]>
Commit | Line | Data |
---|---|---|
318c1fa3 PR |
1 | #!/usr/bin/env python |
2 | ||
3 | # | |
4 | # test_bgp_auth.py | |
5 | # Part of NetDEF Topology Tests | |
6 | # | |
7 | # Copyright (c) 2020 by Volta Networks | |
8 | # | |
9 | # Permission to use, copy, modify, and/or distribute this software | |
10 | # for any purpose with or without fee is hereby granted, provided | |
11 | # that the above copyright notice and this permission notice appear | |
12 | # in all copies. | |
13 | # | |
14 | # THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES | |
15 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
16 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR | |
17 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY | |
18 | # DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, | |
19 | # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS | |
20 | # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE | |
21 | # OF THIS SOFTWARE. | |
22 | # | |
23 | ||
24 | """ | |
25 | test_bgp_auth.py: Test BGP Md5 Authentication | |
26 | ||
27 | +------+ | |
28 | +--------| |--------+ | |
29 | | +------| R1 |------+ | | |
30 | | | -----| |----+ | | | |
31 | | | | +------+ | | | | |
32 | | | | | | | | |
33 | +------+ +------+ | |
34 | | |------------| | | |
35 | | R2 |------------| R3 | | |
36 | | |------------| | | |
37 | +------+ +------+ | |
38 | ||
39 | ||
40 | setup is 3 routers with 3 links between each each link in a different vrf | |
41 | Default, blue and red respectively | |
42 | Tests check various fiddling with passwords and checking that the peer | |
02547745 | 43 | establishment is as expected and passwords are not leaked across sockets |
318c1fa3 PR |
44 | for bgp instances |
45 | """ | |
02547745 | 46 | # pylint: disable=C0413 |
318c1fa3 | 47 | |
318c1fa3 | 48 | import json |
02547745 | 49 | import os |
318c1fa3 | 50 | import platform |
02547745 | 51 | import sys |
318c1fa3 PR |
52 | from time import sleep |
53 | ||
02547745 CH |
54 | import pytest |
55 | from lib import common_config, topotest | |
b6689447 | 56 | from lib.common_config import ( |
02547745 CH |
57 | save_initial_config_on_routers, |
58 | reset_with_new_configs, | |
b6689447 | 59 | ) |
da72986a DS |
60 | from bgp_auth_common import ( |
61 | check_vrf_peer_change_passwords, | |
62 | check_all_peers_established, | |
63 | check_vrf_peer_remove_passwords, | |
64 | ) | |
02547745 | 65 | from lib.topogen import Topogen, TopoRouter, get_topogen |
318c1fa3 | 66 | |
3dedee4f DS |
67 | pytestmark = [pytest.mark.bgpd, pytest.mark.ospfd] |
68 | ||
02547745 | 69 | CWD = os.path.dirname(os.path.realpath(__file__)) |
318c1fa3 | 70 | |
a53c08bc | 71 | |
e82b531d | 72 | def build_topo(tgen): |
e82b531d CH |
73 | tgen.add_router("R1") |
74 | tgen.add_router("R2") | |
75 | tgen.add_router("R3") | |
76 | ||
b6689447 | 77 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 78 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 79 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 80 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 81 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 82 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
b6689447 | 83 | tgen.add_link(tgen.gears["R1"], tgen.gears["R2"]) |
b6689447 | 84 | tgen.add_link(tgen.gears["R1"], tgen.gears["R3"]) |
b6689447 | 85 | tgen.add_link(tgen.gears["R2"], tgen.gears["R3"]) |
318c1fa3 PR |
86 | |
87 | ||
88 | def setup_module(mod): | |
89 | "Sets up the pytest environment" | |
90 | # This function initiates the topology build with Topogen... | |
e82b531d | 91 | tgen = Topogen(build_topo, mod.__name__) |
318c1fa3 PR |
92 | # ... and here it calls Mininet initialization functions. |
