2 # SPDX-License-Identifier: ISC
6 # Part of NetDEF Topology Tests
8 # Copyright (c) 2020 by Volta Networks
12 test_bgp_auth.py: Test BGP Md5 Authentication
16 | +------| R1 |------+ |
22 | R2 |------------| R3 |
27 setup is 3 routers with 3 links between each each link in a different vrf
28 Default, blue and red respectively
29 Tests check various fiddling with passwords and checking that the peer
30 establishment is as expected and passwords are not leaked across sockets
33 # pylint: disable=C0413
39 from time
import sleep
42 from lib
import common_config
, topotest
43 from lib
.common_config
import (
44 save_initial_config_on_routers
,
45 reset_with_new_configs
,
47 from bgp_auth_common
import (
48 check_vrf_peer_change_passwords
,
49 check_all_peers_established
,
50 check_vrf_peer_remove_passwords
,
52 from lib
.topogen
import Topogen
, TopoRouter
, get_topogen
54 pytestmark
= [pytest
.mark
.bgpd
, pytest
.mark
.ospfd
]
56 CWD
= os
.path
.dirname(os
.path
.realpath(__file__
))
64 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R2"])
65 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R3"])
66 tgen
.add_link(tgen
.gears
["R2"], tgen
.gears
["R3"])
67 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R2"])
68 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R3"])
69 tgen
.add_link(tgen
.gears
["R2"], tgen
.gears
["R3"])
70 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R2"])
71 tgen
.add_link(tgen
.gears
["R1"], tgen
.gears
["R3"])
72 tgen
.add_link(tgen
.gears
["R2"], tgen
.gears
["R3"])
75 def setup_module(mod
):
76 "Sets up the pytest environment"
77 # This function initiates the topology build with Topogen...
78 tgen
= Topogen(build_topo
, mod
.__name
__)
79 # ... and here it calls Mininet initialization functions.
87 r1
.cmd_raises("ip link add blue type vrf table 1001")
88 r1
.cmd_raises("ip link set up dev blue")
89 r2
.cmd_raises("ip link add blue type vrf table 1001")
90 r2
.cmd_raises("ip link set up dev blue")
91 r3
.cmd_raises("ip link add blue type vrf table 1001")
92 r3
.cmd_raises("ip link set up dev blue")
94 r1
.cmd_raises("ip link add lo1 type dummy")
95 r1
.cmd_raises("ip link set lo1 master blue")
96 r1
.cmd_raises("ip link set up dev lo1")
97 r2
.cmd_raises("ip link add lo1 type dummy")
98 r2
.cmd_raises("ip link set up dev lo1")
99 r2
.cmd_raises("ip link set lo1 master blue")
100 r3
.cmd_raises("ip link add lo1 type dummy")
101 r3
.cmd_raises("ip link set up dev lo1")
102 r3
.cmd_raises("ip link set lo1 master blue")
104 r1
.cmd_raises("ip link set R1-eth2 master blue")
105 r1
.cmd_raises("ip link set R1-eth3 master blue")
106 r2
.cmd_raises("ip link set R2-eth2 master blue")
107 r2
.cmd_raises("ip link set R2-eth3 master blue")
108 r3
.cmd_raises("ip link set R3-eth2 master blue")
109 r3
.cmd_raises("ip link set R3-eth3 master blue")
111 r1
.cmd_raises("ip link set up dev R1-eth2")
112 r1
.cmd_raises("ip link set up dev R1-eth3")
113 r2
.cmd_raises("ip link set up dev R2-eth2")
114 r2
.cmd_raises("ip link set up dev R2-eth3")
115 r3
.cmd_raises("ip link set up dev R3-eth2")
116 r3
.cmd_raises("ip link set up dev R3-eth3")
119 r1
.cmd_raises("ip link add red type vrf table 1002")
120 r1
.cmd_raises("ip link set up dev red")
121 r2
.cmd_raises("ip link add red type vrf table 1002")
122 r2
.cmd_raises("ip link set up dev red")
123 r3
.cmd_raises("ip link add red type vrf table 1002")
124 r3
.cmd_raises("ip link set up dev red")
126 r1
.cmd_raises("ip link add lo2 type dummy")
127 r1
.cmd_raises("ip link set lo2 master red")
128 r1
.cmd_raises("ip link set up dev lo2")
129 r2
.cmd_raises("ip link add lo2 type dummy")
130 r2
.cmd_raises("ip link set up dev lo2")
131 r2
.cmd_raises("ip link set lo2 master red")
132 r3
.cmd_raises("ip link add lo2 type dummy")
