[mirror_frr.git] / tests / topotests / bgp_auth / test_bgp_auth3.py

#!/usr/bin/env python
# SPDX-License-Identifier: ISC

#
# test_bgp_auth.py
# Part of NetDEF Topology Tests
#
# Copyright (c) 2020 by Volta Networks
#

"""
test_bgp_auth.py: Test BGP Md5 Authentication

                             +------+
                    +--------|      |--------+
                    | +------|  R1  |------+ |
                    | | -----|      |----+ | |
                    | | |    +------+    | | |
                    | | |                | | |
                   +------+            +------+
                   |      |------------|      |
                   |  R2  |------------|  R3  |
                   |      |------------|      |
                   +------+            +------+


setup is 3 routers with 3 links between each each link in a different vrf
Default, blue and red respectively
Tests check various fiddling with passwords and checking that the peer
establishment is as expected and passwords are not leaked across sockets
for bgp instances
"""
# pylint: disable=C0413

import json
import os
import platform
import sys
from time import sleep

import pytest
from lib import common_config, topotest
from lib.common_config import (
    save_initial_config_on_routers,
    reset_with_new_configs,
)
from bgp_auth_common import (
    check_vrf_peer_change_passwords,
    check_all_peers_established,
    check_vrf_peer_remove_passwords,
)
from lib.topogen import Topogen, TopoRouter, get_topogen

pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd]

CWD = os.path.dirname(os.path.realpath(__file__))


def build_topo(tgen):
    tgen.add_router("R1")
    tgen.add_router("R2")
    tgen.add_router("R3")

    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
    tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
    tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])


def setup_module(mod):
    "Sets up the pytest environment"
    # This function initiates the topology build with Topogen...
    tgen = Topogen(build_topo, mod.__name__)
    # ... and here it calls Mininet initialization functions.
    tgen.start_topology()

    r1 = tgen.gears["R1"]
    r2 = tgen.gears["R2"]
    r3 = tgen.gears["R3"]

    # blue vrf
    r1.cmd_raises("ip link add blue type vrf table 1001")
    r1.cmd_raises("ip link set up dev blue")
    r2.cmd_raises("ip link add blue type vrf table 1001")
    r2.cmd_raises("ip link set up dev blue")
    r3.cmd_raises("ip link add blue type vrf table 1001")
    r3.cmd_raises("ip link set up dev blue")

    r1.cmd_raises("ip link add lo1 type dummy")
    r1.cmd_raises("ip link set lo1 master blue")
    r1.cmd_raises("ip link set up dev lo1")
    r2.cmd_raises("ip link add lo1 type dummy")
    r2.cmd_raises("ip link set up dev lo1")
    r2.cmd_raises("ip link set lo1 master blue")
    r3.cmd_raises("ip link add lo1 type dummy")
    r3.cmd_raises("ip link set up dev lo1")
    r3.cmd_raises("ip link set lo1 master blue")

    r1.cmd_raises("ip link set R1-eth2 master blue")
    r1.cmd_raises("ip link set R1-eth3 master blue")
    r2.cmd_raises("ip link set R2-eth2 master blue")
    r2.cmd_raises("ip link set R2-eth3 master blue")
    r3.cmd_raises("ip link set R3-eth2 master blue")
    r3.cmd_raises("ip link set R3-eth3 master blue")

    r1.cmd_raises("ip link set up dev  R1-eth2")
    r1.cmd_raises("ip link set up dev  R1-eth3")
    r2.cmd_raises("ip link set up dev  R2-eth2")
    r2.cmd_raises("ip link set up dev  R2-eth3")
    r3.cmd_raises("ip link set up dev  R3-eth2")
    r3.cmd_raises("ip link set up dev  R3-eth3")

    # red vrf
    r1.cmd_raises("ip link add red type vrf table 1002")
    r1.cmd_raises("ip link set up dev red")
    r2.cmd_raises("ip link add red type vrf table 1002")
    r2.cmd_raises("ip link set up dev red")
    r3.cmd_raises("ip link add red type vrf table 1002")
    r3.cmd_raises("ip link set up dev red")

    r1.cmd_raises("ip link add lo2 type dummy")
    r1.cmd_raises("ip link set lo2 master red")
    r1.cmd_raises("ip link set up dev lo2")
    r2.cmd_raises("ip link add lo2 type dummy")
    r2.cmd_raises("ip link set up dev lo2")
    r2.cmd_raises("ip link set lo2 master red")
    r3.cmd_raises("ip link add lo2 type dummy")
    r3.cmd_raises("ip link set up dev lo2")
    r3.cmd_raises("ip link set lo2 master red")

