1#!/bin/ksh 2# $OpenBSD: capa.sh,v 1.1 2024/04/09 09:35:57 claudio Exp $ 3 4set -e 5 6BGPD=$1 7BGPDCONFIGDIR=$2 8RDOMAIN1=$3 9RDOMAIN2=$4 10PAIR1=$5 11PAIR2=$6 12 13RDOMAINS="${RDOMAIN1} ${RDOMAIN2}" 14PAIRS="${PAIR1} ${PAIR2}" 15PAIR1IP=10.12.57.254 16PAIR2IP1=10.12.57.1 17PAIR2IP2=10.12.57.2 18PAIR2IP3=10.12.57.3 19PAIR2IP4=10.12.57.4 20PAIR2IP5=10.12.57.5 21PAIR2IP6=10.12.57.6 22PAIR2IP7=10.12.57.7 23 24error_notify() { 25 echo cleanup 26 pkill -T ${RDOMAIN1} bgpd || true 27 pkill -T ${RDOMAIN2} bgpd || true 28 sleep 1 29 ifconfig ${PAIR2} destroy || true 30 ifconfig ${PAIR1} destroy || true 31 route -qn -T ${RDOMAIN1} flush || true 32 route -qn -T ${RDOMAIN2} flush || true 33 ifconfig lo${RDOMAIN1} destroy || true 34 ifconfig lo${RDOMAIN2} destroy || true 35 if [ $1 -ne 0 ]; then 36 echo FAILED 37 exit 1 38 else 39 echo SUCCESS 40 fi 41} 42 43test_bgpd() { 44 45 local e=$1 46 local p=$2 47 48 case $p in 49 no) 50 local mpopt=none 51 local apopt=no 52 ;; 53 yes) 54 local mpopt=vpn 55 local apopt="best max 3" 56 ;; 57 enforce) 58 local mpopt="vpn enforce" 59 local apopt="best max 3 enforce" 60 ;; 61 esac 62 63 set -A CAPA "as-4byte $p" \ 64 "enhanced refresh $p" \ 65 "refresh $p" "restart $p" \ 66 "inet $mpopt" \ 67 "add-path send $apopt" \ 68 "add-path recv $p" 69 70 set -x 71 72 route -T ${RDOMAIN1} exec ${BGPD} \ 73 -v -f ${BGPDCONFIGDIR}/bgpd.capa.master.conf 74 75 for i in 1 2 3 4 5 6 7; do 76 route -T ${RDOMAIN2} exec ${BGPD} -DNUM=$i \ 77 -DCAPA="${CAPA[$(($i - 1))]}" \ 78 -DSOCK=\"/var/run/bgpd.sock.c$i\" \ 79 -v -f ${BGPDCONFIGDIR}/bgpd.capa.client.conf 80 done 81 82 sleep 1 83 route -T ${RDOMAIN1} exec bgpctl nei group TEST up 84 sleep 1 85 86 for i in 1 2 3 4 5 6 7; do 87 route -T ${RDOMAIN1} exec bgpctl show nei PEER$i | \ 88 grep "$e" 89 done 90 91 pkill -T ${RDOMAIN1} bgpd || true 92 pkill -T ${RDOMAIN2} bgpd || true 93 94 sleep 1 95} 96 97if [ "$(id -u)" -ne 0 ]; then 98 echo need root privileges >&2 99 exit 1 100fi 101 102trap 'error_notify $?' EXIT 103 104echo check if rdomains are busy 105for n in ${RDOMAINS}; do 106 if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then 107 echo routing domain ${n} is already used >&2 108 exit 1 109 fi 110done 111 112echo check if interfaces are busy 113for n in ${PAIRS}; do 114 /sbin/ifconfig "${n}" >/dev/null 2>&1 && \ 115 ( echo interface ${n} is already used >&2; exit 1 ) 116done 117 118set -x 119 120echo setup 121ifconfig ${PAIR1} rdomain ${RDOMAIN1} ${PAIR1IP}/24 up 122ifconfig ${PAIR2} rdomain ${RDOMAIN2} ${PAIR2IP1}/24 up 123ifconfig ${PAIR2} alias ${PAIR2IP2}/32 up 124ifconfig ${PAIR2} alias ${PAIR2IP3}/32 up 125ifconfig ${PAIR2} alias ${PAIR2IP4}/32 up 126ifconfig ${PAIR2} alias ${PAIR2IP5}/32 up 127ifconfig ${PAIR2} alias ${PAIR2IP6}/32 up 128ifconfig ${PAIR2} alias ${PAIR2IP7}/32 up 129ifconfig ${PAIR1} patch ${PAIR2} 130ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 131ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 132 133echo test1: no capability 134test_bgpd "Last error sent: error in OPEN message, unsupported capability" "no" 135 136echo test2: ok capability 137test_bgpd "BGP state = Established, up" "yes" 138 139echo test3: enforce capability 140test_bgpd "BGP state = Established, up" "enforce" 141