aboutsummaryrefslogtreecommitdiffstats
path: root/resources/traffic_scripts/ipsec.py
diff options
context:
space:
mode:
Diffstat (limited to 'resources/traffic_scripts/ipsec.py')
-rwxr-xr-xresources/traffic_scripts/ipsec.py158
1 files changed, 83 insertions, 75 deletions
diff --git a/resources/traffic_scripts/ipsec.py b/resources/traffic_scripts/ipsec.py
index b853b6c09f..320303d1fb 100755
--- a/resources/traffic_scripts/ipsec.py
+++ b/resources/traffic_scripts/ipsec.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
# Copyright (c) 2019 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,18 +18,18 @@
import sys
import logging
+from ipaddress import ip_address
# pylint: disable=no-name-in-module
# pylint: disable=import-error
-logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
-
-from scapy.all import Ether
+logging.getLogger(u"scapy.runtime").setLevel(logging.ERROR)
from scapy.layers.inet import IP
from scapy.layers.inet6 import IPv6, ICMPv6ND_NS
from scapy.layers.ipsec import SecurityAssociation, ESP
-from ipaddress import ip_address
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
-from resources.libraries.python.TrafficScriptArg import TrafficScriptArg
from resources.libraries.python.PacketVerifier import RxQueue, TxQueue
+from resources.libraries.python.TrafficScriptArg import TrafficScriptArg
def check_ipsec(pkt_recv, ip_layer, dst_tun, src_ip, dst_ip, sa_in):
@@ -50,37 +50,39 @@ def check_ipsec(pkt_recv, ip_layer, dst_tun, src_ip, dst_ip, sa_in):
:raises RuntimeError: If received packet is invalid.
"""
if not pkt_recv.haslayer(ip_layer):
- raise RuntimeError('Not an {ip} packet received: {pkt}'.format(
- ip=ip_layer.name, pkt=pkt_recv.__repr__()))
+ raise RuntimeError(
+ f"Not an {ip_layer.name} packet received: {pkt_recv!r}"
+ )
- if pkt_recv[ip_layer.name].dst != dst_tun:
+ if pkt_recv[ip_layer].dst != dst_tun:
raise RuntimeError(
- 'Received packet has invalid destination address: {rec_ip} '
- 'should be: {exp_ip}'.format(
- rec_ip=pkt_recv[ip_layer.name].dst, exp_ip=dst_tun))
+ f"Received packet has invalid destination address: "
+ f"{pkt_recv[ip_layer].dst} should be: {dst_tun}"
+ )
if not pkt_recv.haslayer(ESP):
- raise RuntimeError(
- 'Not an ESP packet received: {pkt}'.format(pkt=pkt_recv.__repr__()))
+ raise RuntimeError(f"Not an ESP packet received: {pkt_recv!r}")
ip_pkt = pkt_recv[ip_layer]
d_pkt = sa_in.decrypt(ip_pkt)
if d_pkt[ip_layer].dst != dst_ip:
raise RuntimeError(
- 'Decrypted packet has invalid destination address: {rec_ip} '
- 'should be: {exp_ip}'.format(
- rec_ip=d_pkt[ip_layer].dst, exp_ip=dst_ip))
+ f"Decrypted packet has invalid destination address: "
+ f"{d_pkt[ip_layer].dst} should be: {dst_ip}"
+ )
if d_pkt[ip_layer].src != src_ip:
raise RuntimeError(
- 'Decrypted packet has invalid source address: {rec_ip} should be: '
- '{exp_ip}'.format(rec_ip=d_pkt[ip_layer].src, exp_ip=src_ip))
+ f"Decrypted packet has invalid source address: "
+ f"{d_pkt[ip_layer].src} should be: {src_ip}"
+ )
- if ip_layer == IP and d_pkt[ip_layer.name].proto != 61:
+ if ip_layer == IP and d_pkt[ip_layer].proto != 61:
raise RuntimeError(
- 'Decrypted packet has invalid IP protocol: {rec_proto} '
- 'should be: 61'.format(rec_proto=d_pkt[ip_layer.name].proto))
+ f"Decrypted packet has invalid IP protocol: "
+ f"{d_pkt[ip_layer].proto} should be: 61"
+ )
def check_ip(pkt_recv, ip_layer, src_ip, dst_ip):
@@ -97,25 +99,27 @@ def check_ip(pkt_recv, ip_layer, src_ip, dst_ip):
:raises RuntimeError: If received packet is invalid.
