blame | history | raw
ronnie
2022-10-14 1504bb53e29d3d46222c0b3ea994fc494b48e153 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

#!/usr/bin/env python


# Copyright (c) PLUMgrid, Inc.


# Licensed under the Apache License, Version 2.0 (the "License")


 


from netaddr import IPAddress


from bcc import BPF


from pyroute2 import IPRoute, protocols


from socket import socket, AF_INET, SOCK_DGRAM


from subprocess import call


import sys


from time import sleep


from unittest import main, TestCase


 


arg1 = sys.argv.pop(1)


arg2 = ""


if len(sys.argv) > 1:


  arg2 = sys.argv.pop(1)


 


class TestBPFFilter(TestCase):


    def setUp(self):


        b = BPF(arg1, arg2, debug=0)


        fn = b.load_func("on_packet", BPF.SCHED_ACT)


        ip = IPRoute()


        ifindex = ip.link_lookup(ifname="eth0")[0]


        # set up a network to change the flow:


        #             outside      |       inside


        # 172.16.1.1 - 172.16.1.2  |  192.168.1.1 - 192.16.1.2


        ip.addr("del", index=ifindex, address="172.16.1.2", mask=24)


        ip.addr("add", index=ifindex, address="192.168.1.2", mask=24)


        # add an ingress and egress qdisc


        ip.tc("add", "ingress", ifindex, "ffff:")


        ip.tc("add", "sfq", ifindex, "1:")


        # add same program to both ingress/egress, so pkt is translated in both directions


        action = {"kind": "bpf", "fd": fn.fd, "name": fn.name, "action": "ok"}


        ip.tc("add-filter", "u32", ifindex, ":1", parent="ffff:", action=[action],


                protocol=protocols.ETH_P_ALL, classid=1, target=0x10002, keys=['0x0/0x0+0'])


        ip.tc("add-filter", "u32", ifindex, ":2", parent="1:", action=[action],


                protocol=protocols.ETH_P_ALL, classid=1, target=0x10002, keys=['0x0/0x0+0'])


        self.xlate = b.get_table("xlate")


 


    def test_xlate(self):


        key1 = self.xlate.Key(IPAddress("172.16.1.2").value, IPAddress("172.16.1.1").value)


        leaf1 = self.xlate.Leaf(IPAddress("192.168.1.2").value, IPAddress("192.168.1.1").value, 0, 0)


        self.xlate[key1] = leaf1


        key2 = self.xlate.Key(IPAddress("192.168.1.1").value, IPAddress("192.168.1.2").value)


        leaf2 = self.xlate.Leaf(IPAddress("172.16.1.1").value, IPAddress("172.16.1.2").value, 0, 0)


        self.xlate[key2] = leaf2


        call(["ping", "-c1", "192.168.1.1"])


        leaf = self.xlate[key1]


        self.assertGreater(leaf.ip_xlated_pkts, 0)


        self.assertGreater(leaf.arp_xlated_pkts, 0)


        leaf = self.xlate[key2]


        self.assertGreater(leaf.ip_xlated_pkts, 0)


        self.assertGreater(leaf.arp_xlated_pkts, 0)


 


if __name__ == "__main__":


    main()