1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
#!/usr/bin/env python
# -*- coding: utf-8 eval: (blacken-mode 1) -*-
# SPDX-License-Identifier: ISC
#
# March 4 2024, Christian Hopps <chopps@labn.net>
#
# Copyright (c) 2024, LabN Consulting, L.L.C.
#
"""
Test static route functionality
"""
import json
import pytest
from lib.topogen import Topogen
pytestmark = [pytest.mark.ripd, pytest.mark.mgmtd]
@pytest.fixture(scope="module")
def tgen(request):
"Setup/Teardown the environment and provide tgen argument to tests"
topodef = {"s1": ("r1", "r2")}
tgen = Topogen(topodef, request.module.__name__)
tgen.start_topology()
router_list = tgen.routers()
for rname, router in router_list.items():
router.load_frr_config("frr.conf")
tgen.start_router()
yield tgen
tgen.stop_topology()
DIR_SEND = 0
DIR_ACCEPT = 1
def is_key_active(router, keychain, keyid, direction):
dstr = "send" if direction == DIR_SEND else "accept"
node = f"{dstr}-lifetime-active"
output = router.net.cmd_raises(
"vtysh -c 'show mgmt get-data "
f'/ietf-key-chain:key-chains/key-chain[name="{keychain}"]'
f'/key[key-id="{keyid}"]/{node} json'
"'"
)
jd = json.loads(output)
return jd["ietf-key-chain:key-chains"]["key-chain"][0]["key"][0][node]
def test_send_accept(tgen):
if tgen.routers_have_failure():
pytest.skip(tgen.errors)
r1 = tgen.gears["r1"]
conf = """conf t
key chain kc
key 1
key-string theSecret
cryptographic-algorithm hmac-sha-256
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert is_key_active(r1, "kc", 1, DIR_SEND)
assert is_key_active(r1, "kc", 1, DIR_ACCEPT)
conf = """conf t
key chain kc
key 1
key-string theSecret
cryptographic-algorithm hmac-sha-256
send-lifetime 00:00:00 Jan 1 2024 infinite
accept-lifetime 00:00:00 Jan 1 2024 infinite
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert is_key_active(r1, "kc", 1, DIR_SEND)
assert is_key_active(r1, "kc", 1, DIR_ACCEPT)
conf = """conf t
key chain kc
key 1
send-lifetime 00:00:00 Jan 1 2035 infinite
accept-lifetime 00:00:00 Jan 1 2035 infinite
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert not is_key_active(r1, "kc", 1, DIR_SEND)
assert not is_key_active(r1, "kc", 1, DIR_ACCEPT)
secs_in_10_years = 60 * 60 * 24 * 365 * 10
conf = f"""conf t
key chain kc
key 2
key-string theSecret
cryptographic-algorithm hmac-sha-256
send-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years}
accept-lifetime 00:00:00 Jan 1 2024 duration {secs_in_10_years}
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert is_key_active(r1, "kc", 2, DIR_SEND)
assert is_key_active(r1, "kc", 2, DIR_ACCEPT)
conf = f"""conf t
key chain kc
key 2
send-lifetime 00:00:00 Jan 1 2000 duration 10
accept-lifetime 00:00:00 Jan 1 2000 duration 10
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert not is_key_active(r1, "kc", 2, DIR_SEND)
assert not is_key_active(r1, "kc", 2, DIR_ACCEPT)
conf = """conf t
key chain kc
key 3
key-string theSecret
cryptographic-algorithm hmac-sha-256
send-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034
accept-lifetime 00:00:00 Jan 1 2024 23:59:59 Dec 31 2034
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert is_key_active(r1, "kc", 3, DIR_SEND)
assert is_key_active(r1, "kc", 3, DIR_ACCEPT)
conf = """conf t
key chain kc
key 3
send-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034
accept-lifetime 00:00:00 Dec 1 2035 23:59:59 Dec 31 2034
exit
exit
"""
r1.vtysh_multicmd(conf.split("\n"), pretty_output=True)
assert not is_key_active(r1, "kc", 3, DIR_SEND)
assert not is_key_active(r1, "kc", 3, DIR_ACCEPT)
|
