt[ARP].psrc == test_pkt[IP].dst
    assert rx_pkt[ARP].hwdst == '00:00:00:00:00:00'
    assert rx_pkt[ARP].pdst == test_pkt[IP].src

    tb.log.info("send ARP response")

    eth = Ether(src=test_pkt.src, dst=test_pkt.dst)
    arp = ARP(hwtype=1,
              ptype=0x0800,
              hwlen=6,
              plen=4,
              op=2,
              hwsrc=test_pkt.src,
              psrc=test_pkt[IP].src,
              hwdst=test_pkt.dst,
              pdst=test_pkt[IP].dst)
    resp_pkt = eth / arp

    resp_frame = GmiiFrame.from_payload(resp_pkt.build())

    await tb.gmii_phy.rx.send(resp_frame)

    tb.log.info("receive UDP packet")

    rx_frame = await tb.gmii_phy.tx.recv()

    rx_pkt = Ether(bytes(rx_frame.get_payload()))

    tb.log.info("RX packet: %s", repr(rx_pkt))

    assert rx_pkt.dst == test_pkt.src
    assert rx_pkt.src == test_pkt.dst
    assert rx_pkt[IP].dst == test_pkt[IP].src
    assert rx_pkt[IP].src == test_pkt[IP].dst
    assert rx_pkt[UDP].dport == test_pkt[UDP].sport
    assert rx_pkt[UDP].sport == test_pkt[UDP].dport
    assert rx_pkt[UDP].payload == test_pkt[UDP].payload

    await RisingEdge(dut.clk_125mhz)
    await RisingEdge(dut.clk_125mhz)
Exemple #34
0
def main():
    parser = OptionParser(usage="""%prog [options] <src> <dst>
	    src               : Source ethernet interface. Ex: eth0
	    dst               : Destination ethernet interface. Ex: eth1
	""")

    parser.add_option("-c",
                      "--criteria",
                      help="""
			Load balance criteria: src-mac, dst-mac, src-dst-mac,
			                       src-ip, dst-ip, src-dst-ip,
			                       mpls-top-sec, mpls-top, mpls-sec,
			                       src-tcp, dst-tcp, src-dst-tcp,
			                       src-udp, dst-udp, src-dst-udp
			""",
                      default="src-dst-mac",
                      action="store",
                      type="string",
                      dest="criteria")

    parser.add_option("-i",
                      "--interval",
                      help="Define packet interval in milliseconds.",
                      default=100,
                      action="store",
                      type="int",
                      dest="interval")

    parser.add_option(
        "-n",
        "--num_packets",
        help="Send specified number of packets. Default: send indefinitely.",
        default=0,
        action="store",
        type="int",
        dest="num_packets")

    parser.add_option("-d",
                      "--debug",
                      help="Enable L2tester debuging.",
                      default=False,
                      action="store_true",
                      dest="debug")

    (options, args) = parser.parse_args()

    if len(args) < 2:
        parser.error("must specify interfaces to use")
    if options.debug:
        l2tester.Logger.config_log_level(l2tester.Logger.L2T_LOG_DEBUG)
    if options.criteria not in [
            "dst-ip", "dst-mac", "src-dst-ip", "src-dst-mac", "src-ip",
            "src-mac", "src-udp", "dst-udp", "src-dst-udp", "src-tcp",
            "dst-tcp", "src-dst-tcp", "mpls-top-sec", "mpls-top", "mpls-sec"
    ]:
        parser.error("invalid criteria '{0}'".format(options.criteria))

    if_src = args[0]
    if_dst = args[1]

    try:

        if_src_action = l2tester.Action()
        if_src_action.type = l2tester.Action.ACTION_RANDOMIZE
        if_src_action.seed = 10

        if_src_filter = l2tester.EthernetFilter()

        if_dst_action = l2tester.Action()
        if_dst_action.type = l2tester.Action.ACTION_RANDOMIZE
        if_dst_action.seed = 10

        if_dst_filter = l2tester.EthernetFilter()

        if 'udp' in options.criteria:
            if_src_action.mask = 0xFFFF000000000000
            if_src_action.range_first = 1
            if_src_action.range_last = 0x03FF  # Port 1023

            if_src_filter.dst_mac = '10:00:01:02:03:FF'
            if_src_filter.compile()
            if_src_packet = Ether(
                src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
                    src='192.168.42.01', dst='192.168.42.02') / UDP(
                        sport=18, dport=50) / Raw('\0' * 100)

            if_dst_action.mask = 0xFFFF000000000000
            if_dst_action.range_first = 1
            if_dst_action.range_last = 0x03FF  # Port 1023

            if_dst_filter.src_mac = '10:00:01:02:03:FF'
            if_dst_filter.compile()
            if_dst_packet = Ether(
                src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
                    src='192.168.42.02', dst='192.168.42.01') / UDP(
                        sport=50, dport=18) / Raw('\0' * 100)

            if options.criteria == 'src-dst-udp':

                # Source Interface generate random source and destination UDP port

                if_src_extra_action = l2tester.Action()
                if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_src_extra_action.mask = 0xFFFF000000000000
                if_src_extra_action.byte = 34  # Source UDP port
                if_src_extra_action.range_first = 1
                if_src_extra_action.range_last = 0x03FF  # Port 1023

                if_src_action.byte = 36  # Destination UDP port
                if_src_action.chain_action(if_src_extra_action)

