summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorsnaramre <snaramre@cisco.com>2019-12-13 23:39:35 +0000
committerPaul Vinciguerra <pvinci@vinciconsulting.com>2019-12-14 22:14:12 +0000
commit5d4b8912d2fe186b4fb920a72b3a2f7b556f4e7d (patch)
tree4530f71a783679e3566ed501471cbad481c128d7 /test
parentaa72578637e2a346ee845545b2e26aad83e12192 (diff)
tests: changes for scapy 2.4.3 migration
Type: fix Change-Id: I7e041b666dabd90df23a920a1f1d99db4c10ddfe Signed-off-by: snaramre <snaramre@cisco.com>
Diffstat (limited to 'test')
-rw-r--r--test/Makefile2
-rw-r--r--test/patches/scapy-2.4.3/cdp.patch31
-rw-r--r--test/patches/scapy-2.4.3/ipsec.patch162
-rw-r--r--test/requirements-3.txt4
-rw-r--r--test/requirements.txt2
-rw-r--r--test/template_bd.py3
-rw-r--r--test/template_ipsec.py25
-rw-r--r--test/test_bier.py2
-rw-r--r--test/test_geneve.py2
-rw-r--r--test/test_ip4_vrf_multi_instance.py4
-rw-r--r--test/test_ip6.py3
-rw-r--r--test/test_ipsec_tun_if_esp.py11
-rw-r--r--test/test_l2bd_arp_term.py3
-rw-r--r--test/test_vxlan.py3
-rw-r--r--test/test_vxlan_gbp.py3
-rw-r--r--test/test_vxlan_gpe.py3
-rwxr-xr-xtest/vpp_pg_interface.py3
17 files changed, 231 insertions, 35 deletions
diff --git a/test/Makefile b/test/Makefile
index 4dd77b9b5e8..facdc6e4c14 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -141,7 +141,7 @@ $(PIP_INSTALL_DONE): $(PYTHON_DEPENDS)
$(PIP_PATCH_DONE): $(PIP_INSTALL_DONE)
@echo --- patching ---
@sleep 1 # Ensure python recompiles patched *.py files -> *.pyc
- for f in $(CURDIR)/patches/scapy-2.4/*.patch ; do \
+ for f in $(CURDIR)/patches/scapy-2.4.3/*.patch ; do \
echo Applying patch: $$(basename $$f) ; \
patch --forward -p1 -d $(SCAPY_SOURCE) < $$f ; \
retCode=$$?; \
diff --git a/test/patches/scapy-2.4.3/cdp.patch b/test/patches/scapy-2.4.3/cdp.patch
new file mode 100644
index 00000000000..de16f5d5079
--- /dev/null
+++ b/test/patches/scapy-2.4.3/cdp.patch
@@ -0,0 +1,31 @@
+diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py
+index c8b7f106..7b1ff64d 100644
+--- a/scapy/contrib/cdp.py
++++ b/scapy/contrib/cdp.py
+@@ -102,7 +102,8 @@ def _CDPGuessPayloadClass(p, **kargs):
+ class CDPMsgGeneric(Packet):
+ name = "CDP Generic Message"
+ fields_desc = [ XShortEnumField("type", None, _cdp_tlv_types),
+- FieldLenField("len", None, "val", "!H"),
++ FieldLenField("len", None, "val", "!H",
++ adjust=lambda pkt, x: x + 4),
+ StrLenField("val", "", length_from=lambda x:x.len - 4) ]
+
+
+@@ -178,5 +179,6 @@ class CDPMsgAddr(CDPMsgGeneric):
+ class CDPMsgPortID(CDPMsgGeneric):
+ name = "Port ID"
+ fields_desc = [ XShortEnumField("type", 0x0003, _cdp_tlv_types),
+- FieldLenField("len", None, "iface", "!H"),
++ FieldLenField("len", None, "iface", "!H",
++ adjust=lambda pkt, x: x + 4),
+ StrLenField("iface", "Port 1", length_from=lambda x:x.len - 4) ]
+@@ -319,7 +319,7 @@ class _CDPChecksum:
+ This padding is only used for checksum computation. The original
+ packet should not be altered."""
