xref: /openbmc/openbmc-test-automation/security/test_bmc_network_security.robot (revision 42c84ea5d0dd320e1a1d57bcba34fcb788c7788c)
1*** Settings ***
2Documentation  Network stack stress tests using "nping" tool.
3
4# This Suite has few testcases which uses nping with ICMP.
5# ICMP creates a raw socket, which requires root privilege/sudo to run tests.
6
7Resource                ../lib/resource.robot
8Resource                ../lib/bmc_redfish_resource.robot
9Resource                ../lib/ipmi_client.robot
10Resource                ../lib/bmc_network_security_utils.robot
11Resource                ../lib/protocol_setting_utils.robot
12
13Library                 OperatingSystem
14Library                 String
15Library                 ../lib/gen_robot_valid.py
16Library                 ../lib/bmc_network_utils.py
17Library                 ../lib/ipmi_utils.py
18
19Suite Setup             Suite Setup Execution
20
21Force Tags              Network_Nping
22
23*** Variables ***
24
25${delay}                1000ms
26${count}                4
27${program_name}         nping
28${iterations}           5000
29
30*** Test Cases ***
31
32Send ICMP Timestamp Request
33    [Documentation]  Send ICMP packet type 13 and check BMC drops such packets
34    [Tags]  Send_ICMP_Timestamp_Request
35
36    # Send ICMP packet type 13 to BMC and check packet loss.
37    ${packet_loss}=  Send Network Packets And Get Packet Loss
38    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_TIMESTAMP_REQUEST}
39    Should Be Equal As Numbers  ${packet_loss}  100.00
40    ...  msg=FAILURE: BMC is not dropping timestamp request messages.
41
42Send ICMP Netmask Request
43    [Documentation]  Send ICMP packet type 17 and check BMC drops such packets
44    [Tags]  Send_ICMP_Netmask_Request
45
46    # Send ICMP packet type 17 to BMC and check packet loss.
47    ${packet_loss}=  Send Network Packets And Get Packet Loss
48    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_NETMASK_REQUEST}
49    Should Be Equal As Numbers  ${packet_loss}  100.00
50    ...  msg=FAILURE: BMC is not dropping netmask request messages.
51
52Send Continuous ICMP Echo Request To BMC And Verify No Packet Loss
53    [Documentation]  Send ICMP packet type 8 continuously and check no packets are dropped from BMC
54    [Tags]  Send_Continuous_ICMP_Echo_Request_To_BMC_And_Verify_No_Packet_Loss
55
56    # Send ICMP packet type 8 to BMC and check packet loss.
57    ${packet_loss}=  Send Network Packets And Get Packet Loss
58    ...  ${OPENBMC_HOST}  ${iterations}  ${ICMP_PACKETS}
59    Should Be Equal As Numbers  ${packet_loss}  0.0
60    ...  msg=FAILURE: BMC is dropping packets.
61
62Send Network Packets Continuously To Redfish Interface
63    [Documentation]  Send network packets continuously to Redfish interface and verify stability.
64    [Tags]  Send_Network_Packets_Continuously_To_Redfish_Interface
65
66    # Send large number of packets to Redfish interface.
67    ${packet_loss}=  Send Network Packets And Get Packet Loss
68    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${REDFISH_INTERFACE}
69    Should Be Equal As Numbers  ${packet_loss}  0.0
70    ...  msg=FAILURE: BMC is dropping some packets.
71
72    # Check if Redfish bmcweb server response is functional.
73    Redfish.Login
74    Redfish.Logout
75
76
77Send Network Packets Continuously To IPMI Port
78    [Documentation]  Send network packets continuously to IPMI port and verify stability.
79    [Tags]  Send_Network_Packets_Continuously_To_IPMI_Port
80
81    # Send large number of packets to IPMI port.
82    ${packet_loss}=  Send Network Packets And Get Packet Loss
83    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${IPMI_PORT}
84    Should Be Equal As Numbers  ${packet_loss}  0.0
85    ...  msg=FAILURE: BMC is dropping some packets.
86
87    # Check if IPMI interface is functional.
88    Run IPMI Standard Command  chassis status
89
90
91Send Network Packets Continuously To SSH Port
92    [Documentation]  Send network packets continuously to SSH port and verify stability.
93    [Tags]  Send_Network_Packets_Continuously_To_SSH_Port
94
95    # Send large number of packets to SSH port.
96    ${packet_loss}=  Send Network Packets And Get Packet Loss
97    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${SSH_PORT}
98    Should Be Equal As Numbers  ${packet_loss}  0.0
99    ...  msg=FAILURE: BMC is dropping some packets.
100
101    # Check if SSH interface is functional.
102
103    SSHLibrary.Open Connection  ${OPENBMC_HOST}
104    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
105
106
107Flood Redfish Interface With Packets With Flags And Check Stability
108    [Documentation]  Send large number of packets with flags to Redfish interface
109    ... and check stability.
110    [Tags]  Flood_Redfish_Interface_With_Packets_With_Flags_And_Check_Stability
111    [Template]  Send Network Packets With Flags And Verify Stability
112
113    # Target         No. Of packets  Interface              Flags
114
115    # Flood syn packets and check BMC behavior.
116    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_PACKETS}
117
118    # Flood reset packets and check BMC behavior.
