diff options
-rw-r--r-- | GPL/traffic_scripts/ipsec_interface.py | 54 | ||||
-rw-r--r-- | GPL/traffic_scripts/ipsec_policy.py | 48 | ||||
-rw-r--r-- | requirements.txt | 83 | ||||
-rw-r--r-- | resources/libraries/bash/function/common.sh | 3 | ||||
-rw-r--r-- | tox-requirements.txt | 25 |
5 files changed, 101 insertions, 112 deletions
diff --git a/GPL/traffic_scripts/ipsec_interface.py b/GPL/traffic_scripts/ipsec_interface.py index 574985f679..e6e90a2598 100644 --- a/GPL/traffic_scripts/ipsec_interface.py +++ b/GPL/traffic_scripts/ipsec_interface.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -# Copyright (c) 2021 Cisco and/or its affiliates. +# Copyright (c) 2022 Cisco and/or its affiliates. # # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # @@ -77,7 +77,7 @@ def check_ipsec( if not pkt_recv.haslayer(ip_layer): raise RuntimeError( - f"Not an {ip_layer.__name__} packet received: {pkt_recv!r}" + f"Not an {ip_layer.name} packet received: {pkt_recv!r}" ) if pkt_recv[ip_layer].src != src_tun: @@ -97,9 +97,6 @@ def check_ipsec( ip_pkt = pkt_recv[ip_layer] d_pkt = sa_in.decrypt(ip_pkt) - print(u"Decrypted packet:") - d_pkt.show2() - print() if d_pkt[ip_layer].dst != dst_ip: raise RuntimeError( @@ -151,19 +148,19 @@ def check_ip(pkt_recv, ip_layer, src_mac, dst_mac, src_ip, dst_ip): if not pkt_recv.haslayer(ip_layer): raise RuntimeError( - f"Not an {ip_layer.__name__} packet received: {pkt_recv!r}" + f"Not an {ip_layer.name} packet received: {pkt_recv!r}" ) if pkt_recv[ip_layer].dst != dst_ip: raise RuntimeError( f"Received packet has invalid destination address: " - f"{pkt_recv[ip_layer.__name__].dst} should be: {dst_ip}" + f"{pkt_recv[ip_layer.name].dst} should be: {dst_ip}" ) if pkt_recv[ip_layer].src != src_ip: raise RuntimeError( f"Received packet has invalid destination address: " - f"{pkt_recv[ip_layer.__name__].dst} should be: {src_ip}" + f"{pkt_recv[ip_layer.name].dst} should be: {src_ip}" ) if ip_layer == IP and pkt_recv[ip_layer].proto != 61: @@ -214,19 +211,18 @@ def main(): sa_in = SecurityAssociation( ESP, spi=l_spi, crypt_algo=crypto_alg, crypt_key=crypto_key.encode(encoding=u"utf-8"), auth_algo=integ_alg, - auth_key=integ_key.encode(encoding=u"utf-8"), - tunnel_header=tunnel_in + auth_key=integ_key.encode(encoding=u"utf-8"), tunnel_header=tunnel_in ) sa_out = SecurityAssociation( ESP, spi=r_spi, crypt_algo=crypto_alg, crypt_key=crypto_key.encode(encoding=u"utf-8"), auth_algo=integ_alg, - auth_key=integ_key.encode(encoding=u"utf-8"), - tunnel_header=tunnel_out + auth_key=integ_key.encode(encoding=u"utf-8"), tunnel_header=tunnel_out ) sent_packets = list() - tx_pkt_send = (Ether(src=tx_src_mac, dst=tx_dst_mac) / ip_pkt) + tx_pkt_send = ( + Ether(src=tx_src_mac, dst=tx_dst_mac) / ip_pkt) tx_pkt_send /= Raw() size_limit = 78 if ip_layer == IPv6 else 64 if len(tx_pkt_send) < size_limit: @@ -238,16 +234,16 @@ def main(): rx_pkt_recv = rx_rxq.recv(2) if rx_pkt_recv is None: - raise RuntimeError(f"{ip_layer.