[mirror_frr.git] / tests / topotests / bgp_auth / test_bgp_auth1.py

#!/usr/bin/env python

#
# test_bgp_auth.py
# Part of NetDEF Topology Tests
#
# Copyright (c) 2020 by Volta Networks
#
# Permission to use, copy, modify, and/or distribute this software
# for any purpose with or without fee is hereby granted, provided
# that the above copyright notice and this permission notice appear
# in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
# OF THIS SOFTWARE.
#

"""
test_bgp_auth.py: Test BGP Md5 Authentication

                             +------+
                    +--------|      |--------+
                    | +------|  R1  |------+ |
                    | | -----|      |----+ | |
                    | | |    +------+    | | |
                    | | |                | | |
                   +------+            +------+
                   |      |------------|      |
                   |  R2  |------------|  R3  |
                   |      |------------|      |
                   +------+            +------+


setup is 3 routers with 3 links between each each link in a different vrf
Default, blue and red respectively
Tests check various fiddling with passwords and checking that the peer
establishment is as expected and passwords are not leaked across sockets
for bgp instances
"""
# pylint: disable=C0413

import json
import os
import platform
import sys
from time import sleep

import pytest
from lib import common_config, topotest
from lib.common_config import (
    save_initial_config_on_routers,
    reset_with_new_configs,
)

from bgp_auth_common import (
    check_all_peers_established,
    check_vrf_peer_remove_passwords,
    check_vrf_peer_change_passwords,
)
from lib.topogen import Topogen, TopoRouter, get_topogen

pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd]

CWD = os.path.dirname(os.path.realpath(__file__))


def build_topo(tgen):
    tgen.add_router("R1")
    tgen.add_router("R2")
    tgen.add_router("R3")

    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])


def setup_module(mod):
    "Sets up the pytest environment"
    # This function initiates the topology build with Topogen...
    tgen = Topogen(build_topo, mod.__name__)
    # ... and here it calls Mininet initialization functions.
    tgen.start_topology()

    r1 = tgen.gears["R1"]
    r2 = tgen.gears["R2"]
    r3 = tgen.gears["R3"]

    # blue vrf
    r1.cmd_raises("ip link add blue type vrf table 1001")
    r1.cmd_raises("ip link set up dev blue")
    r2.cmd_raises("ip link add blue type vrf table 1001")
    r2.cmd_raises("ip link set up dev blue")
    r3.cmd_raises("ip link add blue type vrf table 1001")
    r3.cmd_raises("ip link set up dev blue")

    r1.cmd_raises("ip link add lo1 type dummy")
    r1.cmd_raises("ip link set lo1 master blue")
    r1.cmd_raises("ip link set up dev lo1")
    r2.cmd_raises("ip link add lo1 type dummy")
    r2.cmd_raises("ip link set up dev lo1")
    r2.cmd_raises("ip link set lo1 master blue")
    r3.cmd_raises("ip link add lo1 type dummy")
    r3.cmd_raises("ip link set up dev lo1")
    r3.cmd_raises("ip link set lo1 master blue")

    r1.cmd_raises("ip link set R1-eth2 master blue")
    r1.cmd_raises("ip link set R1-eth3 master blue")
    r2.cmd_raises("ip link set R2-eth2 master blue")
    r2.cmd_raises("ip link set R2-eth3 master blue")
    r3.cmd_raises("ip link set R3-eth2 master blue")
    r3.cmd_raises("ip link set R3-eth3 master blue")

    r1.cmd_raises("ip link set up dev  R1-eth2")
    r1.cmd_raises("ip link set up dev  R1-eth3")
    r2.cmd_raises("ip link set up dev  R2-eth2")
    r2.cmd_raises("ip link set up dev  R2-eth3")
    r3.cmd_raises("ip link set up dev  R3-eth2")
    r3.cmd_raises("ip link set up dev  R3-eth3")

