xref: /openbmc/openbmc-test-automation/security/test_bmc_network_security.robot (revision 58229e4b4fcb8e62f5f7d9c539923e98ebc9bd9b)
1*** Settings ***
2Documentation  Network stack stress tests using "nping" tool.
3
4# This Suite has few testcases which uses nping with ICMP.
5# ICMP creates a raw socket, which requires root privilege/sudo to run tests.
6
7Resource                ../lib/resource.robot
8Resource                ../lib/bmc_redfish_resource.robot
9Resource                ../lib/ipmi_client.robot
10Resource                ../lib/bmc_network_security_utils.robot
11
12Library                 OperatingSystem
13Library                 String
14Library                 ../lib/gen_robot_valid.py
15Library                 ../lib/bmc_network_utils.py
16Library                 ../lib/ipmi_utils.py
17
18Suite Setup             Suite Setup Execution
19
20Force Tags              Network_Nping
21
22*** Variables ***
23
24${delay}                1000ms
25${count}                4
26${program_name}         nping
27${iterations}           5000
28
29*** Test Cases ***
30
31Send ICMP Timestamp Request
32    [Documentation]  Send ICMP packet type 13 and check BMC drops such packets
33    [Tags]  Send_ICMP_Timestamp_Request
34
35    # Send ICMP packet type 13 to BMC and check packet loss.
36    ${packet_loss}=  Send Network Packets And Get Packet Loss
37    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_TIMESTAMP_REQUEST}
38    Should Be Equal As Numbers  ${packet_loss}  100.00
39    ...  msg=FAILURE: BMC is not dropping timestamp request messages.
40
41Send ICMP Netmask Request
42    [Documentation]  Send ICMP packet type 17 and check BMC drops such packets
43    [Tags]  Send_ICMP_Netmask_Request
44
45    # Send ICMP packet type 17 to BMC and check packet loss.
46    ${packet_loss}=  Send Network Packets And Get Packet Loss
47    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_NETMASK_REQUEST}
48    Should Be Equal As Numbers  ${packet_loss}  100.00
49    ...  msg=FAILURE: BMC is not dropping netmask request messages.
50
51Send Continuous ICMP Echo Request To BMC And Verify No Packet Loss
52    [Documentation]  Send ICMP packet type 8 continuously and check no packets are dropped from BMC
53    [Tags]  Send_Continuous_ICMP_Echo_Request_To_BMC_And_Verify_No_Packet_Loss
54
55    # Send ICMP packet type 8 to BMC and check packet loss.
56    ${packet_loss}=  Send Network Packets And Get Packet Loss
57    ...  ${OPENBMC_HOST}  ${iterations}  ${ICMP_PACKETS}
58    Should Be Equal As Numbers  ${packet_loss}  0.0
59    ...  msg=FAILURE: BMC is dropping packets.
60
61Send Network Packets Continuously To Redfish Interface
62    [Documentation]  Send network packets continuously to Redfish interface and verify stability.
63    [Tags]  Send_Network_Packets_Continuously_To_Redfish_Interface
64
65    # Send large number of packets to Redfish interface.
66    ${packet_loss}=  Send Network Packets And Get Packet Loss
67    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${REDFISH_INTERFACE}
68    Should Be Equal As Numbers  ${packet_loss}  0.0
69    ...  msg=FAILURE: BMC is dropping some packets.
70
71    # Check if Redfish interface is functional.
72    Redfish.Login
73    Redfish.Logout
74
75
76Send Network Packets Continuously To IPMI Port
77    [Documentation]  Send network packets continuously to IPMI port and verify stability.
78    [Tags]  Send_Network_Packets_Continuously_To_IPMI_Port
79
80    # Send large number of packets to IPMI port.
81    ${packet_loss}=  Send Network Packets And Get Packet Loss
82    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${IPMI_PORT}
83    Should Be Equal As Numbers  ${packet_loss}  0.0
84    ...  msg=FAILURE: BMC is dropping some packets.
85
86    # Check if IPMI interface is functional.
87    Run IPMI Standard Command  chassis status
88
89
90Send Network Packets Continuously To SSH Port
91    [Documentation]  Send network packets continuously to SSH port and verify stability.
92    [Tags]  Send_Network_Packets_Continuously_To_SSH_Port
93
94    # Send large number of packets to SSH port.
95    ${packet_loss}=  Send Network Packets And Get Packet Loss
96    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${SSH_PORT}
97    Should Be Equal As Numbers  ${packet_loss}  0.0
98    ...  msg=FAILURE: BMC is dropping some packets.
99
100    # Check if SSH interface is functional.
101
102    SSHLibrary.Open Connection  ${OPENBMC_HOST}
103    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
104
105
106Flood Redfish Interface With Packets With Flags And Check Stability
107    [Documentation]  Send large number of packets with flags to Redfish interface
108    ... and check stability.
109    [Tags]  Flood_Redfish_Interface_With_Packets_With_Flags_And_Check_Stability
110    [Template]  Send Network Packets With Flags And Verify Stability
111
112    # Target         No. Of packets  Interface              Flags
113
114    # Flood syn packets and check BMC behavior.
115    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_PACKETS}
116
117    # Flood reset packets and check BMC behavior.
118    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${RESET_PACKETS}
119
120    # Flood fin packets and check BMC behavior.
121    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${FIN_PACKETS}
122
123    # Flood syn ack reset packets and check BMC behavior.
124    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_ACK_RESET}
125
126    # Flood packets with all flags and check BMC behavior.
127    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${ALL_FLAGS}
128
129
130*** Keywords ***
131
132Suite Setup Execution
133    [Documentation]  Validate the setup.
134
135    Valid Value  OPENBMC_HOST
136    Valid Program  program_name
137
138
139Verify Interface Stability
140    [Documentation]  Verify interface is up and active.
141    [Arguments]  ${port}
142
143    # Description of argument(s):
144    # port  Network port.
145
146    Run Keyword If  ${port} == ${REDFISH_INTERFACE}
147    ...  Redfish.Login
148    ...  ELSE IF  ${port} == ${SSH_PORT}
149    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
150    ...  ELSE IF  ${port} == ${IPMI_PORT}
151    ...  Run External IPMI Standard Command  lan print
152    ...  ELSE IF  ${port} == ${HOST_SOL_PORT}
153    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  port=${HOST_SOL_PORT}
154    ...  ELSE
155    ...  Redfish.Login
156