3 # Copyright (c) 2021 Cisco and/or its affiliates.
5 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 # Licensed under the Apache License 2.0 or
8 # GNU General Public License v2.0 or later; you may not use this file
9 # except in compliance with one of these Licenses. You
10 # may obtain a copy of the Licenses at:
12 # http://www.apache.org/licenses/LICENSE-2.0
13 # https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html
15 # Note: If this file is linked with Scapy, which is GPLv2+, your use of it
16 # must be under GPLv2+. If at any point in the future it is no longer linked
17 # with Scapy (or other GPLv2+ licensed software), you are free to choose
20 # Unless required by applicable law or agreed to in writing, software
21 # distributed under the License is distributed on an "AS IS" BASIS,
22 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 # See the License for the specific language governing permissions and
24 # limitations under the License.
26 """Traffic script for NAT verification."""
32 from scapy.layers.inet import IP, TCP, UDP
33 from scapy.layers.inet6 import IPv6, ICMPv6ND_NS
34 from scapy.layers.l2 import Ether
35 from scapy.packet import Raw
37 from .PacketVerifier import RxQueue, TxQueue
38 from .TrafficScriptArg import TrafficScriptArg
43 ipaddress.IPv4Address(ip)
45 except (AttributeError, ipaddress.AddressValueError):
51 ipaddress.IPv6Address(ip)
53 except (AttributeError, ipaddress.AddressValueError):
58 """Send, receive and check IP/IPv6 packets with UDP/TCP layer passing
61 args = TrafficScriptArg(
63 u"tx_src_mac", u"rx_dst_mac", u"src_ip_in", u"src_ip_out",
64 u"dst_ip", u"tx_dst_mac", u"rx_src_mac", u"protocol",
65 u"src_port_in", u"src_port_out", u"dst_port"
69 tx_src_mac = args.get_arg(u"tx_src_mac")
70 tx_dst_mac = args.get_arg(u"tx_dst_mac")
71 rx_dst_mac = args.get_arg(u"rx_dst_mac")
72 rx_src_mac = args.get_arg(u"rx_src_mac")
73 src_ip_in = args.get_arg(u"src_ip_in")
74 src_ip_out = args.get_arg(u"src_ip_out")
75 dst_ip = args.get_arg(u"dst_ip")
76 protocol = args.get_arg(u"protocol")
77 sport_in = int(args.get_arg(u"src_port_in"))
79 sport_out = int(args.get_arg(u"src_port_out"))
82 dst_port = int(args.get_arg(u"dst_port"))
84 tx_txq = TxQueue(args.get_arg(u"tx_if"))
85 tx_rxq = RxQueue(args.get_arg(u"tx_if"))
86 rx_txq = TxQueue(args.get_arg(u"rx_if"))
87 rx_rxq = RxQueue(args.get_arg(u"rx_if"))
90 pkt_raw = Ether(src=tx_src_mac, dst=tx_dst_mac)
92 if valid_ipv4(src_ip_in) and valid_ipv4(dst_ip):
94 elif valid_ipv6(src_ip_in) and valid_ipv6(dst_ip):
97 raise ValueError(u"IP not in correct format")
98 pkt_raw /= ip_layer(src=src_ip_in, dst=dst_ip)
100 if protocol == u"UDP":
101 pkt_raw /= UDP(sport=sport_in, dport=dst_port)
103 elif protocol == u"TCP":
104 # flags=0x2 => SYN flag set
105 pkt_raw /= TCP(sport=sport_in, dport=dst_port, flags=0x2)
108 raise ValueError(u"Incorrect protocol")
111 sent_packets.append(pkt_raw)
115 ether = rx_rxq.recv(2)
118 raise RuntimeError(u"IP packet Rx timeout")
120 if ether.haslayer(ICMPv6ND_NS):
121 # read another packet in the queue if the current one is ICMPv6ND_NS
124 # otherwise process the current packet
127 if rx_dst_mac != ether[Ether].dst or rx_src_mac != ether[Ether].src:
128 raise RuntimeError(f"Matching packet unsuccessful: {ether!r}")
130 ip_pkt = ether.payload
131 if not isinstance(ip_pkt, ip_layer):
132 raise RuntimeError(f"Not an {ip_layer!s} packet received: {ip_pkt!r}")
133 if ip_pkt.src != src_ip_out:
135 f"Matching Src IP address unsuccessful: "
136 f"{src_ip_out} != {ip_pkt.src}"
138 if ip_pkt.dst != dst_ip:
140 f"Matching Dst IP address unsuccessful: {dst_ip} != {ip_pkt.dst}"
143 proto_pkt = ip_pkt.payload
144 if not isinstance(proto_pkt, proto_layer):
146 f"Not a {proto_layer!s} packet received: {proto_pkt!r}"
148 if sport_out is not None:
149 if proto_pkt.sport != sport_out:
151 f"Matching Src {proto_layer!s} port unsuccessful: "
152 f"{sport_out} != {proto_pkt.sport}"
155 sport_out = proto_pkt.sport
156 if proto_pkt.dport != dst_port:
158 f"Matching Dst {proto_layer!s} port unsuccessful: "
159 f"{dst_port} != {proto_pkt.dport}"
161 if proto_layer == TCP:
162 if proto_pkt.flags != 0x2:
164 f"Not a TCP SYN packet received: {proto_pkt!r}"
167 pkt_raw = Ether(src=rx_dst_mac, dst=rx_src_mac)
168 pkt_raw /= ip_layer(src=dst_ip, dst=src_ip_out)
169 pkt_raw /= proto_layer(sport=dst_port, dport=sport_out)
170 if proto_layer == TCP:
171 # flags=0x12 => SYN, ACK flags set
172 pkt_raw[TCP].flags = 0x12
177 ether = tx_rxq.recv(2, ignore=sent_packets)
180 raise RuntimeError(u"IP packet Rx timeout")
182 if ether.haslayer(ICMPv6ND_NS):
183 # read another packet in the queue if the current one is ICMPv6ND_NS
186 # otherwise process the current packet
189 if ether[Ether].dst != tx_src_mac or ether[Ether].src != tx_dst_mac:
190 raise RuntimeError(f"Matching packet unsuccessful: {ether!r}")
192 ip_pkt = ether.payload
193 if not isinstance(ip_pkt, ip_layer):
194 raise RuntimeError(f"Not an {ip_layer!s} packet received: {ip_pkt!r}")
195 if ip_pkt.src != dst_ip:
197 f"Matching Src IP address unsuccessful: {dst_ip} != {ip_pkt.src}"
199 if ip_pkt.dst != src_ip_in:
201 f"Matching Dst IP address unsuccessful: {src_ip_in} != {ip_pkt.dst}"
204 proto_pkt = ip_pkt.payload
205 if not isinstance(proto_pkt, proto_layer):
207 f"Not a {proto_layer!s} packet received: {proto_pkt!r}"
209 if proto_pkt.sport != dst_port:
211 f"Matching Src {proto_layer!s} port unsuccessful: "
212 f"{dst_port} != {proto_pkt.sport}"
214 if proto_pkt.dport != sport_in:
216 f"Matching Dst {proto_layer!s} port unsuccessful: "
217 f"{sport_in} != {proto_pkt.dport}"
219 if proto_layer == TCP:
220 if proto_pkt.flags != 0x12:
222 f"Not a TCP SYN-ACK packet received: {proto_pkt!r}"
228 if __name__ == u"__main__":