def start(self): # save thread # https://stackoverflow.com/questions/49492550/start-another-process-in-background-and-capture-output-in-python # https://stackoverflow.com/questions/16768290/understanding-popen-communicate # https://stackoverflow.com/questions/375427/non-blocking-read-on-a-subprocess-pipe-in-python params = { key: value["value"] for key, value in self._dict["parameters"].items() } args = self._dict["properties"]["argstring"]["value"] % params args = args.split() self.cmd = [self._dict["properties"]["path"]["value"]] + args log.info("Executing: %s" % ' '.join(self.cmd)) with netns.NetNS(nsname=LG_NS): self._p = subprocess.Popen(['stdbuf', '-o0'] + self.cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=1, close_fds=True) self._q = Queue() self._tout = Process(target=enqueue_output, args=(self._p.stdout, self._q)) self._tout.daemon = True # thread dies with the program self._tout.start() self._terr = Process(target=enqueue_output, args=(self._p.stderr, self._q)) self._terr.daemon = True # thread dies with the program self._terr.start()
def router_ports_querry(router_id): with netns.NetNS(nsname=router_id): prerouting = iptc.easy.dump_chain('nat', 'custom-PREROUTING', ipv6=False) postrouting = iptc.easy.dump_chain('nat', 'custom-POSTROUTING', ipv6=False) server_nat_ports = {} mapping_ports = {} router_nat_ports = [] # list vm_port which vm opened (vms) for rule in postrouting: dst = rule['dst'][:-3] if dst in server_nat_ports: server_nat_ports[dst].append(rule['tcp']['dport']) else: server_nat_ports[dst] = [] server_nat_ports[dst].append(rule['tcp']['dport']) for rule in prerouting: src = rule['target']['DNAT']['to-destination'] dport = rule['tcp']['dport'] # the port which router opened (vmy) router_nat_ports.append(dport) # mapping the vm_port_opened with router_port_opened mapping_ports[src] = dport return server_nat_ports, mapping_ports, router_nat_ports
def run_config_api_thread(self): nspid = self.pid with netns.NetNS(nspid=nspid): api = ConfigAPI(self.name, self) kwargs = {"host": "::", "port": 80} api_thread = Thread(target=api.run, kwargs=kwargs) api_thread.daemon = True api_thread.start()
def handle_request(self, request: HttpParser) -> None: nspid = self.nspid with netns.NetNS(nspid=nspid): with socket_connection(self.upstream) as conn: conn.send(request.build()) data = conn.recv(DEFAULT_BUFFER_SIZE) while (data): self.client.queue(memoryview(data)) data = conn.recv(DEFAULT_BUFFER_SIZE)
def test_Dhcp_Discover_Decline(do_assert = True): ns = "br1" global evpn mac = helper.randomMAC() results = helper.parse_dhcp_pool_show(evpn) print("\n") if len(results['Available IP addresses']): ip = results['Available IP addresses'][0] print("\tFound Free IP %s" % ip) else: print("\\tNo Free IP available") if do_assert: assert(0) with netns.NetNS(nsname=ns): #from scapy.all import * conf.iface = ns+"-veth0" #conf.iface = "veth1" conf.verb = 0 fam,hw = get_if_raw_hwaddr(conf.iface) global dhcp_server_ip pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\ IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\ UDP(sport=68,dport=67)/\ BOOTP(yiaddr=ip, chaddr=hw)/\ DHCP(options=[("message-type", 'discover'),("server_id",\ dhcp_server_ip), "end"]) print pkt.command() sendp(pkt, iface=conf.iface) print("\tSent DHCP Discover for IP %s" % ip) time.sleep(1) results = helper.parse_dhcp_pool_show(evpn) if (not helper.array_value_exits(results['Allocated IP addresses'], ip)): print("\tIP %s did not get allocated" % ip) if do_assert: assert(0) else: print("\tIP %s did get allocated" % ip) global dhcp_server_ip pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\ IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\ UDP(sport=68,dport=67)/\ BOOTP(chaddr=hw)/\ DHCP(options=[("message-type", 'decline'),("server_id", \ dhcp_server_ip), "end"]) sendp(pkt, iface=conf.iface) time.sleep(1) results = helper.parse_dhcp_pool_show(evpn) if (not helper.array_value_exits(results['Declined IP addresses'], ip)): print("\tIP %s did not get Declined" % ip) if do_assert: assert(0) return False else: print("\tIP %s did get Declined" % ip) return True
def add_pat(server_ip, router_id, server_port, router_port, gateway): with netns.NetNS(nsname=router_id): nat = iptc.Table(iptc.Table.NAT) prerouting_chain = iptc.Chain(nat, "custom-PREROUTING") postrouting_chain = iptc.Chain(nat, "custom-POSTROUTING") prerouting_rule, postrouting_rule = NatAgent.__agent__.create_rules( server_ip, server_port, router_port, gateway) prerouting_chain.insert_rule(prerouting_rule) postrouting_chain.insert_rule(postrouting_rule) nat.close() nat._cache.clear()
def get_ip_route(): cmd = 'ip route show' try: if LG_NS_MODE: with netns.NetNS(nsname=LG_NS): result = subprocess.check_output(cmd.split()) else: result = subprocess.check_output(cmd.split()) except Exception: log.exception("Exception while getting IP route") return "" return result.decode()
def get_ip_config(): try: cmd = 'ip address show' if LG_NS_MODE: with netns.NetNS(nsname=LG_NS): result = subprocess.check_output(cmd.split()) else: result = subprocess.check_output(cmd.split()) except Exception: log.exception("Exception while getting IP config") return "" return result.decode()
def get_ss(): cmd = 'ss -ntulp' try: if LG_NS_MODE: with netns.NetNS(nsname=LG_NS): result = subprocess.check_output(cmd.split()) else: result = subprocess.check_output(cmd.split()) except Exception: log.exception("Exception while getting netstat") return "" return result.decode()
def check_namespace(_ns_): try: with netns.NetNS(nsname=_ns_): nat = iptc.Table(iptc.Table.NAT) check_custom_prerouting = next( (i for i in nat.chains if i.name == 'custom-PREROUTING'), None) check_custom_postrouting = next( (i for i in nat.chains if i.name == 'custom-POSTROUTING'), None) if check_custom_prerouting is None: print('custom-prerouting false') #nat.create_chain('custom-PREROUTING') else: print('custom-pre true') if check_custom_postrouting is None: print('custom-post-routing false') #nat.create_chain('custom-POSTROUTING') else: print('custom-pos true') pre_chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "PREROUTING") post_chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "POSTROUTING") check_prerouting = next( (i for i in pre_chain.rules if i.target.name == 'custom-PREROUTING'), None) check_postrouting = next( (i for i in post_chain.rules if i.target.name == 'custom-POSTROUTING'), None) if check_prerouting is None: print('check prerouting jump false') #rule_goto = { 'target': {'goto': 'custom-PREROUTING'}} #iptc.easy.insert_rule('nat','PREROUTING',rule_goto) else: print('check prerouting jump true') if check_postrouting is None: print('check postrouting jump false') #rule_goto = { 'target': {'goto': 'custom-POSTROUTING'}} #iptc.easy.insert_rule('nat','POSTROUTING',rule_goto) else: print('check postrouting jump true') nat.close() nat._cache.clear() except Exception as e: print(e)
