C#/.net>> linux-switch>> 返回
项目作者: roykuper13

项目描述 :
A module for emulating networks using python objects
高级语言: Python
项目地址: git://github.com/roykuper13/linux-switch.git
创建时间: 2020-03-28T22:21:54Z
项目社区:https://github.com/roykuper13/linux-switch
开源协议:GNU General Public License v3.0
下载


Build Status

linux-switch

linux-switch is a module that let you emulate a network in a linux environment
very easily by creating, connecting and configuring network devices that are represented
as Python objects.

Moreover, linux-switch let you manipulate packets before the network switch forwards
them (see example below). Thus, External binaries/applications that performs
any logic on packets (for example - VLAN Hopping, NAT, etc) can be tested using linux-switch.
Also, linux-switch provide a “Punt-Policies”-like mechanisem, which gives you the option
to filter traffic that the manipulation routine will be recieve.

Description

linux-switch uses linux’s network namespace feature. For each Device object that’s connected to the
network Switch object, the module creates a new network namespace that’s connected to the
default network namespace.

The network switch object (Switch) has the basic operations required by a real network
switch device, meaning:

  1. It manages a table that maps between devices and their vlans + network-namespaces.
  2. It doesn’t allow packets from one vlan to be transmistted to a different vlan.
  3. When connecting Devices to the Switch, the connection type must be specified (access or trunk).
    When using trunk - the switch and the device will send/recieve tagged packet.
    When using access - they’ll send untagged packets.
  4. The switch have “Punt-Policies”, which means only filtered packets will be forwarded
    to the manipulation routine. The punt-policies feature introduce a duplicate mode. When set,
    packets that are filtered (using the punt policies) will be processed by both manipulation routine
    and switch. When not set, packets will be processed by the manipultion routine only, so that routine
    can, for example, drop packets!

Example

Basic

  2. from linuxswitch.switch import Switch
  3. from linuxswitch.device import Device
  5. # Creating a network switch instance
  6. switch = Switch()
  8. # Creating two devices, 'a' and 'b', and assign IP addresses to them
  9. dev1 = Device('a', '192.168.250.1', '255.255.255.0')
  10. dev2 = Device('b', '192.168.250.2', '255.255.255.0')
  12. # Connect dev1 to the network switch.
  13. # dev1 will be part of vlan 20.
  14. # The physical port of the switch is configured to be access,
  15. # meaning the switch and the device do not transmit tagged packets,
  16. # and expect to recieve untagged packets.
  17. # The switch will make sure that dev1 will be able to send/recv packets
  18. # from vlan 20 only.
  19. switch.connect_device_access(dev1, 20)
  21. # Connect dev2 to the network switch.
  22. # dev2 will also be part of vlan 20.
  23. # The physical port of the switch is configured to be trunk,
  24. # meaning the switch and the device transmits and recieves tagged packets (dot1q).
  25. switch.connect_device_trunk(dev2, 20)

From that point, you can run whatever you want from the devices context.
For example:

  1. # Ping to the second device (we're able to do that since both devices
  2. # are in the same vlan).
  3. dev1.run_from_namespace('ping -c 1 192.168.250.2')
  5. # Open a terminal (gnome-terminal is given as an example)
  6. dev2.run_from_namespace('dbus-launch gnome-terminal')
  8. # Open wireshark and sniff from the device
  9. dev2.run_from_namespace('wireshark')
  11. # TCP connections
  12. dev1.run_from_namespace('nc -l 0.0.0.0 8888')
  13. dev2.run_from_namespace('nc 192.168.250.1 8888')
  15. # etc.

And for cleanup:

  1. switch.disconnect_device(dev1)
  2. switch.disconnect_device(dev2)
  4. switch.term()

Manipulations(VLAN Hopping) and “Punt-Policies”

A very good example for VLAN-Hopping and Punt-Policies can be seen
in tests/test_manipulation (test_vlan_hopping_and_punt_policies).