def test_uplink_to_ue_arp_router_mode(self):
"""
Verify that a UPLINK->UE arp request with IMSI set is properly matched
"""
pkt_sender = ScapyPacketInjector(self.IFACE)
arp_packet = ARPPacketBuilder() \
.set_ether_layer(self.UE_MAC, self.OTHER_MAC) \
.set_arp_layer(self.UE_IP) \
.set_arp_hwdst(self.UE_MAC) \
.set_arp_src(self.OTHER_MAC, self.OTHER_IP) \
.build()
dlink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \
.set_eth_match(eth_dst=self.UE_MAC, eth_src=self.OTHER_MAC) \
.set_reg_value(DIRECTION_REG, Direction.IN) \
.set_reg_value(IMSI_REG, 123) \
.build_requests()
isolator = RyuDirectTableIsolator(dlink_args, self.testing_controller)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with isolator, snapshot_verifier:
pkt_sender.send(arp_packet, count=4)
wait_after_send(self.testing_controller)
clean_to_ip_blocks_list()
def test_mtr_arp(self):
"""
Verify that a MTR arp request is handled in ARP responder
"""
pkt_sender = ScapyPacketInjector(self.IFACE)
arp_packet = ARPPacketBuilder() \
.set_ether_layer(self.OTHER_MAC, self.MAC_DEST) \
.set_arp_layer(self.MTR_IP) \
.set_arp_hwdst(self.OTHER_MAC) \
.set_arp_src(self.UE_MAC, self.UE_IP) \
.build()
uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \
.set_eth_type_arp() \
.set_reg_value(DIRECTION_REG, Direction.IN) \
.build_requests()
isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller)
time.sleep(1)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with isolator, snapshot_verifier:
pkt_sender.send(arp_packet, count=4)
wait_after_send(self.testing_controller)
def test_stray_arp_drop(self):
"""
Verify that an arp that neither UE->UPLINK nor UPLINK->UE is dropped
"""
pkt_sender = ScapyPacketInjector(self.IFACE)
arp_packet = ARPPacketBuilder() \
.set_ether_layer('11:11:11:11:11:1', self.OTHER_MAC) \
.set_arp_layer(self.OTHER_IP) \
.set_arp_hwdst(self.OTHER_MAC) \
.set_arp_src('22:22:22:22:22:22', '1.1.1.1') \
.build()
uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \
.set_eth_match(eth_dst='11:11:11:11:11:1', eth_src=self.OTHER_MAC) \
.set_reg_value(DIRECTION_REG, Direction.OUT) \
.build_requests()
isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with isolator, snapshot_verifier:
pkt_sender.send(arp_packet, count=4)
wait_after_send(self.testing_controller)
def test_ue_to_uplink_arp(self):
"""
Verify that a UE->UPLINK arp request is dropped
MME would not set IMSI reg
"""
pkt_sender = ScapyPacketInjector(self.IFACE)
arp_packet = ARPPacketBuilder() \
.set_ether_layer(self.OTHER_MAC, self.UE_MAC) \
.set_arp_layer(self.OTHER_IP) \
.set_arp_hwdst(self.OTHER_MAC) \
.set_arp_src(self.UE_MAC, self.UE_IP) \
.build()
uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \
.set_eth_match(eth_src=self.UE_MAC, eth_dst=self.OTHER_MAC) \
.set_reg_value(DIRECTION_REG, Direction.OUT) \
.build_requests()
isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller)
snapshot_verifier = SnapshotVerifier(
self,
self.BRIDGE,
self.service_manager,
)
with isolator, snapshot_verifier:
pkt_sender.send(arp_packet, count=4)
wait_after_send(self.testing_controller)