93 | tgen.start_topology() | |
94 | ||
95 | r1 = tgen.gears["R1"] | |
96 | r2 = tgen.gears["R2"] | |
97 | r3 = tgen.gears["R3"] | |
98 | ||
99 | # blue vrf | |
b6689447 CH |
100 | r1.cmd_raises("ip link add blue type vrf table 1001") |
101 | r1.cmd_raises("ip link set up dev blue") | |
102 | r2.cmd_raises("ip link add blue type vrf table 1001") | |
103 | r2.cmd_raises("ip link set up dev blue") | |
104 | r3.cmd_raises("ip link add blue type vrf table 1001") | |
105 | r3.cmd_raises("ip link set up dev blue") | |
106 | ||
107 | r1.cmd_raises("ip link add lo1 type dummy") | |
108 | r1.cmd_raises("ip link set lo1 master blue") | |
109 | r1.cmd_raises("ip link set up dev lo1") | |
110 | r2.cmd_raises("ip link add lo1 type dummy") | |
111 | r2.cmd_raises("ip link set up dev lo1") | |
112 | r2.cmd_raises("ip link set lo1 master blue") | |
113 | r3.cmd_raises("ip link add lo1 type dummy") | |
114 | r3.cmd_raises("ip link set up dev lo1") | |
115 | r3.cmd_raises("ip link set lo1 master blue") | |
116 | ||
117 | r1.cmd_raises("ip link set R1-eth2 master blue") | |
118 | r1.cmd_raises("ip link set R1-eth3 master blue") | |
119 | r2.cmd_raises("ip link set R2-eth2 master blue") | |
120 | r2.cmd_raises("ip link set R2-eth3 master blue") | |
121 | r3.cmd_raises("ip link set R3-eth2 master blue") | |
122 | r3.cmd_raises("ip link set R3-eth3 master blue") | |
123 | ||
124 | r1.cmd_raises("ip link set up dev R1-eth2") | |
125 | r1.cmd_raises("ip link set up dev R1-eth3") | |
126 | r2.cmd_raises("ip link set up dev R2-eth2") | |
127 | r2.cmd_raises("ip link set up dev R2-eth3") | |
128 | r3.cmd_raises("ip link set up dev R3-eth2") | |
129 | r3.cmd_raises("ip link set up dev R3-eth3") | |
318c1fa3 PR |
130 | |
131 | # red vrf | |
b6689447 CH |
132 | r1.cmd_raises("ip link add red type vrf table 1002") |
133 | r1.cmd_raises("ip link set up dev red") | |
134 | r2.cmd_raises("ip link add red type vrf table 1002") | |
135 | r2.cmd_raises("ip link set up dev red") | |
136 | r3.cmd_raises("ip link add red type vrf table 1002") | |
137 | r3.cmd_raises("ip link set up dev red") | |
138 | ||
139 | r1.cmd_raises("ip link add lo2 type dummy") | |
140 | r1.cmd_raises("ip link set lo2 master red") | |
141 | r1.cmd_raises("ip link set up dev lo2") | |
142 | r2.cmd_raises("ip link add lo2 type dummy") | |
143 | r2.cmd_raises("ip link set up dev lo2") | |
144 | r2.cmd_raises("ip link set lo2 master red") | |
145 | r3.cmd_raises("ip link add lo2 type dummy") | |
146 | r3.cmd_raises("ip link set up dev lo2") | |
147 | r3.cmd_raises("ip link set lo2 master red") | |
148 | ||
149 | r1.cmd_raises("ip link set R1-eth4 master red") | |
150 | r1.cmd_raises("ip link set R1-eth5 master red") | |
151 | r2.cmd_raises("ip link set R2-eth4 master red") | |
152 | r2.cmd_raises("ip link set R2-eth5 master red") | |
153 | r3.cmd_raises("ip link set R3-eth4 master red") | |
154 | r3.cmd_raises("ip link set R3-eth5 master red") | |
155 | ||
156 | r1.cmd_raises("ip link set up dev R1-eth4") | |
157 | r1.cmd_raises("ip link set up dev R1-eth5") | |
158 | r2.cmd_raises("ip link set up dev R2-eth4") | |
159 | r2.cmd_raises("ip link set up dev R2-eth5") | |
160 | r3.cmd_raises("ip link set up dev R3-eth4") | |
161 | r3.cmd_raises("ip link set up dev R3-eth5") | |
318c1fa3 | 162 | |
f3095914 DS |
163 | r1.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") |
164 | r2.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
165 | r3.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1") | |
166 | ||
318c1fa3 PR |
167 | # This is a sample of configuration loading. |
168 | router_list = tgen.routers() | |
169 | ||
b515c81a | 170 | # For all registered routers, load the zebra configuration file |
