def test_acl_mode_a3(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg["capture"][0], self.pkt3_cfg["capture"][1], \
self.pkt3_cfg["capture"][2], self.pkt3_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg[
"send"][1], self.pkt3_cfg["send"][2]
read_name, read_id = self.pkt3_cfg["read"][0], self.pkt3_cfg["read"][1]
# 下发配置并检查结果
for key in self.case3_step1:
fun.cmd(self.case3_step1[key][0], 'gw')
re = fun.cmd(self.case3_step1[key][1], 'gw')
assert self.case3_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap not in pcap_file
# 重新配置策略,下发配置并检查结果
for key in self.case3_step2:
fun.cmd(self.case3_step2[key][0], 'gw')
re = fun.cmd(self.case3_step2[key][1], 'gw')
assert self.case3_step2[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt3_cfg["expect"][0]
assert exp == read_re
def test_selabel_category_cipso_scp_upload(self):
# 下发配置并检查结果
# for key in self.case1_step:
# fun.cmd(self.case1_step[key][0],'gw')
# re = fun.cmd(self.case1_step[key][1],'gw')
# assert self.case1_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 创建文件
fun.cmd(f"dd if=/dev/zero of=/opt/pkt/{txt} bs=1M count=100", 'c')
fun.wait_data(f"ls /opt/pkt/ |grep txt",
'c',
self.pkt2_cfg['txt'][0],
'检查服务端文件是否创建成功',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 'c')
assert txt in pcap_file
print('客户端创建文件成功')
# 发送文件
c_scp, c_dip = self.pkt1_cfg["scp"][0], self.pkt1_cfg["scp"][1]
scp_cmd = fun.pkt_scp(c_scp, c_dip)
print('scp_cmd:', scp_cmd)
fun.cmd(scp_cmd, 'c', thread=1)
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap",
's',
self.pkt1_cfg['capture'][3],
'检查服务端抓包结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
# 检查文件是否存在
fun.wait_data(f"ls /opt/pkt/ | grep txt",
's',
self.pkt1_cfg['txt'][0],
'检查文件结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 's')
assert txt in pcap_file
print('scp上传文件成功')
def test_selabel_category_cipso_scp_download(self):
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt2_cfg['capture'][0], self.pkt2_cfg['capture'][1], \
self.pkt2_cfg['capture'][2], self.pkt2_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 创建文件
fun.cmd(f"dd if=/dev/zero of={txt} bs=1M count=100", 's')
fun.wait_data(f"ls /opt/pkt/ |grep txt",
's',
self.pkt2_cfg['txt'][0],
'检查服务端文件是否创建成功',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 's')
assert txt in pcap_file
print('服务端创建文件成功')
# 下载文件
scp_cmd = f"sshpass -p {info.serverPwd} scp -P 22 root@{info.serverIp}:/opt/pkt/{txt} /home/"
print('scp_cmd:', scp_cmd)
fun.cmd(scp_cmd, 'c', thread=1)
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap",
's',
self.pkt2_cfg['capture'][3],
'检查服务端抓包结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_2))
# 检查文件是否存在
fun.wait_data(f"ls /opt/pkt/ | grep txt",
'c',
self.pkt2_cfg['txt'][0],
'检查文件结果',
300,
flag='存在')
pcap_file = fun.search('/opt/pkt', 'txt', 'c')
assert txt in pcap_file
print('scp下载文件成功')
def test_selabel_vxlan_level_255(self):
#
# # 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# # 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# # 发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
read_cmd = fun.vxlan_read(read_name, read_id)
print(read_cmd)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_selabel_cipso_doi_unmatch(self):
# 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap not in pcap_file
print('报文doi字段不匹配,服务端未抓到报文test_selabel_cipso_doi_unmatch.pcap')
def test_http_check_get_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print('添加策略_re: ', re)
assert self.case1_step1[key][1] in re
# 数据检查
fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print("需包含字符串:", self.case1_step2[key][1])
print('httpCheck_re: ', re)
assert self.case1_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('get普通请求的请求内容为:{}'.format(content))
assert content == http_content
result = fun.search('/opt', 'sh', 'gw')
print('---------fun.search: \n', result)
def test_selabel_category_cipso_icmp_type8(self):
#下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
#服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][
0], self.pkt1_cfg['capture'][1], self.pkt1_cfg['capture'][
2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
#发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
def test_selabel_category_cipso_icmp_type8(self):