    # red vrf
    r1.cmd_raises("ip link add red type vrf table 1002")
    r1.cmd_raises("ip link set up dev red")
    r2.cmd_raises("ip link add red type vrf table 1002")
    r2.cmd_raises("ip link set up dev red")
    r3.cmd_raises("ip link add red type vrf table 1002")
    r3.cmd_raises("ip link set up dev red")

    r1.cmd_raises("ip link add lo2 type dummy")
    r1.cmd_raises("ip link set lo2 master red")
    r1.cmd_raises("ip link set up dev lo2")
    r2.cmd_raises("ip link add lo2 type dummy")
    r2.cmd_raises("ip link set up dev lo2")
    r2.cmd_raises("ip link set lo2 master red")
    r3.cmd_raises("ip link add lo2 type dummy")
    r3.cmd_raises("ip link set up dev lo2")
    r3.cmd_raises("ip link set lo2 master red")

    r1.cmd_raises("ip link set R1-eth4 master red")
    r1.cmd_raises("ip link set R1-eth5 master red")
    r2.cmd_raises("ip link set R2-eth4 master red")
    r2.cmd_raises("ip link set R2-eth5 master red")
    r3.cmd_raises("ip link set R3-eth4 master red")
    r3.cmd_raises("ip link set R3-eth5 master red")

    r1.cmd_raises("ip link set up dev  R1-eth4")
    r1.cmd_raises("ip link set up dev  R1-eth5")
    r2.cmd_raises("ip link set up dev  R2-eth4")
    r2.cmd_raises("ip link set up dev  R2-eth5")
    r3.cmd_raises("ip link set up dev  R3-eth4")
    r3.cmd_raises("ip link set up dev  R3-eth5")

    r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
    r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
    r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")

    # This is a sample of configuration loading.
    router_list = tgen.routers()

    # For all registered routers, load the zebra configuration file
    for rname, router in router_list.items():
        router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf")
        router.load_config(TopoRouter.RD_OSPF)
        router.load_config(TopoRouter.RD_BGP)

    # After copying the configurations, this function loads configured daemons.
    tgen.start_router()

    # Save the initial router config. reset_config_on_routers will return to this config.
    save_initial_config_on_routers(tgen)


def teardown_module(mod):
    "Teardown the pytest environment"
    tgen = get_topogen()

    # This function tears down the whole topology.
    tgen.stop_topology()


def test_default_peer_established(tgen):
    "default vrf 3 peers same password"

    reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
    check_all_peers_established()


def test_default_peer_remove_passwords(tgen):
    "selectively remove passwords checking state"

    reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
    check_vrf_peer_remove_passwords()


def test_default_peer_change_passwords(tgen):
    "selectively change passwords checking state"

    reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
    check_vrf_peer_change_passwords()


def test_default_prefix_peer_established(tgen):
    "default vrf 3 peers same password with prefix config"

    # only supported in kernel > 5.3
    if topotest.version_cmp(platform.release(), "5.3") < 0:
        return

    reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
    check_all_peers_established()


def test_prefix_peer_remove_passwords(tgen):
    "selectively remove passwords checking state with prefix config"

    # only supported in kernel > 5.3
    if topotest.version_cmp(platform.release(), "5.3") < 0:
        return

    reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
    check_vrf_peer_remove_passwords(prefix="yes")


def test_memory_leak(tgen):
    "Run the memory leak test and report results."
    if not tgen.is_memleak_enabled():
        pytest.skip("Memory leak test/report is disabled")

    tgen.report_memory_leaks()


