3 # Copyright (c) 2021 Cisco and/or its affiliates.
5 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 # Licensed under the Apache License 2.0 or
8 # GNU General Public License v2.0 or later; you may not use this file
9 # except in compliance with one of these Licenses. You
10 # may obtain a copy of the Licenses at:
12 # http://www.apache.org/licenses/LICENSE-2.0
13 # https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
15 # Note: If this file is linked with Scapy, which is GPLv2+, your use of it
16 # must be under GPLv2+. If at any point in the future it is no longer linked
17 # with Scapy (or other GPLv2+ licensed software), you are free to choose
20 # Unless required by applicable law or agreed to in writing, software
21 # distributed under the License is distributed on an "AS IS" BASIS,
22 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 # See the License for the specific language governing permissions and
24 # limitations under the License.
26 """Traffic script for NAT verification."""
30 from scapy.layers.inet import IP, TCP, UDP
31 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6MLReport2, ICMPv6ND_RA
32 from scapy.layers.l2 import Ether
33 from scapy.packet import Raw
35 from .PacketVerifier import RxQueue, TxQueue
36 from .TrafficScriptArg import TrafficScriptArg
37 from .ValidIp import valid_ipv4, valid_ipv6
41 """Send, receive and check IP/IPv6 packets with UDP/TCP layer passing
44 args = TrafficScriptArg(
46 u"tx_src_mac", u"rx_dst_mac", u"src_ip_in", u"src_ip_out",
47 u"dst_ip", u"tx_dst_mac", u"rx_src_mac", u"protocol",
48 u"src_port_in", u"src_port_out", u"dst_port"
52 tx_src_mac = args.get_arg(u"tx_src_mac")
53 tx_dst_mac = args.get_arg(u"tx_dst_mac")
54 rx_dst_mac = args.get_arg(u"rx_dst_mac")
55 rx_src_mac = args.get_arg(u"rx_src_mac")
56 src_ip_in = args.get_arg(u"src_ip_in")
57 src_ip_out = args.get_arg(u"src_ip_out")
58 dst_ip = args.get_arg(u"dst_ip")
59 protocol = args.get_arg(u"protocol")
60 sport_in = int(args.get_arg(u"src_port_in"))
62 sport_out = int(args.get_arg(u"src_port_out"))
65 dst_port = int(args.get_arg(u"dst_port"))
67 tx_txq = TxQueue(args.get_arg(u"tx_if"))
68 tx_rxq = RxQueue(args.get_arg(u"tx_if"))
69 rx_txq = TxQueue(args.get_arg(u"rx_if"))
70 rx_rxq = RxQueue(args.get_arg(u"rx_if"))
73 pkt_raw = Ether(src=tx_src_mac, dst=tx_dst_mac)
75 if valid_ipv4(src_ip_in) and valid_ipv4(dst_ip):
77 elif valid_ipv6(src_ip_in) and valid_ipv6(dst_ip):
80 raise ValueError(u"IP not in correct format")
81 pkt_raw /= ip_layer(src=src_ip_in, dst=dst_ip)
83 if protocol == u"UDP":
84 pkt_raw /= UDP(sport=sport_in, dport=dst_port)
86 elif protocol == u"TCP":
87 # flags=0x2 => SYN flag set
88 pkt_raw /= TCP(sport=sport_in, dport=dst_port, flags=0x2)
91 raise ValueError(u"Incorrect protocol")
94 sent_packets.append(pkt_raw)
98 ether = rx_rxq.recv(2)
101 raise RuntimeError(u"IP packet Rx timeout")
103 if ether.haslayer(ICMPv6ND_NS):
104 # read another packet in the queue if the current one is ICMPv6ND_NS
106 elif ether.haslayer(ICMPv6MLReport2):
107 # read another packet in the queue if the current one is
110 elif ether.haslayer(ICMPv6ND_RA):
111 # read another packet in the queue if the current one is
117 if rx_dst_mac != ether[Ether].dst or rx_src_mac != ether[Ether].src:
118 raise RuntimeError(f"Matching packet unsuccessful: {ether!r}")
120 ip_pkt = ether.payload
121 if not isinstance(ip_pkt, ip_layer):
122 raise RuntimeError(f"Not an {ip_layer!s} packet received: {ip_pkt!r}")
123 if ip_pkt.src != src_ip_out:
125 f"Matching Src IP address unsuccessful: "
126 f"{src_ip_out} != {ip_pkt.src}"
128 if ip_pkt.dst != dst_ip:
130 f"Matching Dst IP address unsuccessful: {dst_ip} != {ip_pkt.dst}"
133 proto_pkt = ip_pkt.payload
134 if not isinstance(proto_pkt, proto_layer):
136 f"Not a {proto_layer!s} packet received: {proto_pkt!r}"
138 if sport_out is not None:
139 if proto_pkt.sport != sport_out:
141 f"Matching Src {proto_layer!s} port unsuccessful: "
142 f"{sport_out} != {proto_pkt.sport}"
145 sport_out = proto_pkt.sport
146 if proto_pkt.dport != dst_port:
148 f"Matching Dst {proto_layer!s} port unsuccessful: "
149 f"{dst_port} != {proto_pkt.dport}"
151 if proto_layer == TCP:
152 if proto_pkt.flags != 0x2:
154 f"Not a TCP SYN packet received: {proto_pkt!r}"
157 pkt_raw = Ether(src=rx_dst_mac, dst=rx_src_mac)
158 pkt_raw /= ip_layer(src=dst_ip, dst=src_ip_out)
159 pkt_raw /= proto_layer(sport=dst_port, dport=sport_out)
160 if proto_layer == TCP:
161 # flags=0x12 => SYN, ACK flags set
162 pkt_raw[TCP].flags = 0x12
167 ether = tx_rxq.recv(2, ignore=sent_packets)
170 raise RuntimeError(u"IP packet Rx timeout")
172 if ether.haslayer(ICMPv6ND_NS):
173 # read another packet in the queue if the current one is ICMPv6ND_NS
175 elif ether.haslayer(ICMPv6MLReport2):
176 # read another packet in the queue if the current one is
179 elif ether.haslayer(ICMPv6ND_RA):
180 # read another packet in the queue if the current one is
186 if ether[Ether].dst != tx_src_mac or ether[Ether].src != tx_dst_mac:
187 raise RuntimeError(f"Matching packet unsuccessful: {ether!r}")
189 ip_pkt = ether.payload
190 if not isinstance(ip_pkt, ip_layer):
191 raise RuntimeError(f"Not an {ip_layer!s} packet received: {ip_pkt!r}")
192 if ip_pkt.src != dst_ip:
194 f"Matching Src IP address unsuccessful: {dst_ip} != {ip_pkt.src}"
196 if ip_pkt.dst != src_ip_in:
198 f"Matching Dst IP address unsuccessful: {src_ip_in} != {ip_pkt.dst}"
201 proto_pkt = ip_pkt.payload
202 if not isinstance(proto_pkt, proto_layer):
204 f"Not a {proto_layer!s} packet received: {proto_pkt!r}"
206 if proto_pkt.sport != dst_port:
208 f"Matching Src {proto_layer!s} port unsuccessful: "
209 f"{dst_port} != {proto_pkt.sport}"
211 if proto_pkt.dport != sport_in:
213 f"Matching Dst {proto_layer!s} port unsuccessful: "
214 f"{sport_in} != {proto_pkt.dport}"
216 if proto_layer == TCP:
217 if proto_pkt.flags != 0x12:
219 f"Not a TCP SYN-ACK packet received: {proto_pkt!r}"
225 if __name__ == u"__main__":