    r1.cmd_raises("ip link set R1-eth4 master red")
    r1.cmd_raises("ip link set R1-eth5 master red")
    r2.cmd_raises("ip link set R2-eth4 master red")
    r2.cmd_raises("ip link set R2-eth5 master red")
    r3.cmd_raises("ip link set R3-eth4 master red")
    r3.cmd_raises("ip link set R3-eth5 master red")

    r1.cmd_raises("ip link set up dev  R1-eth4")
    r1.cmd_raises("ip link set up dev  R1-eth5")
    r2.cmd_raises("ip link set up dev  R2-eth4")
    r2.cmd_raises("ip link set up dev  R2-eth5")
    r3.cmd_raises("ip link set up dev  R3-eth4")
    r3.cmd_raises("ip link set up dev  R3-eth5")

    r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
    r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
    r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")

    # This is a sample of configuration loading.
    router_list = tgen.routers()

    # For all registered routers, load the zebra configuration file
    for rname, router in router_list.items():
        router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf")
        router.load_config(TopoRouter.RD_OSPF)
        router.load_config(TopoRouter.RD_BGP)

    # After copying the configurations, this function loads configured daemons.
    tgen.start_router()

    # Save the initial router config. reset_config_on_routers will return to this config.
    save_initial_config_on_routers(tgen)


def teardown_module(mod):
    "Teardown the pytest environment"
    tgen = get_topogen()

    # This function tears down the whole topology.
    tgen.stop_topology()


def test_prefix_peer_change_passwords(tgen):
    "selecively change passwords checkig state with prefix config"

    # only supported in kernel > 5.3
    if topotest.version_cmp(platform.release(), "5.3") < 0:
        return

    reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
    check_vrf_peer_change_passwords(prefix="yes")


def test_vrf_peer_established(tgen):
    "default vrf 3 peers same password with VRF config"

    # clean routers and load vrf config
    reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
    check_all_peers_established("blue")


def test_vrf_peer_remove_passwords(tgen):
    "selectively remove passwords checking state with VRF config"

    reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
    check_vrf_peer_remove_passwords(vrf="blue")


def test_vrf_peer_change_passwords(tgen):
    "selectively change passwords checking state with VRF config"

    reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
    check_vrf_peer_change_passwords(vrf="blue")


def test_memory_leak(tgen):
    "Run the memory leak test and report results."
    if not tgen.is_memleak_enabled():
        pytest.skip("Memory leak test/report is disabled")

    tgen.report_memory_leaks()