"""
if not pkt_recv.haslayer(ip_layer):
- raise RuntimeError('Not an {ip} packet received: {pkt}'.format(
- ip=ip_layer.name, pkt=pkt_recv.__repr__()))
+ raise RuntimeError(
+ f"Not an {ip_layer.name} packet received: {pkt_recv!r}"
+ )
- if pkt_recv[ip_layer.name].dst != dst_ip:
+ if pkt_recv[ip_layer].dst != dst_ip:
raise RuntimeError(
- 'Received packet has invalid destination address: {rec_ip} '
- 'should be: {exp_ip}'.format(
- rec_ip=pkt_recv[ip_layer.name].dst, exp_ip=dst_ip))
+ f"Received packet has invalid destination address: "
+ f"{pkt_recv[ip_layer.name].dst} should be: {dst_ip}"
+ )
- if pkt_recv[ip_layer.name].src != src_ip:
+ if pkt_recv[ip_layer].src != src_ip:
raise RuntimeError(
- 'Received packet has invalid destination address: {rec_ip} '
- 'should be: {exp_ip}'.format(
- rec_ip=pkt_recv[ip_layer.name].dst, exp_ip=src_ip))
+ f"Received packet has invalid destination address: "
+ f"{pkt_recv[ip_layer.name].dst} should be: {src_ip}"
+ )
- if ip_layer == IP and pkt_recv[ip_layer.name].proto != 61:
+ if ip_layer == IP and pkt_recv[ip_layer].proto != 61:
raise RuntimeError(
- 'Received packet has invalid IP protocol: {rec_proto} '
- 'should be: 61'.format(rec_proto=pkt_recv[ip_layer.name].proto))
+ f"Received packet has invalid IP protocol: "
+ f"{pkt_recv[ip_layer].proto} should be: 61"
+ )
# pylint: disable=too-many-locals
@@ -124,36 +128,35 @@ def main():
"""Send and receive IPsec packet."""
args = TrafficScriptArg(
- ['tx_src_mac', 'tx_dst_mac', 'rx_src_mac', 'rx_dst_mac', 'src_ip',
- 'dst_ip','crypto_alg', 'crypto_key', 'integ_alg', 'integ_key',
- 'l_spi', 'r_spi'],
- ['src_tun', 'dst_tun']
+ [
+ u"tx_src_mac", u"tx_dst_mac", u"rx_src_mac", u"rx_dst_mac",
+ u"src_ip", u"dst_ip", u"crypto_alg", u"crypto_key", u"integ_alg",
+ u"integ_key", u"l_spi", u"r_spi"
+ ],
+ [u"src_tun", u"dst_tun"]
)
- tx_txq = TxQueue(args.get_arg('tx_if'))
- tx_rxq = RxQueue(args.get_arg('tx_if'))
- rx_txq = TxQueue(args.get_arg('rx_if'))
- rx_rxq = RxQueue(args.get_arg('rx_if'))
-
- tx_src_mac = args.get_arg('tx_src_mac')
- tx_dst_mac = args.get_arg('tx_dst_mac')
- rx_src_mac = args.get_arg('rx_src_mac')
- rx_dst_mac = args.get_arg('rx_dst_mac')
- src_ip = args.get_arg('src_ip')
- dst_ip = args.get_arg('dst_ip')
- crypto_alg = args.get_arg('crypto_alg')
- crypto_key = args.get_arg('crypto_key')
- integ_alg = args.get_arg('integ_alg')
- integ_key = args.get_arg('integ_key')
- l_spi = int(args.get_arg('l_spi'))
- r_spi = int(args.get_arg('r_spi'))
- src_tun = args.get_arg('src_tun')
- dst_tun = args.get_arg('dst_tun')
-
- if ip_address(unicode(src_ip)).version == 6:
- ip_layer = IPv6
- else:
- ip_layer = IP
+ tx_txq = TxQueue(args.get_arg(u"tx_if"))
+ tx_rxq = RxQueue(args.get_arg(u"tx_if"))
+ rx_txq = TxQueue(args.get_arg(u"rx_if"))
+ rx_rxq = RxQueue(args.get_arg(u"rx_if"))
+
