From 6a56fe8a07033a8b0ca26d0f829849f4c29059bd Mon Sep 17 00:00:00 2001
From: Adam Rudell <arudell@microsoft.com>
Date: Wed, 5 Feb 2025 13:18:02 -0600
Subject: [PATCH] Enable function to test processing of VFP layers (#380)

# Description
Summary of changes:
This pull request introduces a new function to the
`src/modules/SdnDiag.Server.psm1` file and updates the
`src/SdnDiagnostics.psd1` file to include this new function. The most
important changes are summarized below:

### Addition of new function:

*
[`src/modules/SdnDiag.Server.psm1`](diffhunk://#diff-11217f20b55d3b4ea34c8c217794c81d65acc4852dff9bf4295e5cc4d6dfaeedR3194-R3277):
Added the `Test-SdnVfpPortTuple` function, which simulates the
processing of a packet by the Virtual Filtering Platform (VFP) for a
specific port. This function includes parameters for `PortName`,
`Direction`, `SourceIP`, `SourcePort`, `DestinationIP`,
`DestinationPort`, and `Protocol`, and provides examples of usage.

### Updates to module manifest:

*
[`src/SdnDiagnostics.psd1`](diffhunk://#diff-17aaaa968cc894449c79b449c228b28d8a8990bde4000e59bcf24d8189671ee1L175-R176):
Updated the `FunctionsToExport` section to include the new
`Test-SdnVfpPortTuple` function.

# Change type
- [ ] Bug fix (non-breaking change)
- [ ] Code style update (formatting, local variables)
- [x] New Feature (non-breaking change that adds new functionality
without impacting existing)
- [ ] Breaking change (fix or feature that may cause functionality
impact)
- [ ] Other

# Checklist:
- [x] My code follows the style and contribution guidelines of this
project.
- [x] I have tested and validated my code changes.
---
 src/SdnDiagnostics.psd1         |  3 +-
 src/modules/SdnDiag.Server.psm1 | 84 +++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/src/SdnDiagnostics.psd1 b/src/SdnDiagnostics.psd1
index b3433016..c0418323 100644
--- a/src/SdnDiagnostics.psd1
+++ b/src/SdnDiagnostics.psd1
@@ -172,7 +172,8 @@
         'Test-SdnConfigurationState',
         'Test-SdnNonSelfSignedCertificateInTrustedRootStore',
         'Test-SdnClusterServiceState',
-        'Test-SdnServiceState'
+        'Test-SdnServiceState',
+        'Test-SdnVfpPortTuple'
     )
 
     # Variables to export from this module
diff --git a/src/modules/SdnDiag.Server.psm1 b/src/modules/SdnDiag.Server.psm1
index 4465c586..bdbe8d57 100644
--- a/src/modules/SdnDiag.Server.psm1
+++ b/src/modules/SdnDiag.Server.psm1
@@ -3191,3 +3191,87 @@ function Test-SdnProviderAddressConnectivity {
     }
 }
 
+function Test-SdnVfpPortTuple {
+    <#
+    .SYNOPSIS
+        Simulates the processing of a packet by the Virtual Filtering Platform (VFP) for a specific port.
+    .PARAMETER PortName
+        The name of the VFP switch port.
+    .PARAMETER Direction
+        The direction of the traffic.
+    .PARAMETER SourceIP
+        The source IP address relative to the direction of the traffic.
+    .PARAMETER SourcePort
+        The source port relative to the direction of the traffic.
+    .PARAMETER DestinationIP
+        The destination IP address relative to the direction of the traffic.
+    .PARAMETER DestinationPort
+        The destination port relative to the direction of the traffic.
+    .PARAMETER Protocol
+        The protocol to use for the test.
+    .EXAMPLE
+        PS> Test-SdnVfpPortTuple -PortName 86650519-25b4-43a0-bae6-7f7a4561c8d9 -Direction OUT -Protocol TCP -SourceIP 10.0.0.6 -SourcePort 55555 -DestinationIP 10.0.0.9 -DestinationPort 443
+    .EXAMPLE
+        PS> Test-SdnVfpPortTuple -PortName 86650519-25b4-43a0-bae6-7f7a4561c8d9 -Direction IN -Protocol TCP -SourceIP 10.0.0.9 -SourcePort 443 -DestinationIP 10.0.0.6 -DestinationPort 55555
+    #>
+
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [String]$PortName,
+
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('IN','OUT')]
+        [String]$Direction,
+
+        [Parameter(Mandatory = $true)]
+        [ipaddress]$SourceIP,
+
+        [Parameter(Mandatory = $true)]
+        [int]$SourcePort,
+
+        [Parameter(Mandatory = $true)]
+        [ipaddress]$DestinationIP,
+
+        [Parameter(Mandatory = $true)]
+        [int]$DestinationPort,
+
+        [Parameter(Mandatory = $false)]
+        [ValidateSet('TCP','UDP')]
+        [String]$Protocol = 'TCP'
+    )
+
+    # convert the protocol to the appropriate ID
+    switch ($Protocol) {
+        'TCP' {
+            $protocolID = 6
+        }
+        'UDP' {
+            $protocolID = 17
+        }
+    }
+
+    try {
+        # make sure the port exists otherwise throw an exception
+        $vfpSwitchPort = Get-SdnVfpVmSwitchPort -PortName $PortName -ErrorAction Stop
+        if ($null -ieq $vfpSwitchPort) {
+            throw New-Object System.Exception("Unable to locate VFP switch port $PortName")
+        }
+
+        # command is structured as follows:
+        # vfpctrl /port <portname> /process-tuples '<protocolId> <sourceIP> <sourcePort> <destinationIP> <destinationPort> <direction> <flags>'
+        # protocolId: 6 = TCP, 17 = UDP
+        # direction: 1 = IN, 2 = OUT
+        # SourceIP: Source IP address or direction of the traffic relative to the direction
+        # SourcePort: Source port or direction of the traffic relative to the direction
+        # DestinationIP: Destination IP address or direction of the traffic relative to the direction
+        # DestinationPort: Destination port or direction of the traffic relative to the direction
+        # flags: 1 = TCP SYN, 2 = Monitoring Ping
+        $cmd = "vfpctrl /port $PortName /process-tuples '$protocolId $SourceIP $SourcePort $DestinationIP $DestinationPort $Direction 1'"
+        Invoke-Expression $cmd
+    }
+    catch {
+        $_ | Trace-Exception
+        $_ | Write-Error
+    }
+}