示例#1
0
 def test_receives_icmp_unreachable_for_udp(self):
     ifExpects = receives_icmp_unreachable_for_udp('172.16.1.1',
                                                   '100.100.100.100', 9, 9,
                                                   5)
     self.assertEquals(
         'icmp and src host 100.100.100.100 and '
         'icmp[20:4] = 2886729985 and '
         'icmp[24:4] = 1684300900 and '
         'icmp[28:2] = 9 and icmp[30:2] = 9', ifExpects._filter)
     self.assertEquals(5, ifExpects._timeout)
示例#2
0
def test_snat_for_udp():
    """
    Title: Tests SNAT on UDP packets.

    Scenario:
    When: a VM sends UDP packets to an unassigned IP address.
    Then: the router performs SNAT on the message according to the rule chain
          set to the router,
    And: the UDP packets reach the receiver VM, with src address NATted,
    And: because the UDP port is not open, the receiver VM returns ICMP error
         responses.
    """
    sender = BM.get_iface_for_port('bridge-000-001', 2)
    receiver = BM.get_iface_for_port('bridge-000-002', 2)

    # Reset in-/out-bound filters.
    unset_filters('router-000-001')
    feed_receiver_mac(receiver)

    # Target hardware is a router's incoming port.
    router_port = VTM.get_router('router-000-001').get_port(1)
    router_mac = router_port.get_mn_resource().get_port_mac()

    # No SNAT configured. Should not receive SNATed messages.
    f2 = async_assert_that(
        receiver,
        should_NOT_receive('src host 172.16.1.100 and udp', within_sec(5)))
    f1 = sender.send_udp(router_mac,
                         '172.16.2.1',
                         29,
                         src_port=9,
                         dst_port=65000)
    wait_on_futures([f1, f2])

    # Set SNAT rule chains to the router
    set_filters('router-000-001', 'pre_filter_002', 'post_filter_002')

    # The receiver should receive SNATed messages.
    f2 = async_assert_that(
        receiver, receives('src host 172.16.1.100 and udp', within_sec(5)))
    # Sender should receive ICMP unreachable as the receiver port is not open.
    f3 = async_assert_that(
        sender,
        receives_icmp_unreachable_for_udp('172.16.1.1',
                                          '172.16.2.1',
                                          udp_src_port=9,
                                          udp_dst_port=65000,
                                          timeout=within_sec(5)))
    f1 = sender.send_udp(router_mac,
                         '172.16.2.1',
                         29,
                         src_port=9,
                         dst_port=65000)
    wait_on_futures([f1, f2, f3])
示例#3
0
 def test_receives_icmp_unreachable_for_udp(self):
     ifExpects = receives_icmp_unreachable_for_udp('172.16.1.1',
                                                   '100.100.100.100',
                                                   9, 9, 5)
     self.assertEquals('icmp and src host 100.100.100.100 and '
                       'icmp[20:4] = 2886729985 and '
                       'icmp[24:4] = 1684300900 and '
                       'icmp[28:2] = 9 and icmp[30:2] = 9',
                       ifExpects._filter)
     self.assertEquals(5,
                       ifExpects._timeout)
示例#4
0
def test_snat_for_udp():
    """
    Title: Tests SNAT on UDP packets.

    Scenario:
    When: a VM sends UDP packets to an unassigned IP address.
    Then: the router performs SNAT on the message according to the rule chain
          set to the router,
    And: the UDP packets reach the receiver VM, with src address NATted,
    And: because the UDP port is not open, the receiver VM returns ICMP error
         responses.
    """
    sender = BM.get_iface_for_port('bridge-000-001', 2)
    receiver = BM.get_iface_for_port('bridge-000-002', 2)

    # Reset in-/out-bound filters.
    unset_filters('router-000-001')
    feed_receiver_mac(receiver)

    # Target hardware is a router's incoming port.
    router_port = VTM.get_router('router-000-001').get_port(1)
    router_mac = router_port.get_mn_resource().get_port_mac()

    # No SNAT configured. Should not receive SNATed messages.
    f2 = async_assert_that(receiver, should_NOT_receive('src host 172.16.1.100 and udp',
                                             within_sec(5)))
    f1 = sender.send_udp(router_mac, '172.16.2.1', 29,
                         src_port=9, dst_port=65000)
    wait_on_futures([f1, f2])

    # Set SNAT rule chains to the router
    set_filters('router-000-001', 'pre_filter_002', 'post_filter_002')

    # The receiver should receive SNATed messages.
    f2 = async_assert_that(receiver, receives('src host 172.16.1.100 and udp',
                                   within_sec(5)))
    # Sender should receive ICMP unreachable as the receiver port is not open.
    f3 = async_assert_that(sender, receives_icmp_unreachable_for_udp(
                                '172.16.1.1', '172.16.2.1',
                                udp_src_port=9, udp_dst_port=65000,
                                timeout=within_sec(5)))
    f1 = sender.send_udp(router_mac, '172.16.2.1', 29,
                         src_port=9, dst_port=65000)
    wait_on_futures([f1, f2, f3])
示例#5
0
def test_dnat_for_udp():
    """
    Title: Tests DNAT on UDP packets.

    Scenario:
    When: a VM sends UDP packets to an unassigned IP address.
    Then: the router performs DNAT on the message according to the rule chain
          set to the router,
    And: the UDP packets reach the receiver VM.
    And: because the UDP port is not open, the receiver VM returns ICMP error
         responses.
    """
    sender = BM.get_iface_for_port("bridge-000-001", 2)
    receiver = BM.get_iface_for_port("bridge-000-002", 2)

    # Reset in-/out-bound filters.
    unset_filters("router-000-001")
    feed_receiver_mac(receiver)

    # Target hardware is a router's incoming port.
    router_port = VTM.get_router("router-000-001").get_port(1)
    router_mac = router_port.get_mn_resource().get_port_mac()

    f2 = async_assert_that(receiver, should_NOT_receive("dst host 172.16.2.1 and udp", within_sec(5)))
    f1 = sender.send_udp(router_mac, "100.100.100.100", 29, src_port=9, dst_port=9)
    wait_on_futures([f1, f2])

    # Set DNAT rule chains to the router
    set_filters("router-000-001", "pre_filter_001", "post_filter_001")

    f2 = async_assert_that(receiver, receives("dst host 172.16.2.1 and udp", within_sec(5)))
    # Sender should receive ICMP unreachable as the receiver port is not open.
    f3 = async_assert_that(
        sender,
        receives_icmp_unreachable_for_udp(
            "172.16.1.1", "100.100.100.100", udp_src_port=9, udp_dst_port=9, timeout=within_sec(5)
        ),
    )
    f1 = sender.send_udp(router_mac, "100.100.100.100", 29, src_port=9, dst_port=9)
    wait_on_futures([f1, f2, f3])