def learn_ip(ip, count): ns = "br2" with netns.NetNS(nsname=ns): #from scapy.all import * conf.iface = "br2-veth0" conf.verb=0 conf.loglevel=error pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\ ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc=ip, pdst=ip, hwsrc='01:02:03:04:05:06', op=2) while(count > 1): sendp(pkt) count = count -1 """
def send_rcv(ns, pkt, cnt=5, loop=True): ans = [] with netns.NetNS(nsname=ns): #subprocess.call(['ip', 'a']) conf.verb = 0 conf.iface = ns + "-veth0" conf.iface6 = ns + "-veth0" logging.debug("%s, pkt: %s, cnt:%d" % (conf.iface, pkt.command(), cnt)) if loop: ans, u = srploop(pkt, iface=conf.iface, timeout=5, count=cnt) else: ans, u = srp(pkt, iface=conf.iface, timeout=5) return ans
def test_Dhcp_Alloc(): thread = Thread(target=listen) thread.start() print("\n") ns = "br1" global ovs alloc_list = {} for i in range(0, 2): #mac = brs[ns+'-veth1']['vports'][i] mac = helper.randomMAC() results = helper.parse_dhcp_pool_show(evpn) if len(results['Available IP addresses']): ip = results['Available IP addresses'][0] print("found Free IP %s" % ip) else: print("no Free IP available") assert(0) print mac e = evpns[brs[ns+'-veth1']['evpn']]['properties'] with netns.NetNS(nsname=ns): conf.iface = ns+"-veth0" conf.verb = 0 fam,hw = get_if_raw_hwaddr(conf.iface) pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\ IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\ UDP(sport=68,dport=67)/\ BOOTP(yiaddr=ip, chaddr=RandString(12, "0123456789abcdef"))/\ DHCP(options=[("message-type", 'discover'), ("requested_addr", ip), ("server_id", e['gw_ip']), "end"]) print pkt.command() a, u = srp(pkt, iface=conf.iface) print("\tSent DHCP Discover for IP %s" % ip) print a print u time.sleep(1) results = helper.parse_dhcp_pool_show(evpn) if (not helper.array_value_exits(results['Allocated IP addresses'], ip)): print("\tIP %s did not get allocated" % ip) assert(0) else: print("\tIP %s did get allocated" % ip) alloc_list[ip] = mac print alloc_list """
def send_grat_arp(ns, ip): #ns = "br2" #print "****learn_ip "+ip cnt = 0 with netns.NetNS(nsname=ns): #subprocess.call(['ip', 'a']) #print conf conf.iface = ns + "-veth0" pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\ ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc=ip, pdst=ip,\ hwsrc=randomMAC(), op=2) while (True): #print "\nsending ..."+str(cnt) sendp(pkt) time.sleep(1) cnt = cnt + 1
def learn_ip(ns, ip): from scapy.all import * #ns = "br2" print "****learn_ip " + ip cnt = 0 with netns.NetNS(nsname=ns): subprocess.call(['ip', 'a']) print conf conf.iface = ns + "-veth0" pkt = Ether(src='00:00:00:00:00:00', dst='ff:ff:ff:ff:ff:ff')/\ ARP(hwdst='ff:ff:ff:ff:ff:ff', psrc='1.1.1.15', pdst='1.1.1.15',\ hwsrc=randomMAC(), op=2) while (True): print "\nsending ..." + str(cnt) sendp(pkt) time.sleep(4) cnt = cnt + 1
def iptables_raw(table, chain=""): if ' ' in table or (chain and ' ' in chain): logging.error('Spaces not allowed in table or chain name') return [] if chain: chain = chain + " --line-numbers" cmd = 'iptables -t %s -L %s -v -n' % (table, chain) try: if LG_NS_MODE: with netns.NetNS(nsname=LG_NS): rules = subprocess.check_output(cmd.split()) else: rules = subprocess.check_output(cmd.split()) except Exception: log.exception("Exception while executing iptables") return b"" return rules
