diff options
author | Sebastian Benoit <benno@cvs.openbsd.org> | 2019-02-20 22:17:15 +0000 |
---|---|---|
committer | Sebastian Benoit <benno@cvs.openbsd.org> | 2019-02-20 22:17:15 +0000 |
commit | 99ce9dd19df4fbc87a94c878fe0a7d2fde694a11 (patch) | |
tree | 28f9b7f0297c0fb9225a6645e2de6aa897507300 /regress/usr.sbin/bgpd | |
parent | 727c3ec9fdbf724e0c7b02f4d2f9b2beff91f8e1 (diff) |
Add a test that catches problems of tcp md5 signatures, like the one
fixed in bgpd/pfkey.c rev 1.54 by claudio.
Diffstat (limited to 'regress/usr.sbin/bgpd')
4 files changed, 113 insertions, 2 deletions
diff --git a/regress/usr.sbin/bgpd/integrationtests/Makefile b/regress/usr.sbin/bgpd/integrationtests/Makefile index 47e1378804b..f814b368f68 100644 --- a/regress/usr.sbin/bgpd/integrationtests/Makefile +++ b/regress/usr.sbin/bgpd/integrationtests/Makefile @@ -1,9 +1,12 @@ -# $OpenBSD: Makefile,v 1.2 2018/10/05 08:57:51 benno Exp $ +# $OpenBSD: Makefile,v 1.3 2019/02/20 22:17:14 benno Exp $ -REGRESS_TARGETS = network_statement +REGRESS_TARGETS = network_statement md5 BGPD ?= /usr/sbin/bgpd network_statement: ${SUDO} ksh -x ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 +md5: + ${SUDO} ksh -x ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 + .include <bsd.regress.mk> diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf new file mode 100644 index 00000000000..7c0b3dad91c --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain1.conf @@ -0,0 +1,12 @@ +AS 4200000001 +router-id 10.12.57.1 +fib-update no + +neighbor 10.12.57.2 { + descr "RDOMAIN2" + remote-as 4200000002 + tcp md5sig password password1 +} + +deny from any +deny to any diff --git a/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf new file mode 100644 index 00000000000..a4d0836da6c --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/bgpd.md5.rdomain2.conf @@ -0,0 +1,12 @@ +AS 4200000002 +router-id 10.12.57.2 +fib-update no + +neighbor 10.12.57.1 { + descr "RDOMAIN1" + remote-as 4200000001 + tcp md5sig password password1 +} + +deny from any +deny to any diff --git a/regress/usr.sbin/bgpd/integrationtests/md5.sh b/regress/usr.sbin/bgpd/integrationtests/md5.sh new file mode 100644 index 00000000000..f42ba684e72 --- /dev/null +++ b/regress/usr.sbin/bgpd/integrationtests/md5.sh @@ -0,0 +1,84 @@ +#!/bin/ksh +# $OpenBSD: md5.sh,v 1.1 2019/02/20 22:17:14 benno Exp $ + +set -e + +BGPD=$1 +BGPDCONFIGDIR=$2 +RDOMAIN1=$3 +RDOMAIN2=$4 +PAIR1=$5 +PAIR2=$6 + +RDOMAINS="${RDOMAIN1} ${RDOMAIN2}" +PAIRS="${PAIR1} ${PAIR2}" +PAIR1IP=10.12.57.1 +PAIR2IP=10.12.57.2 + +error_notify() { + echo cleanup + pkill -T ${RDOMAIN1} bgpd || true + pkill -T ${RDOMAIN2} bgpd || true + sleep 1 + ifconfig ${PAIR2} destroy || true + ifconfig ${PAIR1} destroy || true + route -qn -T ${RDOMAIN1} flush || true + route -qn -T ${RDOMAIN2} flush || true + ifconfig lo${RDOMAIN1} destroy || true + ifconfig lo${RDOMAIN2} destroy || true + if [ $1 -ne 0 ]; then + echo FAILED + exit 1 + else + echo SUCCESS + fi +} + +trap 'error_notify $?' EXIT + +echo check if rdomains are busy +for n in ${RDOMAINS}; do + if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then \ + echo routing domain ${n} is already used >&2; exit 1; fi +done + +echo check if interfaces are busy +for n in ${PAIRS}; do + /sbin/ifconfig "${n}" >/dev/null 2>&1 && \ + ( echo interface ${n} is already used >&2; exit 1 ) +done + +echo setup +ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/30 up +ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP}/30 up +ifconfig ${PAIR1} patch ${PAIR2} +ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 +ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 + +echo run bgpds +route -T ${RDOMAIN1} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.md5.rdomain1.conf +route -T ${RDOMAIN2} exec ${BGPD} \ + -v -f ${BGPDCONFIGDIR}/bgpd.md5.rdomain2.conf + +sleep 3 + +echo test1 +route -T ${RDOMAIN1} exec bgpctl sh sum | \ + awk '{ if ($1 ~ /^RDOMAIN2/) { f=1; print $7; + if ($7 == "0") { print "ok"; exit 0; } + else { print "no session"; exit 1; } + }} END { if (f != 1) { print "bad bgpctl output"; exit 2; }}' + +sleep 1 + +echo test2 +route -T ${RDOMAIN2} exec bgpctl sh sum | \ + awk '{ if ($1 ~ /^RDOMAIN1/) { f=1; print $7; + if ($7 == "0") { print "ok"; exit 0; } + else { print "no session"; exit 1; } + }} END { if (f != 1) { print "bad bgpctl output"; exit 2; }}' + +sleep 1 + +exit 0 |