]>
Commit | Line | Data |
---|---|---|
318c1fa3 | 1 | #!/usr/bin/env python |
acddc0ed | 2 | # SPDX-License-Identifier: ISC |
318c1fa3 PR |
3 | |
4 | # | |
5 | # test_bgp_auth.py | |
6 | # Part of NetDEF Topology Tests | |
7 | # | |
8 | # Copyright (c) 2020 by Volta Networks | |
9 | # | |
318c1fa3 PR |
10 | |
11 | """ | |
12 | test_bgp_auth.py: Test BGP Md5 Authentication | |
13 | ||
14 | +------+ | |
15 | +--------| |--------+ | |
16 | | +------| R1 |------+ | | |
17 | | | -----| |----+ | | | |
18 | | | | +------+ | | | | |
19 | | | | | | | | |
20 | +------+ +------+ | |
21 | | |------------| | | |
22 | | R2 |------------| R3 | | |
23 | | |------------| | | |
24 | +------+ +------+ | |
25 | ||
26 | ||
27 | setup is 3 routers with 3 links between each each link in a different vrf | |
28 | Default, blue and red respectively | |
29 | Tests check various fiddling with passwords and checking that the peer | |
02547745 | 30 | establishment is as expected and passwords are not leaked across sockets |
318c1fa3 PR |
31 | for bgp instances |
32 | """ | |
02547745 | 33 | # pylint: disable=C0413 |
318c1fa3 | 34 | |
318c1fa3 | 35 | import json |
02547745 | 36 | import os |
318c1fa3 | 37 | import platform |
02547745 | 38 | import sys |
318c1fa3 PR |
39 | from time import sleep |
40 | ||
02547745 CH |
41 | import pytest |
42 | from lib import common_config, topotest | |
b6689447 | 43 | from lib.common_config import ( |
02547745 CH |
44 | save_initial_config_on_routers, |
45 | reset_with_new_configs, | |
b6689447 | 46 | ) |
da72986a DS |
47 | from bgp_auth_common import ( |
48 | check_vrf_peer_change_passwords, | |
49 | check_all_peers_established, | |
50 | check_vrf_peer_remove_passwords, | |
51 | ) | |
02547745 | 52 | from lib.topogen import Topogen, TopoRouter, get_topogen |
318c1fa3 | 53 | |
3dedee4f DS |
54 | pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd] |
55 | ||
02547745 | 56 | CWD = os.path.dirname(os.path.realpath(__file__)) |
318c1fa3 | 57 | |
a53c08bc | 58 | |
e82b531d | 59 | def build_topo(tgen): |
e82b531d CH |
60 | tgen.add_router("R1") |
61 | tgen.add_router("R2") | |
62 | tgen.add_router("R3") | |
63 | ||
b6689447 | 64 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 65 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 66 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 67 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 68 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 69 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 70 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 71 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 72 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
318c1fa3 PR |
73 | |
74 | ||
75 | def setup_module(mod): | |
76 | "Sets up the pytest environment" | |
77 | # This function initiates the topology build with Topogen... | |
e82b531d | 78 | tgen = Topogen(build_topo, mod.__name__) |
318c1fa3 PR |
79 | # ... and here it calls Mininet initialization functions. |
80 | tgen.start_topology() | |
81 | ||
82 | r1 = tgen.gears["R1"] | |
83 | r2 = tgen.gears["R2"] | |
84 | r3 = tgen.gears["R3"] | |
85 | ||
86 | # blue vrf | |
b6689447 CH |
87 | r1.cmd_raises("ip link add blue type vrf table 1001") |
88 | r1.cmd_raises("ip link set up dev blue") | |
89 | r2.cmd_raises("ip link add blue type vrf table 1001") | |
90 | r2.cmd_raises("ip link set up dev blue") | |
91 | r3.cmd_raises("ip link add blue type vrf table 1001") | |
92 | r3.cmd_raises("ip link set up dev blue") | |
93 | ||
94 | r1.cmd_raises("ip link add lo1 type dummy") | |
95 | r1.cmd_raises("ip link set lo1 master blue") | |
96 | r1.cmd_raises("ip link set up dev lo1") | |
97 | r2.cmd_raises("ip link add lo1 type dummy") | |
98 | r2.cmd_raises("ip link set up dev lo1") | |
99 | r2.cmd_raises("ip link set lo1 master blue") | |
100 | r3.cmd_raises("ip link add lo1 type dummy") | |
101 | r3.cmd_raises("ip link set up dev lo1") | |
102 | r3.cmd_raises("ip link set lo1 master blue") | |
103 | ||
104 | r1.cmd_raises("ip link set R1-eth2 master blue") | |
105 | r1.cmd_raises("ip link set R1-eth3 master blue") | |
106 | r2.cmd_raises("ip link set R2-eth2 master blue") | |
107 | r2.cmd_raises("ip link set R2-eth3 master blue") | |
108 | r3.cmd_raises("ip link set R3-eth2 master blue") | |
109 | r3.cmd_raises("ip link set R3-eth3 master blue") | |
110 | ||
111 | r1.cmd_raises("ip link set up dev R1-eth2") | |
112 | r1.cmd_raises("ip link set up dev R1-eth3") | |
113 | r2.cmd_raises("ip link set up dev R2-eth2") | |
114 | r2.cmd_raises("ip link set up dev R2-eth3") | |
115 | r3.cmd_raises("ip link set up dev R3-eth2") | |
116 | r3.cmd_raises("ip link set up dev R3-eth3") | |
318c1fa3 PR |