# 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg["send"][1], self.pkt1_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
# fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt1_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
def test_acl_priority_other_a2(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt2_cfg["capture"][0], self.pkt2_cfg["capture"][1], \
self.pkt2_cfg["capture"][2], self.pkt2_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg["send"][1], self.pkt2_cfg["send"][2]
read_name, read_id = self.pkt2_cfg["read"][0], self.pkt2_cfg["read"][1]
# 下发配置并检查结果
for key in self.case2_step:
fun.cmd(self.case2_step[key][0], 'gw')
re = fun.cmd(self.case2_step[key][1], 'gw')
assert self.case2_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg: ', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在,drop生效,报文应该不存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap not in pcap_file
def test_report_acl_labelPassPac_count_protocol_ICMP(self):
# 开启acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_open['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step1:
print('ip:',baseinfo.gwManageIp)
re = fun.cmd(self.case3_step1[key][0],'gw')
print('re:',re)
assert self.case3_step1[key][1] in re
# 下发acl策略并检查结果-----查询失败问题待调查
fun.send(Exc_rmb, message.AddAclPolicy_labelPassPac['AddAclPolicy'], domain_rmb, base_path)
# for key in self.case3_step2:
# print('ip:',baseinfo.gwManageIp)
# re = fun.cmd(self.case3_step2[key][0],'gw',thread=1)
# print('key:',self.case3_step2[key][0])
# print('re:',re)
# assert self.case3_step2[key][1] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 客户端发送正常请求报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg["send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c',thread=1)
print('tcpreplay命令发送成功')
# jsac.agentjsac.info.log文件查看命中统计数
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step1'][0], '检查拒绝数', 300, flag='存在')
fun.wait_data(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1",'gw', self.case3_step3['step2'][0], '检查拒绝数', 300, flag='存在')
for key in self.case3_step3:
re = fun.cmd(f"grep -n '{protocol_icmp}' /var/log/jsac.agentjsac.info.log |grep '{pcap_dip}' |grep '{ReportAclCount}' |tail -1 ",'gw')
print('re:', re)
assert self.case3_step3['step1'][0] in re
# 检查报文是否存在
fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
print('pcap_file:',pcap_file)
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_3))
print('step wait')
# 关闭acl命中统计开关并检查结果
fun.send(Exc_rmb, message.set_ReportAclCount_close['EnableAclCount'], domain_rmb, base_path)
for key in self.case3_step4:
re = fun.cmd(self.case3_step4[key][0], 'gw')
print('re:', re)
assert self.case3_step4[key][1] in re
# 移除掉acl策略并检查结果
fun.send(Exc_rmb, message.DelAclPolicy_HitCount['DelAclPolicy'], domain_rmb, base_path)
def test_acl_priority_quintet_same_a1(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][
0], self.pkt1_cfg["capture"][1], self.pkt1_cfg["capture"][
2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
#切换卡面为0,下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# # 切换卡面为1,下发配置并检查结果
# fun.cmd('export cardid=1', 'gw')
# for key in self.case1_step2:
# fun.cmd(self.case1_step2[key][0], 'gw')
# card1 = fun.cmd(self.case1_step2[key][1], 'gw')
# assert self.case1_step2[key][2] in card1
# 服务端抓取报文
# pcap_cmd = f'tcpdump -i {cap_iface} -w /opt/pkt/{cap_pcap} host {cap_filter}'
# print(pcap_cmd)
# fun.cmd(pcap_cmd,'s',thread=1)
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# #c从远程服务器读取文件
# pkt_read = fun.read(f'/opt/pkt/{cap_pcap}','read','r','','s')
# print(pkt_read) #b为二进制读取,后面的字符串为读取的内容
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
print(read_cmd)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_ddos_sameSipDip_syn_flood(self):
# 下发配置并检查结果
fun.send(Exc_rmb, message.setddos_open['SetDdosEnable'], domain_rmb,
base_path)
for key in self.case1_step:
re0 = fun.cmd(self.case1_step[key][0], 'gw')
assert self.case1_step[key][2] in re0
for key in self.case1_step:
re1 = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re1
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg['capture'][0], self.pkt1_cfg['capture'][1], \
self.pkt1_cfg['capture'][2], self.pkt1_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 服务端开启http服务
fun.cmd(f"python2.7 -m SimpleHTTPServer {port_d}", 's', thread=1)
# 客户端发送攻击命令
fun.cmd(
f"hping3 -I {ciface} -a {pcap_dip} -S {pcap_dip} -p {port_attack} -i u1000",
'c',
thread=1)
fun_result = fun.cmd('ps -ef | grep hping3', 'c')
print(fun_result)
#检查hping3命令是否发送成功
assert self.pkt1_cfg["hping3"][0] in fun_result
print('hping3攻击命令下发成功')