+ if len(pkt) % 2:
+- last_chr = pkt[-1]
++ last_chr = pkt[len(pkt)-1:]
+ if last_chr <= b'\x80':
+ return pkt[:-1] + b'\x00' + last_chr
+ else:
diff --git a/test/patches/scapy-2.4.3/ipsec.patch b/test/patches/scapy-2.4.3/ipsec.patch
new file mode 100644
index 00000000000..993604768ff
--- /dev/null
+++ b/test/patches/scapy-2.4.3/ipsec.patch
@@ -0,0 +1,162 @@
+diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py
+index f8c601fa..f566d288 100644
+--- a/scapy/layers/ipsec.py
++++ b/scapy/layers/ipsec.py
+@@ -359,11 +359,8 @@ class CryptAlgo(object):
+ encryptor = cipher.encryptor()
+
+ if self.is_aead:
+- if esn_en:
+- aad = struct.pack('!LLL', esp.spi, esn, esp.seq)
+- else:
+- aad = struct.pack('!LL', esp.spi, esp.seq)
+- encryptor.authenticate_additional_data(aad)
++ encryptor.authenticate_additional_data(sa.build_aead(esp))
++
+ data = encryptor.update(data) + encryptor.finalize()
+ data += encryptor.tag[:self.icv_size]
+ else:
+@@ -401,12 +398,7 @@ class CryptAlgo(object):
+
+ if self.is_aead:
+ # Tag value check is done during the finalize method
+- if esn_en:
+- decryptor.authenticate_additional_data(
+- struct.pack('!LLL', esp.spi, esn, esp.seq))
+- else:
+- decryptor.authenticate_additional_data(
+- struct.pack('!LL', esp.spi, esp.seq))
++ decryptor.authenticate_additional_data(sa.build_aead(esp))
+ try:
+ data = decryptor.update(data) + decryptor.finalize()
+ except InvalidTag as err:
+@@ -545,7 +537,7 @@ class AuthAlgo(object):
+ else:
+ return self.mac(key, self.digestmod(), default_backend())
+
+- def sign(self, pkt, key):
++ def sign(self, pkt, key, trailer=None):
+ """
+ Sign an IPsec (ESP or AH) packet with this algo.
+
+@@ -561,16 +553,20 @@ class AuthAlgo(object):
+
+ if pkt.haslayer(ESP):
+ mac.update(raw(pkt[ESP]))
++ if trailer:
++ mac.update(trailer)
+ pkt[ESP].data += mac.finalize()[:self.icv_size]
+
+ elif pkt.haslayer(AH):
+ clone = zero_mutable_fields(pkt.copy(), sending=True)
+ mac.update(raw(clone))
++ if trailer:
++ mac.update(trailer)
+ pkt[AH].icv = mac.finalize()[:self.icv_size]
+
+ return pkt
+
+- def verify(self, pkt, key):
++ def verify(self, pkt, key, trailer):
+ """
+ Check that the integrity check value (icv) of a packet is valid.