117 | |
118 | # red vrf | |
b6689447 CH |
119 | r1.cmd_raises("ip link add red type vrf table 1002") |
120 | r1.cmd_raises("ip link set up dev red") | |
121 | r2.cmd_raises("ip link add red type vrf table 1002") | |
122 | r2.cmd_raises("ip link set up dev red") | |
123 | r3.cmd_raises("ip link add red type vrf table 1002") | |
124 | r3.cmd_raises("ip link set up dev red") | |
125 | ||
126 | r1.cmd_raises("ip link add lo2 type dummy") | |
127 | r1.cmd_raises("ip link set lo2 master red") | |
128 | r1.cmd_raises("ip link set up dev lo2") | |
129 | r2.cmd_raises("ip link add lo2 type dummy") | |
130 | r2.cmd_raises("ip link set up dev lo2") | |
131 | r2.cmd_raises("ip link set lo2 master red") | |
132 | r3.cmd_raises("ip link add lo2 type dummy") | |
133 | r3.cmd_raises("ip link set up dev lo2") | |
134 | r3.cmd_raises("ip link set lo2 master red") | |
135 | ||
136 | r1.cmd_raises("ip link set R1-eth4 master red") | |
137 | r1.cmd_raises("ip link set R1-eth5 master red") | |
138 | r2.cmd_raises("ip link set R2-eth4 master red") | |
139 | r2.cmd_raises("ip link set R2-eth5 master red") | |
140 | r3.cmd_raises("ip link set R3-eth4 master red") | |
141 | r3.cmd_raises("ip link set R3-eth5 master red") | |
142 | ||
143 | r1.cmd_raises("ip link set up dev R1-eth4") | |
144 | r1.cmd_raises("ip link set up dev R1-eth5") | |
145 | r2.cmd_raises("ip link set up dev R2-eth4") | |
146 | r2.cmd_raises("ip link set up dev R2-eth5") | |
147 | r3.cmd_raises("ip link set up dev R3-eth4") | |
148 | r3.cmd_raises("ip link set up dev R3-eth5") | |
318c1fa3 | 149 | |
f3095914 DS |
150 | r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") |
151 | r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
152 | r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
153 | ||
318c1fa3 PR |
154 | # This is a sample of configuration loading. |
155 | router_list = tgen.routers() | |
156 | ||
b515c81a | 157 | # For all registered routers, load the zebra configuration file |
e5f0ed14 | 158 | for rname, router in router_list.items(): |
02547745 CH |
159 | router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf") |
160 | router.load_config(TopoRouter.RD_OSPF) | |
161 | router.load_config(TopoRouter.RD_BGP) | |
318c1fa3 | 162 | |
02547745 | 163 | # After copying the configurations, this function loads configured daemons. |
318c1fa3 PR |
164 | tgen.start_router() |
165 | ||
02547745 CH |
166 | # Save the initial router config. reset_config_on_routers will return to this config. |
167 | save_initial_config_on_routers(tgen) | |
b6689447 | 168 | |
318c1fa3 PR |
169 | |
170 | def teardown_module(mod): | |
171 | "Teardown the pytest environment" | |
172 | tgen = get_topogen() | |
173 | ||
174 | # This function tears down the whole topology. | |
175 | tgen.stop_topology() | |
176 | ||
177 | ||
b6689447 | 178 | def test_prefix_peer_change_passwords(tgen): |
318c1fa3 PR |
179 | "selecively change passwords checkig state with prefix config" |
180 | ||
181 | # only supported in kernel > 5.3 | |
182 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
183 | return | |
b32454e1 | 184 | |
02547745 | 185 | reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf") |
318c1fa3 | 186 | check_vrf_peer_change_passwords(prefix="yes") |
318c1fa3 PR |
187 | |
188 | ||
b6689447 | 189 | def test_vrf_peer_established(tgen): |
318c1fa3 PR |
190 | "default vrf 3 peers same password with VRF config" |
191 | ||
192 | # clean routers and load vrf config | |
02547745 | 193 | reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf") |
318c1fa3 | 194 | check_all_peers_established("blue") |
318c1fa3 PR |
195 | |
196 | ||
b6689447 | 197 | def test_vrf_peer_remove_passwords(tgen): |
318c1fa3 PR |
198 | "selectively remove passwords checking state with VRF config" |
199 | ||
02547745 | 200 | reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf") |
318c1fa3 | 201 | check_vrf_peer_remove_passwords(vrf="blue") |
318c1fa3 PR |
202 | |
203 | ||
b6689447 | 204 | def test_vrf_peer_change_passwords(tgen): |
318c1fa3 PR |
205 | "selectively change passwords checking state with VRF config" |
206 | ||
02547745 | 207 | reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf") |
318c1fa3 | 208 | check_vrf_peer_change_passwords(vrf="blue") |
318c1fa3 PR |
209 | |
210 | ||
b6689447 | 211 | def test_memory_leak(tgen): |
318c1fa3 | 212 | "Run the memory leak test and report results." |
318c1fa3 PR |
213 | if not tgen.is_memleak_enabled(): |
214 | pytest.skip("Memory leak test/report is disabled") | |
215 | ||
216 | tgen.report_memory_leaks() | |
217 | ||
218 | ||
219 | if __name__ == "__main__": | |
220 | args = ["-s"] + sys.argv[1:] | |
221 | sys.exit(pytest.main(args)) |