def send_dhcp_request(ns, mac, gw_ip, req_ip): loging.info("sending dhcp req MAC: %s" % mac) macraw = mac.replace(':', '').decode('hex') with netns.NetNS(nsname=ns): conf.iface = ns + "-veth0" conf.verb = 0 fam, hw = get_if_raw_hwaddr(conf.iface) pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff')/\ IP(tos=0x10,proto="udp",src="0.0.0.0",dst="255.255.255.255")/\ UDP(sport=68,dport=67)/\ BOOTP(yiaddr=req_ip, chaddr=macraw)/\ DHCP(options=[("message-type", 'request'), ("requested_addr", req_ip), ("server_id", gw_ip), "end"]) logging.debug("pkt: %s" % pkt.command()) sendp(pkt, iface=conf.iface) looging.info("\tSent DHCP Request for IP (%s)%s"\ % (ns+'-veth0', req_ip))
def send_pkt_sniff(ns, pkt, cnt=5, loop=True, sniff_filter=''): ans = [] if len(sniff_filter): logging.debug(sniff_filter) conf.verb = 3 with netns.NetNS(nsname=ns): #subprocess.call(['ip', 'a']) conf.iface = ns + "-veth0" conf.iface6 = ns + "-veth0" logging.debug("%s, pkt: %s, cnt:%d" % (conf.iface, pkt.command(), cnt)) if loop: ans, u = srploop(pkt, iface=conf.iface, timeout=5, count=cnt) logging.debug(ans.summary()) logging.debug(u.summary()) else: sendp(pkt, iface=conf.iface) if len(sniff_filter): ans = sniff(iface=conf.iface, timeout=5, filter=sniff_filter) return ans
def lg_exec(*args): cmd = [os.path.join( get_script_path(), "lg-server", "bin", args[0], )] + list(args[1:]) my_env = {**os.environ.copy(), **py_env} try: if LG_NS_MODE: with netns.NetNS(nsname=LG_NS): output = subprocess.check_output(cmd, env=my_env, stderr=subprocess.STDOUT) else: output = subprocess.check_output(cmd, env=my_env, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: log.exception("Exception while running command: %s" % ' '.join(args)) log.error(e.output.decode()) return b"" return output
import iptc import netns from random import randint with netns.NetNS(nsname='qrouter-03b72092-e8bb-473e-b671-e1dce6c4b73d'): prerouting_chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "custom-PREROUTING") old_rule = iptc.Rule() old_rule.protocol = "tcp" match = iptc.Match(old_rule, "tcp") match.dport = '4022' target = old_rule.create_target("DNAT") target.to_destination = '192.168.20.220:22' old_rule.add_match(match) old_rule.target = target prerouting_chain.insert_rule(old_rule) postrouting_chain = iptc.Chain(iptc.Table(iptc.Table.NAT), "custom-POSTROUTING") new_rule = iptc.Rule() new_rule.protocol = "tcp" new_rule.dst = '192.168.20.220' match = iptc.Match(new_rule, "tcp") match.dport = '22' new_rule.add_match(match) new_rule.target = iptc.Target(new_rule, "MASQUERADE") postrouting_chain.insert_rule(new_rule)
import iptc import netns from random import randint import argparse parser = argparse.ArgumentParser() parser.add_argument("--server", required=True, help="ip of vm") parser.add_argument("--qrouter", required=True, help="router namespace") parser.add_argument("--vmport", required=True, help="enter port vm") #parser.add_argument("--interface",required=True, help="interface") parser.add_argument("--gateway", required=True, help="gateway") args = parser.parse_args() with netns.NetNS(nsname=args.qrouter): prerouting = iptc.easy.dump_chain('nat', 'custom-PREROUTING', ipv6=False) postrouting = iptc.easy.dump_chain('nat', 'custom-POSTROUTING', ipv6=False) vm_ports = {} mapping_ports = {} router_ports = [] # ports which vm opened for rule in postrouting: dst = rule['dst'] dst = dst[:-3] if dst in vm_ports: vm_ports[dst].append(rule['tcp']['dport']) else: vm_ports[dst] = [] vm_ports[dst].append(rule['tcp']['dport']) for rule in prerouting: