def test_080_nmap_log(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest( "IperfServer test client unreachable, skipping alternate port forwarding test" ) startTime = datetime.datetime.now() # start nmap on client remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1", host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention', 'All Events', None, 5) found = global_functions.check_events(events.get('list'), 5, 'msg', "NMAP", 'blocked', False, min_date=startTime)
def test_052_functional_icmp_log(self): """ Check for ICMP (ping) """ global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") # insert rule at the beginning of the list so other rules do not interfere. appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan")) app.setSettings(appSettings, True) wait_for_daemon_ready() startTime = datetime.datetime.now() remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'protocol', "1", 'blocked', False, min_date=startTime) del appSettings['rules']['list'][0] # delete the first rule just added app.setSettings(appSettings, True) assert(found)
def test_021_severely_limited_udp(self): global app, app_web_filter, wan_limit_mbit # only use 30% because QoS will limit to 10% and we want to make sure it takes effect # really high levels will actually be limited by the untangle-vm throughput instead of QoS # which can interfere with the test targetSpeedMbit = str(wan_limit_mbit*.3)+"M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest("Iperf server and/or iperf not available, skipping alternate port forwarding test") # Enabled QoS netsettings = uvmContext.networkManager().getNetworkSettings() nuke_rules() append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",1)) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) # Create DST_PORT based rule to limit bandwidth nuke_rules() append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",7)) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 ) assert (post_UDP_speed < pre_UDP_speed*.9)
def test_014_qos_bypass_custom_rules_udp(self): global wan_limit_mbit targetSpeedMbit = str(wan_limit_mbit)+"M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest("Iperf server and/or iperf not available") netsettings = uvmContext.networkManager().getNetworkSettings() netsettings['bypassRules']['list'].append( create_bypass_condition_rule("DST_PORT","5000") ) netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 1) ) uvmContext.networkManager().setNetworkSettings( netsettings ) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) netsettings['qosSettings']['qosRules']['list'] = [] netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 7) ) uvmContext.networkManager().setNetworkSettings( netsettings ) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit ) # Restore original network settings uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos ) print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 ) assert (post_UDP_speed < pre_UDP_speed*.9)
def test_021_severely_limited_udp(self): global wan_limit_mbit # severely limited means 10% of wan download bandwidth expectedSpeedMbit = wan_limit_mbit * .1 # a udp iperf test will fail if it loses more than 40% of sent # packets, so make sure expectedSpeedMbit is a little less than # 60% of targetSpeedMbit targetSpeedMbit = str(expectedSpeedMbit * 1.6) + "M" if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') # We will use iperf server and iperf for this test. wan_IP = uvmContext.networkManager().getFirstWanAddress() iperfAvailable = global_functions.verify_iperf_configuration(wan_IP) if (not iperfAvailable): raise unittest.SkipTest( "Iperf server and/or iperf not available, skipping alternate port forwarding test" ) # Enabled QoS netsettings = uvmContext.networkManager().getNetworkSettings() nuke_rules(self._app) append_rule( self._app, create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY", 1)) pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit) # Create DST_PORT based rule to limit bandwidth nuke_rules(self._app) append_rule( self._app, create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY", 7)) post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit) print_results(pre_UDP_speed, post_UDP_speed, (wan_limit_kbit / 8) * 0.1, pre_UDP_speed * .9) assert (pre_UDP_speed != 0) assert (post_UDP_speed != 0) assert (post_UDP_speed < pre_UDP_speed * .9)
def test_080_nmap_log(self): global app, appSettings if runtests.quick_tests_only: raise unittest.SkipTest('Skipping a time consuming test') wan_ip = uvmContext.networkManager().getFirstWanAddress() iperf_avail = global_functions.verify_iperf_configuration(wan_ip) device_in_office = global_functions.is_in_office_network(wan_ip) # Also test that it can probably reach us (we're on a 10.x network) if not device_in_office: raise unittest.SkipTest("Not on office network, skipping") if (not iperf_avail): raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test") startTime = datetime.datetime.now() # start nmap on client remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server) app.forceUpdateStats() events = global_functions.get_events('Intrusion Prevention','All Events',None,5) found = global_functions.check_events( events.get('list'), 5, 'msg', "NMAP", 'blocked', False, min_date=startTime)