def test_rest_arp_flow(self):
"""
Sends an arp request to the ARP table
Assert:
The arp rule is matched 2 times for each arp packet
No other rule is matched
"""
isolator = RyuRestTableIsolator(
RyuForwardFlowArgsBuilder(self.TID).set_reg_value(DIRECTION_REG,
0x10)
.build_requests()
)
flow_query = RyuRestFlowQuery(
self.TID,
match={
'eth_type': 2054,
DIRECTION_REG: 16,
'arp_tpa': self.IP_DEST + '/255.255.255.0'
}
)
pkt_sender = ScapyPacketInjector(self.IFACE)
packets = ARPPacketBuilder().set_arp_layer(self.IP_DEST + "/28")\
.build()
# 16 as the bitmask was /28
num_pkts = 16
arp_start = flow_query.lookup()[0].packets
total_start = _pkt_total(RyuRestFlowQuery(self.TID).lookup())
with isolator:
pkt_sender.get_response(packets)
time.sleep(2.5)
arp_final = flow_query.lookup()[0].packets
total_final = _pkt_total(RyuRestFlowQuery(self.TID).lookup())
self.assertEqual(arp_final - arp_start, num_pkts * 2)
self.assertEqual(total_final - total_start, num_pkts * 2)
def test_passthrough_rules(self):
"""
Add UE MAC flows for two subscribers
"""
imsi_1 = 'IMSI010000000088888'
other_mac = '5e:cc:cc:b1:aa:aa'
cli_ip = '1.1.1.1'
server_ip = '151.42.41.122'
# Add subscriber with UE MAC address """
self.ue_mac_controller.add_ue_mac_flow(imsi_1, self.UE_MAC_1)
# Create a set of packets
pkt_sender = ScapyPacketInjector(self.BRIDGE)
# Only send downlink as the pkt_sender sends pkts from in_port=LOCAL
downlink_packet1 = EtherPacketBuilder() \
.set_ether_layer(self.UE_MAC_1, other_mac) \
.build()
dhcp_packet = DHCPPacketBuilder() \
.set_ether_layer(self.UE_MAC_1, other_mac) \
.set_ip_layer(server_ip, cli_ip) \
.set_udp_layer(67, 68) \
.set_bootp_layer(2, cli_ip, server_ip, other_mac) \
.set_dhcp_layer([("message-type", "ack"), "end"]) \
.build()
dns_packet = UDPPacketBuilder() \
.set_ether_layer(self.UE_MAC_1, other_mac) \
.set_ip_layer('151.42.41.122', '1.1.1.1') \
.set_udp_layer(53, 32795) \
.build()
arp_packet = ARPPacketBuilder() \
.set_ether_layer(self.UE_MAC_1, other_mac) \
.set_arp_layer('1.1.1.1') \
.set_arp_hwdst(self.UE_MAC_1) \
.set_arp_src(other_mac, '1.1.1.12') \
.build()
# Check if these flows were added (queries should return flows)
flow_queries = [
FlowQuery(self._tbl_num, self.testing_controller,
match=MagmaMatch(eth_dst=self.UE_MAC_1))
]
# =========================== Verification ===========================
# Verify 3 flows installed for ue_mac table (3 pkts matched)
# 4 flows installed for inout (3 pkts matched)
# 2 flows installed (2 pkts matches)
flow_verifier = FlowVerifier(
[
FlowTest(FlowQuery(self._tbl_num,
self.testing_controller), 4, 3),
FlowTest(FlowQuery(self._ingress_tbl_num,
self.testing_controller), 4, 2),
FlowTest(FlowQuery(self._egress_tbl_num,
self.testing_controller), 3, 2),
FlowTest(flow_queries[0], 4, 1),
], lambda: wait_after_send(self.testing_controller))
snapshot_verifier = SnapshotVerifier(self, self.BRIDGE,
self.service_manager)
with flow_verifier, snapshot_verifier:
pkt_sender.send(dhcp_packet)
pkt_sender.send(downlink_packet1)
pkt_sender.send(dns_packet)
hub.sleep(3)
pkt_sender.send(arp_packet)
flow_verifier.verify()