                # Destination Interface generate random source and destination UDP port (but seeds are inverted)

                if_dst_extra_action = l2tester.Action()
                if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_dst_extra_action.mask = 0xFFFF000000000000
                if_dst_extra_action.byte = 36  # Destination UDP port
                if_dst_extra_action.range_first = 1
                if_dst_extra_action.range_last = 0x03FF  # Port 1023

                if_dst_action.byte = 34  # Source UDP port
                if_dst_action.chain_action(if_dst_extra_action)

            elif options.criteria == 'src-udp':
                if_src_action.byte = 34
                if_dst_action.byte = 36
            else:  # options.criteria == 'dst-udp':
                if_src_action.byte = 36
                if_dst_action.byte = 34

        if 'tcp' in options.criteria:
            if_src_action.mask = 0xFFFF000000000000
            if_src_action.range_first = 1
            if_src_action.range_last = 0x03FF  # Port 1023

            if_src_filter.dst_mac = '10:00:01:02:03:FF'
            if_src_filter.compile()
            if_src_packet = Ether(
                src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
                    src='192.168.42.01', dst='192.168.42.02') / TCP(
                        sport=21, dport=57) / Raw('\0' * 100)

            if_dst_action.mask = 0xFFFF000000000000
            if_dst_action.range_first = 1
            if_dst_action.range_last = 0x03FF  # Port 1023

            if_dst_filter.src_mac = '10:00:01:02:03:FF'
            if_dst_filter.compile()
            if_dst_packet = Ether(
                src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
                    src='192.168.42.02', dst='192.168.42.01') / TCP(
                        sport=57, dport=21) / Raw('\0' * 100)

            if options.criteria == 'src-dst-tcp':

                # Source Interface generate random source and destination UDP port

                if_src_extra_action = l2tester.Action()
                if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_src_extra_action.mask = 0xFFFF000000000000
                if_src_extra_action.byte = 34  # Source TCP port
                if_src_extra_action.range_first = 1
                if_src_extra_action.range_last = 0x03FF  # Port 1023

                if_src_action.byte = 36  # Destination TCP port
                if_src_action.chain_action(if_src_extra_action)

                # Destination Interface generate random source and destination TCP port (but seeds are inverted)

                if_dst_extra_action = l2tester.Action()
                if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_dst_extra_action.mask = 0xFFFF000000000000
                if_dst_extra_action.byte = 36  # Destination TCP port
                if_dst_extra_action.range_first = 1
                if_dst_extra_action.range_last = 0x03FF  # Port 1023

                if_dst_action.byte = 34  # Source TCP port
                if_dst_action.chain_action(if_dst_extra_action)

            elif options.criteria == 'src-tcp':
                if_src_action.byte = 34
                if_dst_action.byte = 36
            else:  # options.criteria == 'dst-tcp'
                if_src_action.byte = 36
                if_dst_action.byte = 34

        if 'ip' in options.criteria:

            checksum_action = l2tester.Action()
            checksum_action.byte = 24
            checksum_action.type = l2tester.Action.ACTION_IPV4_CHECKSUM

            if_src_action.mask = 0xFFFFFFFF00000000
            if_src_action.range_first = 1
            if_src_action.range_last = 0xE0000000  # Create random IPs smaller than first multicast 224.0.0.0

            if_src_filter.dst_mac = '10:00:01:02:03:FF'
            if_src_filter.compile()
            if_src_packet = Ether(
                src='10:00:01:02:03:04', dst='10:00:01:02:03:FF') / IP(
                    src='192.168.42.01', dst='192.168.42.02') / Raw('\0' * 100)

            if_dst_action.mask = 0xFFFFFFFF00000000
            if_dst_action.range_first = 1
            if_dst_action.range_last = 0xE0000000  # Create random IPs smaller than first multicast 224.0.0.0

            if_dst_filter.src_mac = '10:00:01:02:03:FF'
            if_dst_filter.compile()
            if_dst_packet = Ether(
                src='10:00:01:02:03:FF', dst='10:00:01:02:03:04') / IP(
                    src='192.168.42.02', dst='192.168.42.01') / Raw('\0' * 100)

            if options.criteria == 'src-dst-ip':

                # Source Interface generate random source and destination IP

                if_src_extra_action = l2tester.Action()
                if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_src_extra_action.mask = 0xFFFFFFFF00000000
                if_src_extra_action.byte = 26  # Source IP
                if_src_extra_action.range_first = 1
                if_src_extra_action.range_last = 0xE0000000  # Create random IPs smaller than first multicast 224.0.0.0
                if_src_extra_action.chain_action(checksum_action)

                if_src_action.byte = 30  # Destination IP
                if_src_action.chain_action(if_src_extra_action)

                # Destination Interface generate random source and destination IP (but seeds are inverted)

                if_dst_extra_action = l2tester.Action()
                if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_dst_extra_action.mask = 0xFFFFFFFF00000000
                if_dst_extra_action.byte = 30  # Destination IP
                if_dst_extra_action.range_first = 1
                if_dst_extra_action.range_last = 0xE0000000  # Create random IPs smaller than first multicast 224.0.0.0
                if_dst_extra_action.chain_action(checksum_action)

                if_dst_action.byte = 26  # Source IP
                if_dst_action.chain_action(if_dst_extra_action)

            else:

