]>
Commit | Line | Data |
---|---|---|
318c1fa3 PR |
1 | #!/usr/bin/env python |
2 | ||
3 | # | |
4 | # test_bgp_auth.py | |
5 | # Part of NetDEF Topology Tests | |
6 | # | |
7 | # Copyright (c) 2020 by Volta Networks | |
8 | # | |
9 | # Permission to use, copy, modify, and/or distribute this software | |
10 | # for any purpose with or without fee is hereby granted, provided | |
11 | # that the above copyright notice and this permission notice appear | |
12 | # in all copies. | |
13 | # | |
14 | # THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES | |
15 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
16 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR | |
17 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY | |
18 | # DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, | |
19 | # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS | |
20 | # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE | |
21 | # OF THIS SOFTWARE. | |
22 | # | |
23 | ||
24 | """ | |
25 | test_bgp_auth.py: Test BGP Md5 Authentication | |
26 | ||
27 | +------+ | |
28 | +--------| |--------+ | |
29 | | +------| R1 |------+ | | |
30 | | | -----| |----+ | | | |
31 | | | | +------+ | | | | |
32 | | | | | | | | |
33 | +------+ +------+ | |
34 | | |------------| | | |
35 | | R2 |------------| R3 | | |
36 | | |------------| | | |
37 | +------+ +------+ | |
38 | ||
39 | ||
40 | setup is 3 routers with 3 links between each each link in a different vrf | |
41 | Default, blue and red respectively | |
42 | Tests check various fiddling with passwords and checking that the peer | |
02547745 | 43 | establishment is as expected and passwords are not leaked across sockets |
318c1fa3 PR |
44 | for bgp instances |
45 | """ | |
02547745 | 46 | # pylint: disable=C0413 |
318c1fa3 | 47 | |
318c1fa3 | 48 | import json |
02547745 | 49 | import os |
318c1fa3 | 50 | import platform |
02547745 | 51 | import sys |
318c1fa3 PR |
52 | from time import sleep |
53 | ||
02547745 CH |
54 | import pytest |
55 | from lib import common_config, topotest | |
b6689447 | 56 | from lib.common_config import ( |
02547745 CH |
57 | save_initial_config_on_routers, |
58 | reset_with_new_configs, | |
b6689447 | 59 | ) |
da72986a DS |
60 | |
61 | from bgp_auth_common import ( | |
62 | check_all_peers_established, | |
63 | check_vrf_peer_remove_passwords, | |
64 | check_vrf_peer_change_passwords, | |
65 | ) | |
02547745 | 66 | from lib.topogen import Topogen, TopoRouter, get_topogen |
318c1fa3 | 67 | |
3dedee4f DS |
68 | pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd] |
69 | ||
02547745 | 70 | CWD = os.path.dirname(os.path.realpath(__file__)) |
318c1fa3 | 71 | |
a53c08bc | 72 | |
e82b531d | 73 | def build_topo(tgen): |
e82b531d CH |
74 | tgen.add_router("R1") |
75 | tgen.add_router("R2") | |
76 | tgen.add_router("R3") | |
77 | ||
b6689447 | 78 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 79 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 80 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 81 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 82 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 83 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 84 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 85 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 86 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
318c1fa3 PR |
87 | |
88 | ||
89 | def setup_module(mod): | |
90 | "Sets up the pytest environment" | |
91 | # This function initiates the topology build with Topogen... | |
e82b531d | 92 | tgen = Topogen(build_topo, mod.__name__) |
318c1fa3 PR |
93 | # ... and here it calls Mininet initialization functions. |
94 | tgen.start_topology() | |
95 | ||
96 | r1 = tgen.gears["R1"] | |
97 | r2 = tgen.gears["R2"] | |
98 | r3 = tgen.gears["R3"] | |
99 | ||
100 | # blue vrf | |
b6689447 CH |
101 | r1.cmd_raises("ip link add blue type vrf table 1001") |
102 | r1.cmd_raises("ip link set up dev blue") | |
103 | r2.cmd_raises("ip link add blue type vrf table 1001") | |
104 | r2.cmd_raises("ip link set up dev blue") | |
105 | r3.cmd_raises("ip link add blue type vrf table 1001") | |
106 | r3.cmd_raises("ip link set up dev blue") | |
107 | ||
108 | r1.cmd_raises("ip link add lo1 type dummy") | |
109 | r1.cmd_raises("ip link set lo1 master blue") | |
110 | r1.cmd_raises("ip link set up dev lo1") | |
111 | r2.cmd_raises("ip link add lo1 type dummy") | |
112 | r2.cmd_raises("ip link set up dev lo1") | |
113 | r2.cmd_raises("ip link set lo1 master blue") | |
114 | r3.cmd_raises("ip link add lo1 type dummy") | |
115 | r3.cmd_raises("ip link set up dev lo1") | |
116 | r3.cmd_raises("ip link set lo1 master blue") | |
117 | ||
118 | r1.cmd_raises("ip link set R1-eth2 master blue") | |
119 | r1.cmd_raises("ip link set R1-eth3 master blue") | |
120 | r2.cmd_raises("ip link set R2-eth2 master blue") | |
121 | r2.cmd_raises("ip link set R2-eth3 master blue") | |
122 | r3.cmd_raises("ip link set R3-eth2 master blue") | |
123 | r3.cmd_raises("ip link set R3-eth3 master blue") | |
124 | ||
125 | r1.cmd_raises("ip link set up dev R1-eth2") | |
126 | r1.cmd_raises("ip link set up dev R1-eth3") | |
127 | r2.cmd_raises("ip link set up dev R2-eth2") | |