__name__} packet Rx timeout") + raise RuntimeError(f"{ip_layer.name} packet Rx timeout") if rx_pkt_recv.haslayer(ICMPv6ND_NS): # read another packet in the queue if the current one is ICMPv6ND_NS continue - elif rx_pkt_recv.haslayer(ICMPv6MLReport2): + if rx_pkt_recv.haslayer(ICMPv6MLReport2): # read another packet in the queue if the current one is # ICMPv6MLReport2 continue - elif rx_pkt_recv.haslayer(ICMPv6ND_RA): + if rx_pkt_recv.haslayer(ICMPv6ND_RA): # read another packet in the queue if the current one is # ICMPv6ND_RA continue @@ -260,45 +256,37 @@ def main(): dst_ip, sa_in ) - ip_pkt = ip_layer(src=dst_ip, dst=src_ip, proto=61) if ip_layer == IP \ + rx_ip_pkt = ip_layer(src=dst_ip, dst=src_ip, proto=61) if ip_layer == IP \ else ip_layer(src=dst_ip, dst=src_ip) - ip_pkt /= Raw() - if len(ip_pkt) < (size_limit - 14): - ip_pkt[Raw].load += (b"\0" * (size_limit - 14 - len(ip_pkt))) - e_pkt = sa_out.encrypt(ip_pkt) - rx_pkt_send = (Ether(src=rx_dst_mac, dst=rx_src_mac) / - e_pkt) + rx_ip_pkt /= Raw() + if len(rx_ip_pkt) < (size_limit - 14): + rx_ip_pkt[Raw].load += (b"\0" * (size_limit - 14 - len(rx_ip_pkt))) + rx_pkt_send = ( + Ether(src=rx_dst_mac, dst=rx_src_mac) / sa_out.encrypt(rx_ip_pkt)) rx_txq.send(rx_pkt_send) while True: tx_pkt_recv = tx_rxq.recv(2, ignore=sent_packets) if tx_pkt_recv is None: - raise RuntimeError(f"{ip_layer.__name__} packet Rx timeout") + raise RuntimeError(f"{ip_layer.name} packet Rx timeout") if tx_pkt_recv.haslayer(ICMPv6ND_NS): # read another packet in the queue if the current one is ICMPv6ND_NS continue - elif tx_pkt_recv.haslayer(ICMPv6MLReport2): + if tx_pkt_recv.haslayer(ICMPv6MLReport2): # read another packet in the queue if the current one is # ICMPv6MLReport2 continue - elif tx_pkt_recv.haslayer(ICMPv6MLReport2): - # read another packet in the queue if the current one is - # ICMPv6MLReport2 - continue - elif tx_pkt_recv.haslayer(ICMPv6ND_RA): + if tx_pkt_recv.haslayer(ICMPv6ND_RA): # read another packet in the queue if the current one is # ICMPv6ND_RA continue - # otherwise process the current packet break check_ip(tx_pkt_recv, ip_layer, tx_dst_mac, tx_src_mac, dst_ip, src_ip) - sys.exit(0) - if __name__ == u"__main__": main() diff --git a/GPL/traffic_scripts/ipsec_policy.py b/GPL/traffic_scripts/ipsec_policy.py index 413f36bceb..8ba7eb488d 100644 --- a/GPL/traffic_scripts/ipsec_policy.py +++ b/GPL/traffic_scripts/ipsec_policy.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -# Copyright (c) 2021 Cisco and/or its affiliates. +# Copyright (c) 2022 Cisco and/or its affiliates. # # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later # @@ -128,7 +128,6 @@ def check_ip(pkt_recv, ip_layer, src_ip, dst_ip): ) -# TODO: Pylint says too-many-locals and too-many-statements. Refactor! def main(): """Send and receive IPsec packet.""" @@ -152,16 +151,18 @@ def main(): rx_dst_mac = args.get_arg(u"rx_dst_mac") src_ip = args.get_arg(u"src_ip") dst_ip = args.get_arg(u"dst_ip") + src_tun = args.get_arg(u"src_tun") + dst_tun = args.get_arg(u"dst_tun") crypto_alg = args.get_arg(u"crypto_alg") crypto_key = args.get_arg(u"crypto_key") integ_alg = args.get_arg(u"integ_alg") integ_key = args.get_arg(u"integ_key") l_spi = int(args.get_arg(u"l_spi")) r_spi = int(args.get_arg(u"r_spi")) - src_tun = args.get_arg(u"src_tun") - dst_tun = args.get_arg(u"dst_tun") ip_layer = IP if ip_address(src_ip).version == 4 else IPv6 + ip_pkt = ip_layer(src=src_ip, dst=dst_ip, proto=61) if ip_layer == IP \ + else ip_layer(src=src_ip, dst=dst_ip) tunnel_out = ip_layer(src=src_tun, dst=dst_tun) if src_tun and dst_tun \ else None @@ -183,16 +184,14 @@ def main(): auth_key=integ_key.encode(encoding=u"utf-8"), tunnel_header=tunnel_out ) - ip_pkt = ip_layer(src=src_ip, dst=dst_ip, proto=61) if ip_layer == IP \ - else ip_layer(src=src_ip, dst=dst_ip) - ip_pkt = ip_layer(ip_pkt) - - e_pkt = sa_out.encrypt(ip_pkt) - tx_pkt_send = (Ether(src=tx_src_mac, dst=tx_dst_mac) / - e_pkt) - sent_packets = list() + tx_pkt_send = ( + Ether(src=tx_src_mac, dst=tx_dst_mac) / sa_out.encrypt(ip_pkt)) + tx_pkt_send /= Raw() + size_limit = 78 if ip_layer == IPv6 else 64 + if len(tx_pkt_send) < (size_limit - 14): + tx_pkt_send[Raw].load += (b"\0" * (size_limit - 14 - len(tx_pkt_send))) sent_packets.append(tx_pkt_send) tx_txq.send(tx_pkt_send) @@ -205,11 +204,11 @@ def main(): if rx_pkt_recv.haslayer(ICMPv6ND_NS): # read another packet in the queue if the current one is ICMPv6ND_NS continue - elif rx_pkt_recv.haslayer(ICMPv6MLReport2): + if rx_pkt_recv.haslayer(ICMPv6MLReport2): # read another packet in the queue if the current one is # ICMPv6MLReport2 continue - elif rx_pkt_recv.haslayer(ICMPv6ND_RA): + if rx_pkt_recv.haslayer(ICMPv6ND_RA): # read another packet in the queue if the current one is # ICMPv6ND_RA continue @@ -217,30 +216,33 @@ def main(): # otherwise process the current packet break - check_ip(rx_pkt_recv, ip_layer, src_ip, dst_ip) + check_ip( + rx_pkt_recv, ip_layer, src_ip, dst_ip + ) rx_ip_pkt = ip_layer(src=dst_ip, dst=src_ip, proto=61) if ip_layer == IP \ else ip_layer(src=dst_ip, dst=src_ip) - rx_pkt_send = (Ether(src=rx_dst_mac, dst=rx_src_mac) / - rx_ip_pkt) - + rx_pkt_send = ( + Ether(src=rx_dst_mac, dst=rx_src_mac) / rx_ip_pkt) rx_pkt_send /= Raw() + if len(rx_pkt_send) < size_limit: + rx_pkt_send[Raw].load += (b"\0" * (size_limit - len(rx_pkt_send))) rx_txq.send(rx_pkt_send) while True: - tx_pkt_recv = tx_rxq.recv(2, sent_packets) + tx_pkt_recv = tx_rxq.recv(2, ignore=sent_packets) if tx_pkt_recv is None: - raise RuntimeError(u"ESP packet Rx timeout") + raise RuntimeError(f"{ip_layer.name} packet Rx timeout") if tx_pkt_recv.haslayer(ICMPv6ND_NS): # read another packet in the queue if the current one is ICMPv6ND_NS continue - elif tx_pkt_recv.haslayer(ICMPv6MLReport2): + if tx_pkt_recv.haslayer(ICMPv6MLReport2): # read another packet in the queue if the current one is # ICMPv6MLReport2 continue - elif tx_pkt_recv.haslayer(ICMPv6ND_RA): + if tx_pkt_recv.haslayer(ICMPv6ND_RA): # read another packet in the queue if the current one is # ICMPv6ND_RA continue @@ -249,8 +251,6 @@ def main(): check_ipsec(tx_pkt_recv, ip_layer, src_tun, dst_ip, src_ip, sa_in) - sys.exit(0) - if __name__ == u"__main__": main() diff --git a/requirements.txt b/requirements.txt index 983cc79412..e933025a3d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -17,35 +17,41 @@ # into fatal error or uncaught exceptions. # # CSIT Core dependencies -ecdsa==0.13.3 -paramiko==2.6.0 +ecdsa==0.18.0 +paramiko==2.9.3 pycrypto==2.6.1 -pypcap==1.2.3 -PyYAML==5.1.1 +PyYAML==5.4.1 requests==2.25.1 -robotframework==3.1.2 -scapy==2.4.3 -scp==0.13.2 +robotframework==5.0.1 +scapy==2.4.5 +scp==0.14.4 # IaaC dependencies -ansible==2.10.7 +ansible==5.10.0 +ansible-core==2.12.7 # PLRsearch dependencies -dill==0.3.3 -numpy==1.17.3 -scipy==1.5.4 +dill==0.3.5.1 +numpy==1.22.4 +scipy==1.8.1 # PAL/DOC dependencies boto3==1.17.78 