def test_uplink_to_ue_arp_router_mode(self): """ Verify that a UPLINK->UE arp request with IMSI set is properly matched """ pkt_sender = ScapyPacketInjector(self.IFACE) arp_packet = ARPPacketBuilder() \ .set_ether_layer(self.UE_MAC, self.OTHER_MAC) \ .set_arp_layer(self.UE_IP) \ .set_arp_hwdst(self.UE_MAC) \ .set_arp_src(self.OTHER_MAC, self.OTHER_IP) \ .build() dlink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \ .set_eth_match(eth_dst=self.UE_MAC, eth_src=self.OTHER_MAC) \ .set_reg_value(DIRECTION_REG, Direction.IN) \ .set_reg_value(IMSI_REG, 123) \ .build_requests() isolator = RyuDirectTableIsolator(dlink_args, self.testing_controller) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, ) with isolator, snapshot_verifier: pkt_sender.send(arp_packet, count=4) wait_after_send(self.testing_controller) clean_to_ip_blocks_list()
def test_mtr_arp(self): """ Verify that a MTR arp request is handled in ARP responder """ pkt_sender = ScapyPacketInjector(self.IFACE) arp_packet = ARPPacketBuilder() \ .set_ether_layer(self.OTHER_MAC, self.MAC_DEST) \ .set_arp_layer(self.MTR_IP) \ .set_arp_hwdst(self.OTHER_MAC) \ .set_arp_src(self.UE_MAC, self.UE_IP) \ .build() uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \ .set_eth_type_arp() \ .set_reg_value(DIRECTION_REG, Direction.IN) \ .build_requests() isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller) time.sleep(1) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, ) with isolator, snapshot_verifier: pkt_sender.send(arp_packet, count=4) wait_after_send(self.testing_controller)
def test_stray_arp_drop(self): """ Verify that an arp that neither UE->UPLINK nor UPLINK->UE is dropped """ pkt_sender = ScapyPacketInjector(self.IFACE) arp_packet = ARPPacketBuilder() \ .set_ether_layer('11:11:11:11:11:1', self.OTHER_MAC) \ .set_arp_layer(self.OTHER_IP) \ .set_arp_hwdst(self.OTHER_MAC) \ .set_arp_src('22:22:22:22:22:22', '1.1.1.1') \ .build() uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \ .set_eth_match(eth_dst='11:11:11:11:11:1', eth_src=self.OTHER_MAC) \ .set_reg_value(DIRECTION_REG, Direction.OUT) \ .build_requests() isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, ) with isolator, snapshot_verifier: pkt_sender.send(arp_packet, count=4) wait_after_send(self.testing_controller)
def test_ue_to_uplink_arp(self): """ Verify that a UE->UPLINK arp request is dropped MME would not set IMSI reg """ pkt_sender = ScapyPacketInjector(self.IFACE) arp_packet = ARPPacketBuilder() \ .set_ether_layer(self.OTHER_MAC, self.UE_MAC) \ .set_arp_layer(self.OTHER_IP) \ .set_arp_hwdst(self.OTHER_MAC) \ .set_arp_src(self.UE_MAC, self.UE_IP) \ .build() uplink_args = RyuForwardFlowArgsBuilder(self._tbl_num) \ .set_eth_match(eth_src=self.UE_MAC, eth_dst=self.OTHER_MAC) \ .set_reg_value(DIRECTION_REG, Direction.OUT) \ .build_requests() isolator = RyuDirectTableIsolator(uplink_args, self.testing_controller) snapshot_verifier = SnapshotVerifier( self, self.BRIDGE, self.service_manager, ) with isolator, snapshot_verifier: pkt_sender.send(arp_packet, count=4) wait_after_send(self.testing_controller)
def test_rest_arp_flow(self): """ Sends an arp request to the ARP table Assert: The arp rule is matched 2 times for each arp packet No other rule is matched """ isolator = RyuRestTableIsolator( RyuForwardFlowArgsBuilder(self.TID).set_reg_value(DIRECTION_REG, 0x10) .build_requests() ) flow_query = RyuRestFlowQuery( self.TID, match={ 'eth_type': 2054, DIRECTION_REG: 16, 'arp_tpa': self.IP_DEST + '/255.255.255.0' } ) pkt_sender = ScapyPacketInjector(self.IFACE) packets = ARPPacketBuilder().set_arp_layer(self.IP_DEST + "/28")\ .build() # 16 as the bitmask was /28 num_pkts = 16 arp_start = flow_query.lookup()[0].packets total_start = _pkt_total(RyuRestFlowQuery(self.TID).lookup()) with isolator: pkt_sender.get_response(packets) time.sleep(2.5) arp_final = flow_query.lookup()[0].packets total_final = _pkt_total(RyuRestFlowQuery(self.TID).lookup()) self.assertEqual(arp_final - arp_start, num_pkts * 2) self.assertEqual(total_final - total_start, num_pkts * 2)
def test_passthrough_rules(self): """ Add UE MAC flows for two subscribers """ imsi_1 = 'IMSI010000000088888' other_mac = '5e:cc:cc:b1:aa:aa' cli_ip = '1.1.1.1' server_ip = '151.42.41.122' # Add subscriber with UE MAC address """ self.ue_mac_controller.add_ue_mac_flow(imsi_1, self.UE_MAC_1) # Create a set of packets pkt_sender = ScapyPacketInjector(self.BRIDGE) # Only send downlink as the pkt_sender sends pkts from in_port=LOCAL downlink_packet1 = EtherPacketBuilder() \ .set_ether_layer(self.UE_MAC_1, other_mac) \ .build() dhcp_packet = DHCPPacketBuilder() \ .set_ether_layer(self.UE_MAC_1, other_mac) \ .set_ip_layer(server_ip, cli_ip) \ .set_udp_layer(67, 68) \ .set_bootp_layer(2, cli_ip, server_ip, other_mac) \ .set_dhcp_layer([("message-type", "ack"), "end"]) \ .build() dns_packet = UDPPacketBuilder() \ .set_ether_layer(self.UE_MAC_1, other_mac) \ .set_ip_layer('151.42.41.122', '1.1.1.1') \ .set_udp_layer(53, 32795) \ .build() arp_packet = ARPPacketBuilder() \ .set_ether_layer(self.UE_MAC_1, other_mac) \ .set_arp_layer('1.1.1.1') \ .set_arp_hwdst(self.UE_MAC_1) \ .set_arp_src(other_mac, '1.1.1.12') \ .build() # Check if these flows were added (queries should return flows) flow_queries = [ FlowQuery(self._tbl_num, self.testing_controller, match=MagmaMatch(eth_dst=self.UE_MAC_1)) ] # =========================== Verification =========================== # Verify 3 flows installed for ue_mac table (3 pkts matched) # 4 flows installed for inout (3 pkts matched) # 2 flows installed (2 pkts matches) flow_verifier = FlowVerifier( [ FlowTest(FlowQuery(self._tbl_num, self.testing_controller), 4, 3), FlowTest(FlowQuery(self._ingress_tbl_num, self.testing_controller), 4, 2), FlowTest(FlowQuery(self._egress_tbl_num, self.testing_controller), 3, 2), FlowTest(flow_queries[0], 4, 1), ], lambda: wait_after_send(self.testing_controller)) snapshot_verifier = SnapshotVerifier(self, self.BRIDGE, self.service_manager) with flow_verifier, snapshot_verifier: pkt_sender.send(dhcp_packet) pkt_sender.send(downlink_packet1) pkt_sender.send(dns_packet) hub.sleep(3) pkt_sender.send(arp_packet) flow_verifier.verify()