# if self.pkt1_cfg["hping3"][0] in fun_result:
# print('hping3攻击命令下发成功')
# else:
# print('!!!hping3攻击命令下发失败!!!')
# exit()
# 客户端发送http请求
fun.cmd(f"curl http://{pcap_dip}:{port_d}", 'c', thread=1)
time.sleep(5)
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_1))
def test_acl_compare_selabel_a1(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
#下发配置并检查结果
fun.cmd('export cardid=0&&defconf --action drop', 'gw')
fun.cmd('export cardid=1&&defconf --action drop', 'gw')
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
# 还原配置,防止抓不到包,断言失败,无法恢复环境
fun.cmd('export cardid=0&&defconf --action forward', 'gw')
fun.cmd('export cardid=1&&defconf --action forward', 'gw')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_a1(self):
#清空环境
for i in self.clr_env:
print(i)
dd = fun.cmd(i, 'gw_c', self.mac)
print(dd)
#设置初始环境
cap_iface, cap_filter, cap_num, cap_pcap = self.pre_env["capture"][
0], self.pre_env["capture"][1], self.pre_env["capture"][
2], self.pre_env["capture"][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 'gw_c', thread=1)
print('step wait')
time.sleep(3)
#下发配置并检查结果
for key in self.case_step:
fun.cmd(self.case_step[key][0], 'gw_c')
re = fun.cmd(self.case_step[key][1], 'gw_c')
assert self.case_step[key][2] in re
#发送报文
c_iface, c_num, c_pcap = self.pkt_cfg["send"][0], self.pkt_cfg["send"][
1], self.pkt_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'gw_s')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 'gw_c')
assert cap_pcap in pcap_file
#读包
read_name, read_id = self.pkt_cfg["read"][0], self.pkt_cfg["read"][1]
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 'gw_c')
print(read_re)
#获取期望结果
exp = self.pkt_cfg["expect"][0]
assert exp in read_re
def test_acl_category_0(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1]
# 下发配置并检查结果
for key in self.case1_step:
fun.cmd(self.case1_step[key][0], 'gw')
re = fun.cmd(self.case1_step[key][1], 'gw')
assert self.case1_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print("sniff_cmd: ", pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
print('read_cmd: {}'.format(read_cmd))
read_re = fun.cmd(read_cmd, 's')
print('read_re: '.format(read_re))
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
print('期望值为: {}'.format(exp))
assert exp == read_re
def test_selabel_cipso_mode_BIBA(self):
# 下发配置并检查结果
for key in self.case3_step:
fun.cmd(self.case3_step[key][0], 'gw')
re = fun.cmd(self.case3_step[key][1], 'gw')
assert self.case3_step[key][2] in re
# 服务端抓取报文
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt3_cfg['capture'][0], self.pkt3_cfg['capture'][1], \
self.pkt3_cfg['capture'][2], self.pkt3_cfg['capture'][3]
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print('pre_cfg:', pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
c_iface, c_num, c_pcap = self.pkt3_cfg["send"][0], self.pkt3_cfg[
"send"][1], self.pkt3_cfg["send"][2]
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
print('send_cmd:', send_cmd)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
# fun.wait_data(f"ls /opt/pkt/ | grep pcap", 'gw', self.pkt3_cfg['capture'][3], '检查服务端抓包结果', 300, flag='存在')
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
print('服务端抓到报文:{}'.format(self.read_3))
# 读包
read_name, read_id = self.pkt3_cfg["read"][0], self.pkt3_cfg["read"][1]
read_cmd = fun.pkt_read(read_name, read_id)
print('read_cmd:', read_cmd)
read_re = fun.cmd(read_cmd, 's')
print('read_re:', read_re)
# 获取期望结果
exp = self.pkt3_cfg["expect"][0]
assert exp == read_re
def test_acl_priority_quintet_same_a2(self):
#初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt2_cfg["capture"][
0], self.pkt2_cfg["capture"][1], self.pkt2_cfg["capture"][
