linux/tools/testing/selftests/tc-testing/creating-testcases/scapy-example.json
Lucas Bates 14e5175e9e tc-testing: introduce scapyPlugin for basic traffic
The scapyPlugin allows for simple traffic generation in tdc to
test various tc features. It was tested with scapy v2.4.2, but
should work with any successive version.

In order to use the plugin's functionality, scapy must be
installed. This can be done with:
   pip3 install scapy

or to install 2.4.2:
   pip3 install scapy==2.4.2

If the plugin is unable to import the scapy module, it will
terminate the tdc run.

The plugin makes use of a new key in the test case data, 'scapy'.
This block contains three other elements: 'iface', 'count', and
'packet':

        "scapy": {
            "iface": "$DEV0",
            "count": 1,
            "packet": "Ether(type=0x800)/IP(src='16.61.16.61')/ICMP()"
        },

* iface is the name of the device on the host machine from which
  the packet(s) will be sent. Values contained within tdc_config.py's
  NAMES dict can be used here - this is useful if paired with
  nsPlugin
* count is the number of copies of this packet to be sent
* packet is a string detailing the different layers of the packet
  to be sent. If a property isn't explicitly set, scapy will set
  default values for you.

Layers in the packet info are separated by slashes. For info about
common TCP and IP properties, see:
https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf

Caution is advised when running tests using the scapy functionality,
since the plugin blindly sends the packet as defined in the test case
data.

See creating-testcases/scapy-example.json for sample test cases;
the first test is intended to pass while the second is intended to
fail.

Signed-off-by: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09 14:07:20 -07:00

99 lines
2.5 KiB
JSON

[
{
"id": "b1e9",
"name": "Test matching of source IP",
"category": [
"actions",
"scapy"
],
"plugins": {
"requires": [
"nsPlugin",
"scapyPlugin"
]
},
"setup": [
[
"$TC qdisc del dev $DEV1 ingress",
0,
1,
2,
255
],
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: prio 3 protocol ip flower src_ip 16.61.16.61 flowid 1:1 action ok",
"scapy": {
"iface": "$DEV0",
"count": 1,
"packet": "Ether(type=0x800)/IP(src='16.61.16.61')/ICMP()"
},
"expExitCode": "0",
"verifyCmd": "$TC -s -j filter ls dev $DEV1 ingress prio 3",
"matchJSON": [
{
"path": [
1,
"options",
"actions",
0,
"stats",
"packets"
],
"value": 1
}
],
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "e9c4",
"name": "Test matching of source IP with wrong count",
"category": [
"actions",
"scapy"
],
"plugins": {
"requires": [
"nsPlugin",
"scapyPlugin"
]
},
"setup": [
[
"$TC qdisc del dev $DEV1 ingress",
0,
1,
2,
255
],
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: prio 3 protocol ip flower src_ip 16.61.16.61 flowid 1:1 action ok",
"scapy": {
"iface": "$DEV0",
"count": 3,
"packet": "Ether(type=0x800)/IP(src='16.61.16.61')/ICMP()"
},
"expExitCode": "0",
"verifyCmd": "$TC -s -j filter ls dev $DEV1 parent ffff:",
"matchJSON": [
{
"path": [
1,
"options",
"actions",
0,
"stats",
"packets"
],
"value": 1
}
],
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
}
]