                # For single IP, chain action directly to checksum.
                if_src_action.chain_action(checksum_action)
                if_dst_action.chain_action(checksum_action)

                if options.criteria == 'dst-ip':
                    if_src_action.byte = 30  # Destination IP
                    if_dst_action.byte = 26  # Source IP
                elif options.criteria == 'src-ip':
                    if_src_action.byte = 26  # Source IP
                    if_dst_action.byte = 30  # Destination IP

        if 'mpls' in options.criteria:
            if_src_action.mask = 0xFFFFF00000000000
            if_src_action.range_first = 16  # Labels 0 to 15 are reserved.
            if_src_action.range_last = 0xFFFFF  #Last valid label (2^20 - 1).

            if_src_filter.dst_mac = '10:00:01:02:03:FF'
            if_src_filter.compile()
            if_src_packet = Ether(
                src='10:00:01:02:03:04',
                dst='10:00:01:02:03:FF') / MPLS(s=0) / MPLS() / IP(
                    src='192.168.42.01', dst='192.168.42.02') / ICMP() / Raw(
                        '\0' * 100)

            if_dst_action.mask = 0xFFFFF00000000000
            if_dst_action.range_first = 0x10  # Labels 0 to 15 are reserved.
            if_dst_action.range_last = 0xFFFFF  # Last valid label (2^20 - 1).

            if_dst_filter.src_mac = '10:00:01:02:03:FF'
            if_dst_filter.compile()
            if_dst_packet = Ether(
                src='10:00:01:02:03:FF',
                dst='10:00:01:02:03:04') / MPLS(s=0) / MPLS() / IP(
                    src='192.168.42.02', dst='192.168.42.01') / ICMP() / Raw(
                        '\0' * 100)

            if options.criteria == 'mpls-top-sec':
                # Source Interface generates random MPLS top and second labels

                if_src_extra_action = l2tester.Action()
                if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_src_extra_action.mask = 0xFFFFF00000000000
                if_src_extra_action.byte = 14  # Top label
                if_src_extra_action.range_first = 0x10  # Labels 0 to 15 are reserved.
                if_src_extra_action.range_last = 0xFFFFF  # Last valid label (2^20 - 1).

                if_src_action.byte = 18  # Second label
                if_src_action.chain_action(if_src_extra_action)

                # Destination Interface generates random MPLS top and second labels

                if_dst_extra_action = l2tester.Action()
                if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_dst_extra_action.mask = 0xFFFFF00000000000
                if_dst_extra_action.byte = 14  # Top label
                if_dst_extra_action.range_first = 0x10  # Labels 0 to 15 are reserved.
                if_dst_extra_action.range_last = 0xFFFFF  # Last valid label (2^20 - 1).

                if_dst_action.byte = 18  # Second label
                if_dst_action.chain_action(if_dst_extra_action)

            elif options.criteria == 'mpls-top':
                if_src_action.byte = 14
                if_dst_action.byte = 14
            else:  # options.criteria == 'mpls-sec':
                if_src_action.byte = 18
                if_dst_action.byte = 18

        if 'mac' in options.criteria:

            if_src_action.mask = 0xFEFFFFFFFFFF0000

            if_src_filter.outer_tpid = 0x5010
            if_src_filter.compile()
            if_src_packet = Ether(src='10:00:01:02:03:01',
                                  dst='10:00:01:02:03:02',
                                  type=0x5010) / Raw('\0' * 100)

            if_dst_action.mask = 0xFEFFFFFFFFFF0000

            if_dst_filter.outer_tpid = 0x5011
            if_dst_filter.compile()
            if_dst_packet = Ether(src='10:00:01:02:03:02',
                                  dst='10:00:01:02:03:01',
                                  type=0x5011) / Raw('\0' * 100)

            if options.criteria == 'src-dst-mac':

                # Source Interface generate random source and destination MAC

                if_src_extra_action = l2tester.Action()
                if_src_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_src_extra_action.mask = 0xFEFFFFFFFFFF0000
                if_src_extra_action.byte = 6  # Source MAC

                if_src_action.byte = 0  # Destination MAC
                if_src_action.chain_action(if_src_extra_action)

                # Destination Interface generate random source and destination MAC (but seeds are inverted)

                if_dst_extra_action = l2tester.Action()
                if_dst_extra_action.type = l2tester.Action.ACTION_RANDOMIZE
                if_dst_extra_action.mask = 0xFEFFFFFFFFFF0000
                if_dst_extra_action.byte = 0  # Destination MAC

                if_dst_action.byte = 6  # Source MAC
                if_dst_action.chain_action(if_dst_extra_action)

            elif options.criteria == 'dst-mac':
                if_src_action.byte = 0  # Destination MAC
                if_dst_action.byte = 6  # Source MAC

            else:  # options.criteria == 'src-mac'
                if_src_action.byte = 6  # Destination MAC
                if_dst_action.byte = 0  # Source MAC