if __name__ == "__main__":
    args = ["-s"] + sys.argv[1:]
    sys.exit(pytest.main(args))
Commit	Line	Data
318c1fa3 PR	1	#!/usr/bin/env python
	2
	3	#
	4	# test_bgp_auth.py
	5	# Part of NetDEF Topology Tests
	6	#
	7	# Copyright (c) 2020 by Volta Networks
	8	#
	9	# Permission to use, copy, modify, and/or distribute this software
	10	# for any purpose with or without fee is hereby granted, provided
	11	# that the above copyright notice and this permission notice appear
	12	# in all copies.
	13	#
	14	# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
	15	# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	16	# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
	17	# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
	18	# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
	19	# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
	20	# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
	21	# OF THIS SOFTWARE.
	22	#
	23
	24	"""
	25	test_bgp_auth.py: Test BGP Md5 Authentication
	26
	27	+------+
	28	+--------\| \|--------+
	29	\| +------\| R1 \|------+ \|
	30	\| \| -----\| \|----+ \| \|
	31	\| \| \| +------+ \| \| \|
	32	\| \| \| \| \| \|
	33	+------+ +------+
	34	\| \|------------\| \|
	35	\| R2 \|------------\| R3 \|
	36	\| \|------------\| \|
	37	+------+ +------+
	38
	39
	40	setup is 3 routers with 3 links between each each link in a different vrf
	41	Default, blue and red respectively
	42	Tests check various fiddling with passwords and checking that the peer
02547745	43	establishment is as expected and passwords are not leaked across sockets
318c1fa3 PR	44	for bgp instances
318c1fa3 PR	45	"""
02547745	46	# pylint: disable=C0413
318c1fa3	47
318c1fa3	48	import json
02547745	49	import os
318c1fa3	50	import platform
02547745	51	import sys
318c1fa3 PR	52	from time import sleep
318c1fa3 PR	53
02547745 CH	54	import pytest
02547745 CH	55	from lib import common_config, topotest
b6689447	56	from lib.common_config import (
02547745 CH	57	save_initial_config_on_routers,
02547745 CH	58	reset_with_new_configs,
b6689447	59	)
da72986a DS	60
	61	from bgp_auth_common import (
	62	check_all_peers_established,
	63	check_vrf_peer_remove_passwords,
	64	check_vrf_peer_change_passwords,
	65	)
02547745	66	from lib.topogen import Topogen, TopoRouter, get_topogen
318c1fa3	67
3dedee4f DS	68	pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd]
3dedee4f DS	69
02547745	70	CWD = os.path.dirname(os.path.realpath(__file__))
318c1fa3	71
a53c08bc	72
e82b531d	73	def build_topo(tgen):
e82b531d CH	74	tgen.add_router("R1")
	75	tgen.add_router("R2")
	76	tgen.add_router("R3")
	77
b6689447	78	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	79	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	80	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
b6689447	81	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	82	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	83	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
b6689447	84	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	85	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	86	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
318c1fa3 PR	87
	88
	89	def setup_module(mod):
	90	"Sets up the pytest environment"
	91	# This function initiates the topology build with Topogen...
e82b531d	92	tgen = Topogen(build_topo, mod.__name__)
318c1fa3 PR	93	# ... and here it calls Mininet initialization functions.
	94	tgen.start_topology()
	95
	96	r1 = tgen.gears["R1"]
	97	r2 = tgen.gears["R2"]
	98	r3 = tgen.gears["R3"]
	99
	100	# blue vrf
b6689447 CH	101	r1.cmd_raises("ip link add blue type vrf table 1001")
	102	r1.cmd_raises("ip link set up dev blue")
	103	r2.cmd_raises("ip link add blue type vrf table 1001")
	104	r2.cmd_raises("ip link set up dev blue")
	105	r3.cmd_raises("ip link add blue type vrf table 1001")
	106	r3.cmd_raises("ip link set up dev blue")
	107
	108	r1.cmd_raises("ip link add lo1 type dummy")
	109	r1.cmd_raises("ip link set lo1 master blue")
	110	r1.cmd_raises("ip link set up dev lo1")
	111	r2.cmd_raises("ip link add lo1 type dummy")
	112	r2.cmd_raises("ip link set up dev lo1")
	113	r2.cmd_raises("ip link set lo1 master blue")
	114	r3.cmd_raises("ip link add lo1 type dummy")
	115	r3.cmd_raises("ip link set up dev lo1")
	116	r3.cmd_raises("ip link set lo1 master blue")
	117
	118	r1.cmd_raises("ip link set R1-eth2 master blue")
	119	r1.cmd_raises("ip link set R1-eth3 master blue")
	120	r2.cmd_raises("ip link set R2-eth2 master blue")
	121	r2.cmd_raises("ip link set R2-eth3 master blue")
	122	r3.cmd_raises("ip link set R3-eth2 master blue")
	123	r3.cmd_raises("ip link set R3-eth3 master blue")
	124
	125	r1.cmd_raises("ip link set up dev R1-eth2")
	126	r1.cmd_raises("ip link set up dev R1-eth3")