2], self.pkt2_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt2_cfg["send"][0], self.pkt2_cfg[
"send"][1], self.pkt2_cfg["send"][2]
read_name, read_id = self.pkt2_cfg["read"][0], self.pkt2_cfg["read"][1]
# 切换卡面为0,下发配置并检查结果
for key in self.case2_step1:
fun.cmd(self.case2_step1[key][0], 'gw')
re = fun.cmd(self.case2_step1[key][1], 'gw')
assert self.case2_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
#检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt2_cfg["expect"][0]
assert exp == read_re
def test_vxlan_acl_category_ff0f(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap = self.pkt8_cfg["capture"][0], self.pkt8_cfg["capture"][1], \
self.pkt8_cfg["capture"][2], self.pkt8_cfg["capture"][3]
c_iface, c_num, c_pcap = self.pkt8_cfg["send"][0], self.pkt8_cfg["send"][1], self.pkt8_cfg["send"][2]
read_name, read_id = self.pkt8_cfg["read"][0], self.pkt8_cfg["read"][1]
# 下发配置并检查结果
for key in self.case8_step:
fun.cmd(self.case8_step[key][0], 'gw')
re = fun.cmd(self.case8_step[key][1], 'gw')
assert self.case8_step[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap in pcap_file
# 读包
read_cmd = fun.vxlan_read(read_name, read_id)
read_re = fun.cmd(read_cmd, 's')
print(read_re)
# 获取期望结果
exp = self.pkt8_cfg["expect"][0]
assert exp == read_re
def test_iso_http_large_file_a2(self):
# 下发配置
fun.send(rbmExc, message.addhttp_front_post['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addhttp_back_post['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0], 'FrontDut',
self.case2_step1[key][1], '配置', 100)
print(re)
assert self.case2_step1[key][1] in re
for key in self.case2_step11:
re = fun.wait_data(self.case2_step11[key][0], 'FrontDut',
self.case2_step11[key][1], '配置', 100)
print(re)
assert self.case2_step11[key][1] in re
# 初始化,检查server端无post.txt文件
post_file = fun.search('/home/lwq', 'txt', 'BG8010Server')
print(post_file)
if 'post.txt' in post_file:
fun.cmd('rm -f /home/lwq/post.txt ', 'BG8010Server')
# 服务器端开启post上传服务
post_cmd = ['cd /home/lwq', 'python3 Server.py']
fun.cmd(post_cmd, 'httpServer', thread=1, list_flag=True)
# 发送post请求,验证post请求是否正常
print('请求地址为{}'.format(self.up_url))
content = http_check.http_post(self.up_url)
print('post普通请求的请求内容为:{}'.format(content))
# 发送post请求,验证隔离下的http策略上传一个10G大小的文件
print('上传的服务器地址为{}'.format(self.upfile_url))
result = http_check.http_upload(self.upfile_url, self.upfilename,
self.uplocalPath, self.upMIME_type)
assert result == 1
# 检查文件是否生成
post_file = fun.search('/home/lwq', 'txt', 'httpServer')
print('检查/home/lwq/目录下所有以txt结尾的文件列表为:{}'.format(post_file))
assert 'post.txt' in post_file
# 移除策略,清空环境
fun.send(rbmExc, message.delhttp_front_post['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.delhttp_back_post['DelCustomAppPolicy'],
BackDomain, base_path)
fdel_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case2_step1:
re = fun.wait_data(self.case2_step1[key][0],
'FrontDut',
self.case2_step1[key][1],
'配置',
100,
flag='不存在')
print(re)
assert self.case2_step1[key][1] not in re
def test_iso_tcp_large_file_a3(self):
# 下发配置
fun.send(rbmExc, message.addtcp_ssh_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.addtcp_ssh_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res == 1
# 检查配置下发是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0], 'FrontDut',
self.case3_step1[key][1], '配置', 100)
print(re)
assert self.case3_step1[key][1] in re
for key in self.case3_step11:
re = fun.wait_data(self.case3_step11[key][0], 'FrontDut',
self.case3_step11[key][1], '配置', 100)
print(re)
assert self.case3_step11[key][1] in re
# 在客户端的/opt/pkt/路径下创建一个10G大小的文件10G.pdf
touch_file_cmd = [
'cd /opt/pkt', 'dd if=/dev/zero of=10G.pdf bs=1M count=10000'