        src_to_dst_monitor = l2tester.TrafficFlow_Monitor(
            if_src, if_dst, str(if_src_packet), options.interval,
            if_src_action, if_src_filter)

        if options.num_packets:
            # Limited Mode
            try:
                sys.stdout.write("Learning MACs... ")
                dst_to_src_monitor = l2tester.TrafficFlow_Monitor(
                    if_dst, if_src, str(if_dst_packet), options.interval,
                    if_dst_action, if_dst_filter)
                dst_to_src_monitor.run(
                    options.num_packets if 'mac' in options.criteria else 1
                )  #Send more than one packet on the other direction only if criteria is by MAC
                check_monitor_errors(dst_to_src_monitor)
                sys.stdout.write("OK!\n")
                sys.stdout.write("Sending random stream... ")
                src_to_dst_monitor.run(options.num_packets)
                check_monitor_errors(src_to_dst_monitor)
                sys.stdout.write("OK!\n")
            except Exception as e:
                sys.stdout.write(str(e) + "\n")

            return
        else:
            # Unlimited Mode
            # Inverted stream is defined as simple sender (and not as monitor) because it will operate concurrently with monitored stream.
            dst_to_src_sender = l2tester.Sender(if_dst, str(if_dst_packet))
            dst_to_src_sender.set_action(if_dst_action)
            dst_to_src_sender.manual_bandwidth(1, 1000000 * options.interval)

            dst_to_src_sender.start()

            print """
===============================================================================
   Timestamp (ms) |       Delta (ms) | Event
-------------------------------------------------------------------------------"""
            last_event_ms = 0
            src_to_dst_monitor.start()
            while True:
                try:
                    event = src_to_dst_monitor.iterate_event(0, True, 1000)
                    if event:
                        print " {0:>16} | {1:>16} | {2}".format(
                            event.timestamp_ms,
                            event.timestamp_ms - last_event_ms,
                            l2tester.TrafficFlow_Event.type_to_str(event.type))
                        last_event_ms = event.timestamp_ms
                        if event.type == l2tester.TrafficFlow_Event.TEST_FINISHED:
                            break

                except KeyboardInterrupt:
                    src_to_dst_monitor.stop()

        dst_to_src_sender.stop()

        stats = l2tester.TrafficFlow_Statistics()
        src_to_dst_monitor.get_statistics(stats)

        print """
===============================================================================
  Traffic Interruption
    Total     : {0} ms
    Intervals : {1}
  Loop Detection
    Total     : {2} ms
    Intervals : {3}
  Packets
    Sent      : {4}
    Received  : {5}
    Dropped   : {6}
  {7}
===============================================================================
""".format(stats.traffic_interruption_ms, stats.traffic_interruption_intervals,
           stats.loop_detected_ms, stats.loop_detected_intervals,
           stats.sent_packets, stats.received_packets, stats.dropped_packets,
           " ** MONITOR ABORTED **" if stats.error_detected else "")

    except Exception as e:
        print e
Exemple #35
0
    def test_uu_fwd(self):
        """ UU Flood """

        #
        # Create a single bridge Domain
        #
        self.vapi.bridge_domain_add_del(bd_id=1, uu_flood=1)

        #
        # add each interface to the BD. 3 interfaces per split horizon group
        #
        for i in self.pg_interfaces[0:4]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 shg=0)

        #
        # an unknown unicast and broadcast packets
        #
        p_uu = (Ether(dst="00:00:00:c1:5c:00", src="00:00:de:ad:be:ef") /
                IP(src="10.10.10.10", dst="1.1.1.1") /
                UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        p_bm = (Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:de:ad:be:ef") /
                IP(src="10.10.10.10", dst="1.1.1.1") /
                UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        #
        # input on pg0, expected copies on pg1->4
        #
        self.pg0.add_stream(p_uu * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:4]:
            rx0 = i.get_capture(65, timeout=1)

        self.pg0.add_stream(p_bm * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:4]:
            rx0 = i.get_capture(65, timeout=1)

        #
        # use pg8 as the uu-fwd interface
        #
        self.vapi.sw_interface_set_l2_bridge(
            rx_sw_if_index=self.pg8.sw_if_index,
            bd_id=1,
            shg=0,
            port_type=L2_PORT_TYPE.UU_FWD)

        #
        # expect the UU packet on the uu-fwd interface and not be flooded
        #
        self.pg0.add_stream(p_uu * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx0 = self.pg8.get_capture(65, timeout=1)

        for i in self.pg_interfaces[0:4]:
            i.assert_nothing_captured(remark="UU not flooded")

        self.pg0.add_stream(p_bm * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:4]:
            rx0 = i.get_capture(65, timeout=1)

        #
        # remove the uu-fwd interface and expect UU to be flooded again
        #
        self.vapi.sw_interface_set_l2_bridge(
            rx_sw_if_index=self.pg8.sw_if_index,
            bd_id=1,
            shg=0,
            port_type=L2_PORT_TYPE.UU_FWD,
            enable=0)

        self.pg0.add_stream(p_uu * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        for i in self.pg_interfaces[1:4]:
            rx0 = i.get_capture(65, timeout=1)