if __name__ == "__main__":
    args = ["-s"] + sys.argv[1:]
    sys.exit(pytest.main(args))
Commit	Line	Data
318c1fa3	1	#!/usr/bin/env python
acddc0ed	2	# SPDX-License-Identifier: ISC
318c1fa3 PR	3
	4	#
	5	# test_bgp_auth.py
	6	# Part of NetDEF Topology Tests
	7	#
	8	# Copyright (c) 2020 by Volta Networks
	9	#
318c1fa3 PR	10
	11	"""
	12	test_bgp_auth.py: Test BGP Md5 Authentication
	13
	14	+------+
	15	+--------\| \|--------+
	16	\| +------\| R1 \|------+ \|
	17	\| \| -----\| \|----+ \| \|
	18	\| \| \| +------+ \| \| \|
	19	\| \| \| \| \| \|
	20	+------+ +------+
	21	\| \|------------\| \|
	22	\| R2 \|------------\| R3 \|
	23	\| \|------------\| \|
	24	+------+ +------+
	25
	26
	27	setup is 3 routers with 3 links between each each link in a different vrf
	28	Default, blue and red respectively
	29	Tests check various fiddling with passwords and checking that the peer
02547745	30	establishment is as expected and passwords are not leaked across sockets
318c1fa3 PR	31	for bgp instances
318c1fa3 PR	32	"""
02547745	33	# pylint: disable=C0413
318c1fa3	34
318c1fa3	35	import json
02547745	36	import os
318c1fa3	37	import platform
02547745	38	import sys
318c1fa3 PR	39	from time import sleep
318c1fa3 PR	40
02547745 CH	41	import pytest
02547745 CH	42	from lib import common_config, topotest
b6689447	43	from lib.common_config import (
02547745 CH	44	save_initial_config_on_routers,
02547745 CH	45	reset_with_new_configs,
b6689447	46	)
da72986a DS	47	from bgp_auth_common import (
	48	check_vrf_peer_change_passwords,
	49	check_all_peers_established,
	50	check_vrf_peer_remove_passwords,
	51	)
02547745	52	from lib.topogen import Topogen, TopoRouter, get_topogen
318c1fa3	53
3dedee4f DS	54	pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd]
3dedee4f DS	55
02547745	56	CWD = os.path.dirname(os.path.realpath(__file__))
318c1fa3	57
a53c08bc	58
e82b531d	59	def build_topo(tgen):
e82b531d CH	60	tgen.add_router("R1")
	61	tgen.add_router("R2")
	62	tgen.add_router("R3")
	63
b6689447	64	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	65	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	66	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
b6689447	67	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	68	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	69	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
b6689447	70	tgen.add_link(tgen.gears["R1"], tgen.gears["R2"])
b6689447	71	tgen.add_link(tgen.gears["R1"], tgen.gears["R3"])
b6689447	72	tgen.add_link(tgen.gears["R2"], tgen.gears["R3"])
318c1fa3 PR	73
	74
	75	def setup_module(mod):
	76	"Sets up the pytest environment"
	77	# This function initiates the topology build with Topogen...
e82b531d	78	tgen = Topogen(build_topo, mod.__name__)
318c1fa3 PR	79	# ... and here it calls Mininet initialization functions.
	80	tgen.start_topology()
	81
	82	r1 = tgen.gears["R1"]
	83	r2 = tgen.gears["R2"]
	84	r3 = tgen.gears["R3"]
	85
	86	# blue vrf
b6689447 CH	87	r1.cmd_raises("ip link add blue type vrf table 1001")
	88	r1.cmd_raises("ip link set up dev blue")
	89	r2.cmd_raises("ip link add blue type vrf table 1001")
	90	r2.cmd_raises("ip link set up dev blue")
	91	r3.cmd_raises("ip link add blue type vrf table 1001")
	92	r3.cmd_raises("ip link set up dev blue")
	93
	94	r1.cmd_raises("ip link add lo1 type dummy")
	95	r1.cmd_raises("ip link set lo1 master blue")
	96	r1.cmd_raises("ip link set up dev lo1")
	97	r2.cmd_raises("ip link add lo1 type dummy")
	98	r2.cmd_raises("ip link set up dev lo1")
	99	r2.cmd_raises("ip link set lo1 master blue")
	100	r3.cmd_raises("ip link add lo1 type dummy")
	101	r3.cmd_raises("ip link set up dev lo1")
	102	r3.cmd_raises("ip link set lo1 master blue")
	103
	104	r1.cmd_raises("ip link set R1-eth2 master blue")
	105	r1.cmd_raises("ip link set R1-eth3 master blue")
	106	r2.cmd_raises("ip link set R2-eth2 master blue")
	107	r2.cmd_raises("ip link set R2-eth3 master blue")
	108	r3.cmd_raises("ip link set R3-eth2 master blue")
	109	r3.cmd_raises("ip link set R3-eth3 master blue")
	110
	111	r1.cmd_raises("ip link set up dev R1-eth2")
	112	r1.cmd_raises("ip link set up dev R1-eth3")
	113	r2.cmd_raises("ip link set up dev R2-eth2")
	114	r2.cmd_raises("ip link set up dev R2-eth3")
	115	r3.cmd_raises("ip link set up dev R3-eth2")
	116	r3.cmd_raises("ip link set up dev R3-eth3")