]
fun.cmd(touch_file_cmd, 'BG8010Client', list_flag=True)
# 检查客户端文件是否创建成功
touch_file = fun.search('/opt/pkt', 'pdf', 'BG8010Client')
print('检查服务端/opt/pkt/目录下所有以pdf结尾的文件列表为:{}'.format(touch_file))
assert '10G.pdf' in touch_file
# 验证隔离下的tcp策略(ssh、scp)从客户端发送scp命令上传
scp_cmd = f'sshpass -p {BG8010ServerPwd} scp -P {ssh_proxy_port} /opt/pkt/10G.pdf root@{proxy_ip}:/opt/pkt/'
print('scp上传的命令为:{}'.format(scp_cmd))
fun.cmd(scp_cmd, 'BG8010Client')
# 检查文件是否上传成功到服务端
touch_file = fun.search('/opt/pkt', 'pdf', 'BG8010Server')
print('检查客户端/opt/pkt/目录下所有以pdf结尾的文件列表为:{}'.format(touch_file))
assert '10G.pdf' in touch_file
# 下载完成后,还原环境,清掉上传到服务端的文件
fun.cmd('rm -f /opt/pkt/10G.pdf ', 'BG8010Server')
check_file = fun.search('/opt/pkt', 'pdf', 'BG8010Server')
print('还原环境,10G.pdf文件应该不在列表内,列表为{}'.format(check_file))
# 移除策略,清空环境
fun.send(rbmExc, message.deltcp_ssh_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.deltcp_ssh_back['DelCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
fdel_res = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert fdel_res == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
bdel_res = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert bdel_res == 1
# 检查策略移除是否成功
for key in self.case3_step1:
re = fun.wait_data(self.case3_step1[key][0],
'FrontDut',
self.case3_step1[key][1],
'配置',
100,
flag='不存在')
print(re)
assert self.case3_step1[key][1] not in re
def test_mss_a1(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap1, cap_pcap2 = self.pkt1_cfg["capture"][0], self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], self.pkt1_cfg["capture"][3], self.pkt1_cfg["capture"][4]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg[
"send"][1], self.pkt1_cfg["send"][2]
read_name1, read_name2, read_id = self.pkt1_cfg["read"][
0], self.pkt1_cfg["read"][1], self.pkt1_cfg["read"][2]
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap1)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap1 in pcap_file
# 读包
read_cmd = fun.mss_read(read_name1, read_id)
read_re1 = fun.cmd(read_cmd, 's')
print(read_re1)
# 获取期望结果
exp1 = self.pkt1_cfg["expect1"][0]
assert exp1 == read_re1
# 下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 服务端抓取报文
pre_cfg = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap2)
print(pre_cfg)
fun.cmd(pre_cfg, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
assert cap_pcap2 in pcap_file
# 读包
read_cmd = fun.mss_read(read_name2, read_id)
read_re2 = fun.cmd(read_cmd, 's')
print(read_re2)
# 获取期望结果
exp2 = self.pkt1_cfg["expect2"][0]
assert exp2 == read_re2
# 清空还原环境
for key in self.case1_step2:
fun.cmd(self.case1_step2[key][0], 'gw')
re = fun.cmd(self.case1_step2[key][1], 'gw')
assert self.case1_step2[key][2] in re
def test_acl_drop_a1(self):
# 初始化
cap_iface, cap_filter, cap_num, cap_pcap1, cap_pcap2, cap_pcap3 = self.pkt1_cfg["capture"][0], \
self.pkt1_cfg["capture"][1], \
self.pkt1_cfg["capture"][2], \
self.pkt1_cfg["capture"][3], \
self.pkt1_cfg['capture'][4], \
self.pkt1_cfg['capture'][5]
c_iface, c_num, c_pcap = self.pkt1_cfg["send"][0], self.pkt1_cfg["send"][1], self.pkt1_cfg["send"][2]
read_name1, read_name2, read_name3, read_id = self.pkt1_cfg["read"][0], self.pkt1_cfg["read"][1], \
self.pkt1_cfg['read'][2], self.pkt1_cfg['read'][3]
# 下发配置并检查结果
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 服务端抓取报文
pre_cfg1 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap1)
print(pre_cfg1)
fun.cmd(pre_cfg1, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap1)
assert cap_pcap1 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name1, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
# 再次下发配置并检查结果
for key in self.case1_step2:
fun.cmd(self.case1_step2[key][0], 'gw')
re = fun.cmd(self.case1_step2[key][1], 'gw')
assert self.case1_step2[key][2] in re
pre_cfg2 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap2)
print(pre_cfg2)
fun.cmd(pre_cfg2, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap2)
assert cap_pcap2 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name2, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
# 再次下发配置并检查结果
for key in self.case1_step3:
fun.cmd(self.case1_step3[key][0], 'gw')
re = fun.cmd(self.case1_step3[key][1], 'gw')
assert self.case1_step3[key][2] in re
pre_cfg3 = fun.pkt_capture(cap_iface, cap_filter, cap_num, cap_pcap3)
print(pre_cfg3)
fun.cmd(pre_cfg3, 's', thread=1)
print('step wait')
time.sleep(20)
# 发送报文
send_cmd = fun.pkt_send(c_iface, c_num, c_pcap)
fun.cmd(send_cmd, 'c')
# 检查报文是否存在
pcap_file = fun.search('/opt/pkt', 'pcap', 's')
fun.pid_kill(cap_pcap3)
assert cap_pcap3 in pcap_file
# 读包
read_cmd = fun.pkt_read(read_name3, read_id)
read_re = fun.cmd(read_cmd, 's')
print('read_re: ', read_re)
# 获取期望结果
exp = self.pkt1_cfg["expect"][0]
assert exp == read_re
def test_customapp_scp_upload(self):
# 下发配置
fun.send(rbmExc,
message.add_app_scp_upload_front['AddCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.add_app_scp_upload_back['AddCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
self.case1_step1[key][1], '前置机配置', 100)
assert self.case1_step1[key][1] in re
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'FrontDut',
self.case1_step2[key][1], '前置机配置', 100)
assert self.case1_step2[key][1] in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0], 'BackDut',
self.case0_step1[key][1], '后置机配置', 100)
assert self.case0_step1[key][1] in re
#客户端创建文件100M.txt
txt_cmd = f"dd if=/dev/zero of=/opt/pkt/{txt} bs=1M count=100"
print('创建文件命令是:', txt_cmd)
fun.cmd(txt_cmd, 'BG8010Client', thread=1)
fun.wait_data(f"ls /opt/pkt/ |grep txt",
'BG8010Client',
self.txt_file['step1'][0],
'检查客户端文件是否创建成功',
300,
flag='存在')
txt_file = fun.search('/opt/pkt', 'txt', 'BG8010Client')
print('客户端/opt/pkt/路径下创建文件查询结果是:', txt_file)
assert txt in txt_file
print('客户端创建文件成功')
print(
"---------------------------------------------------------------------"
)
# 发送请求,检测定制应用ssh协议通信策略是否生效
scp_upload = f"sshpass -p {BG8010ServerPwd} scp -P {Lport} /opt/pkt/{txt} root@{proxy_ip}:/opt/pkt/"
print('客户端发送的scp上传命令是:', scp_upload)
fun.cmd(scp_upload, 'BG8010Client', thread=1)
time.sleep(5)
print(
"---------------------------------------------------------------------"
)
#检查scp上传结果
fun.wait_data("ls /opt/pkt/ | grep txt",
'BG8010Server',
self.txt_file['step1'][0],
'检查文件结果',
300,
flag='存在')
txt_file = fun.search('/opt/pkt', 'txt', 'BG8010Server')
print('服务端/opt/pkt/路径下文件查询结果是:', txt_file)
assert txt in txt_file
print('scp上传文件成功')
print(
"---------------------------------------------------------------------"
)
# 文件查看audit日志
fun.wait_data(
f"grep -n {Lport} /usr/local/nginx/logs/audit.log |tail -1",
'FrontDut',
self.case1_step3['step1'][0],
'检查ssh日志结果',
300,
flag='存在')
for key in self.case1_step3:
re = fun.cmd(
f"grep -n {Lport} /usr/local/nginx/logs/audit.log |tail -1 ",
'FrontDut')
print('re:', re)
assert self.case1_step3[key][0] in re
#移除策略
fun.send(rbmExc, message.del_app_scp_front['DelCustomAppPolicy'],
FrontDomain, base_path)
fun.send(rbmExc, message.del_app_scp_back['DelCustomAppPolicy'],
BackDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'FrontDut',
'nginx: worker process')
front_res1 = fun.nginx_worker('ps -ef |grep nginx',
'FrontDut',
'nginx: worker process',
name='前置机nginx进程')
assert front_res1 == 1
fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
