xref: /openbmc/openbmc-test-automation/security/test_bmc_network_security.robot (revision 6fb70d98f2f1cb9273ba912deaa2cebe3c23ea86) 
1c8bfc366SPrashanth Katti*** Settings ***
2c8bfc366SPrashanth KattiDocumentation  Network stack stress tests using "nping" tool.
3c8bfc366SPrashanth Katti
4c1a260c2Sshrsuman123# This Suite has few testcases which uses nping with ICMP.
5c1a260c2Sshrsuman123# ICMP creates a raw socket, which requires root privilege/sudo to run tests.
6c1a260c2Sshrsuman123
7c8bfc366SPrashanth KattiResource                ../lib/resource.robot
82f80bf13SPrashanth KattiResource                ../lib/bmc_redfish_resource.robot
92f80bf13SPrashanth KattiResource                ../lib/ipmi_client.robot
101da8826cSPrashanth KattiResource                ../lib/bmc_network_security_utils.robot
11369a0dcfSGeorge KeishingResource                ../lib/protocol_setting_utils.robot
12c8bfc366SPrashanth Katti
13c8bfc366SPrashanth KattiLibrary                 OperatingSystem
14c8bfc366SPrashanth KattiLibrary                 String
15c8bfc366SPrashanth KattiLibrary                 ../lib/gen_robot_valid.py
16c8bfc366SPrashanth KattiLibrary                 ../lib/bmc_network_utils.py
172f80bf13SPrashanth KattiLibrary                 ../lib/ipmi_utils.py
18c8bfc366SPrashanth Katti
19c8bfc366SPrashanth KattiSuite Setup             Suite Setup Execution
20c8bfc366SPrashanth Katti
21*6fb70d98SMatt FischerTest Tags              BMC_Network_Security
22c8bfc366SPrashanth Katti
23c8bfc366SPrashanth Katti*** Variables ***
24c8bfc366SPrashanth Katti
25c8bfc366SPrashanth Katti${delay}                1000ms
26c8bfc366SPrashanth Katti${count}                4
27c8bfc366SPrashanth Katti${program_name}         nping
282f80bf13SPrashanth Katti${iterations}           5000
29c8bfc366SPrashanth Katti
30c8bfc366SPrashanth Katti*** Test Cases ***
31c8bfc366SPrashanth Katti
32c8bfc366SPrashanth KattiSend ICMP Timestamp Request
33c8bfc366SPrashanth Katti    [Documentation]  Send ICMP packet type 13 and check BMC drops such packets
34c8bfc366SPrashanth Katti    [Tags]  Send_ICMP_Timestamp_Request
35c8bfc366SPrashanth Katti
36c8bfc366SPrashanth Katti    # Send ICMP packet type 13 to BMC and check packet loss.
37c8bfc366SPrashanth Katti    ${packet_loss}=  Send Network Packets And Get Packet Loss
38c8bfc366SPrashanth Katti    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_TIMESTAMP_REQUEST}
39c8bfc366SPrashanth Katti    Should Be Equal As Numbers  ${packet_loss}  100.00
40c8bfc366SPrashanth Katti    ...  msg=FAILURE: BMC is not dropping timestamp request messages.
41c8bfc366SPrashanth Katti
42c8bfc366SPrashanth KattiSend ICMP Netmask Request
43c8bfc366SPrashanth Katti    [Documentation]  Send ICMP packet type 17 and check BMC drops such packets
44c8bfc366SPrashanth Katti    [Tags]  Send_ICMP_Netmask_Request
45c8bfc366SPrashanth Katti
46c8bfc366SPrashanth Katti    # Send ICMP packet type 17 to BMC and check packet loss.
47c8bfc366SPrashanth Katti    ${packet_loss}=  Send Network Packets And Get Packet Loss
48c8bfc366SPrashanth Katti    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_NETMASK_REQUEST}
49c8bfc366SPrashanth Katti    Should Be Equal As Numbers  ${packet_loss}  100.00
50c8bfc366SPrashanth Katti    ...  msg=FAILURE: BMC is not dropping netmask request messages.
51c8bfc366SPrashanth Katti
52c1a260c2Sshrsuman123Send Continuous ICMP Echo Request To BMC And Verify No Packet Loss
53c1a260c2Sshrsuman123    [Documentation]  Send ICMP packet type 8 continuously and check no packets are dropped from BMC
54c1a260c2Sshrsuman123    [Tags]  Send_Continuous_ICMP_Echo_Request_To_BMC_And_Verify_No_Packet_Loss
55c1a260c2Sshrsuman123
56c1a260c2Sshrsuman123    # Send ICMP packet type 8 to BMC and check packet loss.