        #
        # change the BD config to not support UU-flood
        #
        self.vapi.bridge_flags(bd_id=1, is_set=0, flags=BRIDGE_FLAGS.UU_FLOOD)

        self.send_and_assert_no_replies(self.pg0, p_uu)

        #
        # re-add the uu-fwd interface
        #
        self.vapi.sw_interface_set_l2_bridge(
            rx_sw_if_index=self.pg8.sw_if_index,
            bd_id=1,
            shg=0,
            port_type=L2_PORT_TYPE.UU_FWD)
        self.logger.info(self.vapi.cli("sh bridge 1 detail"))

        self.pg0.add_stream(p_uu * 65)
        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx0 = self.pg8.get_capture(65, timeout=1)

        for i in self.pg_interfaces[0:4]:
            i.assert_nothing_captured(remark="UU not flooded")

        #
        # remove the uu-fwd interface
        #
        self.vapi.sw_interface_set_l2_bridge(
            rx_sw_if_index=self.pg8.sw_if_index,
            bd_id=1,
            shg=0,
            port_type=L2_PORT_TYPE.UU_FWD,
            enable=0)
        self.send_and_assert_no_replies(self.pg0, p_uu)

        #
        # cleanup
        #
        for i in self.pg_interfaces[:4]:
            self.vapi.sw_interface_set_l2_bridge(rx_sw_if_index=i.sw_if_index,
                                                 bd_id=1,
                                                 enable=0)

        self.vapi.bridge_domain_add_del(bd_id=1, is_add=0)
    def create_stream(self, mac_type, ip_type, packet_count,
                      src_if, dst_if, traffic, is_ip6, tags=PERMIT_TAGS):
        # exact MAC and exact IP
        # exact MAC and subnet of IPs
        # exact MAC and wildcard IP
        # wildcard MAC and exact IP
        # wildcard MAC and subnet of IPs
        # wildcard MAC and wildcard IP
        # OUI restricted MAC and exact IP
        # OUI restricted MAC and subnet of IPs
        # OUI restricted MAC and wildcard IP

        packets = []
        macip_rules = []
        acl_rules = []
        ip_permit = ""
        mac_permit = ""
        dst_mac = ""
        mac_rule = "00:00:00:00:00:00"
        mac_mask = "00:00:00:00:00:00"
        for p in range(0, packet_count):
            remote_dst_index = p % len(dst_if.remote_hosts)
            remote_dst_host = dst_if.remote_hosts[remote_dst_index]

            dst_port = 1234 + p
            src_port = 4321 + p
            is_permit = self.PERMIT if p % 3 == 0 else self.DENY
            denyMAC = True if not is_permit and p % 3 == 1 else False
            denyIP = True if not is_permit and p % 3 == 2 else False
            if not is_permit and ip_type == self.WILD_IP:
                denyMAC = True
            if not is_permit and mac_type == self.WILD_MAC:
                denyIP = True

            if traffic == self.BRIDGED:
                if is_permit:
                    src_mac = remote_dst_host._mac
                    dst_mac = 'de:ad:00:00:00:00'
                    src_ip4 = remote_dst_host.ip4
                    dst_ip4 = src_if.remote_ip4
                    src_ip6 = remote_dst_host.ip6
                    dst_ip6 = src_if.remote_ip6
                    ip_permit = src_ip6 if is_ip6 else src_ip4
                    mac_permit = src_mac
                if denyMAC:
                    mac = src_mac.split(':')
                    mac[0] = format(int(mac[0], 16)+1, "02x")
                    src_mac = ":".join(mac)
                    if is_ip6:
                        src_ip6 = ip_permit
                    else:
                        src_ip4 = ip_permit
                if denyIP:
                    if ip_type != self.WILD_IP:
                        src_mac = mac_permit
                    src_ip4 = remote_dst_host.ip4
                    dst_ip4 = src_if.remote_ip4
                    src_ip6 = remote_dst_host.ip6
                    dst_ip6 = src_if.remote_ip6
            else:
                if is_permit:
                    src_mac = remote_dst_host._mac
                    dst_mac = src_if.local_mac
                    src_ip4 = src_if.remote_ip4
                    dst_ip4 = remote_dst_host.ip4
                    src_ip6 = src_if.remote_ip6
                    dst_ip6 = remote_dst_host.ip6
                    ip_permit = src_ip6 if is_ip6 else src_ip4
                    mac_permit = src_mac
                if denyMAC:
                    mac = src_mac.split(':')
                    mac[0] = format(int(mac[0], 16) + 1, "02x")
                    src_mac = ":".join(mac)
                    if is_ip6:
                        src_ip6 = ip_permit
                    else:
                        src_ip4 = ip_permit
                if denyIP:
                    src_mac = remote_dst_host._mac
                    if ip_type != self.WILD_IP:
                        src_mac = mac_permit
                    src_ip4 = remote_dst_host.ip4
                    dst_ip4 = src_if.remote_ip4
                    src_ip6 = remote_dst_host.ip6
                    dst_ip6 = src_if.remote_ip6

            if is_permit:
                info = self.create_packet_info(src_if, dst_if)
                payload = self.info_to_payload(info)
            else:
                payload = "to be blocked"

            if mac_type == self.WILD_MAC:
                mac = src_mac.split(':')
                for i in range(1, 5):
                    mac[i] = format(random.randint(0, 255), "02x")
                src_mac = ":".join(mac)