	127	r2.cmd_raises("ip link set up dev R2-eth2")
	128	r2.cmd_raises("ip link set up dev R2-eth3")
	129	r3.cmd_raises("ip link set up dev R3-eth2")
	130	r3.cmd_raises("ip link set up dev R3-eth3")
318c1fa3 PR	131
318c1fa3 PR	132	# red vrf
b6689447 CH	133	r1.cmd_raises("ip link add red type vrf table 1002")
	134	r1.cmd_raises("ip link set up dev red")
	135	r2.cmd_raises("ip link add red type vrf table 1002")
	136	r2.cmd_raises("ip link set up dev red")
	137	r3.cmd_raises("ip link add red type vrf table 1002")
	138	r3.cmd_raises("ip link set up dev red")
	139
	140	r1.cmd_raises("ip link add lo2 type dummy")
	141	r1.cmd_raises("ip link set lo2 master red")
	142	r1.cmd_raises("ip link set up dev lo2")
	143	r2.cmd_raises("ip link add lo2 type dummy")
	144	r2.cmd_raises("ip link set up dev lo2")
	145	r2.cmd_raises("ip link set lo2 master red")
	146	r3.cmd_raises("ip link add lo2 type dummy")
	147	r3.cmd_raises("ip link set up dev lo2")
	148	r3.cmd_raises("ip link set lo2 master red")
	149
	150	r1.cmd_raises("ip link set R1-eth4 master red")
	151	r1.cmd_raises("ip link set R1-eth5 master red")
	152	r2.cmd_raises("ip link set R2-eth4 master red")
	153	r2.cmd_raises("ip link set R2-eth5 master red")
	154	r3.cmd_raises("ip link set R3-eth4 master red")
	155	r3.cmd_raises("ip link set R3-eth5 master red")
	156
	157	r1.cmd_raises("ip link set up dev R1-eth4")
	158	r1.cmd_raises("ip link set up dev R1-eth5")
	159	r2.cmd_raises("ip link set up dev R2-eth4")
	160	r2.cmd_raises("ip link set up dev R2-eth5")
	161	r3.cmd_raises("ip link set up dev R3-eth4")
	162	r3.cmd_raises("ip link set up dev R3-eth5")
318c1fa3	163
f3095914 DS	164	r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	165	r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	166	r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	167
318c1fa3 PR	168	# This is a sample of configuration loading.
	169	router_list = tgen.routers()
	170
b515c81a	171	# For all registered routers, load the zebra configuration file
e5f0ed14	172	for rname, router in router_list.items():
02547745 CH	173	router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf")
	174	router.load_config(TopoRouter.RD_OSPF)
	175	router.load_config(TopoRouter.RD_BGP)
318c1fa3	176
02547745	177	# After copying the configurations, this function loads configured daemons.
318c1fa3 PR	178	tgen.start_router()
318c1fa3 PR	179
02547745 CH	180	# Save the initial router config. reset_config_on_routers will return to this config.
02547745 CH	181	save_initial_config_on_routers(tgen)
b6689447	182
318c1fa3 PR	183
	184	def teardown_module(mod):
	185	"Teardown the pytest environment"
	186	tgen = get_topogen()
	187
	188	# This function tears down the whole topology.
	189	tgen.stop_topology()
	190
	191
b6689447	192	def test_default_peer_established(tgen):
318c1fa3 PR	193	"default vrf 3 peers same password"
318c1fa3 PR	194
02547745	195	reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
318c1fa3	196	check_all_peers_established()
318c1fa3 PR	197
318c1fa3 PR	198
b6689447	199	def test_default_peer_remove_passwords(tgen):
318c1fa3 PR	200	"selectively remove passwords checking state"
318c1fa3 PR	201
02547745	202	reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
318c1fa3	203	check_vrf_peer_remove_passwords()
318c1fa3 PR	204
318c1fa3 PR	205
b6689447	206	def test_default_peer_change_passwords(tgen):
318c1fa3 PR	207	"selectively change passwords checking state"
318c1fa3 PR	208
02547745	209	reset_with_new_configs(tgen, "bgpd.conf", "ospfd.conf")
318c1fa3	210	check_vrf_peer_change_passwords()
318c1fa3 PR	211
318c1fa3 PR	212
b6689447	213	def test_default_prefix_peer_established(tgen):
318c1fa3 PR	214	"default vrf 3 peers same password with prefix config"
	215
	216	# only supported in kernel > 5.3
	217	if topotest.version_cmp(platform.release(), "5.3") < 0:
	218	return
	219
02547745	220	reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
318c1fa3	221	check_all_peers_established()
318c1fa3 PR	222
318c1fa3 PR	223
b6689447	224	def test_prefix_peer_remove_passwords(tgen):
318c1fa3 PR	225	"selectively remove passwords checking state with prefix config"
	226
	227	# only supported in kernel > 5.3
	228	if topotest.version_cmp(platform.release(), "5.3") < 0:
	229	return
b32454e1	230
02547745	231	reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
318c1fa3	232	check_vrf_peer_remove_passwords(prefix="yes")
318c1fa3 PR	233
318c1fa3 PR	234
b6689447	235	def test_memory_leak(tgen):
318c1fa3	236	"Run the memory leak test and report results."
318c1fa3 PR	237	if not tgen.is_memleak_enabled():
	238	pytest.skip("Memory leak test/report is disabled")
	239
	240	tgen.report_memory_leaks()
	241
	242
	243	if __name__ == "__main__":
	244	args = ["-s"] + sys.argv[1:]
	245	sys.exit(pytest.main(args))