+ tx_src_mac = args.get_arg(u"tx_src_mac")
+ tx_dst_mac = args.get_arg(u"tx_dst_mac")
+ rx_src_mac = args.get_arg(u"rx_src_mac")
+ rx_dst_mac = args.get_arg(u"rx_dst_mac")
+ src_ip = args.get_arg(u"src_ip")
+ dst_ip = args.get_arg(u"dst_ip")
+ crypto_alg = args.get_arg(u"crypto_alg")
+ crypto_key = args.get_arg(u"crypto_key")
+ integ_alg = args.get_arg(u"integ_alg")
+ integ_key = args.get_arg(u"integ_key")
+ l_spi = int(args.get_arg(u"l_spi"))
+ r_spi = int(args.get_arg(u"r_spi"))
+ src_tun = args.get_arg(u"src_tun")
+ dst_tun = args.get_arg(u"dst_tun")
+
+ ip_layer = IP if ip_address(src_ip).version == 4 else IPv6
tunnel_out = ip_layer(src=src_tun, dst=dst_tun) if src_tun and dst_tun \
else None
@@ -163,23 +166,28 @@ def main():
if not (src_tun and dst_tun):
src_tun = src_ip
- sa_in = SecurityAssociation(ESP, spi=r_spi, crypt_algo=crypto_alg,
- crypt_key=crypto_key, auth_algo=integ_alg,
- auth_key=integ_key, tunnel_header=tunnel_in)
+ sa_in = SecurityAssociation(
+ ESP, spi=r_spi, crypt_algo=crypto_alg,
+ crypt_key=crypto_key.encode(encoding=u"utf-8"), auth_algo=integ_alg,
+ auth_key=integ_key.encode(encoding=u"utf-8"), tunnel_header=tunnel_in
+ )
- sa_out = SecurityAssociation(ESP, spi=l_spi, crypt_algo=crypto_alg,
- crypt_key=crypto_key, auth_algo=integ_alg,
- auth_key=integ_key, tunnel_header=tunnel_out)
+ sa_out = SecurityAssociation(
+ ESP, spi=l_spi, crypt_algo=crypto_alg,
+ crypt_key=crypto_key.encode(encoding=u"utf-8"), auth_algo=integ_alg,
+ auth_key=integ_key.encode(encoding=u"utf-8"), tunnel_header=tunnel_out
+ )
ip_pkt = ip_layer(src=src_ip, dst=dst_ip, proto=61) if ip_layer == IP \
else ip_layer(src=src_ip, dst=dst_ip)
- ip_pkt = ip_layer(str(ip_pkt))
+ ip_pkt = ip_layer(ip_pkt)
e_pkt = sa_out.encrypt(ip_pkt)
tx_pkt_send = (Ether(src=tx_src_mac, dst=tx_dst_mac) /
e_pkt)
sent_packets = list()
+ tx_pkt_send /= Raw()
sent_packets.append(tx_pkt_send)
tx_txq.send(tx_pkt_send)
@@ -187,8 +195,7 @@ def main():
rx_pkt_recv = rx_rxq.recv(2)
if rx_pkt_recv is None:
- raise RuntimeError(
- '{ip} packet Rx timeout'.format(ip=ip_layer.name))
+ raise RuntimeError(f"{ip_layer.name} packet Rx timeout")
if rx_pkt_recv.haslayer(ICMPv6ND_NS):
# read another packet in the queue if the current one is ICMPv6ND_NS
@@ -204,15 +211,16 @@ def main():
rx_pkt_send = (Ether(src=rx_dst_mac, dst=rx_src_mac) /
rx_ip_pkt)
+ rx_pkt_send /= Raw()
rx_txq.send(rx_pkt_send)
while True:
tx_pkt_recv = tx_rxq.recv(2, sent_packets)
if tx_pkt_recv is None:
- raise RuntimeError('ESP packet Rx timeout')
+ raise RuntimeError(u"ESP packet Rx timeout")
- if rx_pkt_recv.haslayer(ICMPv6ND_NS):
+ if tx_pkt_recv.haslayer(ICMPv6ND_NS):
# read another packet in the queue if the current one is ICMPv6ND_NS
continue
else:
@@ -224,5 +232,5 @@ def main():
sys.exit(0)
-if __name__ == "__main__":
+if __name__ == u"__main__":
main()