def test_receives_icmp_unreachable_for_udp(self): ifExpects = receives_icmp_unreachable_for_udp('172.16.1.1', '100.100.100.100', 9, 9, 5) self.assertEquals( 'icmp and src host 100.100.100.100 and ' 'icmp[20:4] = 2886729985 and ' 'icmp[24:4] = 1684300900 and ' 'icmp[28:2] = 9 and icmp[30:2] = 9', ifExpects._filter) self.assertEquals(5, ifExpects._timeout)
def test_snat_for_udp(): """ Title: Tests SNAT on UDP packets. Scenario: When: a VM sends UDP packets to an unassigned IP address. Then: the router performs SNAT on the message according to the rule chain set to the router, And: the UDP packets reach the receiver VM, with src address NATted, And: because the UDP port is not open, the receiver VM returns ICMP error responses. """ sender = BM.get_iface_for_port('bridge-000-001', 2) receiver = BM.get_iface_for_port('bridge-000-002', 2) # Reset in-/out-bound filters. unset_filters('router-000-001') feed_receiver_mac(receiver) # Target hardware is a router's incoming port. router_port = VTM.get_router('router-000-001').get_port(1) router_mac = router_port.get_mn_resource().get_port_mac() # No SNAT configured. Should not receive SNATed messages. f2 = async_assert_that( receiver, should_NOT_receive('src host 172.16.1.100 and udp', within_sec(5))) f1 = sender.send_udp(router_mac, '172.16.2.1', 29, src_port=9, dst_port=65000) wait_on_futures([f1, f2]) # Set SNAT rule chains to the router set_filters('router-000-001', 'pre_filter_002', 'post_filter_002') # The receiver should receive SNATed messages. f2 = async_assert_that( receiver, receives('src host 172.16.1.100 and udp', within_sec(5))) # Sender should receive ICMP unreachable as the receiver port is not open. f3 = async_assert_that( sender, receives_icmp_unreachable_for_udp('172.16.1.1', '172.16.2.1', udp_src_port=9, udp_dst_port=65000, timeout=within_sec(5))) f1 = sender.send_udp(router_mac, '172.16.2.1', 29, src_port=9, dst_port=65000) wait_on_futures([f1, f2, f3])
def test_receives_icmp_unreachable_for_udp(self): ifExpects = receives_icmp_unreachable_for_udp('172.16.1.1', '100.100.100.100', 9, 9, 5) self.assertEquals('icmp and src host 100.100.100.100 and ' 'icmp[20:4] = 2886729985 and ' 'icmp[24:4] = 1684300900 and ' 'icmp[28:2] = 9 and icmp[30:2] = 9', ifExpects._filter) self.assertEquals(5, ifExpects._timeout)
def test_snat_for_udp(): """ Title: Tests SNAT on UDP packets. Scenario: When: a VM sends UDP packets to an unassigned IP address. Then: the router performs SNAT on the message according to the rule chain set to the router, And: the UDP packets reach the receiver VM, with src address NATted, And: because the UDP port is not open, the receiver VM returns ICMP error responses. """ sender = BM.get_iface_for_port('bridge-000-001', 2) receiver = BM.get_iface_for_port('bridge-000-002', 2) # Reset in-/out-bound filters. unset_filters('router-000-001') feed_receiver_mac(receiver) # Target hardware is a router's incoming port. router_port = VTM.get_router('router-000-001').get_port(1) router_mac = router_port.get_mn_resource().get_port_mac() # No SNAT configured. Should not receive SNATed messages. f2 = async_assert_that(receiver, should_NOT_receive('src host 172.16.1.100 and udp', within_sec(5))) f1 = sender.send_udp(router_mac, '172.16.2.1', 29, src_port=9, dst_port=65000) wait_on_futures([f1, f2]) # Set SNAT rule chains to the router set_filters('router-000-001', 'pre_filter_002', 'post_filter_002') # The receiver should receive SNATed messages. f2 = async_assert_that(receiver, receives('src host 172.16.1.100 and udp', within_sec(5))) # Sender should receive ICMP unreachable as the receiver port is not open. f3 = async_assert_that(sender, receives_icmp_unreachable_for_udp( '172.16.1.1', '172.16.2.1', udp_src_port=9, udp_dst_port=65000, timeout=within_sec(5))) f1 = sender.send_udp(router_mac, '172.16.2.1', 29, src_port=9, dst_port=65000) wait_on_futures([f1, f2, f3])
def test_dnat_for_udp(): """ Title: Tests DNAT on UDP packets. Scenario: When: a VM sends UDP packets to an unassigned IP address. Then: the router performs DNAT on the message according to the rule chain set to the router, And: the UDP packets reach the receiver VM. And: because the UDP port is not open, the receiver VM returns ICMP error responses. """ sender = BM.get_iface_for_port("bridge-000-001", 2) receiver = BM.get_iface_for_port("bridge-000-002", 2) # Reset in-/out-bound filters. unset_filters("router-000-001") feed_receiver_mac(receiver) # Target hardware is a router's incoming port. router_port = VTM.get_router("router-000-001").get_port(1) router_mac = router_port.get_mn_resource().get_port_mac() f2 = async_assert_that(receiver, should_NOT_receive("dst host 172.16.2.1 and udp", within_sec(5))) f1 = sender.send_udp(router_mac, "100.100.100.100", 29, src_port=9, dst_port=9) wait_on_futures([f1, f2]) # Set DNAT rule chains to the router set_filters("router-000-001", "pre_filter_001", "post_filter_001") f2 = async_assert_that(receiver, receives("dst host 172.16.2.1 and udp", within_sec(5))) # Sender should receive ICMP unreachable as the receiver port is not open. f3 = async_assert_that( sender, receives_icmp_unreachable_for_udp( "172.16.1.1", "100.100.100.100", udp_src_port=9, udp_dst_port=9, timeout=within_sec(5) ), ) f1 = sender.send_udp(router_mac, "100.100.100.100", 29, src_port=9, dst_port=9) wait_on_futures([f1, f2, f3])