def verify_ip_precedence_ip_precedence(packets, exclude_src_ip=None):
"""Verify that all packets have mapped IP precedence value to EXP
Args:
packets ('obj'): Packets to analyze
exclude_src_ip ('str'): Source ip to exclude
Returns:
True / False
Raises:
None
"""
try:
from scapy.all import load_contrib
from scapy.contrib.mpls import MPLS
except ImportError:
raise ImportError(
'scapy is not installed, please install it by running: '
'pip install scapy') from None
log.info(
"Verifying that all the packets have mapped IP precedence value to EXP"
)
if exclude_src_ip:
log.info(
"Exclude packets with source ip {ip}".format(ip=exclude_src_ip))
load_contrib("mpls")
not_matched = False
no_check = True
for pkt in packets:
if pkt.haslayer("Raw"):
mpls_pkt = MPLS(pkt["Raw"])
if mpls_pkt.haslayer("IP") and (
exclude_src_ip is None
or mpls_pkt["IP"].src != exclude_src_ip):
no_check = False
log.info("Analyzing the following packet:"
"\n-------------------------------\n{}".format(
mpls_pkt.show(dump=True)))
tos = "{0:08b}".format(mpls_pkt["IP"].tos)
cos = "{0:03b}".format(mpls_pkt["MPLS"].cos)
if tos[0:3] != cos:
not_matched = True
log.info(
"MPLS EXP 'COS' value didn't match the IP Precedence 'TOS'"
)
else:
log.info(
"MPLS EXP 'COS' value matched the IP Precedence 'TOS'")
if no_check:
log.info("Didn't find any 'IPv4' protocol packets to "
"analyze out of the {} packets".format(len(packets)))
if not_matched:
return False
return True
def get_ntp_packet(packets, ip_address_source, ip_address_destination):
""" Find ntp packet with src ip and dest ip in pcap file
Args:
packets (`obj`): pcap object
ip_address_source (`str`): source ip
ip_address_destination (`str`): destination ip
Returns:
pkt (`obj`): verified ntp packet
"""
try:
from scapy.contrib.mpls import MPLS
except ImportError:
raise ImportError(
'scapy is not installed, please install it by running: '
'pip install scapy') from None
for pkt in packets:
if pkt.haslayer("Raw"):
mpls_pkt = MPLS(pkt["Raw"])
if (mpls_pkt.haslayer("IP") and mpls_pkt.haslayer("NTPHeader")
and mpls_pkt["IP"].src == ip_address_source
and mpls_pkt["IP"].dst == ip_address_destination):
log.info("Found NTP packet:\n{pkt}".format(pkt=mpls_pkt.show(
dump=True)))
return pkt
elif (pkt.haslayer("IP") and pkt.haslayer("NTPHeader")
and pkt["IP"].src == ip_address_source
and pkt["IP"].dst == ip_address_destination):
log.info(
"Found NTP packet:\n{pkt}".format(pkt=pkt.show(dump=True)))
return pkt
return None
def analyze_udp_in_mpls_packets(
packets, ip_address, ttl, packet_count, destination_port
):
""" Analyze passed packets
Args:
packets('str'): Packets to analyze
ip_address ('str'): Destination IP address
ttl (`int`): Time to live
packet_count (`int`): Packet count to check during
packet analysis
destination_port (`int`): Destination port start "traceroute"
Returns:
pkt count
Raises:
None
"""
try:
from scapy.all import load_contrib, UDP
from scapy.contrib.mpls import MPLS
except ImportError:
raise ImportError('scapy is not installed, please install it by running: '
'pip install scapy') from None
count = 0
for pkt in packets:
# Analyze MPLS packets
if pkt.type == 34887:
load_contrib("mpls")
mpls_pkt = MPLS(pkt["Raw"])
if (
mpls_pkt.haslayer("IP")
and mpls_pkt["IP"].dst == ip_address
and mpls_pkt["IP"].ttl == ttl
and mpls_pkt.haslayer("UDP")
):
# Catch the start of source and destination ports
if count == 0:
sport_count = mpls_pkt["UDP"].sport
dport_count = destination_port
log.info(
"Found a packet that meets the requirement:\nDestination:\t{"
"ip_pkt_dst}\nDestination Port:\t{dst_port}\nSource:\t\t{"
"ip_pkt_src}\nSource Port:\t{src_port}\nUDP Packet:\t{"
"mpls_pkt}\n".format(
ip_pkt_dst=mpls_pkt["IP"].dst,
dst_port=dport_count,
ip_pkt_src=mpls_pkt["IP"].src,
src_port=sport_count,
mpls_pkt="True" if mpls_pkt["UDP"] else "False",
)
)
count += 1
continue
# Verify source and destination ports are incrementing
if mpls_pkt["UDP"].sport != sport_count + 1:
log.info(
"Source port didn't increment to "
"{source_port} as expected; instead it is {sp}".format(
source_port=sport_count + 1,
destination_port=dport_count + 1,
sp=mpls_pkt["UDP"].sport,
)
)
return None, 0
elif mpls_pkt["UDP"].dport != dport_count + 1:
log.info(
"destination port didn't increment to "
"{destination_port} as expected; instead "
"it is {dp}".format(
source_port=sport_count + 1,
destination_port=dport_count + 1,
dp=mpls_pkt["UDP"].dport,
)
)
return None, 0
else:
count += 1
sport_count += 1
dport_count += 1
log.info(
'Found a packet that "meets" the requirement:\nDestination:\t{'
"ip_pkt_dst}\nDestination Port:\t{dst_port}\nSource:\t\t{"
"ip_pkt_src}\nSource Port:\t{src_port}\nUDP Packet:\t{"
"mpls_pkt}\n".format(
ip_pkt_dst=mpls_pkt["IP"].dst,
dst_port=dport_count,
ip_pkt_src=mpls_pkt["IP"].src,
src_port=sport_count,
mpls_pkt="True" if mpls_pkt["UDP"] else "False",
)
)
if count == packet_count:
return pkt, count
return None, count