57c1a260c2Sshrsuman123    ${packet_loss}=  Send Network Packets And Get Packet Loss
58c1a260c2Sshrsuman123    ...  ${OPENBMC_HOST}  ${iterations}  ${ICMP_PACKETS}
59c1a260c2Sshrsuman123    Should Be Equal As Numbers  ${packet_loss}  0.0
60c1a260c2Sshrsuman123    ...  msg=FAILURE: BMC is dropping packets.
61c1a260c2Sshrsuman123
62c8bfc366SPrashanth KattiSend Network Packets Continuously To Redfish Interface
63c8bfc366SPrashanth Katti    [Documentation]  Send network packets continuously to Redfish interface and verify stability.
64c8bfc366SPrashanth Katti    [Tags]  Send_Network_Packets_Continuously_To_Redfish_Interface
65c8bfc366SPrashanth Katti
66c8bfc366SPrashanth Katti    # Send large number of packets to Redfish interface.
67c8bfc366SPrashanth Katti    ${packet_loss}=  Send Network Packets And Get Packet Loss
682f80bf13SPrashanth Katti    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${REDFISH_INTERFACE}
69b18762b8SPrashanth Katti    Should Be Equal As Numbers  ${packet_loss}  0.0
70c8bfc366SPrashanth Katti    ...  msg=FAILURE: BMC is dropping some packets.
71c8bfc366SPrashanth Katti
7225163b83SPriya Sinha    # Check if Redfish bmcweb server response is functional.
73c8bfc366SPrashanth Katti    Redfish.Login
74c8bfc366SPrashanth Katti    Redfish.Logout
75c8bfc366SPrashanth Katti
762f80bf13SPrashanth Katti
772f80bf13SPrashanth KattiSend Network Packets Continuously To IPMI Port
782f80bf13SPrashanth Katti    [Documentation]  Send network packets continuously to IPMI port and verify stability.
792f80bf13SPrashanth Katti    [Tags]  Send_Network_Packets_Continuously_To_IPMI_Port
802f80bf13SPrashanth Katti
812f80bf13SPrashanth Katti    # Send large number of packets to IPMI port.
822f80bf13SPrashanth Katti    ${packet_loss}=  Send Network Packets And Get Packet Loss
832f80bf13SPrashanth Katti    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${IPMI_PORT}
84b18762b8SPrashanth Katti    Should Be Equal As Numbers  ${packet_loss}  0.0
852f80bf13SPrashanth Katti    ...  msg=FAILURE: BMC is dropping some packets.
862f80bf13SPrashanth Katti
872f80bf13SPrashanth Katti    # Check if IPMI interface is functional.
882f80bf13SPrashanth Katti    Run IPMI Standard Command  chassis status
892f80bf13SPrashanth Katti
902f80bf13SPrashanth Katti
912f80bf13SPrashanth KattiSend Network Packets Continuously To SSH Port
922f80bf13SPrashanth Katti    [Documentation]  Send network packets continuously to SSH port and verify stability.
932f80bf13SPrashanth Katti    [Tags]  Send_Network_Packets_Continuously_To_SSH_Port
942f80bf13SPrashanth Katti
952f80bf13SPrashanth Katti    # Send large number of packets to SSH port.
962f80bf13SPrashanth Katti    ${packet_loss}=  Send Network Packets And Get Packet Loss
972f80bf13SPrashanth Katti    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${SSH_PORT}
98b18762b8SPrashanth Katti    Should Be Equal As Numbers  ${packet_loss}  0.0
992f80bf13SPrashanth Katti    ...  msg=FAILURE: BMC is dropping some packets.
1002f80bf13SPrashanth Katti
1012f80bf13SPrashanth Katti    # Check if SSH interface is functional.
1022f80bf13SPrashanth Katti
1032f80bf13SPrashanth Katti    SSHLibrary.Open Connection  ${OPENBMC_HOST}
1042f80bf13SPrashanth Katti    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
1052f80bf13SPrashanth Katti
1062f80bf13SPrashanth Katti
107b18762b8SPrashanth KattiFlood Redfish Interface With Packets With Flags And Check Stability
108b18762b8SPrashanth Katti    [Documentation]  Send large number of packets with flags to Redfish interface
109b18762b8SPrashanth Katti    ... and check stability.
110b18762b8SPrashanth Katti    [Tags]  Flood_Redfish_Interface_With_Packets_With_Flags_And_Check_Stability
111b18762b8SPrashanth Katti    [Template]  Send Network Packets With Flags And Verify Stability
112b18762b8SPrashanth Katti
113b18762b8SPrashanth Katti    # Target         No. Of packets  Interface              Flags
114b18762b8SPrashanth Katti
115b18762b8SPrashanth Katti    # Flood syn packets and check BMC behavior.
116b18762b8SPrashanth Katti    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_PACKETS}
117b18762b8SPrashanth Katti
118b18762b8SPrashanth Katti    # Flood reset packets and check BMC behavior.
119b18762b8SPrashanth Katti    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${RESET_PACKETS}
120b18762b8SPrashanth Katti
121b18762b8SPrashanth Katti    # Flood fin packets and check BMC behavior.
122b18762b8SPrashanth Katti    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${FIN_PACKETS}
123b18762b8SPrashanth Katti
124b18762b8SPrashanth Katti    # Flood syn ack reset packets and check BMC behavior.
125b18762b8SPrashanth Katti    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_ACK_RESET}
126b18762b8SPrashanth Katti
127b18762b8SPrashanth Katti    # Flood packets with all flags and check BMC behavior.
128b18762b8SPrashanth Katti    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${ALL_FLAGS}
129b18762b8SPrashanth Katti
130b18762b8SPrashanth Katti
1311c87ae5dSMegha G NSend Network Packets Continuously To SOL Port
1321c87ae5dSMegha G N    [Documentation]  Send network packets continuously to SOL port and verify stability.
1331c87ae5dSMegha G N    [Tags]  Send_Network_Packets_Continuously_To_SOL_Port
1341c87ae5dSMegha G N    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND  Close all connections
1351c87ae5dSMegha G N
1361c87ae5dSMegha G N    # Send large number of packets to SOL port.
1371c87ae5dSMegha G N    ${packet_loss}=  Send Network Packets And Get Packet Loss
1381c87ae5dSMegha G N    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${HOST_SOL_PORT}
1391c87ae5dSMegha G N
1401c87ae5dSMegha G N    # Check if SOL interface is functional.
1411c87ae5dSMegha G N
1421c87ae5dSMegha G N    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${HOST_SOL_PORT}
1431c87ae5dSMegha G N    Verify Interface Stability  ${HOST_SOL_PORT}
1441c87ae5dSMegha G N    Should Be Equal As Numbers  ${packet_loss}  0.0
1451c87ae5dSMegha G N    ...  msg=FAILURE: BMC is dropping some packets.
1461c87ae5dSMegha G N
1471c87ae5dSMegha G N
14825163b83SPriya SinhaSend Continuous TCP Connection Requests To Redfish Interface And Check Stability
14925163b83SPriya Sinha    [Documentation]  Establish large number of TCP connections to Redfish port (443)
15025163b83SPriya Sinha    ...  and check check network responses stability.
15125163b83SPriya Sinha    [Tags]  Send_Continuous_TCP_Connection_Requests_To_Redfish_Interface_And_Check_Stability
15225163b83SPriya Sinha
15325163b83SPriya Sinha    # Establish large number of TCP connections to Redfish interface.
15425163b83SPriya Sinha    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
15525163b83SPriya Sinha    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${HTTPS_PORT}
15625163b83SPriya Sinha
15725163b83SPriya Sinha    # Check if Redfish interface is functional.
15825163b83SPriya Sinha    Redfish.Login
15925163b83SPriya Sinha    Redfish.Logout
16025163b83SPriya Sinha
16125163b83SPriya Sinha    # Check if TCP connections dropped.
16225163b83SPriya Sinha    Should Be Equal As Numbers  ${connection_loss}  0.0
16325163b83SPriya Sinha    ...  msg=FAILURE: BMC is dropping some connections.
16425163b83SPriya Sinha
16525163b83SPriya Sinha
16625163b83SPriya SinhaSend Continuous TCP Connection Requests To IPMI Interface And Check Stability
16725163b83SPriya Sinha    [Documentation]  Establish large number of TCP connections to IPMI interface
16825163b83SPriya Sinha    ...  and check stability.
16925163b83SPriya Sinha    [Tags]  Send_Continuous_TCP_Connection_Requests_To_IPMI_Interface_And_Check_Stability
17025163b83SPriya Sinha
17125163b83SPriya Sinha    # Establish large number of TCP connections to IPMI interface.
17225163b83SPriya Sinha    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
17325163b83SPriya Sinha    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${IPMI_PORT}
17425163b83SPriya Sinha
17525163b83SPriya Sinha    # Check if IPMI interface is functional.
176369a0dcfSGeorge Keishing    Verify IPMI Works  lan print
17725163b83SPriya Sinha
17825163b83SPriya Sinha    # Check if TCP/Network connections dropped.