            # create packet
            packet = Ether(src=src_mac, dst=dst_mac)
            ip_rule = src_ip6 if is_ip6 else src_ip4
            if is_ip6:
                if ip_type != self.EXACT_IP:
                    sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip_rule)))
                    if ip_type == self.WILD_IP:
                        sub_ip[0] = random.randint(240, 254)
                        sub_ip[1] = random.randint(230, 239)
                        sub_ip[14] = random.randint(100, 199)
                        sub_ip[15] = random.randint(200, 255)
                    elif ip_type == self.SUBNET_IP:
                        if denyIP:
                            sub_ip[2] = str(int(sub_ip[2]) + 1)
                        sub_ip[14] = random.randint(100, 199)
                        sub_ip[15] = random.randint(200, 255)
                    src_ip6 = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
                packet /= IPv6(src=src_ip6, dst=dst_ip6)
            else:
                if ip_type != self.EXACT_IP:
                    sub_ip = ip_rule.split('.')
                    if ip_type == self.WILD_IP:
                        sub_ip[0] = str(random.randint(1, 49))
                        sub_ip[1] = str(random.randint(50, 99))
                        sub_ip[2] = str(random.randint(100, 199))
                        sub_ip[3] = str(random.randint(200, 255))
                    elif ip_type == self.SUBNET_IP:
                        if denyIP:
                            sub_ip[1] = str(int(sub_ip[1])+1)
                        sub_ip[2] = str(random.randint(100, 199))
                        sub_ip[3] = str(random.randint(200, 255))
                    src_ip4 = ".".join(sub_ip)
                packet /= IP(src=src_ip4, dst=dst_ip4, frag=0, flags=0)

            packet /= UDP(sport=src_port, dport=dst_port)/Raw(payload)

            packet[Raw].load += " mac:"+src_mac

            size = self.pg_if_packet_sizes[p % len(self.pg_if_packet_sizes)]
            if isinstance(src_if, VppSubInterface):
                size = size + 4
            if isinstance(src_if, VppDot1QSubint):
                if src_if is self.subifs[0]:
                    if tags == self.PERMIT_TAGS:
                        packet = src_if.add_dot1q_layer(packet, 10)
                    else:
                        packet = src_if.add_dot1q_layer(packet, 11)
                else:
                    if tags == self.PERMIT_TAGS:
                        packet = src_if.add_dot1q_layer(packet, 30)
                    else:
                        packet = src_if.add_dot1q_layer(packet, 33)
            elif isinstance(src_if, VppDot1ADSubint):
                if src_if is self.subifs[1]:
                    if tags == self.PERMIT_TAGS:
                        packet = src_if.add_dot1ad_layer(packet, 300, 400)
                    else:
                        packet = src_if.add_dot1ad_layer(packet, 333, 444)
                else:
                    if tags == self.PERMIT_TAGS:
                        packet = src_if.add_dot1ad_layer(packet, 600, 700)
                    else:
                        packet = src_if.add_dot1ad_layer(packet, 666, 777)
            self.extend_packet(packet, size)
            packets.append(packet)

            # create suitable MACIP rule
            if mac_type == self.EXACT_MAC:
                mac_rule = src_mac
                mac_mask = "ff:ff:ff:ff:ff:ff"
            elif mac_type == self.WILD_MAC:
                mac_rule = "00:00:00:00:00:00"
                mac_mask = "00:00:00:00:00:00"
            elif mac_type == self.OUI_MAC:
                mac = src_mac.split(':')
                mac[3] = mac[4] = mac[5] = '00'
                mac_rule = ":".join(mac)
                mac_mask = "ff:ff:ff:00:00:00"

            if is_ip6:
                if ip_type == self.WILD_IP:
                    ip = "0::0"
                else:
                    ip = src_ip6
                    if ip_type == self.SUBNET_IP:
                        sub_ip = list(unpack('<16B', inet_pton(AF_INET6, ip)))
                        for i in range(8, 16):
                            sub_ip[i] = 0
                        ip = inet_ntop(AF_INET6, str(bytearray(sub_ip)))
            else:
                if ip_type == self.WILD_IP:
                    ip = "0.0.0.0"
                else:
                    ip = src_ip4
                    if ip_type == self.SUBNET_IP:
                        sub_ip = ip.split('.')
                        sub_ip[2] = sub_ip[3] = '0'
                        ip = ".".join(sub_ip)

            prefix_len = 128 if is_ip6 else 32
            if ip_type == self.WILD_IP:
                prefix_len = 0
            elif ip_type == self.SUBNET_IP:
                prefix_len = 64 if is_ip6 else 16
            ip_rule = inet_pton(AF_INET6 if is_ip6 else AF_INET, ip)

