diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-10-10 14:02:48 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-10-10 14:02:48 +0000 |
| commit | a48a229970c09818982254c17f91b474464ec5e2 (patch) | |
| tree | 74e6ebbcac17a6240f62a16b59dc3f7a90be73e7 /regress | |
| parent | d331a28b2ae144c50824c5a077d5415364143609 (diff) | |
Add test for the various authentication config options.
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/usr.sbin/bgpd/config/Makefile | 4 | ||||
| -rw-r--r-- | regress/usr.sbin/bgpd/config/bgpd.conf.17.in | 70 | ||||
| -rw-r--r-- | regress/usr.sbin/bgpd/config/bgpd.conf.17.ok | 102 |
3 files changed, 174 insertions, 2 deletions
diff --git a/regress/usr.sbin/bgpd/config/Makefile b/regress/usr.sbin/bgpd/config/Makefile index 97a69be6b72..8ca4c62450a 100644 --- a/regress/usr.sbin/bgpd/config/Makefile +++ b/regress/usr.sbin/bgpd/config/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.14 2024/04/09 09:33:46 claudio Exp $ +# $OpenBSD: Makefile,v 1.15 2024/10/10 14:02:47 claudio Exp $ -BGPDTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 +BGPDTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 .for n in ${BGPDTESTS} BGPD_TARGETS+=bgpd${n} diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.17.in b/regress/usr.sbin/bgpd/config/bgpd.conf.17.in new file mode 100644 index 00000000000..6564167edba --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.17.in @@ -0,0 +1,70 @@ +# $OpenBSD: bgpd.conf.17.in,v 1.1 2024/10/10 14:02:47 claudio Exp $ +# Test various authentication statements + +AS 1 + +rtr 127.0.1.2 { + tcp md5sig password secret +} + +rtr 127.0.1.3 { + tcp md5sig key deadbeef +} + +rtr 127.0.1.4 { + ipsec ah ike +} + +rtr 127.0.1.5 { + ipsec esp ike +} + +rtr 127.0.1.6 { + ipsec ah in spi 12706 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee + ipsec ah out spi 12707 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee +} + +rtr 127.0.1.7 { + ipsec esp in spi 12742 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef + ipsec esp out spi 12743 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef +} + +neighbor 127.0.0.2 { + remote-as 2 + tcp md5sig password secret +} + +neighbor 127.0.0.3 { + remote-as 3 + tcp md5sig key deadbeef +} + +neighbor 127.0.0.4 { + remote-as 4 + local-address 127.0.0.1 + ipsec ah ike +} + +neighbor 127.0.0.5 { + remote-as 5 + local-address 127.0.0.1 + ipsec esp ike +} + +neighbor 127.0.0.6 { + remote-as 6 + local-address 127.0.0.1 + ipsec ah in spi 12706 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee + ipsec ah out spi 12707 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee +} + +neighbor 127.0.0.7 { + remote-as 7 + local-address 127.0.0.1 + ipsec esp in spi 12742 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef + ipsec esp out spi 12743 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef +} diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok b/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok new file mode 100644 index 00000000000..b5dcb6c2499 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok @@ -0,0 +1,102 @@ +AS 1 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +listen on 0.0.0.0 +listen on :: + +rtr 127.0.1.2 { + descr "127.0.1.2" + port 323 + tcp md5sig +} + +rtr 127.0.1.3 { + descr "127.0.1.3" + port 323 + tcp md5sig +} + +rtr 127.0.1.4 { + descr "127.0.1.4" + port 323 + ipsec ah ike +} + +rtr 127.0.1.5 { + descr "127.0.1.5" + port 323 + ipsec esp ike +} + +rtr 127.0.1.6 { + descr "127.0.1.6" + port 323 + ipsec ah in spi 12706 sha1 XXXXXX + ipsec ah out spi 12707 sha1 XXXXXX +} + +rtr 127.0.1.7 { + descr "127.0.1.7" + port 323 + ipsec esp in spi 12742 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 12743 sha1 XXXXXX aes XXXXXX +} + + +rde rib Adj-RIB-In no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + +neighbor 127.0.0.2 { + remote-as 2 + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.3 { + remote-as 3 + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.4 { + remote-as 4 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.5 { + remote-as 5 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec esp ike + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.6 { + remote-as 6 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec ah in spi 12706 sha1 XXXXXX + ipsec ah out spi 12707 sha1 XXXXXX + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.7 { + remote-as 7 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec esp in spi 12742 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 12743 sha1 XXXXXX aes XXXXXX + announce IPv4 unicast + announce policy no +} |