def test_dns_incoming_block_weird_spelling(self):
rules = Rules(block_dns_weird_spelling_rules)
binary_packet = BinaryPacket()
binary_packet.dns_question = "www.google.com"
binary_packet.udp_source = 53
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_outgoing_block_google(self):
rules = Rules(block_google_rules)
binary_packet = BinaryPacket()
binary_packet.dns_question = "www.google.com"
binary_packet.udp_dest = 53
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def tcp_block_outgoing(self):
rules = Rules(country_block_rules)
binary_packet = BinaryPacket()
for US_ip in self.US_ip_examples:
binary_packet.dest_ip = US_ip # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_tcp_packet(), geoDB=self.geoDB)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_block_all(self):
rules = Rules(block_all_dns_rules)
binary_packet = BinaryPacket()
binary_packet.udp_source = 53
questions = ["www.google.com", "www.facebook.com", "berkeley.edu"]
for question in questions:
binary_packet.dns_question = question
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_tcp_drop_external_ip_outgoing(self):
rules = Rules(external_ip_drop_rules)
binary_packet = BinaryPacket()
binary_packet.dest_ip = '128.32.244.17' # This should be blocked
binary_packet = binary_packet.get_tcp_packet()
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet, geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_tcp_conflicting_rules_outgoing(self):
rules = Rules(conflicting_rules)
binary_packet = BinaryPacket()
# Test edge 1
binary_packet.dest_ip = '123.34.128.0' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
# Test middle
binary_packet.dest_ip = '123.34.225.225' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
# Test edge 2
binary_packet.dest_ip = '123.34.255.255' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
# Now test targeted allowed IP
binary_packet.dest_ip = '123.34.220.255' # This should be ALLOWED
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
def test_icmp_block_any_port_outgoing(self):
rules = Rules(block_any_port)
binary_packet = BinaryPacket()
binary_packet.dest_ip = '255.255.255.254' # The rule shouldn't apply here
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
binary_packet.dest_ip = '255.255.255.255' # The rule should apply here
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_icmp_block_single_port_incoming(self):
rules = Rules(block_single_port)
binary_packet = BinaryPacket()
binary_packet.icmp_type = 52 # The rule shouldn't apply here
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
binary_packet.icmp_type = 53 # The rule should apply here
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_incoming_requires_qclass_one(self):
rules = Rules(block_google_rules)
binary_packet = BinaryPacket()
binary_packet.dns_question = "www.google.com"
binary_packet.udp_source = 53
# If the query type is 1 or 28 it should be okay
for qclass in range(1, 256):
binary_packet.dns_qclass = qclass
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
if qclass == 1:
self.assertEqual(RULE_RESULT_DROP, result)
else:
# The rule wont apply
self.assertEqual(RULE_RESULT_PASS, result)
def test_dns_outgoing_requires_query_type(self):
rules = Rules(block_google_rules)
binary_packet = BinaryPacket()
binary_packet.dns_question = "www.google.com"
binary_packet.udp_dest = 53
# If the query type is 1 or 28 it should be okay
for qtype in range(1, 256):
binary_packet.dns_qtype = qtype
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
if qtype == 1 or qtype == 28:
self.assertEqual(RULE_RESULT_DROP, result)
else:
# The rule wont apply
self.assertEqual(RULE_RESULT_PASS, result)
def test_icmp_block_port_range_outgoing(self):
rules = Rules(block_port_range_rules)
binary_packet = BinaryPacket()
port_unblocked_range = range(0, 100) + range(201, 256)
port_blocked_range = range(100, 201)
for port in port_unblocked_range:
binary_packet.icmp_type = port # The rule shouldn't apply here
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
for port in port_blocked_range:
binary_packet.icmp_type = port # The rule should apply here
packet = Packet(pkt_dir=PKT_DIR_OUTGOING, pkt=binary_packet.get_icmp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_udp_block_port_range_incoming(self):
rules = Rules(block_port_range_rules)
binary_packet = BinaryPacket()
port_unblocked_range = range(0, 1000) + range(2001, 3001)
port_blocked_range = range(1000, 2001)
for port in port_unblocked_range:
binary_packet.udp_source = port # The rule shouldn't apply here
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
for port in port_blocked_range:
binary_packet.udp_source = port # The rule should apply here
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_block_two_domain_name(self):
rules = Rules(block_two_domain_name_rules)
binary_packet = BinaryPacket()
binary_packet.udp_source = 53
binary_packet.dns_question = 'fda.gov' # Should block
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
binary_packet.dns_question = 'www.fda.gov' # Should block
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
def test_dns_block_full_domain_name(self):
rules = Rules(block_full_domain_name_rules)
binary_packet = BinaryPacket()
binary_packet.udp_source = 53
binary_packet.dns_question = 'images.google.com' # Shouldn't block
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_PASS, result)
binary_packet.dns_question = 'www.google.com' # Should block
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
def test_tcp_drop_external_ip_prefix_incoming(self):
rules = Rules(external_ip_prefix_drop_rules)
binary_packet = BinaryPacket()
# Test edge 1
binary_packet.source_ip = '123.34.128.0' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
# Test middle
binary_packet.source_ip = '123.34.200.194' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
# Test edge 2
binary_packet.source_ip = '123.34.255.255' # This should be blocked
packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_tcp_packet(), geoDB=None)
result = rules.result_for_pkt(packet)
self.assertEqual(RULE_RESULT_DROP, result)