133 r3
.cmd_raises("ip link set up dev lo2")
134 r3
.cmd_raises("ip link set lo2 master red")
136 r1
.cmd_raises("ip link set R1-eth4 master red")
137 r1
.cmd_raises("ip link set R1-eth5 master red")
138 r2
.cmd_raises("ip link set R2-eth4 master red")
139 r2
.cmd_raises("ip link set R2-eth5 master red")
140 r3
.cmd_raises("ip link set R3-eth4 master red")
141 r3
.cmd_raises("ip link set R3-eth5 master red")
143 r1
.cmd_raises("ip link set up dev R1-eth4")
144 r1
.cmd_raises("ip link set up dev R1-eth5")
145 r2
.cmd_raises("ip link set up dev R2-eth4")
146 r2
.cmd_raises("ip link set up dev R2-eth5")
147 r3
.cmd_raises("ip link set up dev R3-eth4")
148 r3
.cmd_raises("ip link set up dev R3-eth5")
150 r1
.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
151 r2
.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
152 r3
.cmd_raises("sysctl -w net.ipv4.tcp_l3mdev_accept=1")
154 # This is a sample of configuration loading.
155 router_list
= tgen
.routers()
157 # For all registered routers, load the zebra configuration file
158 for rname
, router
in router_list
.items():
159 router
.load_config(TopoRouter
.RD_ZEBRA
, "zebra.conf")
160 router
.load_config(TopoRouter
.RD_OSPF
)
161 router
.load_config(TopoRouter
.RD_BGP
)
163 # After copying the configurations, this function loads configured daemons.
166 # Save the initial router config. reset_config_on_routers will return to this config.
167 save_initial_config_on_routers(tgen
)
170 def teardown_module(mod
):
171 "Teardown the pytest environment"
174 # This function tears down the whole topology.
178 def test_multiple_vrf_peer_change_passwords(tgen
):
179 "selectively change passwords checking state with multiple VRFs"
181 reset_with_new_configs(tgen
, "bgpd_multi_vrf.conf", "ospfd_multi_vrf.conf")
182 check_vrf_peer_change_passwords("blue")
183 check_all_peers_established("red")
184 check_vrf_peer_change_passwords("red")
185 check_all_peers_established("blue")
188 def test_multiple_vrf_prefix_peer_established(tgen
):
189 "default vrf 3 peers same password with multilpe VRFs and prefix config"
191 # only supported in kernel > 5.3
192 if topotest
.version_cmp(platform
.release(), "5.3") < 0:
195 reset_with_new_configs(tgen
, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf")
196 check_all_peers_established("blue")
197 check_all_peers_established("red")
200 def test_multiple_vrf_prefix_peer_remove_passwords(tgen
):
201 "selectively remove passwords checking state with multiple vrfs and prefix config"
203 # only supported in kernel > 5.3
204 if topotest
.version_cmp(platform
.release(), "5.3") < 0:
207 reset_with_new_configs(tgen
, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf")
208 check_vrf_peer_remove_passwords(vrf
="blue", prefix
="yes")
209 check_all_peers_established("red")
210 check_vrf_peer_remove_passwords(vrf
="red", prefix
="yes")
211 check_all_peers_established("blue")
214 def test_multiple_vrf_prefix_peer_change_passwords(tgen
):
215 "selectively change passwords checking state with multiple vrfs and prefix config"
217 # only supported in kernel > 5.3
218 if topotest
.version_cmp(platform
.release(), "5.3") < 0:
221 reset_with_new_configs(tgen
, "bgpd_multi_vrf_prefix.conf", "ospfd_multi_vrf.conf")
222 check_vrf_peer_change_passwords(vrf
="blue", prefix
="yes")
223 check_all_peers_established("red")
224 check_vrf_peer_change_passwords(vrf
="red", prefix
="yes")
225 check_all_peers_established("blue")
228 def test_memory_leak(tgen
):
229 "Run the memory leak test and report results."
230 if not tgen
.is_memleak_enabled():
231 pytest
.skip("Memory leak test/report is disabled")
233 tgen
.report_memory_leaks()
236 if __name__
== "__main__":
237 args
= ["-s"] + sys
.argv
[1:]
238 sys
.exit(pytest
.main(args
))