17925163b83SPriya Sinha    Should Be Equal As Numbers  ${connection_loss}  0.0
18025163b83SPriya Sinha    ...  msg=FAILURE: BMC is dropping connections
18125163b83SPriya Sinha
1825e22debcSMegha G N
1835e22debcSMegha G NSend Continuous TCP Connection Requests To SSH Interface And Check Stability
1845e22debcSMegha G N    [Documentation]  Establish large number of TCP connections to SSH interface
1855e22debcSMegha G N    ...  and check stability.
1865e22debcSMegha G N    [Tags]  Send_Continuous_TCP_Connection_Requests_To_SSH_Interface_And_Check_Stability
1875e22debcSMegha G N
1885e22debcSMegha G N    # Establish large number of TCP connections to SSH interface.
1895e22debcSMegha G N    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
1905e22debcSMegha G N    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${SSH_PORT}
1915e22debcSMegha G N
1925e22debcSMegha G N    # Check if SSH interface is functional.
1935e22debcSMegha G N    Verify Interface Stability  ${SSH_PORT}
1945e22debcSMegha G N
1955e22debcSMegha G N    # Check if TCP/Network connections dropped.
1965e22debcSMegha G N    Should Be Equal As Numbers  ${connection_loss}  0.0
1975e22debcSMegha G N    ...  msg=FAILURE: BMC is dropping connections
1985e22debcSMegha G N
1995e22debcSMegha G N
200c8bfc366SPrashanth Katti*** Keywords ***
201c8bfc366SPrashanth Katti
202c8bfc366SPrashanth KattiSuite Setup Execution
203c8bfc366SPrashanth Katti    [Documentation]  Validate the setup.
204c8bfc366SPrashanth Katti
205c8bfc366SPrashanth Katti    Valid Value  OPENBMC_HOST
206c8bfc366SPrashanth Katti    Valid Program  program_name
207c8bfc366SPrashanth Katti
208b18762b8SPrashanth Katti
209b18762b8SPrashanth KattiVerify Interface Stability
210b18762b8SPrashanth Katti    [Documentation]  Verify interface is up and active.
211b18762b8SPrashanth Katti    [Arguments]  ${port}
212b18762b8SPrashanth Katti
213b18762b8SPrashanth Katti    # Description of argument(s):
214b18762b8SPrashanth Katti    # port  Network port.
215b18762b8SPrashanth Katti
216b18762b8SPrashanth Katti    Run Keyword If  ${port} == ${REDFISH_INTERFACE}
217b18762b8SPrashanth Katti    ...  Redfish.Login
218b18762b8SPrashanth Katti    ...  ELSE IF  ${port} == ${SSH_PORT}
219b18762b8SPrashanth Katti    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
220b18762b8SPrashanth Katti    ...  ELSE IF  ${port} == ${IPMI_PORT}
221b18762b8SPrashanth Katti    ...  Run External IPMI Standard Command  lan print
222b18762b8SPrashanth Katti    ...  ELSE IF  ${port} == ${HOST_SOL_PORT}
223b18762b8SPrashanth Katti    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  port=${HOST_SOL_PORT}
224b18762b8SPrashanth Katti    ...  ELSE
225b18762b8SPrashanth Katti    ...  Redfish.Login
22625163b83SPriya Sinha
22725163b83SPriya SinhaEstablish TCP Connections And Get Connection Failures
22825163b83SPriya Sinha    [Documentation]  Establish TCP connections and return nping connection responses.
22925163b83SPriya Sinha    [Arguments]  ${target_host}  ${num}=${count}  ${packet_type}=${TCP_CONNECTION}
230f3d47702SGeorge Keishing    ...          ${http_port}=${80}
23125163b83SPriya Sinha
23225163b83SPriya Sinha    # Description of argument(s):
233903ebe93SMegha G N    # target_host  The host name or IP address of the target system.
23425163b83SPriya Sinha    # packet_type  The type of packets to be sent ("tcp", "udp", "icmp").
23525163b83SPriya Sinha    # http_port    Network port.
23625163b83SPriya Sinha    # num          Number of connections to be sent.
23725163b83SPriya Sinha
23825163b83SPriya Sinha    # This keyword expects host, port, type and number of connections to be sent
23925163b83SPriya Sinha    # and rate at which connectionss to be sent, should be given in command line.
24025163b83SPriya Sinha    # By default it sends 4 TCP connections at 1 connection/second.
24125163b83SPriya Sinha
242903ebe93SMegha G N    ${cmd_buf}=  Set Variable  --delay ${delay} ${target_host} -c ${num} --${packet_type} -p ${http_port}
24325163b83SPriya Sinha    ${nping_result}=  Nping  ${cmd_buf}
244409df05dSGeorge Keishing    RETURN   ${nping_result['percent_failed']}
245