+
+@@ -602,6 +598,8 @@ class AuthAlgo(object):
+ clone = zero_mutable_fields(pkt.copy(), sending=False)
+
+ mac.update(raw(clone))
++ if trailer:
++ mac.update(trailer) # bytearray(4)) #raw(trailer))
+ computed_icv = mac.finalize()[:self.icv_size]
+
+ # XXX: Cannot use mac.verify because the ICV can be truncated
+@@ -864,6 +862,23 @@ class SecurityAssociation(object):
+ raise TypeError('nat_t_header must be %s' % UDP.name)
+ self.nat_t_header = nat_t_header
+
++ def build_aead(self, esp):
++ if self.esn_en:
++ return (struct.pack('!LLL', esp.spi, self.seq_num >> 32, esp.seq))
++ else:
++ return (struct.pack('!LL', esp.spi, esp.seq))
++
++ def build_seq_num(self, num):
++ # only lower order bits are transmitted
++ # higher order bits are used in the ICV
++ lower = num & 0xffffffff
++ upper = num >> 32
++
++ if self.esn_en:
++ return lower, struct.pack("!I", upper)
++ else:
++ return lower, None
++
+ def check_spi(self, pkt):
+ if pkt.spi != self.spi:
+ raise TypeError('packet spi=0x%x does not match the SA spi=0x%x' %
+@@ -877,7 +892,8 @@ class SecurityAssociation(object):
+ if len(iv) != self.crypt_algo.iv_size:
+ raise TypeError('iv length must be %s' % self.crypt_algo.iv_size) # noqa: E501
+
+- esp = _ESPPlain(spi=self.spi, seq=seq_num or self.seq_num, iv=iv)
++ low_seq_num, high_seq_num = self.build_seq_num(seq_num or self.seq_num)
++ esp = _ESPPlain(spi=self.spi, seq=low_seq_num, iv=iv)
+
+ if self.tunnel_header:
+ tunnel = self.tunnel_header.copy()
+@@ -901,7 +917,7 @@ class SecurityAssociation(object):
+ esn_en=esn_en or self.esn_en,
+ esn=esn or self.esn)
+
+- self.auth_algo.sign(esp, self.auth_key)
++ self.auth_algo.sign(esp, self.auth_key, high_seq_num)
+
+ if self.nat_t_header:
+ nat_t_header = self.nat_t_header.copy()
+@@ -928,7 +944,8 @@ class SecurityAssociation(object):
+
+ def _encrypt_ah(self, pkt, seq_num=None):
+
+- ah = AH(spi=self.spi, seq=seq_num or self.seq_num,
++ low_seq_num, high_seq_num = self.build_seq_num(seq_num or self.seq_num)
++ ah = AH(spi=self.spi, seq=low_seq_num,
+ icv=b"\x00" * self.auth_algo.icv_size)
+
+ if self.tunnel_header:
+@@ -968,7 +985,8 @@ class SecurityAssociation(object):
+ else:
+ ip_header.plen = len(ip_header.payload) + len(ah) + len(payload)
+
+- signed_pkt = self.auth_algo.sign(ip_header / ah / payload, self.auth_key) # noqa: E501
++ signed_pkt = self.auth_algo.sign(ip_header / ah / payload,
++ self.auth_key, high_seq_num) # noqa: E501
+
+ # sequence number must always change, unless specified by the user
+ if seq_num is None:
+@@ -1005,11 +1023,12 @@ class SecurityAssociation(object):
+
+ def _decrypt_esp(self, pkt, verify=True, esn_en=None, esn=None):
+
++ low_seq_num, high_seq_num = self.build_seq_num(self.seq_num)
+ encrypted = pkt[ESP]
+
+ if verify:
+ self.check_spi(pkt)
+- self.auth_algo.verify(encrypted, self.auth_key)
++ self.auth_algo.verify(encrypted, self.auth_key, high_seq_num)
+
+ esp = self.crypt_algo.decrypt(self, encrypted, self.crypt_key,
+ self.crypt_algo.icv_size or
+@@ -1050,9 +1069,10 @@ class SecurityAssociation(object):
+
+ def _decrypt_ah(self, pkt, verify=True):
+
++ low_seq_num, high_seq_num = self.build_seq_num(self.seq_num)
+ if verify:
+ self.check_spi(pkt)
+- self.auth_algo.verify(pkt, self.auth_key)
++ self.auth_algo.verify(pkt, self.auth_key, high_seq_num)
+
+ ah = pkt[AH]
+ payload = ah.payload
+
diff --git a/test/requirements-3.txt b/test/requirements-3.txt
index 479f65d1423..f5dbc22c4c9 100644
--- a/test/requirements-3.txt
+++ b/test/requirements-3.txt
@@ -125,8 +125,8 @@ pyparsing==2.4.0 \
--hash=sha256:1873c03321fc118f4e9746baf201ff990ceb915f433f23b395f5580d1840cb2a \
--hash=sha256:9b6323ef4ab914af344ba97510e966d64ba91055d6b9afa6b30799340e89cc03 \
# via packaging
-scapy==2.4.0 ; python_version >= "2.7" or python_version >= "3.4" \
- --hash=sha256:452f714f5c2eac6fd0a6146b1dbddfc24dd5f4103f3ed76227995a488cfb2b73
+scapy==2.4.3 ; python_version >= "2.7" or python_version >= "3.4" \
+ --hash=sha256:e2f8d11f6a941c14a789ae8b236b27bd634681f1b29b5e893861e284d234f6b0
six==1.12.0 \
--hash=sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c \
--hash=sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73
diff --git a/test/requirements.txt b/test/requirements.txt
index 1dab4fc260b..103bc190005 100644
--- a/test/requirements.txt
+++ b/test/requirements.txt
@@ -11,7 +11,7 @@ parameterized>=0.6.1 # BSD
pexpect # ISC
psutil # BSD
pycodestyle # MIT (Expat license) https://pypi.org/project/pycodestyle/
-scapy==2.4.0; python_version >= '2.7' or python_version >= '3.4' # GPL2 https://github.com/secdev/scapy/blob/master/LICENSE
+scapy==2.4.3; python_version >= '2.7' or python_version >= '3.4' # GPL2 https://github.com/secdev/scapy/blob/master/LICENSE
six # MIT
subprocess32 # PSF
syslog_rfc5424_parser>=0.3.1 # ISC
diff --git a/test/template_bd.py b/test/template_bd.py
index c4017616a9b..bd55b9b6890 100644
--- a/test/template_bd.py
+++ b/test/template_bd.py
@@ -3,7 +3,8 @@
import abc
import six
-from scapy.layers.l2 import Ether, Raw
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
from scapy.layers.inet import IP, UDP
from util import ip4_range
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index a59a213506b..034bc8ecf45 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -4,7 +4,8 @@ import struct
from scapy.layers.inet import IP, ICMP, TCP, UDP
from scapy.layers.ipsec import SecurityAssociation, ESP
-from scapy.layers.l2 import Ether, Raw
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest
from framework import VppTestCase, VppTestRunner
@@ -93,8 +94,8 @@ def mk_scapy_crypt_key(p):
def config_tun_params(p, encryption_type, tun_if):
ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
- use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
- IPSEC_API_SAD_FLAG_USE_ESN))
+ esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ESN))
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type, spi=p.vpp_tun_spi,
@@ -105,7 +106,7 @@ def config_tun_params(p, encryption_type, tun_if):
src=tun_if.remote_addr[p.addr_type],
dst=tun_if.local_addr[p.addr_type]),
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
p.vpp_tun_sa = SecurityAssociation(
encryption_type, spi=p.scapy_tun_spi,
crypt_algo=p.crypt_algo,
@@ -115,12 +116,12 @@ def config_tun_params(p, encryption_type, tun_if):
dst=tun_if.remote_addr[p.addr_type],
src=tun_if.local_addr[p.addr_type]),
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
def config_tra_params(p, encryption_type):
- use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
- IPSEC_API_SAD_FLAG_USE_ESN))
+ esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ESN))
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tra_sa = SecurityAssociation(
encryption_type,
@@ -130,7 +131,7 @@ def config_tra_params(p, encryption_type):
auth_algo=p.auth_algo,
auth_key=p.auth_key,
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
p.vpp_tra_sa = SecurityAssociation(
encryption_type,
spi=p.scapy_tra_spi,
@@ -139,7 +140,7 @@ def config_tra_params(p, encryption_type):
auth_algo=p.auth_algo,
auth_key=p.auth_key,
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
class TemplateIpsec(VppTestCase):
@@ -271,7 +272,7 @@ class IpsecTra4(object):
""" verify methods for Transport v4 """
def verify_tra_anti_replay(self):
p = self.params[socket.AF_INET]
- use_esn = p.vpp_tra_sa.use_esn
+ esn_en = p.vpp_tra_sa.esn_en
seq_cycle_node_name = ('/err/%s/sequence number cycled' %
self.tra4_encrypt_node_name)
@@ -415,7 +416,7 @@ class IpsecTra4(object):
seq_num=17))
self.send_and_assert_no_replies(self.tra_if, pkt * 17)
- if use_esn:
+ if esn_en:
# an out of window error with ESN looks like a high sequence
# wrap. but since it isn't then the verify will fail.
hash_failed_count += 17
@@ -455,7 +456,7 @@ class IpsecTra4(object):
seq_num=seq))
for seq in range(259, 280)]
- if use_esn:
+ if esn_en:
rxs = self.send_and_expect(self.tra_if, pkts, self.tra_if)
#
diff --git a/test/test_bier.py b/test/test_bier.py
index b02014daa33..1c58ee58bd3 100644
--- a/test/test_bier.py
+++ b/test/test_bier.py
@@ -167,7 +167,7 @@ class TestBier(VppTestCase):
byte_val = scapy.compat.chb(1 << (bp - 1) % 8)
byte_pos = n_bytes - (((bp - 1) // 8) + 1)
byte_array[byte_pos] = byte_val
- bitstring = b''.join([scapy.compat.chb(x) for x in byte_array])
+ bitstring = b''.join(byte_array)
self.assertEqual(len(bitstring), len(bier_hdr.BitString))
self.assertEqual(bitstring, bier_hdr.BitString)
diff --git a/test/test_geneve.py b/test/test_geneve.py
index d5d621f052e..24019e7316b 100644
--- a/test/test_geneve.py
+++ b/test/test_geneve.py
@@ -8,7 +8,7 @@ from template_bd import BridgeDomain
from scapy.layers.l2 import Ether
from scapy.layers.inet import IP, UDP
-from scapy.layers.geneve import GENEVE
+from scapy.contrib.geneve import GENEVE
from scapy.utils import atol
from vpp_ip_route import VppIpRoute, VppRoutePath
from vpp_ip import INVALID_INDEX
diff --git a/test/test_ip4_vrf_multi_instance.py b/test/test_ip4_vrf_multi_instance.py
index fba00eb2ddc..474ab70dc71 100644
--- a/test/test_ip4_vrf_multi_instance.py
+++ b/test/test_ip4_vrf_multi_instance.py
@@ -68,8 +68,8 @@ import socket
import scapy.compat
from scapy.packet import Raw
-from scapy.layers.l2 import Ether
-from scapy.layers.inet import IP, UDP, ARP
+from scapy.layers.l2 import Ether, ARP
+from scapy.layers.inet import IP, UDP
from framework import VppTestCase, VppTestRunner
from util import ppp
diff --git a/test/test_ip6.py b/test/test_ip6.py
index c6cced9c138..205bea65863 100644
--- a/test/test_ip6.py
+++ b/test/test_ip6.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
-import socket
+from socket import inet_pton, inet_ntop
import unittest
from parameterized import parameterized
@@ -13,7 +13,6 @@ from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6ND_RS, \
ICMPv6TimeExceeded, ICMPv6EchoRequest, ICMPv6EchoReply, IPv6ExtHdrHopByHop
from scapy.layers.l2 import Ether, Dot1Q
from scapy.packet import Raw
-from scapy.utils import inet_pton, inet_ntop
from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
in6_mactoifaceid
from six import moves
diff --git a/test/test_ipsec_tun_if_esp.py b/test/test_ipsec_tun_if_esp.py
index 589fb10d740..3e578fabaf9 100644
--- a/test/test_ipsec_tun_if_esp.py
+++ b/test/test_ipsec_tun_if_esp.py
@@ -3,7 +3,8 @@ import socket
import copy
from scapy.layers.ipsec import SecurityAssociation, ESP
-from scapy.layers.l2 import Ether, Raw, GRE
+from scapy.layers.l2 import Ether, GRE
+from scapy.packet import Raw
from scapy.layers.inet import IP, UDP
from scapy.layers.inet6 import IPv6
from framework import VppTestRunner
@@ -21,8 +22,8 @@ from vpp_papi import VppEnum
def config_tun_params(p, encryption_type, tun_if):
ip_class_by_addr_type = {socket.AF_INET: IP, socket.AF_INET6: IPv6}
- use_esn = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
- IPSEC_API_SAD_FLAG_USE_ESN))
+ esn_en = bool(p.flags & (VppEnum.vl_api_ipsec_sad_flags_t.
+ IPSEC_API_SAD_FLAG_USE_ESN))
crypt_key = mk_scapy_crypt_key(p)
p.scapy_tun_sa = SecurityAssociation(
encryption_type, spi=p.vpp_tun_spi,
@@ -33,7 +34,7 @@ def config_tun_params(p, encryption_type, tun_if):
src=tun_if.remote_ip,
dst=tun_if.local_ip),
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
p.vpp_tun_sa = SecurityAssociation(
encryption_type, spi=p.scapy_tun_spi,
crypt_algo=p.crypt_algo,
@@ -43,7 +44,7 @@ def config_tun_params(p, encryption_type, tun_if):
dst=tun_if.remote_ip,
src=tun_if.local_ip),
nat_t_header=p.nat_header,
- use_esn=use_esn)
+ esn_en=esn_en)
class TemplateIpsec4TunIfEsp(TemplateIpsec):
diff --git a/test/test_l2bd_arp_term.py b/test/test_l2bd_arp_term.py
index e72a42e1165..975c324896b 100644
--- a/test/test_l2bd_arp_term.py
+++ b/test/test_l2bd_arp_term.py
@@ -5,12 +5,11 @@ import unittest
import random
import copy
-from socket import AF_INET, AF_INET6
+from socket import AF_INET, AF_INET6, inet_pton, inet_ntop
from scapy.packet import Raw
from scapy.layers.l2 import Ether, ARP
from scapy.layers.inet import IP
-from scapy.utils import inet_pton, inet_ntop
from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ptop, in6_islladdr, \
in6_mactoifaceid, in6_ismaddr
from scapy.layers.inet6 import IPv6, UDP, ICMPv6ND_NS, ICMPv6ND_RS, \
diff --git a/test/test_vxlan.py b/test/test_vxlan.py
index 692930eb1f2..7613054882a 100644
--- a/test/test_vxlan.py
+++ b/test/test_vxlan.py
@@ -6,7 +6,8 @@ import unittest
from framework import VppTestCase, VppTestRunner
from template_bd import BridgeDomain
-from scapy.layers.l2 import Ether, Raw
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
from scapy.layers.inet import IP, UDP
from scapy.layers.vxlan import VXLAN
from scapy.utils import atol
diff --git a/test/test_vxlan_gbp.py b/test/test_vxlan_gbp.py
index 17ee66205b6..19790df1f76 100644
--- a/test/test_vxlan_gbp.py
+++ b/test/test_vxlan_gbp.py
@@ -6,7 +6,8 @@ import unittest
from framework import VppTestCase, VppTestRunner
from template_bd import BridgeDomain
-from scapy.layers.l2 import Ether, Raw
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
from scapy.layers.inet import IP, UDP
from scapy.layers.vxlan import VXLAN
from scapy.utils import atol
diff --git a/test/test_vxlan_gpe.py b/test/test_vxlan_gpe.py
index 5622a03b467..ca1ad9c60bf 100644
--- a/test/test_vxlan_gpe.py
+++ b/test/test_vxlan_gpe.py
@@ -6,7 +6,8 @@ import unittest
from framework import VppTestCase, VppTestRunner, running_extended_tests
from template_bd import BridgeDomain
-from scapy.layers.l2 import Ether, Raw
+from scapy.layers.l2 import Ether
+from scapy.packet import Raw
from scapy.layers.inet import IP, UDP
from scapy.layers.vxlan import VXLAN
from scapy.utils import atol
diff --git a/test/vpp_pg_interface.py b/test/vpp_pg_interface.py
index e5926fac509..b7f1881d516 100755
--- a/test/vpp_pg_interface.py
+++ b/test/vpp_pg_interface.py
@@ -1,6 +1,6 @@
import os
import time
-import socket
+from socket import inet_pton, inet_ntop
import struct
from traceback import format_exc, format_stack
@@ -15,7 +15,6 @@ from scapy.layers.inet6 import IPv6, ICMPv6ND_NS, ICMPv6ND_NA,\
IPv6ExtHdrHopByHop
from util import ppp, ppc
from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_ismaddr
-from scapy.utils import inet_pton, inet_ntop
class CaptureTimeoutError(Exception):