diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c index 78da7a42b5..e235a61f59 100644 --- a/bgpd/bgp_network.c +++ b/bgpd/bgp_network.c @@ -759,6 +759,9 @@ int bgp_connect(struct peer *peer) ? IPV4_MAX_BITLEN : IPV6_MAX_BITLEN; + if (!BGP_PEER_SU_UNSPEC(peer)) + bgp_md5_set(peer); + bgp_md5_set_connect(peer->fd, &peer->su, prefixlen, peer->password); } diff --git a/tests/topotests/bgp_vrf_md5_peering/__init__.py b/tests/topotests/bgp_vrf_md5_peering/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/topotests/bgp_vrf_md5_peering/exabgp.env b/tests/topotests/bgp_vrf_md5_peering/exabgp.env new file mode 100644 index 0000000000..28e642360a --- /dev/null +++ b/tests/topotests/bgp_vrf_md5_peering/exabgp.env @@ -0,0 +1,53 @@ +[exabgp.api] +encoder = text +highres = false +respawn = false +socket = '' + +[exabgp.bgp] +openwait = 60 + +[exabgp.cache] +attributes = true +nexthops = true + +[exabgp.daemon] +daemonize = true +pid = '/var/run/exabgp/exabgp.pid' +user = 'exabgp' +##daemonize = false + +[exabgp.log] +all = false +configuration = true +daemon = true +destination = '/var/log/exabgp.log' +enable = true +level = INFO +message = false +network = true +packets = false +parser = false +processes = true +reactor = true +rib = false +routes = false +short = false +timers = false + +[exabgp.pdb] +enable = false + +[exabgp.profile] +enable = false +file = '' + +[exabgp.reactor] +speed = 1.0 + +[exabgp.tcp] +acl = false +bind = '' +delay = 0 +once = false +port = 179 diff --git a/tests/topotests/bgp_vrf_md5_peering/peer1/exabgp.cfg b/tests/topotests/bgp_vrf_md5_peering/peer1/exabgp.cfg new file mode 100644 index 0000000000..3260513903 --- /dev/null +++ b/tests/topotests/bgp_vrf_md5_peering/peer1/exabgp.cfg @@ -0,0 +1,13 @@ +neighbor 10.0.0.1 { + router-id 10.0.0.2; + local-address 10.0.0.2; + local-as 65001; + peer-as 65534; + md5 test123; + + static { + route 192.168.100.1/32 { + next-hop 10.0.0.2; + } + } +} diff --git a/tests/topotests/bgp_vrf_md5_peering/r1/bgpd.conf b/tests/topotests/bgp_vrf_md5_peering/r1/bgpd.conf new file mode 100644 index 0000000000..8d8f64158f --- /dev/null +++ b/tests/topotests/bgp_vrf_md5_peering/r1/bgpd.conf @@ -0,0 +1,11 @@ +! +debug bgp neighbor +! +router bgp 65534 vrf public + bgp router-id 10.0.0.1 + no bgp ebgp-requires-policy + neighbor 10.0.0.2 remote-as external + neighbor 10.0.0.2 timers 3 10 + neighbor 10.0.0.2 timers connect 1 + neighbor 10.0.0.2 password test123 +! diff --git a/tests/topotests/bgp_vrf_md5_peering/r1/zebra.conf b/tests/topotests/bgp_vrf_md5_peering/r1/zebra.conf new file mode 100644 index 0000000000..0c183ae785 --- /dev/null +++ b/tests/topotests/bgp_vrf_md5_peering/r1/zebra.conf @@ -0,0 +1,6 @@ +! +interface r1-eth0 vrf public + ip address 10.0.0.1/24 +! +ip forwarding +! diff --git a/tests/topotests/bgp_vrf_md5_peering/test_bgp_vrf_md5_peering.py b/tests/topotests/bgp_vrf_md5_peering/test_bgp_vrf_md5_peering.py new file mode 100644 index 0000000000..eefe586d7b --- /dev/null +++ b/tests/topotests/bgp_vrf_md5_peering/test_bgp_vrf_md5_peering.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python +# SPDX-License-Identifier: ISC + +# +# Copyright (c) 2023 by +# Donatas Abraitis +# + +""" +Test if BGP MD5 basic authentication works per-VRF. +""" + +import os +import sys +import json +import pytest +import functools + +CWD = os.path.dirname(os.path.realpath(__file__)) +sys.path.append(os.path.join(CWD, "../")) + +# pylint: disable=C0413 +from lib import topotest +from lib.topogen import Topogen, TopoRouter, get_topogen + +pytestmark = [pytest.mark.bgpd] + + +def build_topo(tgen): + r1 = tgen.add_router("r1") + peer1 = tgen.add_exabgp_peer("peer1", ip="10.0.0.2", defaultRoute="via 10.0.0.1") + + switch = tgen.add_switch("s1") + switch.add_link(r1) + switch.add_link(peer1) + + +def setup_module(mod): + tgen = Topogen(build_topo, mod.__name__) + tgen.start_topology() + + r1 = tgen.gears["r1"] + r1.load_config(TopoRouter.RD_ZEBRA, os.path.join(CWD, "r1/zebra.conf")) + r1.load_config(TopoRouter.RD_BGP, os.path.join(CWD, "r1/bgpd.conf")) + r1.start() + + peer = tgen.gears["peer1"] + peer.start(os.path.join(CWD, "peer1"), os.path.join(CWD, "exabgp.env")) + + # VRF 'public' + r1.cmd_raises("ip link add public type vrf table 1001") + r1.cmd_raises("ip link set up dev public") + r1.cmd_raises("ip link set r1-eth0 master public") + + +def teardown_module(mod): + tgen = get_topogen() + tgen.stop_topology() + + +def test_bgp_vrf_md5_peering(): + tgen = get_topogen() + + if tgen.routers_have_failure(): + pytest.skip(tgen.errors) + + def _bgp_converge(): + output = json.loads( + tgen.gears["r1"].vtysh_cmd("show ip bgp vrf public neighbor 10.0.0.2 json") + ) + expected = { + "10.0.0.2": { + "bgpState": "Established", + "addressFamilyInfo": {"ipv4Unicast": {"acceptedPrefixCounter": 1}}, + } + } + return topotest.json_cmp(output, expected) + + test_func = functools.partial(_bgp_converge) + _, result = topotest.run_and_expect(test_func, None, count=30, wait=1) + + assert result is None, "Can't peer with md5 per-VRF" + + +if __name__ == "__main__": + args = ["-s"] + sys.argv[1:] + sys.exit(pytest.main(args))