summaryrefslogtreecommitdiff
path: root/regress/usr.sbin/bgpd
diff options
context:
space:
mode:
authorSebastian Benoit <benno@cvs.openbsd.org>2019-02-20 22:17:15 +0000
committerSebastian Benoit <benno@cvs.openbsd.org>2019-02-20 22:17:15 +0000
commit99ce9dd19df4fbc87a94c878fe0a7d2fde694a11 (patch)
tree28f9b7f0297c0fb9225a6645e2de6aa897507300 /regress/usr.sbin/bgpd
parent727c3ec9fdbf724e0c7b02f4d2f9b2beff91f8e1 (diff)
Add a test that catches problems of tcp md5 signatures, like the one
fixed in bgpd/pfkey.c rev 1.54 by claudio.
Diffstat (limited to 'regress/usr.sbin/bgpd')
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/Makefile7
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf12
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf12
-rw-r--r--regress/usr.sbin/bgpd/integrationtests/md5.sh84
4 files changed, 113 insertions, 2 deletions
diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile
index 47e1378804b..f814b368f68 100644
--- a/regress/usr.sbin/bgpd/integrationtests/Makefile
+++ b/regress/usr.sbin/bgpd/integrationtests/Makefile
@@ -1,9 +1,12 @@
-# $OpenBSD: Makefile,v 1.2 2018/10/05 08:57:51 benno Exp $
+# $OpenBSD: Makefile,v 1.3 2019/02/20 22:17:14 benno Exp $
-REGRESS_TARGETS = network_statement
+REGRESS_TARGETS = network_statement md5
BGPD ?= /usr/sbin/bgpd
network_statement:
${SUDO} ksh -x ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+md5:
+ ${SUDO} ksh -x ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+
.include <bsd.regress.mk>
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf
new file mode 100644
index 00000000000..7c0b3dad91c
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf
@@ -0,0 +1,12 @@
+AS 4200000001
+router-id 10.12.57.1
+fib-update no
+
+neighbor 10.12.57.2 {
+ descr "RDOMAIN2"
+ remote-as 4200000002
+ tcp md5sig password password1
+}
+
+deny from any
+deny to any
diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf
new file mode 100644
index 00000000000..a4d0836da6c
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf
@@ -0,0 +1,12 @@
+AS 4200000002
+router-id 10.12.57.2
+fib-update no
+
+neighbor 10.12.57.1 {
+ descr "RDOMAIN1"
+ remote-as 4200000001
+ tcp md5sig password password1
+}
+
+deny from any
+deny to any
diff --git a/regress/usr.sbin/bgpd/integrationtests/md5.sh b/regress/usr.sbin/bgpd/integrationtests/md5.sh
new file mode 100644
index 00000000000..f42ba684e72
--- /dev/null
+++ b/regress/usr.sbin/bgpd/integrationtests/md5.sh
@@ -0,0 +1,84 @@
+#!/bin/ksh
+# $OpenBSD: md5.sh,v 1.1 2019/02/20 22:17:14 benno Exp $
+
+set -e
+
+BGPD=$1
+BGPDCONFIGDIR=$2
+RDOMAIN1=$3
+RDOMAIN2=$4
+PAIR1=$5
+PAIR2=$6
+
+RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
+PAIRS="${PAIR1} ${PAIR2}"
+PAIR1IP=10.12.57.1
+PAIR2IP=10.12.57.2
+
+error_notify() {
+ echo cleanup
+ pkill -T ${RDOMAIN1} bgpd || true
+ pkill -T ${RDOMAIN2} bgpd || true
+ sleep 1
+ ifconfig ${PAIR2} destroy || true
+ ifconfig ${PAIR1} destroy || true
+ route -qn -T ${RDOMAIN1} flush || true
+ route -qn -T ${RDOMAIN2} flush || true
+ ifconfig lo${RDOMAIN1} destroy || true
+ ifconfig lo${RDOMAIN2} destroy || true
+ if [ $1 -ne 0 ]; then
+ echo FAILED
+ exit 1
+ else
+ echo SUCCESS
+ fi
+}
+
+trap 'error_notify $?' EXIT
+
+echo check if rdomains are busy
+for n in ${RDOMAINS}; do
+ if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then \
+ echo routing domain ${n} is already used >&2; exit 1; fi
+done
+
+echo check if interfaces are busy
+for n in ${PAIRS}; do
+ /sbin/ifconfig "${n}" >/dev/null 2>&1 && \
+ ( echo interface ${n} is already used >&2; exit 1 )
+done
+
+echo setup
+ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/30 up
+ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/30 up
+ifconfig ${PAIR1} patch ${PAIR2}
+ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
+ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
+
+echo run bgpds
+route -T ${RDOMAIN1} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.md5.rdomain1.conf
+route -T ${RDOMAIN2} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.md5.rdomain2.conf
+
+sleep 3
+
+echo test1
+route -T ${RDOMAIN1} exec bgpctl sh sum | \
+ awk '{ if ($1 ~ /^RDOMAIN2/) { f=1; print $7;
+ if ($7 == "0") { print "ok"; exit 0; }
+ else { print "no session"; exit 1; }
+ }} END { if (f != 1) { print "bad bgpctl output"; exit 2; }}'
+
+sleep 1
+
+echo test2
+route -T ${RDOMAIN2} exec bgpctl sh sum | \
+ awk '{ if ($1 ~ /^RDOMAIN1/) { f=1; print $7;
+ if ($7 == "0") { print "ok"; exit 0; }
+ else { print "no session"; exit 1; }
+ }} END { if (f != 1) { print "bad bgpctl output"; exit 2; }}'
+
+sleep 1
+
+exit 0