318c1fa3 PR	117
318c1fa3 PR	118	# red vrf
b6689447 CH	119	r1.cmd_raises("ip link add red type vrf table 1002")
	120	r1.cmd_raises("ip link set up dev red")
	121	r2.cmd_raises("ip link add red type vrf table 1002")
	122	r2.cmd_raises("ip link set up dev red")
	123	r3.cmd_raises("ip link add red type vrf table 1002")
	124	r3.cmd_raises("ip link set up dev red")
	125
	126	r1.cmd_raises("ip link add lo2 type dummy")
	127	r1.cmd_raises("ip link set lo2 master red")
	128	r1.cmd_raises("ip link set up dev lo2")
	129	r2.cmd_raises("ip link add lo2 type dummy")
	130	r2.cmd_raises("ip link set up dev lo2")
	131	r2.cmd_raises("ip link set lo2 master red")
	132	r3.cmd_raises("ip link add lo2 type dummy")
	133	r3.cmd_raises("ip link set up dev lo2")
	134	r3.cmd_raises("ip link set lo2 master red")
	135
	136	r1.cmd_raises("ip link set R1-eth4 master red")
	137	r1.cmd_raises("ip link set R1-eth5 master red")
	138	r2.cmd_raises("ip link set R2-eth4 master red")
	139	r2.cmd_raises("ip link set R2-eth5 master red")
	140	r3.cmd_raises("ip link set R3-eth4 master red")
	141	r3.cmd_raises("ip link set R3-eth5 master red")
	142
	143	r1.cmd_raises("ip link set up dev R1-eth4")
	144	r1.cmd_raises("ip link set up dev R1-eth5")
	145	r2.cmd_raises("ip link set up dev R2-eth4")
	146	r2.cmd_raises("ip link set up dev R2-eth5")
	147	r3.cmd_raises("ip link set up dev R3-eth4")
	148	r3.cmd_raises("ip link set up dev R3-eth5")
318c1fa3	149
f3095914 DS	150	r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	151	r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	152	r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
	153
318c1fa3 PR	154	# This is a sample of configuration loading.
	155	router_list = tgen.routers()
	156
b515c81a	157	# For all registered routers, load the zebra configuration file
e5f0ed14	158	for rname, router in router_list.items():
02547745 CH	159	router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf")
	160	router.load_config(TopoRouter.RD_OSPF)
	161	router.load_config(TopoRouter.RD_BGP)
318c1fa3	162
02547745	163	# After copying the configurations, this function loads configured daemons.
318c1fa3 PR	164	tgen.start_router()
318c1fa3 PR	165
02547745 CH	166	# Save the initial router config. reset_config_on_routers will return to this config.
02547745 CH	167	save_initial_config_on_routers(tgen)
b6689447	168
318c1fa3 PR	169
	170	def teardown_module(mod):
	171	"Teardown the pytest environment"
	172	tgen = get_topogen()
	173
	174	# This function tears down the whole topology.
	175	tgen.stop_topology()
	176
	177
b6689447	178	def test_prefix_peer_change_passwords(tgen):
318c1fa3 PR	179	"selecively change passwords checkig state with prefix config"
	180
	181	# only supported in kernel > 5.3
	182	if topotest.version_cmp(platform.release(), "5.3") < 0:
	183	return
b32454e1	184
02547745	185	reset_with_new_configs(tgen, "bgpd_prefix.conf", "ospfd.conf")
318c1fa3	186	check_vrf_peer_change_passwords(prefix="yes")
318c1fa3 PR	187
318c1fa3 PR	188
b6689447	189	def test_vrf_peer_established(tgen):
318c1fa3 PR	190	"default vrf 3 peers same password with VRF config"
	191
	192	# clean routers and load vrf config
02547745	193	reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
318c1fa3	194	check_all_peers_established("blue")
318c1fa3 PR	195
318c1fa3 PR	196
b6689447	197	def test_vrf_peer_remove_passwords(tgen):
318c1fa3 PR	198	"selectively remove passwords checking state with VRF config"
318c1fa3 PR	199
02547745	200	reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
318c1fa3	201	check_vrf_peer_remove_passwords(vrf="blue")
318c1fa3 PR	202
318c1fa3 PR	203
b6689447	204	def test_vrf_peer_change_passwords(tgen):
318c1fa3 PR	205	"selectively change passwords checking state with VRF config"
318c1fa3 PR	206
02547745	207	reset_with_new_configs(tgen, "bgpd_vrf.conf", "ospfd_vrf.conf")
318c1fa3	208	check_vrf_peer_change_passwords(vrf="blue")
318c1fa3 PR	209
318c1fa3 PR	210
b6689447	211	def test_memory_leak(tgen):
318c1fa3	212	"Run the memory leak test and report results."
318c1fa3 PR	213	if not tgen.is_memleak_enabled():
	214	pytest.skip("Memory leak test/report is disabled")
	215
	216	tgen.report_memory_leaks()
	217
	218
	219	if __name__ == "__main__":
	220	args = ["-s"] + sys.argv[1:]
	221	sys.exit(pytest.main(args))