128 | r2.cmd_raises("ip link set up dev R2-eth3") | |
129 | r3.cmd_raises("ip link set up dev R3-eth2") | |
130 | r3.cmd_raises("ip link set up dev R3-eth3") | |
318c1fa3 PR |
131 | |
132 | # red vrf | |
b6689447 CH |
133 | r1.cmd_raises("ip link add red type vrf table 1002") |
134 | r1.cmd_raises("ip link set up dev red") | |
135 | r2.cmd_raises("ip link add red type vrf table 1002") | |
136 | r2.cmd_raises("ip link set up dev red") | |
137 | r3.cmd_raises("ip link add red type vrf table 1002") | |
138 | r3.cmd_raises("ip link set up dev red") | |
139 | ||
140 | r1.cmd_raises("ip link add lo2 type dummy") | |
141 | r1.cmd_raises("ip link set lo2 master red") | |
142 | r1.cmd_raises("ip link set up dev lo2") | |
143 | r2.cmd_raises("ip link add lo2 type dummy") | |
144 | r2.cmd_raises("ip link set up dev lo2") | |
145 | r2.cmd_raises("ip link set lo2 master red") | |
146 | r3.cmd_raises("ip link add lo2 type dummy") | |
147 | r3.cmd_raises("ip link set up dev lo2") | |
148 | r3.cmd_raises("ip link set lo2 master red") | |
149 | ||
150 | r1.cmd_raises("ip link set R1-eth4 master red") | |
151 | r1.cmd_raises("ip link set R1-eth5 master red") | |
152 | r2.cmd_raises("ip link set R2-eth4 master red") | |
153 | r2.cmd_raises("ip link set R2-eth5 master red") | |
154 | r3.cmd_raises("ip link set R3-eth4 master red") | |
155 | r3.cmd_raises("ip link set R3-eth5 master red") | |
156 | ||
157 | r1.cmd_raises("ip link set up dev R1-eth4") | |
158 | r1.cmd_raises("ip link set up dev R1-eth5") | |
159 | r2.cmd_raises("ip link set up dev R2-eth4") | |
160 | r2.cmd_raises("ip link set up dev R2-eth5") | |
161 | r3.cmd_raises("ip link set up dev R3-eth4") | |
162 | r3.cmd_raises("ip link set up dev R3-eth5") | |
318c1fa3 | 163 | |
f3095914 DS |
164 | r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") |
165 | r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
166 | r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
167 | ||
318c1fa3 PR |
168 | # This is a sample of configuration loading. |
169 | router_list = tgen.routers() | |
170 | ||
b515c81a | 171 | # For all registered routers, load the zebra configuration file |
e5f0ed14 | 172 | for rname, router in router_list.items(): |
02547745 CH |
173 | router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf") |
174 | router.load_config(TopoRouter.RD_OSPF) | |
175 | router.load_config(TopoRouter.RD_BGP) | |
318c1fa3 | 176 | |
02547745 | 177 | # After copying the configurations, this function loads configured daemons. |
318c1fa3 PR |
178 | tgen.start_router() |
179 | ||
02547745 CH |
180 | # Save the initial router config. reset_config_on_routers will return to this config. |
181 | save_initial_config_on_routers(tgen) | |
b6689447 | 182 | |
318c1fa3 PR |
183 | |
184 | def teardown_module(mod): | |
185 | "Teardown the pytest environment" | |
186 | tgen = get_topogen() | |
187 | ||
188 | # This function tears down the whole topology. | |
189 | tgen.stop_topology() | |
190 | ||
191 | ||
b6689447 | 192 | def test_default_peer_established(tgen): |
318c1fa3 PR |
193 | "default vrf 3 peers same password" |
194 | ||
02547745 | 195 | reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf") |
318c1fa3 | 196 | check_all_peers_established() |
318c1fa3 PR |
197 | |
198 | ||
b6689447 | 199 | def test_default_peer_remove_passwords(tgen): |
318c1fa3 PR |
200 | "selectively remove passwords checking state" |
201 | ||
02547745 | 202 | reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf") |
318c1fa3 | 203 | check_vrf_peer_remove_passwords() |
318c1fa3 PR |
204 | |
205 | ||
b6689447 | 206 | def test_default_peer_change_passwords(tgen): |
318c1fa3 PR |
207 | "selectively change passwords checking state" |
208 | ||
02547745 | 209 | reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf") |
318c1fa3 | 210 | check_vrf_peer_change_passwords() |
318c1fa3 PR |
211 | |
212 | ||
b6689447 | 213 | def test_default_prefix_peer_established(tgen): |
318c1fa3 PR |
214 | "default vrf 3 peers same password with prefix config" |
215 | ||
216 | # only supported in kernel > 5.3 | |
217 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
218 | return | |
219 | ||
02547745 | 220 | reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf") |
318c1fa3 | 221 | check_all_peers_established() |
318c1fa3 PR |
222 | |
223 | ||
b6689447 | 224 | def test_prefix_peer_remove_passwords(tgen): |
318c1fa3 PR |
225 | "selectively remove passwords checking state with prefix config" |
226 | ||
227 | # only supported in kernel > 5.3 | |
228 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
229 | return | |
b32454e1 | 230 | |
02547745 | 231 | reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf") |
318c1fa3 | 232 | check_vrf_peer_remove_passwords(prefix="yes") |
318c1fa3 PR |
233 | |
234 | ||
b6689447 | 235 | def test_memory_leak(tgen): |
318c1fa3 | 236 | "Run the memory leak test and report results." |
318c1fa3 PR |
237 | if not tgen.is_memleak_enabled(): |
238 | pytest.skip("Memory leak test/report is disabled") | |
239 | ||
240 | tgen.report_memory_leaks() | |
241 | ||
242 | ||
243 | if __name__ == "__main__": | |
244 | args = ["-s"] + sys.argv[1:] | |
245 | sys.exit(pytest.main(args)) |