def test_tcp_filter_tcp_packet_not_in_src_range_or_dst_range(self):
rule = port_filter.PortRangeRule(protocol='TCP',
src_lo=0,
src_hi=1,
dst_lo=0,
dst_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_TCP,
src_port=5,
dst_port=5)
self.assertFalse(rule.filter_condition(packet))
def test_udp_filter_udp_packet_in_src_range_and_dst_range(self):
rule = port_filter.PortRangeRule(protocol='UDP',
src_lo=0,
src_hi=1,
dst_lo=0,
dst_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_UDP,
src_port=0,
dst_port=0)
self.assertTrue(rule.filter_condition(packet))
def test_port_and_dst_rule_both_match(self):
rule = IPPortRule(protocol='UDP', src_lo=0, src_hi=1, dst_ip='127.0.0.0/24')
packet = FakePacket(protocol=socket.IPPROTO_UDP, src_port=0, dst_ip='127.0.0.0')
self.assertTrue(rule.filter_condition(packet))
def test_port_and_src_rule_port_fails(self):
rule = IPPortRule(protocol='UDP', src_lo=0, src_hi=1, src_ip='127.0.0.0/24')
packet = FakePacket(protocol=socket.IPPROTO_TCP, src_port=0, src_ip='127.0.0.0')
self.assertFalse(rule.filter_condition(packet))
def test_tcp_filter_tcp_packet_wrong_src_right_dst(self):
rule = port_filter.PortRule(protocol='TCP', src_port=0, dst_port=0)
packet = FakePacket(protocol=socket.IPPROTO_TCP,
src_port=1,
dst_port=1)
self.assertFalse(rule.filter_condition(packet))
def test_tcp_filter_tcp_packet_matching_src_and_dst(self):
rule = port_filter.PortRule(protocol='TCP', src_port=0, dst_port=0)
packet = FakePacket(protocol=socket.IPPROTO_TCP,
src_port=0,
dst_port=0)
self.assertTrue(rule.filter_condition(packet))
def test_udp_filter_with_tcp_packet(self):
rule = port_filter.PortRule(protocol='UDP', src_port=0)
packet = FakePacket(protocol=socket.IPPROTO_TCP)
self.assertFalse(rule.filter_condition(packet))
def test_udp_filter_udp_packet_wrong_dst_port(self):
rule = port_filter.PortRule(protocol='UDP', dst_port=0)
packet = FakePacket(protocol=socket.IPPROTO_UDP, dst_port=1)
self.assertFalse(rule.filter_condition(packet))
def test_out_of_range(self):
rule = ip_rules.DestinationIPRule(cidr_range='127.0.0.0/24')
packet = FakePacket(dst_ip='128.0.0.0')
self.assertFalse(rule.filter_condition(packet))
def test_tcp_filter_tcp_packet_in_dst_range(self):
rule = port_filter.PortRangeRule(protocol='TCP', dst_lo=0, dst_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_TCP, dst_port=0)
self.assertTrue(rule.filter_condition(packet))
def test_tcp_filter_udp_packet(self):
rule = port_filter.PortRangeRule(protocol='TCP', src_lo=0, src_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_UDP)
self.assertFalse(rule.filter_condition(packet))
def test_udp_filter_udp_packet_out_dst_range(self):
rule = port_filter.PortRangeRule(protocol='UDP', dst_lo=0, dst_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_UDP, dst_port=5)
self.assertFalse(rule.filter_condition(packet))
def test_udp_filter_with_udp_matching_src_port(self):
rule = port_filter.PortRule(protocol='UDP', src_port=0)
packet = FakePacket(protocol=socket.IPPROTO_UDP, src_port=0)
self.assertTrue(rule.filter_condition(packet))
def test_in_range(self):
rule = ip_rules.SourceIPRule(cidr_range='127.0.0.0/24')
packet = FakePacket(src_ip='127.0.0.0')
self.assertTrue(rule.filter_condition(packet))
def test_without_cidr_range(self):
rule = ip_rules.DestinationIPRule(cidr_range='127.0.0.0')
packet1 = FakePacket(dst_ip='127.0.0.0')
packet2 = FakePacket(dst_ip='127.0.0.1')
self.assertTrue(rule.filter_condition(packet1))
self.assertFalse(rule.filter_condition(packet2))
def test_port_rule_only_match(self):
rule = IPPortRule(protocol='UDP', src_lo=0, src_hi=1)
packet = FakePacket(protocol=socket.IPPROTO_UDP, src_port=0)
self.assertTrue(rule.filter_condition(packet))
def test_port_src_and_dst_rule_all_fail(self):
rule = IPPortRule(protocol='UDP', src_lo=0, src_hi=1, src_ip='127.0.0.0/24', dst_ip='127.0.0.0/24')
packet = FakePacket(protocol=socket.IPPROTO_UDP, src_port=5, src_ip='128.0.0.0', dst_ip='128.0.0.0')
self.assertFalse(rule.filter_condition(packet))
def test_udp_packet(self):
rule = tcp_rules.TCPRule()
packet = FakePacket(protocol=socket.IPPROTO_UDP)
self.assertFalse(rule.filter_condition(packet))