e5f0ed14 | 171 | for rname, router in router_list.items(): |
02547745 CH |
172 | router.load_config(TopoRouter.RD_ZEBRA, "zebra.conf") |
173 | router.load_config(TopoRouter.RD_OSPF) | |
174 | router.load_config(TopoRouter.RD_BGP) | |
318c1fa3 | 175 | |
02547745 | 176 | # After copying the configurations, this function loads configured daemons. |
318c1fa3 PR |
177 | tgen.start_router() |
178 | ||
02547745 CH |
179 | # Save the initial router config. reset_config_on_routers will return to this config. |
180 | save_initial_config_on_routers(tgen) | |
b6689447 | 181 | |
318c1fa3 PR |
182 | |
183 | def teardown_module(mod): | |
184 | "Teardown the pytest environment" | |
185 | tgen = get_topogen() | |
186 | ||
187 | # This function tears down the whole topology. | |
188 | tgen.stop_topology() | |
189 | ||
190 | ||
b6689447 | 191 | def test_multiple_vrf_peer_change_passwords(tgen): |
318c1fa3 PR |
192 | "selectively change passwords checking state with multiple VRFs" |
193 | ||
02547745 | 194 | reset_with_new_configs(tgen, "bgpd_multi_vrf.conf", "ospfd_multi_vrf.conf") |
318c1fa3 PR |
195 | check_vrf_peer_change_passwords("blue") |
196 | check_all_peers_established("red") | |
197 | check_vrf_peer_change_passwords("red") | |
198 | check_all_peers_established("blue") | |
318c1fa3 PR |
199 | |
200 | ||
b6689447 | 201 | def test_multiple_vrf_prefix_peer_established(tgen): |
318c1fa3 PR |
202 | "default vrf 3 peers same password with multilpe VRFs and prefix config" |
203 | ||
204 | # only supported in kernel > 5.3 | |
205 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
206 | return | |
207 | ||
02547745 | 208 | reset_with_new_configs(tgen, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf") |
318c1fa3 PR |
209 | check_all_peers_established("blue") |
210 | check_all_peers_established("red") | |
318c1fa3 PR |
211 | |
212 | ||
b6689447 | 213 | def test_multiple_vrf_prefix_peer_remove_passwords(tgen): |
318c1fa3 PR |
214 | "selectively remove passwords checking state with multiple vrfs and prefix config" |
215 | ||
216 | # only supported in kernel > 5.3 | |
217 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
218 | return | |
219 | ||
02547745 | 220 | reset_with_new_configs(tgen, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf") |
318c1fa3 PR |
221 | check_vrf_peer_remove_passwords(vrf="blue", prefix="yes") |
222 | check_all_peers_established("red") | |
223 | check_vrf_peer_remove_passwords(vrf="red", prefix="yes") | |
224 | check_all_peers_established("blue") | |
318c1fa3 PR |
225 | |
226 | ||
b6689447 | 227 | def test_multiple_vrf_prefix_peer_change_passwords(tgen): |
318c1fa3 PR |
228 | "selectively change passwords checking state with multiple vrfs and prefix config" |
229 | ||
230 | # only supported in kernel > 5.3 | |
231 | if topotest.version_cmp(platform.release(), "5.3") < 0: | |
318c1fa3 PR |
232 | return |
233 | ||
02547745 | 234 | reset_with_new_configs(tgen, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf") |
318c1fa3 PR |
235 | check_vrf_peer_change_passwords(vrf="blue", prefix="yes") |
236 | check_all_peers_established("red") | |
237 | check_vrf_peer_change_passwords(vrf="red", prefix="yes") | |
238 | check_all_peers_established("blue") | |
318c1fa3 PR |
239 | |
240 | ||
b6689447 | 241 | def test_memory_leak(tgen): |
318c1fa3 | 242 | "Run the memory leak test and report results." |
318c1fa3 PR |
243 | if not tgen.is_memleak_enabled(): |
244 | pytest.skip("Memory leak test/report is disabled") | |
245 | ||
246 | tgen.report_memory_leaks() | |
247 | ||
248 | ||
249 | if __name__ == "__main__": | |
250 | args = ["-s"] + sys.argv[1:] | |
251 | sys.exit(pytest.main(args)) |