From ac8b7ce3b05805a978b8186440e62dcd0d9023c3 Mon Sep 17 00:00:00 2001 From: selias Date: Wed, 21 Sep 2016 10:52:31 +0200 Subject: CSIT-235: Switched Port Analyzer mirroring (SPAN) - IPv4 - add library for SPAN setup - add telemetry traffic script and a keyword to run it - add "telemetry" folders for python and robot libraries - move IPFIX libraries to these new folders - add first SPAN test case, mirroring IPv4 ICMP packets Change-Id: Ibca35f724c13662bf80dce2d7e2649d1a0b8676a Signed-off-by: selias --- resources/traffic_scripts/ipfix_check.py | 4 +- resources/traffic_scripts/ipfix_sessions.py | 5 +- resources/traffic_scripts/span_check.py | 138 ++++++++++++++++++++++++++++ 3 files changed, 142 insertions(+), 5 deletions(-) create mode 100755 resources/traffic_scripts/span_check.py (limited to 'resources/traffic_scripts') diff --git a/resources/traffic_scripts/ipfix_check.py b/resources/traffic_scripts/ipfix_check.py index 14b5a074db..aa04b24038 100755 --- a/resources/traffic_scripts/ipfix_check.py +++ b/resources/traffic_scripts/ipfix_check.py @@ -22,7 +22,8 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether -from resources.libraries.python.IPFIXUtil import IPFIXHandler, IPFIXData +from resources.libraries.python.telemetry.IPFIXUtil import IPFIXHandler, \ + IPFIXData from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad from resources.libraries.python.TrafficScriptArg import TrafficScriptArg @@ -81,7 +82,6 @@ def main(): rxq = RxQueue(tx_if) # generate simple packet based on arguments - ip_version = None if valid_ipv4(src_ip) and valid_ipv4(dst_ip): ip_version = IP elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): diff --git a/resources/traffic_scripts/ipfix_sessions.py b/resources/traffic_scripts/ipfix_sessions.py index 2994916144..e7597a894a 100755 --- a/resources/traffic_scripts/ipfix_sessions.py +++ b/resources/traffic_scripts/ipfix_sessions.py @@ -22,7 +22,8 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether -from resources.libraries.python.IPFIXUtil import IPFIXHandler, IPFIXData +from resources.libraries.python.telemetry.IPFIXUtil import IPFIXHandler, \ + IPFIXData from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad from resources.libraries.python.TrafficScriptArg import TrafficScriptArg @@ -133,8 +134,6 @@ def main(): tx_if = args.get_arg('tx_if') protocol = args.get_arg('protocol') - source_port = int(args.get_arg('port')) - destination_port = int(args.get_arg('port')) count = int(args.get_arg('count')) sessions = int(args.get_arg('sessions')) diff --git a/resources/traffic_scripts/span_check.py b/resources/traffic_scripts/span_check.py new file mode 100755 index 0000000000..66400d9dfb --- /dev/null +++ b/resources/traffic_scripts/span_check.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an IP ICMPv4/ICMPv6 packet from one interface +to the other. Source and destination IP addresses and source and destination +MAC addresses are checked in received packet. +""" + +import sys +import ipaddress + +from scapy.layers.inet import IP, ICMP, ARP +from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, ICMPv6EchoReply +from scapy.layers.l2 import Ether + +from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + + +def valid_ipv4(address): + """Check if IP address has the correct IPv4 address format. + + :param address: IP address. + :type address: str + :return: True in case of correct IPv4 address format, + otherwise return false. + :rtype: bool + """ + try: + ipaddress.IPv4Address(unicode(address)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def valid_ipv6(address): + """Check if IP address has the correct IPv6 address format. + + :param address: IP address. + :type address: str + :return: True in case of correct IPv6 address format, + otherwise return false. + :rtype: bool + """ + try: + ipaddress.IPv6Address(unicode(address)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def main(): + """Send a simple L2 or ICMP packet from one TG interface to DUT, then + receive a copy of the packet on the second TG interface, and a copy of + the ICMP reply.""" + args = TrafficScriptArg( + ['tg_src_mac', 'src_ip', 'dst_ip', 'dut_if1_mac', 'ptype']) + + src_mac = args.get_arg('tg_src_mac') + dst_mac = args.get_arg('dut_if1_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + ptype = args.get_arg('ptype') + + rxq = RxQueue(rx_if) + txq = TxQueue(tx_if) + + if ptype == "ARP": + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + ARP(hwsrc=src_mac, hwdst="00:00:00:00:00:00", + psrc=src_ip, pdst=dst_ip, op="who-has")) + elif ptype == "ICMP": + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + IP(src=src_ip, dst=dst_ip) / + ICMP(type="echo-request")) + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + IPv6(src=src_ip, dst=dst_ip) / + ICMPv6EchoRequest()) + else: + raise ValueError("IP not in correct format") + else: + raise RuntimeError("Unexpected payload type.") + + txq.send(pkt_raw) + ether = rxq.recv(2) + + # Receive copy of sent packet. + if ether is None: + raise RuntimeError("Rx timeout") + pkt = auto_pad(pkt_raw) + if str(ether) != str(pkt): + raise RuntimeError("Mirrored packet does not match packet sent.") + + # Receive copy of reply to sent packet. + ether = rxq.recv(2) + if ether is None: + raise RuntimeError("Rx timeout") + if ether.src != dst_mac or ether.dst != src_mac: + raise RuntimeError("MAC mismatch in mirrored response.") + if ptype == "ARP": + if ether['ARP'].op != 2: + raise RuntimeError("Mirrored packet is not an ARP reply.") + if ether['ARP'].hwsrc != dst_mac or ether['ARP'].hwdst != src_mac: + raise RuntimeError("ARP MAC does not match l2 MAC " + "in mirrored response.") + if ether['ARP'].psrc != dst_ip or ether['ARP'].pdst != src_ip: + raise RuntimeError("ARP IP address mismatch in mirrored response.") + elif ptype == "ICMP" and ether.haslayer(IP): + if ether['IP'].src != dst_ip or ether['IP'].dst != src_ip: + raise RuntimeError("IP address mismatch in mirrored reply.") + if ether['ICMP'].type != 0: + raise RuntimeError("Mirrored packet is not an ICMP reply.") + elif ptype == "ICMP" and ether.haslayer(IPv6): + if ether['IPv6'].src != dst_ip or ether['IPv6'].dst != src_ip: + raise RuntimeError("IP address mismatch in mirrored reply.") + if not ether.haslayer(ICMPv6EchoReply): + raise RuntimeError("Mirrored packet is not an ICMP reply.") + + sys.exit(0) + + +if __name__ == "__main__": + main() -- cgit 1.2.3-korg