back_res1 = fun.nginx_worker('ps -ef |grep nginx',
'BackDut',
'nginx: worker process',
name='后置机nginx进程')
assert back_res1 == 1
#检查配置移除是否成功
for key in self.case1_step4:
re = fun.wait_data(self.case1_step4[key][0],
'FrontDut',
self.case1_step4[key][1],
'前置机配置',
100,
flag='不存在')
assert self.case1_step4[key][1] not in re
for key in self.case0_step1:
re = fun.wait_data(self.case0_step1[key][0],
'BackDut',
self.case0_step1[key][1],
'后置机配置',
100,
flag='不存在')
assert self.case0_step1[key][1] not in re
def test_vlan_bond_a2(self):
# 开启switch开关并检查是否开启成功
for key in self.case1_step1:
fun.cmd(self.case1_step1[key][0], 'gw')
re = fun.cmd(self.case1_step1[key][1], 'gw')
assert self.case1_step1[key][2] in re
# 下发vlan配置
fun.send(rbmExc, message.setvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], 'vlan', 100)
assert self.case1_step2[key][1] in re
# 测试从设备端ping vlanA设备正常
print('测试从设备端ping vlanA设备正常')
resA_cmd = 'ping ' + vlanAOpeIp + ' -c 4'
print('从设备端ping vlanA设备的命令是:{}'.format(resA_cmd))
resA = fun.cmd(resA_cmd, 'gw')
print('从设备端ping vlanA的结果为:{}'.format(resA))
assert '0% packet loss' in resA
# 测试从vlanB ping设备正常
dutB_cmd = 'ping ' + gwInternetIp + ' -c 4'
print('从vlanB ping设备的命令是:{}'.format(dutB_cmd))
dutB = fun.cmd(dutB_cmd, 'vlanB')
print('从vlanB ping设备的结果为:{}'.format(dutB))
assert '0% packet loss' in dutB
# 测试从vlanA scp传输文件到设备上,应该可以传输成功
print('测试从vlanA scp传输文件到设备上,应该可以传输成功')
# 在vlanA的/opt/pkt/路径下创建一个10M大小的文件10M.pdf
touch_file_cmd = [
'cd /opt/pkt', 'dd if=/dev/zero of=vlanA.pdf bs=1M count=10'
]
fun.cmd(touch_file_cmd, 'vlanA', list_flag=True)
# 检查设备文件是否创建成功
touch_file = fun.search('/opt/pkt', 'pdf', 'vlanA')
print('检查服务端/opt/pkt/目录下所有以pdf结尾的文件列表为:{}'.format(touch_file))
assert 'vlanA.pdf' in touch_file
# 验证从vlanA发送scp命令上传
scp_cmd = f'sshpass -p {gwPwd} scp /opt/pkt/vlanA.pdf root@{gwInternetIp}:/opt/pkt/'
print('从vlanA scp传输文件到设备为:{}'.format(scp_cmd))
fun.cmd(scp_cmd, 'vlanA')
# 检查文件是否上传成功到设备
touch_file = fun.search('/opt/pkt', 'pdf', 'gw')
print('检查客户端/opt/pkt/目录下所有以pdf结尾的文件列表为:{}'.format(touch_file))
assert 'vlanA.pdf' in touch_file
# 下载完成后,还原环境,清掉上传到设备的文件
fun.cmd('rm -f /opt/pkt/vlanA.pdf ', 'gw')
check_file = fun.search('/opt/pkt', 'pdf', 'gw')
print('还原环境,vlanA.pdf文件应该不在列表内,列表为{}'.format(check_file))
# 测试设备scp获取vlanB上的文件,应该可以传输成功
print('测试设备scp获取vlanB上的文件,应该可以传输成功')
# 在vlanB的/opt/pkt/路径下创建一个10M大小的文件vlanB.txt
touch_file_cmd = [
'cd /opt/pkt', 'dd if=/dev/zero of=vlanB.txt bs=1M count=10'
]
fun.cmd(touch_file_cmd, 'vlanB', list_flag=True)
# 检查vlanB文件是否创建成功
touch_file = fun.search('/opt/pkt', 'txt', 'vlanB')
print('检查服务端/opt/pkt/目录下所有以txt结尾的文件列表为:{}'.format(touch_file))
assert 'vlanB.txt' in touch_file
# 验证从设备端发送scp命令下载
scp_cmd = f'sshpass -p {vlanBPwd} scp root@{vlanBOpeIp}:/opt/pkt/vlanB.txt /opt/pkt/'
print('scp下载的命令为:{}'.format(scp_cmd))
fun.cmd(scp_cmd, 'gw')
# 检查文件是否下载成功到设备
touch_file = fun.search('/opt/pkt', 'txt', 'gw')
print('检查客户端/opt/pkt/目录下所有以txt结尾的文件列表为:{}'.format(touch_file))
assert 'vlanB.txt' in touch_file
# 下载完成后,还原环境,清掉从vlanB下载的文件
fun.cmd('rm -f /opt/pkt/vlanB.txt ', 'gw')
check_file = fun.search('/opt/pkt', 'txt', 'gw')
print('还原环境,vlanB.txt文件应该不在列表内,列表为{}'.format(check_file))
# 测试从vlanB往设备上发起http的get请求,应该可以请求成功
print('测试从vlanB往设备上发起http的get请求,应该可以请求成功')
# 在设备的/opt/pkt/路径下创建一个10M大小的文件gw.txt
touch_file_cmd = [
'cd /opt/pkt', 'dd if=/dev/zero of=gw.txt bs=1M count=10'
]
fun.cmd(touch_file_cmd, 'gw', list_flag=True)
# 检查gw文件是否创建成功
touch_file = fun.search('/opt/pkt', 'txt', 'gw')
print('检查设备/opt/pkt/目录下所有以txt结尾的文件列表为:{}'.format(touch_file))
assert 'gw.txt' in touch_file
# 在设备上开启端口占用服务
port_listen_cmd = ['cd /opt/pkt', 'python3 -m http.server 8889']
fun.cmd(port_listen_cmd, 'gw', thread=1, list_flag=True)