            # create suitable ACL rule
            if is_permit:
                rule_l4_sport = packet[UDP].sport
                rule_l4_dport = packet[UDP].dport
                rule_family = AF_INET6 if packet.haslayer(IPv6) else AF_INET
                rule_prefix_len = 128 if packet.haslayer(IPv6) else 32
                rule_l3_layer = IPv6 if packet.haslayer(IPv6) else IP
                if packet.haslayer(IPv6):
                    rule_l4_proto = packet[UDP].overload_fields[IPv6]['nh']
                else:
                    rule_l4_proto = packet[IP].proto

                acl_rule = {
                    'is_permit': is_permit,
                    'is_ipv6': is_ip6,
                    'src_ip_addr': inet_pton(rule_family,
                                             packet[rule_l3_layer].src),
                    'src_ip_prefix_len': rule_prefix_len,
                    'dst_ip_addr': inet_pton(rule_family,
                                             packet[rule_l3_layer].dst),
                    'dst_ip_prefix_len': rule_prefix_len,
                    'srcport_or_icmptype_first': rule_l4_sport,
                    'srcport_or_icmptype_last': rule_l4_sport,
                    'dstport_or_icmpcode_first': rule_l4_dport,
                    'dstport_or_icmpcode_last': rule_l4_dport,
                    'proto': rule_l4_proto}
                acl_rules.append(acl_rule)

            if mac_type == self.WILD_MAC and ip_type == self.WILD_IP and p > 0:
                continue

            if is_permit:
                macip_rule = ({
                    'is_permit': is_permit,
                    'is_ipv6': is_ip6,
                    'src_ip_addr': ip_rule,
                    'src_ip_prefix_len': prefix_len,
                    'src_mac': mac_rule.replace(':', '').decode('hex'),
                    'src_mac_mask': mac_mask.replace(':', '').decode('hex')})
                macip_rules.append(macip_rule)

        # deny all other packets
        if not (mac_type == self.WILD_MAC and ip_type == self.WILD_IP):
            macip_rule = ({'is_permit': 0,
                           'is_ipv6': is_ip6,
                           'src_ip_addr': "",
                           'src_ip_prefix_len': 0,
                           'src_mac': "",
                           'src_mac_mask': ""})
            macip_rules.append(macip_rule)

        acl_rule = {'is_permit': 0,
                    'is_ipv6': is_ip6}
        acl_rules.append(acl_rule)
        return {'stream': packets,
                'macip_rules': macip_rules,
                'acl_rules': acl_rules}
#     print(f"---> IP address discovered: {res[0].payload.pdst}")
#
# # DISCOVER HOSTS ON NETWORKING USING ICMP PING
# # print("\n\n----- Discovery hosts on network using ICMP ping ---------------------")
# # ans, unans = scapy.sr(IP(dst="192.168.254.1-254")/ICMP(), timeout=1)
# # ans.summary()

# TCP PORT SCAN
print("\n\n----- See what ports are open on a device --------------------")
while True:

    ip = input("IP address on which to scan ports: ")
    if not ip:
        print("\n----- Ending port scanning")
        break

    # answers, unans = scapy.sr(IP(dst="192.168.254.254")/TCP(flags="S", sport=666, dport=[22, 80, 21, 443]), timeout=1)
    answers, unans = scapy.sr(IP(dst=ip) /
                              TCP(flags="S", sport=666, dport=(1, 1024)),
                              timeout=10)
    for answered in answers:
        print(f"---> open port: {answered[0].summary()}")

    print()
    for un_answered in unans:
        print(f"---> closed port: {un_answered[0].summary()}")

    print("\n----- Open/Closed port totals --------------------")
    print(f"\tOpen ports: {len(answers)}")
    print(f"\tClosed ports: {len(unans)}")
Exemple #38
0
 def getIPv4Flow(self, id):
     return (IP(dst="90.0.%u.%u" % (id / 255, id % 255),
                src="40.0.%u.%u" % (id / 255, id % 255)) /
             UDP(sport=10000 + id, dport=20000 + id))
Exemple #39
0
    def create_stream(self,
                      src_ip_if,
                      dst_ip_if,
                      reverse,
                      packet_sizes,
                      is_ip6,
                      expect_blocked,
                      expect_established,
                      add_extension_header,
                      icmp_stateful=False):
        pkts = []
        rules = []
        permit_rules = []
        permit_and_reflect_rules = []
        total_packet_count = 8
        for i in range(0, total_packet_count):
            modulo = (i // 2) % 2
            icmp_type_delta = i % 2
            icmp_code = i
            is_udp_packet = (modulo == 0)
            if is_udp_packet and icmp_stateful:
                continue
            is_reflectable_icmp = (icmp_stateful and icmp_type_delta == 0
                                   and not is_udp_packet)
            is_reflected_icmp = is_reflectable_icmp and expect_established
            can_reflect_this_packet = is_udp_packet or is_reflectable_icmp
            is_permit = i % 2
            remote_dst_index = i % len(dst_ip_if.remote_hosts)
            remote_dst_host = dst_ip_if.remote_hosts[remote_dst_index]
            if is_permit == 1:
                info = self.create_packet_info(src_ip_if, dst_ip_if)
                payload = self.info_to_payload(info)
            else:
                to_be_blocked = False
                if (expect_blocked and not expect_established):
                    to_be_blocked = True
                if (not can_reflect_this_packet):
                    to_be_blocked = True
                if to_be_blocked:
                    payload = "to be blocked"
                else:
                    info = self.create_packet_info(src_ip_if, dst_ip_if)
                    payload = self.info_to_payload(info)
            if reverse:
                dst_mac = 'de:ad:00:00:00:00'
                src_mac = remote_dst_host._mac
                dst_ip6 = src_ip_if.remote_ip6
                src_ip6 = remote_dst_host.ip6
                dst_ip4 = src_ip_if.remote_ip4
                src_ip4 = remote_dst_host.ip4
                dst_l4 = 1234 + i
                src_l4 = 4321 + i
            else:
                dst_mac = src_ip_if.local_mac
                src_mac = src_ip_if.remote_mac
                src_ip6 = src_ip_if.remote_ip6
                dst_ip6 = remote_dst_host.ip6
                src_ip4 = src_ip_if.remote_ip4
                dst_ip4 = remote_dst_host.ip4
                src_l4 = 1234 + i
                dst_l4 = 4321 + i
            if is_reflected_icmp:
                icmp_type_delta = 1

