xref: /openbmc/openbmc-test-automation/security/test_bmc_network_security.robot (revision ff3879e015e38f8161b5ad019f2eee569ba992f0)
1*** Settings ***
2Documentation  Network stack stress tests using "nping" tool.
3
4Resource                ../lib/resource.robot
5Resource                ../lib/bmc_redfish_resource.robot
6Resource                ../lib/ipmi_client.robot
7
8Library                 OperatingSystem
9Library                 String
10Library                 ../lib/gen_robot_valid.py
11Library                 ../lib/bmc_network_utils.py
12Library                 ../lib/ipmi_utils.py
13
14Suite Setup             Suite Setup Execution
15
16Force Tags              Network_Nping
17
18*** Variables ***
19
20${delay}                1000ms
21${count}                4
22${program_name}         nping
23${iterations}           5000
24
25*** Test Cases ***
26
27Send ICMP Timestamp Request
28    [Documentation]  Send ICMP packet type 13 and check BMC drops such packets
29    [Tags]  Send_ICMP_Timestamp_Request
30
31    # Send ICMP packet type 13 to BMC and check packet loss.
32    ${packet_loss}=  Send Network Packets And Get Packet Loss
33    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_TIMESTAMP_REQUEST}
34    Should Be Equal As Numbers  ${packet_loss}  100.00
35    ...  msg=FAILURE: BMC is not dropping timestamp request messages.
36
37Send ICMP Netmask Request
38    [Documentation]  Send ICMP packet type 17 and check BMC drops such packets
39    [Tags]  Send_ICMP_Netmask_Request
40
41    # Send ICMP packet type 17 to BMC and check packet loss.
42    ${packet_loss}=  Send Network Packets And Get Packet Loss
43    ...  ${OPENBMC_HOST}  ${count}  ${ICMP_PACKETS}  ${NETWORK_PORT}  ${ICMP_NETMASK_REQUEST}
44    Should Be Equal As Numbers  ${packet_loss}  100.00
45    ...  msg=FAILURE: BMC is not dropping netmask request messages.
46
47Send Network Packets Continuously To Redfish Interface
48    [Documentation]  Send network packets continuously to Redfish interface and verify stability.
49    [Tags]  Send_Network_Packets_Continuously_To_Redfish_Interface
50
51    # Send large number of packets to Redfish interface.
52    ${packet_loss}=  Send Network Packets And Get Packet Loss
53    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${REDFISH_INTERFACE}
54    Should Be Equal As Numbers  ${packet_loss}  0.0
55    ...  msg=FAILURE: BMC is dropping some packets.
56
57    # Check if Redfish interface is functional.
58    Redfish.Login
59    Redfish.Logout
60
61
62Send Network Packets Continuously To IPMI Port
63    [Documentation]  Send network packets continuously to IPMI port and verify stability.
64    [Tags]  Send_Network_Packets_Continuously_To_IPMI_Port
65
66    # Send large number of packets to IPMI port.
67    ${packet_loss}=  Send Network Packets And Get Packet Loss
68    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${IPMI_PORT}
69    Should Be Equal As Numbers  ${packet_loss}  0.0
70    ...  msg=FAILURE: BMC is dropping some packets.
71
72    # Check if IPMI interface is functional.
73    Run IPMI Standard Command  chassis status
74
75
76Send Network Packets Continuously To SSH Port
77    [Documentation]  Send network packets continuously to SSH port and verify stability.
78    [Tags]  Send_Network_Packets_Continuously_To_SSH_Port
79
80    # Send large number of packets to SSH port.
81    ${packet_loss}=  Send Network Packets And Get Packet Loss
82    ...  ${OPENBMC_HOST}  ${iterations}  ${TCP_PACKETS}  ${SSH_PORT}
83    Should Be Equal As Numbers  ${packet_loss}  0.0
84    ...  msg=FAILURE: BMC is dropping some packets.
85
86    # Check if SSH interface is functional.
87
88    SSHLibrary.Open Connection  ${OPENBMC_HOST}
89    Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
90
91
92Flood Redfish Interface With Packets With Flags And Check Stability
93    [Documentation]  Send large number of packets with flags to Redfish interface
94    ... and check stability.
