From 5101d665ac9b033f6befe0f5abf54fb2aef78d69 Mon Sep 17 00:00:00 2001 From: claudio Date: Thu, 10 Oct 2024 14:02:47 +0000 Subject: [PATCH] Add test for the various authentication config options. --- regress/usr.sbin/bgpd/config/Makefile | 4 +- regress/usr.sbin/bgpd/config/bgpd.conf.17.in | 70 +++++++++++++ regress/usr.sbin/bgpd/config/bgpd.conf.17.ok | 102 +++++++++++++++++++ 3 files changed, 174 insertions(+), 2 deletions(-) create mode 100644 regress/usr.sbin/bgpd/config/bgpd.conf.17.in create mode 100644 regress/usr.sbin/bgpd/config/bgpd.conf.17.ok diff --git a/regress/usr.sbin/bgpd/config/Makefile b/regress/usr.sbin/bgpd/config/Makefile index 97a69be6b72..8ca4c62450a 100644 --- a/regress/usr.sbin/bgpd/config/Makefile +++ b/regress/usr.sbin/bgpd/config/Makefile @@ -1,6 +1,6 @@ -# $OpenBSD: Makefile,v 1.14 2024/04/09 09:33:46 claudio Exp $ +# $OpenBSD: Makefile,v 1.15 2024/10/10 14:02:47 claudio Exp $ -BGPDTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 +BGPDTESTS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 .for n in ${BGPDTESTS} BGPD_TARGETS+=bgpd${n} diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.17.in b/regress/usr.sbin/bgpd/config/bgpd.conf.17.in new file mode 100644 index 00000000000..6564167edba --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.17.in @@ -0,0 +1,70 @@ +# $OpenBSD: bgpd.conf.17.in,v 1.1 2024/10/10 14:02:47 claudio Exp $ +# Test various authentication statements + +AS 1 + +rtr 127.0.1.2 { + tcp md5sig password secret +} + +rtr 127.0.1.3 { + tcp md5sig key deadbeef +} + +rtr 127.0.1.4 { + ipsec ah ike +} + +rtr 127.0.1.5 { + ipsec esp ike +} + +rtr 127.0.1.6 { + ipsec ah in spi 12706 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee + ipsec ah out spi 12707 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee +} + +rtr 127.0.1.7 { + ipsec esp in spi 12742 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef + ipsec esp out spi 12743 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef +} + +neighbor 127.0.0.2 { + remote-as 2 + tcp md5sig password secret +} + +neighbor 127.0.0.3 { + remote-as 3 + tcp md5sig key deadbeef +} + +neighbor 127.0.0.4 { + remote-as 4 + local-address 127.0.0.1 + ipsec ah ike +} + +neighbor 127.0.0.5 { + remote-as 5 + local-address 127.0.0.1 + ipsec esp ike +} + +neighbor 127.0.0.6 { + remote-as 6 + local-address 127.0.0.1 + ipsec ah in spi 12706 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee + ipsec ah out spi 12707 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee +} + +neighbor 127.0.0.7 { + remote-as 7 + local-address 127.0.0.1 + ipsec esp in spi 12742 sha1 deadbeefdeadbeefdeadbeefdeadbeef01c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef + ipsec esp out spi 12743 sha1 deadbeefdeadbeefdeadbeefdeadbeef02c0ffee \ + aes deadbeefdeadbeefdeadbeefdeadbeef +} diff --git a/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok b/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok new file mode 100644 index 00000000000..b5dcb6c2499 --- /dev/null +++ b/regress/usr.sbin/bgpd/config/bgpd.conf.17.ok @@ -0,0 +1,102 @@ +AS 1 +router-id 127.0.0.1 +socket "/var/run/bgpd.sock.0" +listen on 0.0.0.0 +listen on :: + +rtr 127.0.1.2 { + descr "127.0.1.2" + port 323 + tcp md5sig +} + +rtr 127.0.1.3 { + descr "127.0.1.3" + port 323 + tcp md5sig +} + +rtr 127.0.1.4 { + descr "127.0.1.4" + port 323 + ipsec ah ike +} + +rtr 127.0.1.5 { + descr "127.0.1.5" + port 323 + ipsec esp ike +} + +rtr 127.0.1.6 { + descr "127.0.1.6" + port 323 + ipsec ah in spi 12706 sha1 XXXXXX + ipsec ah out spi 12707 sha1 XXXXXX +} + +rtr 127.0.1.7 { + descr "127.0.1.7" + port 323 + ipsec esp in spi 12742 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 12743 sha1 XXXXXX aes XXXXXX +} + + +rde rib Adj-RIB-In no evaluate +rde rib Loc-RIB rtable 0 fib-update yes + +neighbor 127.0.0.2 { + remote-as 2 + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.3 { + remote-as 3 + enforce neighbor-as yes + enforce local-as yes + tcp md5sig + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.4 { + remote-as 4 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec ah ike + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.5 { + remote-as 5 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec esp ike + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.6 { + remote-as 6 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec ah in spi 12706 sha1 XXXXXX + ipsec ah out spi 12707 sha1 XXXXXX + announce IPv4 unicast + announce policy no +} +neighbor 127.0.0.7 { + remote-as 7 + local-address 127.0.0.1 + enforce neighbor-as yes + enforce local-as yes + ipsec esp in spi 12742 sha1 XXXXXX aes XXXXXX + ipsec esp out spi 12743 sha1 XXXXXX aes XXXXXX + announce IPv4 unicast + announce policy no +} -- 2.20.1