def test_080_nmap_log(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest(
"IperfServer test client unreachable, skipping alternate port forwarding test"
)
startTime = datetime.datetime.now()
# start nmap on client
remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1",
host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention',
'All Events', None, 5)
found = global_functions.check_events(events.get('list'),
5,
'msg',
"NMAP",
'blocked',
False,
min_date=startTime)
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'protocol', "1",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_021_severely_limited_udp(self):
global app, app_web_filter, wan_limit_mbit
# only use 30% because QoS will limit to 10% and we want to make sure it takes effect
# really high levels will actually be limited by the untangle-vm throughput instead of QoS
# which can interfere with the test
targetSpeedMbit = str(wan_limit_mbit*.3)+"M"
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# We will use iperf server and iperf for this test.
wan_IP = uvmContext.networkManager().getFirstWanAddress()
iperfAvailable = global_functions.verify_iperf_configuration(wan_IP)
if (not iperfAvailable):
raise unittest.SkipTest("Iperf server and/or iperf not available, skipping alternate port forwarding test")
# Enabled QoS
netsettings = uvmContext.networkManager().getNetworkSettings()
nuke_rules()
append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",1))
pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit )
# Create DST_PORT based rule to limit bandwidth
nuke_rules()
append_rule(create_single_condition_rule("DST_PORT","5000","SET_PRIORITY",7))
post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit )
print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 )
assert (post_UDP_speed < pre_UDP_speed*.9)
def test_014_qos_bypass_custom_rules_udp(self):
global wan_limit_mbit
targetSpeedMbit = str(wan_limit_mbit)+"M"
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# We will use iperf server and iperf for this test.
wan_IP = uvmContext.networkManager().getFirstWanAddress()
iperfAvailable = global_functions.verify_iperf_configuration(wan_IP)
if (not iperfAvailable):
raise unittest.SkipTest("Iperf server and/or iperf not available")
netsettings = uvmContext.networkManager().getNetworkSettings()
netsettings['bypassRules']['list'].append( create_bypass_condition_rule("DST_PORT","5000") )
netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 1) )
uvmContext.networkManager().setNetworkSettings( netsettings )
pre_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit )
netsettings['qosSettings']['qosRules']['list'] = []
netsettings['qosSettings']['qosRules']["list"].append( create_qos_custom_rule("DST_PORT","5000", 7) )
uvmContext.networkManager().setNetworkSettings( netsettings )
post_UDP_speed = global_functions.get_udp_download_speed( receiverip=global_functions.iperf_server, senderip=remote_control.client_ip, targetRate=targetSpeedMbit )
# Restore original network settings
uvmContext.networkManager().setNetworkSettings( orig_network_settings_with_qos )
print_results( pre_UDP_speed, post_UDP_speed, (wan_limit_kbit/8)*0.1, pre_UDP_speed*.9 )
assert (post_UDP_speed < pre_UDP_speed*.9)
def test_052_functional_icmp_log(self):
"""
Check for ICMP (ping)
"""
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
# insert rule at the beginning of the list so other rules do not interfere.
appSettings['rules']['list'].insert(0,create_rule(action="log", rule_type="CATEGORY", type_value="scan"))
app.setSettings(appSettings, True)
wait_for_daemon_ready()
startTime = datetime.datetime.now()
remote_control.run_command("nmap -sP " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'protocol', "1",
'blocked', False,
min_date=startTime)
del appSettings['rules']['list'][0] # delete the first rule just added
app.setSettings(appSettings, True)
assert(found)
def test_021_severely_limited_udp(self):
global wan_limit_mbit
# severely limited means 10% of wan download bandwidth
expectedSpeedMbit = wan_limit_mbit * .1
# a udp iperf test will fail if it loses more than 40% of sent
# packets, so make sure expectedSpeedMbit is a little less than
# 60% of targetSpeedMbit
targetSpeedMbit = str(expectedSpeedMbit * 1.6) + "M"
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
# We will use iperf server and iperf for this test.
wan_IP = uvmContext.networkManager().getFirstWanAddress()
iperfAvailable = global_functions.verify_iperf_configuration(wan_IP)
if (not iperfAvailable):
raise unittest.SkipTest(
"Iperf server and/or iperf not available, skipping alternate port forwarding test"
)
# Enabled QoS
netsettings = uvmContext.networkManager().getNetworkSettings()
nuke_rules(self._app)
append_rule(
self._app,
create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY",
1))
pre_UDP_speed = global_functions.get_udp_download_speed(
receiverip=global_functions.iperf_server,
senderip=remote_control.client_ip,
targetRate=targetSpeedMbit)
# Create DST_PORT based rule to limit bandwidth
nuke_rules(self._app)
append_rule(
self._app,
create_single_condition_rule("DST_PORT", "5000", "SET_PRIORITY",
7))
post_UDP_speed = global_functions.get_udp_download_speed(
receiverip=global_functions.iperf_server,
senderip=remote_control.client_ip,
targetRate=targetSpeedMbit)
print_results(pre_UDP_speed, post_UDP_speed,
(wan_limit_kbit / 8) * 0.1, pre_UDP_speed * .9)
assert (pre_UDP_speed != 0)
assert (post_UDP_speed != 0)
assert (post_UDP_speed < pre_UDP_speed * .9)
def test_080_nmap_log(self):
global app, appSettings
if runtests.quick_tests_only:
raise unittest.SkipTest('Skipping a time consuming test')
wan_ip = uvmContext.networkManager().getFirstWanAddress()
iperf_avail = global_functions.verify_iperf_configuration(wan_ip)
device_in_office = global_functions.is_in_office_network(wan_ip)
# Also test that it can probably reach us (we're on a 10.x network)
if not device_in_office:
raise unittest.SkipTest("Not on office network, skipping")
if (not iperf_avail):
raise unittest.SkipTest("IperfServer test client unreachable, skipping alternate port forwarding test")
startTime = datetime.datetime.now()
# start nmap on client
remote_control.run_command("nmap " + wan_ip + " >/dev/null 2>&1",host=global_functions.iperf_server)
app.forceUpdateStats()
events = global_functions.get_events('Intrusion Prevention','All Events',None,5)
found = global_functions.check_events( events.get('list'), 5,
'msg', "NMAP",
'blocked', False,
min_date=startTime)