# 从vlanB往设备发送get请求,验证vlan下的http协议
vlanB_url = 'wget -P /opt/pkt/ http://' + gwInternetIp + ':8889/gw.txt'
print('vlanB请求设备的请求地址为{}'.format(vlanB_url))
resA = fun.cmd(vlanB_url, 'vlanB')
print('设备wget请求vlanA.pdf文件的结果是{}:'.format(resA))
# 检查文件是否下载成功到vlanB
wget_file = fun.search('/opt/pkt', 'txt', 'gw')
print('检查vlanB设备/opt/pkt/目录下所有以txt结尾的文件列表为:{}'.format(wget_file))
assert 'gw.txt' in wget_file
# 下载完成后,还原环境,清掉vlanB下载的文件
fun.cmd('rm -f /opt/pkt/gw.txt ', 'vlanB')
check_file = fun.search('/opt/pkt', 'txt', 'vlanB')
print('还原环境,gw.txt文件应该不在vlanB设备的列表内,列表为{}'.format(check_file))
# 测试从设备wget请求下载vlanA的vlanA.pdf文件,应该可以请求成功
print('测试从设备wget请求下载vlanA的vlanA.pdf文件,应该可以请求成功')
# 在vlanA上开启端口占用服务
port_listen_cmd = ['cd /opt/pkt', 'python3 -m http.server 8889']
fun.cmd(port_listen_cmd, 'vlanA', thread=1, list_flag=True)
# 发送get请求,验证vlan下的http协议
vlanA_url = 'wget -P /opt/pkt/ http://' + vlanAOpeIp + ':8889/vlanA.pdf'
print('设备请求vlanA的请求地址为{}'.format(vlanA_url))
fun.cmd(vlanA_url, 'gw')
time.sleep(2)
# 检查文件是否下载成功到设备
vlanA_file = fun.search('/opt/pkt', 'pdf', 'gw')
print('检查客户端/opt/pkt/目录下所有以pdf结尾的文件列表为:{}'.format(vlanA_file))
assert 'vlanA.pdf' in vlanA_file
# 下载完成后,还原环境,清掉从vlanA下载的文件
fun.cmd('rm -f /opt/pkt/vlanA.pdf ', 'gw')
check_file = fun.search('/opt/pkt', 'pdf', 'gw')
print('还原环境,vlanA.pdf文件应该不在列表内,列表为{}'.format(check_file))
# 还原环境,杀掉端口占用的进程,移除vlan的配置,且关闭vlan的开关
fun.pid_kill('8889', process='python3', gw='vlanA')
fun.pid_kill('8889', process='python3', gw='gw')
# 关闭switch开关并检查是否关闭成功
for key in self.case1_step11:
fun.cmd(self.case1_step11[key][0], 'gw')
re = fun.cmd(self.case1_step11[key][1], 'gw')
assert self.case1_step11[key][2] in re
# 清空vlan配置
fun.send(rbmExc, message.delvlan['SetVlan'], rbmDomain, base_path)
# 检查配置下发是否成功
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0],
'gw',
self.case1_step2[key][1],
'vlan',
100,
flag='不存在')
assert self.case1_step2[key][1] not in re
def test_http_check_get_a1(self):
# 下发配置
fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert add_res1 == 1
# 检查配置下发是否成功
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0], 'gw',
self.case1_step1[key][1], '配置', 100)
print('添加策略_re: ', re)
assert self.case1_step1[key][1] in re
# 数据检查
fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert add_res2 == 1
for key in self.case1_step2:
re = fun.wait_data(self.case1_step2[key][0], 'gw',
self.case1_step2[key][1], '配置', 100)
print("需包含字符串:", self.case1_step2[key][1])
print('httpCheck_re: ', re)
assert self.case1_step2[key][1] in re
# 发送get请求,不包含黑名单内容的普通请求
content = http_check.http_get(url)
print('get普通请求的请求内容为:{}'.format(content))
assert content == http_content
result = fun.search('/opt', 'sh', 'gw')
print('---------fun.search: \n', result)
# 发送get请求,请求内容不包含黑名单内容
content = http_check.http_get(url, self.data)
print('get请求内容不包含黑名单的请求应返回的内容为:{}'.format(content))
assert content == http_content
# 发送get请求,请求内容包含黑名单
status_code = http_check.http_get(url, self.case1_data)
print('get请求内容包含黑名单返回的状态码为:{}'.format(status_code))
assert status_code == 403
# 移除策略,还原环境
fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert del_res1 == 1
# 检查代理是否成功移除
for key in self.case1_step1:
re = fun.wait_data(self.case1_step1[key][0],
'gw',
self.case1_step1[key][1],
'配置',
100,
flag='不存在')
assert self.case1_step1[key][1] not in re
# 检查网页访问策略是否清空
fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain,
base_path)
fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
'nginx: worker process')
assert del_res2 == 1
for key in self.delcheck:
re = fun.wait_data(self.delcheck[key][0],
'gw',
self.delcheck[key][1],
'配置',
100,
flag='不存在')
assert self.delcheck[key][1] not in re