119    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${RESET_PACKETS}
120
121    # Flood fin packets and check BMC behavior.
122    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${FIN_PACKETS}
123
124    # Flood syn ack reset packets and check BMC behavior.
125    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_ACK_RESET}
126
127    # Flood packets with all flags and check BMC behavior.
128    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${ALL_FLAGS}
129
130
131Send Network Packets Continuously To SOL Port
132    [Documentation]  Send network packets continuously to SOL port and verify stability.
133    [Tags]  Send_Network_Packets_Continuously_To_SOL_Port
134    [Teardown]  Run Keywords  FFDC On Test Case Fail  AND  Close all connections
135
136    # Send large number of packets to SOL port.
137    ${packet_loss}=  Send Network Packets And Get Packet Loss
138    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${HOST_SOL_PORT}
139
140    # Check if SOL interface is functional.
141
142    SSHLibrary.Open Connection  ${OPENBMC_HOST}  port=${HOST_SOL_PORT}
143    Verify Interface Stability  ${HOST_SOL_PORT}
144    Should Be Equal As Numbers  ${packet_loss}  0.0
145    ...  msg=FAILURE: BMC is dropping some packets.
146
147
148Send Continuous TCP Connection Requests To Redfish Interface And Check Stability
149    [Documentation]  Establish large number of TCP connections to Redfish port (443)
150    ...  and check check network responses stability.
151    [Tags]  Send_Continuous_TCP_Connection_Requests_To_Redfish_Interface_And_Check_Stability
152
153    # Establish large number of TCP connections to Redfish interface.
154    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
155    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${HTTPS_PORT}
156
157    # Check if Redfish interface is functional.
158    Redfish.Login
159    Redfish.Logout
160
161    # Check if TCP connections dropped.
162    Should Be Equal As Numbers  ${connection_loss}  0.0
163    ...  msg=FAILURE: BMC is dropping some connections.
164
165
166Send Continuous TCP Connection Requests To IPMI Interface And Check Stability
167    [Documentation]  Establish large number of TCP connections to IPMI interface
168    ...  and check stability.
169    [Tags]  Send_Continuous_TCP_Connection_Requests_To_IPMI_Interface_And_Check_Stability
170
171    # Establish large number of TCP connections to IPMI interface.
172    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
173    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${IPMI_PORT}
174
175    # Check if IPMI interface is functional.
176    Verify IPMI Works  lan print
177
178    # Check if TCP/Network connections dropped.
179    Should Be Equal As Numbers  ${connection_loss}  0.0
180    ...  msg=FAILURE: BMC is dropping connections
181
182
183Send Continuous TCP Connection Requests To SSH Interface And Check Stability
184    [Documentation]  Establish large number of TCP connections to SSH interface
185    ...  and check stability.
186    [Tags]  Send_Continuous_TCP_Connection_Requests_To_SSH_Interface_And_Check_Stability
187
188    # Establish large number of TCP connections to SSH interface.
189    ${connection_loss}=  Establish TCP Connections And Get Connection Failures
190    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_CONNECTION}  ${SSH_PORT}
191
192    # Check if SSH interface is functional.
193    Verify Interface Stability  ${SSH_PORT}
194
195    # Check if TCP/Network connections dropped.
196    Should Be Equal As Numbers  ${connection_loss}  0.0
197    ...  msg=FAILURE: BMC is dropping connections
198
199
200*** Keywords ***
201
202Suite Setup Execution
203    [Documentation]  Validate the setup.
204
205    Valid Value  OPENBMC_HOST
206    Valid Program  program_name
207
208
209Verify Interface Stability
210    [Documentation]  Verify interface is up and active.
211    [Arguments]  ${port}
212
213    # Description of argument(s):
214    # port  Network port.
215
216    Run Keyword If  ${port} == ${REDFISH_INTERFACE}
217    ...  Redfish.Login
218    ...  ELSE IF  ${port} == ${SSH_PORT}
219    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
220    ...  ELSE IF  ${port} == ${IPMI_PORT}
221    ...  Run External IPMI Standard Command  lan print
222    ...  ELSE IF  ${port} == ${HOST_SOL_PORT}
223    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  port=${HOST_SOL_PORT}
224    ...  ELSE
225    ...  Redfish.Login
226
227Establish TCP Connections And Get Connection Failures
228    [Documentation]  Establish TCP connections and return nping connection responses.
229    [Arguments]  ${target_host}  ${num}=${count}  ${packet_type}=${TCP_CONNECTION}
230    ...          ${http_port}=${80}
231
232    # Description of argument(s):
233    # target_host  The host name or IP address of the target system.
234    # packet_type  The type of packets to be sent ("tcp", "udp", "icmp").
235    # http_port    Network port.
236    # num          Number of connections to be sent.
237
238    # This keyword expects host, port, type and number of connections to be sent
239    # and rate at which connectionss to be sent, should be given in command line.
240    # By default it sends 4 TCP connections at 1 connection/second.
241
242    ${cmd_buf}=  Set Variable  --delay ${delay} ${target_host} -c ${num} --${packet_type} -p ${http_port}
243    ${nping_result}=  Nping  ${cmd_buf}
244    [Return]   ${nping_result['percent_failed']}
245