95    [Tags]  Flood_Redfish_Interface_With_Packets_With_Flags_And_Check_Stability
96    [Template]  Send Network Packets With Flags And Verify Stability
97
98    # Target         No. Of packets  Interface              Flags
99
100    # Flood syn packets and check BMC behavior.
101    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_PACKETS}
102
103    # Flood reset packets and check BMC behavior.
104    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${RESET_PACKETS}
105
106    # Flood fin packets and check BMC behavior.
107    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${FIN_PACKETS}
108
109    # Flood syn ack reset packets and check BMC behavior.
110    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${SYN_ACK_RESET}
111
112    # Flood packets with all flags and check BMC behavior.
113    ${OPENBMC_HOST}  ${iterations}   ${REDFISH_INTERFACE}   ${ALL_FLAGS}
114
115
116*** Keywords ***
117
118Suite Setup Execution
119    [Documentation]  Validate the setup.
120
121    Valid Value  OPENBMC_HOST
122    Valid Program  program_name
123
124Send Network Packets And Get Packet Loss
125    [Documentation]  Send TCP, UDP or ICMP packets to the target.
126    [Arguments]  ${host}  ${num}=${count}  ${packet_type}=${ICMP_PACKETS}
127    ...          ${port}=80  ${icmp_type}=${ICMP_ECHO_REQUEST}
128
129    # Description of argument(s):
130    # host         The host name or IP address of the target system.
131    # packet_type  The type of packets to be sent ("tcp, "udp", "icmp").
132    # port         Network port.
133    # icmp_type    Type of ICMP packets (e.g. 8, 13, 17, etc.).
134    # num          Number of packets to be sent.
135
136    # This keyword expects host, port, type and number of packets to be sent
137    # and rate at which packets to be sent, should be given in command line.
138    # By default it sends 4 ICMP echo request  packets at 1 packets/second.
139
140    ${cmd_suffix}=  Set Variable If  '${packet_type}' == 'icmp'
141    ...  --icmp-type ${icmp_type}
142    ...  -p ${port}
143    ${cmd_buf}=  Set Variable  --delay ${delay} ${host} -c ${num} --${packet_type} ${cmd_suffix}
144
145    ${nping_result}=  Nping  ${cmd_buf}
146    [Return]   ${nping_result['percent_lost']}
147
148
149Send Network Packets With Flags And Verify Stability
150    [Documentation]  Send TCP with flags to the target.
151    [Arguments]  ${host}  ${num}=${count}  ${port}=${REDFISH_INTERFACE}
152    ...  ${flags}=${SYN_PACKETS}
153    [Teardown]  Verify Interface Stability  ${port}
154
155    # Description of argument(s):
156    # host         The host name or IP address of the target system.
157    # packet_type  The type of packets to be sent ("tcp, "udp", "icmp").
158    # port         Network port.
159    # flags        Type of flag to be set (e.g. SYN, ACK, RST, FIN, ALL).
160    # num          Number of packets to be sent.
161
162    # This keyword expects host, port, type and number of packets to be sent
163    # and rate at which packets to be sent, should be given in command line.
164    # By default it sends 4 ICMP echo request  packets at 1 packets/second.
165
166    ${cmd_suffix}=  Catenate  -p ${port} --flags ${flags}
167    ${cmd_buf}=  Set Variable  --delay ${delay} ${host} -c ${num} --${packet_type} ${cmd_suffix}
168
169    ${nping_result}=  Nping  ${cmd_buf}
170    Log To Console  Packets lost: ${nping_result['percent_lost']}
171
172
173Verify Interface Stability
174    [Documentation]  Verify interface is up and active.
175    [Arguments]  ${port}
176
177    # Description of argument(s):
178    # port  Network port.
179
180    Run Keyword If  ${port} == ${REDFISH_INTERFACE}
181    ...  Redfish.Login
182    ...  ELSE IF  ${port} == ${SSH_PORT}
183    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}
184    ...  ELSE IF  ${port} == ${IPMI_PORT}
185    ...  Run External IPMI Standard Command lan print
186    ...  ELSE IF  ${port} == ${HOST_SOL_PORT}
187    ...  Open Connection And Log In  ${OPENBMC_USERNAME}  ${OPENBMC_PASSWORD}  port=${HOST_SOL_PORT}
188    ...  ELSE
189    ...  Redfish.Login
190