def test_encap(self): """Packet Tracer Filter Test with encap""" # the packet we are trying to match p = ( Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / UDP() / VXLAN() / Ether() / IP() / UDP() / GENEVE(vni=1234) / Ether() / IP(src="192.168.4.167") / UDP() / Raw("\xa5" * 100) ) # # compute filter mask & value # we compute it by XOR'ing a template packet with a modified packet # we need to set checksums to 0 to make sure scapy will not recompute # them # tmpl = ( Ether() / IP(chksum=0) / UDP(chksum=0) / VXLAN() / Ether() / IP(chksum=0) / UDP(chksum=0) / GENEVE(vni=0) / Ether() / IP(src="0.0.0.0", chksum=0) ) ori = raw(tmpl) # the mask tmpl[GENEVE].vni = 0xFFFFFF user = tmpl[GENEVE].payload user[IP].src = "255.255.255.255" new = raw(tmpl) mask = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) # this does not match (wrong vni) tmpl[GENEVE].vni = 1 user = tmpl[GENEVE].payload user[IP].src = "192.168.4.167" new = raw(tmpl) match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) self.assert_classify(mask, match, [p] * 11, 0) # this must match tmpl[GENEVE].vni = 1234 new = raw(tmpl) match = "".join(("{:02x}".format(o ^ n) for o, n in zip(ori, new))) self.assert_classify(mask, match, [p] * 17)
def scapy_simple_vxlan_packet(): # type: () -> Packet return (Ether( dst="00:01:02:03:04:05", src="00:06:07:08:09:0a", ) / IP(src="192.168.0.1", dst="192.168.0.2") / UDP() / VXLAN() / Ether( dst="00:01:02:03:04:05", src="00:06:07:08:09:0a", ) / IP(src="192.168.0.1", dst="192.168.0.2") / TCP(sport=1234, dport=80))
def encap_mcast(self, pkt, src_ip, src_mac, vni): """ Encapsulate the original payload frame by adding VXLAN-GPE header with its UDP, IP and Ethernet fields """ return (Ether(src=src_mac, dst=self.mcast_mac) / IP(src=src_ip, dst=self.mcast_ip4) / UDP(sport=self.dport, dport=self.dport, chksum=0) / VXLAN(vni=vni, flags=self.flags) / pkt)
def encapsulate(self, pkt, vni): """ Encapsulate the original payload frame by adding VXLAN-GPE header with its UDP, IP and Ethernet fields """ return (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / IP(src=self.pg0.remote_ip4, dst=self.pg0.local_ip4) / UDP(sport=self.dport, dport=self.dport, chksum=0) / VXLAN(vni=vni, flags=self.flags) / pkt)
def test_mask__mask_has_problem_with_conditional_fields(self): pkt = VXLAN(flags=0x80, gpflags=0x23, gpid=0x1234, vni=0x1337) mask_pkt = Mask(pkt) mask_pkt.set_do_not_care_packet(VXLAN, "gpid") assert mask_pkt.mask == [ 255, 255, 0, 0, 255, 255, 255, 255, ], "Only gpid field should be masked"
from scapy.layers.inet import IP, UDP, TCP, Ether from scapy.layers.vxlan import VXLAN from scapy.all import * from typing import Generator # ---------------------------------------------------------------- # Build 6 packets. # ---------------------------------------------------------------- packets: Packet = Ether() / IP() / VXLAN() / UDP() packets.ttl = (10, 12) # TTL from 10 to 12. packets.dport = [80, 453] # Destination port 80 and 453. print(f"Number of packets: {len(list(packets)):d}") packet: Packet for packet in packets: print(packet.sprintf("%IP.src%:%IP.sport% > %IP.dst%:%IP.dport%")) if TCP in packet: print("This packet has a TCP packet") if UDP in packet: print("This packet has a UDP packet") print("") # ---------------------------------------------------------------- # Print the description of the first packet. # ---------------------------------------------------------------- p: Packet = list(packets)[0] p.show() # ---------------------------------------------------------------- # Build packets: condensed notation
def main(): """Send packet from one traffic generator interface to the other.""" args = TrafficScriptArg([ u"tg_if1_mac", u"dut_if1_mac", u"flow_type", u"proto", ], [u"src_ip", u"dst_ip", u"src_port", u"dst_port", u"value"]) tx_if = args.get_arg(u"tx_if") tx_src_mac = args.get_arg(u"tg_if1_mac") tx_dst_mac = args.get_arg(u"dut_if1_mac") flow_type = args.get_arg(u"flow_type") proto = args.get_arg(u"proto") src = args.get_arg(u"src_ip") dst = args.get_arg(u"dst_ip") sport = eval(args.get_arg(u"src_port")) dport = eval(args.get_arg(u"dst_port")) value = eval(args.get_arg(u"value")) txq = TxQueue(tx_if) if flow_type == u"IP4": pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) / IP(src=src, dst=dst)) elif flow_type == u"IP6": pkt_raw = (Ether(src=tx_src_mac, dst=tx_dst_mac) / IPv6(src=src, dst=dst)) elif flow_type == u"ETHER": pkt_raw = Ether(src=tx_src_mac, dst=tx_dst_mac) else: raise ValueError(f"Flow type error: {flow_type}") if proto == u"TCP": pkt_raw /= TCP(sport=sport, dport=dport) elif proto == u"UDP": pkt_raw /= UDP(sport=sport, dport=dport) elif proto == u"AH": pkt_raw /= AH(spi=value) elif proto == u"ESP": pkt_raw /= ESP(spi=value) elif proto == u"GTPU": pkt_raw /= (UDP() / GTP_U_Header(teid=value) / IP(src=u"192.168.10.20")) elif proto == u"L2TPV3": value_hex = hex(value).replace('0x', (8 - len(hex(value)) + 2) * '0') session_id = binascii.a2b_hex(value_hex) pkt_raw.proto = 115 pkt_raw /= Raw(session_id) elif proto == u"VXLAN": pkt_raw /= (UDP() / VXLAN(vni=value)) elif proto == u"ARP": pkt_raw.type = value pkt_raw /= ARP() else: raise ValueError(f"Flow proto error: {proto}") pkt_raw /= Raw() txq.send(pkt_raw) sys.exit(0)