            # default ULP should be something we do not use in tests
            ulp_l4 = TCP(sport=src_l4, dport=dst_l4)
            # potentially a chain of protocols leading to ULP
            ulp = ulp_l4

            if is_udp_packet:
                if is_ip6:
                    ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
                    if add_extension_header:
                        # prepend some extension headers
                        ulp = (IPv6ExtHdrRouting() / IPv6ExtHdrRouting() /
                               IPv6ExtHdrFragment(offset=0, m=1) / ulp_l4)
                        # uncomment below to test invalid ones
                        # ulp = IPv6ExtHdrRouting(len = 200) / ulp_l4
                    else:
                        ulp = ulp_l4
                    p = (Ether(dst=dst_mac, src=src_mac) /
                         IPv6(src=src_ip6, dst=dst_ip6) / ulp / Raw(payload))
                else:
                    ulp_l4 = UDP(sport=src_l4, dport=dst_l4)
                    # IPv4 does not allow extension headers,
                    # but we rather make it a first fragment
                    flags = 1 if add_extension_header else 0
                    ulp = ulp_l4
                    p = (Ether(dst=dst_mac, src=src_mac) /
                         IP(src=src_ip4, dst=dst_ip4, frag=0, flags=flags) /
                         ulp / Raw(payload))
            elif modulo == 1:
                if is_ip6:
                    ulp_l4 = ICMPv6Unknown(type=128 + icmp_type_delta,
                                           code=icmp_code)
                    ulp = ulp_l4
                    p = (Ether(dst=dst_mac, src=src_mac) /
                         IPv6(src=src_ip6, dst=dst_ip6) / ulp / Raw(payload))
                else:
                    ulp_l4 = ICMP(type=8 - 8 * icmp_type_delta, code=icmp_code)
                    ulp = ulp_l4
                    p = (Ether(dst=dst_mac, src=src_mac) /
                         IP(src=src_ip4, dst=dst_ip4) / ulp / Raw(payload))

            if i % 2 == 1:
                info.data = p.copy()
            size = packet_sizes[(i // 2) % len(packet_sizes)]
            self.extend_packet(p, size)
            pkts.append(p)

            rule_family = AF_INET6 if p.haslayer(IPv6) else AF_INET
            rule_prefix_len = 128 if p.haslayer(IPv6) else 32
            rule_l3_layer = IPv6 if p.haslayer(IPv6) else IP

            if p.haslayer(UDP):
                rule_l4_sport = p[UDP].sport
                rule_l4_dport = p[UDP].dport
            else:
                if p.haslayer(ICMP):
                    rule_l4_sport = p[ICMP].type
                    rule_l4_dport = p[ICMP].code
                else:
                    rule_l4_sport = p[ICMPv6Unknown].type
                    rule_l4_dport = p[ICMPv6Unknown].code
            if p.haslayer(IPv6):
                rule_l4_proto = ulp_l4.overload_fields[IPv6]['nh']
            else:
                rule_l4_proto = p[IP].proto

            new_rule = {
                'is_permit': is_permit,
                'is_ipv6': p.haslayer(IPv6),
                'src_ip_addr': inet_pton(rule_family, p[rule_l3_layer].src),
                'src_ip_prefix_len': rule_prefix_len,
                'dst_ip_addr': inet_pton(rule_family, p[rule_l3_layer].dst),
                'dst_ip_prefix_len': rule_prefix_len,
                'srcport_or_icmptype_first': rule_l4_sport,
                'srcport_or_icmptype_last': rule_l4_sport,
                'dstport_or_icmpcode_first': rule_l4_dport,
                'dstport_or_icmpcode_last': rule_l4_dport,
                'proto': rule_l4_proto,
            }
            rules.append(new_rule)
            new_rule_permit = new_rule.copy()
            new_rule_permit['is_permit'] = 1
            permit_rules.append(new_rule_permit)

            new_rule_permit_and_reflect = new_rule.copy()
            if can_reflect_this_packet:
                new_rule_permit_and_reflect['is_permit'] = 2
            else:
                new_rule_permit_and_reflect['is_permit'] = is_permit

            permit_and_reflect_rules.append(new_rule_permit_and_reflect)
            self.logger.info("create_stream pkt#%d: %s" % (i, payload))

        return {
            'stream': pkts,
            'rules': rules,
            'permit_rules': permit_rules,
            'permit_and_reflect_rules': permit_and_reflect_rules
        }