botocore==1.20.78 hdrhistogram==0.6.1 -pandas==0.25.3 +pandas==1.4.2 plotly==4.1.1 PTable==0.9.2 Sphinx==3.5.4 sphinx-rtd-theme==0.5.2 +sphinxcontrib-applehelp==1.0.2 +sphinxcontrib-devhelp==1.0.2 +sphinxcontrib-htmlhelp==2.0.0 +sphinxcontrib-jsmath==1.0.1 sphinxcontrib-programoutput==0.17 +sphinxcontrib-qthelp==1.0.3 sphinxcontrib-robotdoc==0.11.0 +sphinxcontrib-serializinghtml==1.1.5 # VPP requirements ply==3.11 @@ -57,39 +63,32 @@ rfc3987==1.3.8 # Other PIP freeze dependencies. alabaster==0.7.12 -arrow==1.2.1 -Babel==2.9.0 -bcrypt==3.1.7 -certifi==2020.12.5 -cffi==1.13.2 +attrs==21.4.0 +Babel==2.10.3 +bcrypt==3.2.2 +certifi==2022.6.15 +cffi==1.15.1 chardet==4.0.0 -cryptography==2.8 +cryptography==36.0.2 docutils==0.16 future==0.18.2 -fqdn==1.5.1 idna==2.10 -imagesize==1.2.0 -isoduration==20.11.0 -Jinja2==2.11.3 -jsonpointer==2.1 -MarkupSafe==1.1.1 -packaging==20.9 -pbr==5.5.1 -pycparser==2.19 -Pygments==2.8.1 -PyNaCl==1.3.0 -pyparsing==2.4.7 +imagesize==1.4.1 +Jinja2==3.1.2 +jmespath==0.10.0 +MarkupSafe==2.1.1 +packaging==21.3 +pbr==5.9.0 +pycparser==2.21 +Pygments==2.12.0 +PyNaCl==1.5.0 +pyparsing==3.0.9 +pyrsistent==0.18.1 python-dateutil==2.8.2 -pytz==2021.1 +pytz==2022.1 +resolvelib==0.5.4 retrying==1.3.3 -six==1.15.0 -snowballstemmer==2.1.0 -sphinxcontrib-applehelp==1.0.2 -sphinxcontrib-devhelp==1.0.2 -sphinxcontrib-htmlhelp==1.0.3 -sphinxcontrib-jsmath==1.0.1 -sphinxcontrib-qthelp==1.0.3 -sphinxcontrib-serializinghtml==1.1.4 -uri-template==1.1.0 -urllib3==1.25.6 -webcolors==1.11.1 +s3transfer==0.4.2 +six==1.16.0 +snowballstemmer==2.2.0 +urllib3==1.26.10 diff --git a/resources/libraries/bash/function/common.sh b/resources/libraries/bash/function/common.sh index dac4521601..b194c31259 100644 --- a/resources/libraries/bash/function/common.sh +++ b/resources/libraries/bash/function/common.sh @@ -118,7 +118,7 @@ function activate_virtualenv () { env_dir="${root_path}/env" req_path=${2-$CSIT_DIR/requirements.txt} rm -rf "${env_dir}" || die "Failed to clean previous virtualenv." - pip3 install virtualenv==20.0.20 || { + pip3 install virtualenv==20.15.1 || { die "Virtualenv package install failed." } virtualenv --no-download --python=$(which python3) "${env_dir}" || { @@ -779,7 +779,6 @@ function run_pybot () { set -exuo pipefail all_options=("--outputdir" "${ARCHIVE_DIR}" "${PYBOT_ARGS[@]}") - all_options+=("--noncritical" "EXPECTED_FAILING") all_options+=("${EXPANDED_TAGS[@]}") pushd "${CSIT_DIR}" || die "Change directory operation failed." diff --git a/tox-requirements.txt b/tox-requirements.txt index ffc760aec5..550fc1d3b3 100644 --- a/tox-requirements.txt +++ b/tox-requirements.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Cisco and/or its affiliates. +# Copyright (c) 2022 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -11,14 +11,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Bump regularly. -tox==3.7.0 +# Tox dependencies. +tox==3.25.1 -# Tox dependencies. Consult "pip freeze" after installing -# bumped tox into an empty virtualenv. -filelock==3.0.10 -pluggy==0.8.1 -py==1.7.0 -six==1.12.0 -toml==0.10.0 -virtualenv==16.4.0 +# Other PIP freeze dependencies. +distlib==0.3.4 +filelock==3.7.1 +packaging==21.3 +platformdirs==2.5.2 +pluggy==1.0.0 +pyparsing==3.0.9 +py==1.11.0 +six==1.16.0 +toml==0.10.2 +virtualenv==20.15.1 |