update BGP model

Makefile

@@ -93,6 +93,7 @@ build-docker-compose:
  # BGP
  # IMPLEM="gobgp" make build-docker-ivy
  IMPLEM="bird" make build-docker-ivy
+ IMPLEM="frr" make build-docker-ivy
  # QUIC tools
  # make build-docker-visualizer
  make build-docker-ivy-standalone

data/tls-keys/picoquic_key.log

@@ -1735,3 +1735,27 @@ CLIENT_HANDSHAKE_TRAFFIC_SECRET b8262496c6fbb8a78df5af85c18cc159655179f1861e1777
 SERVER_TRAFFIC_SECRET_0 b8262496c6fbb8a78df5af85c18cc159655179f1861e17778c625df5e0c7f169 b3f0d33df273d3242d0e99ff353f1e502e0a9e7e01ed28e4eb46a468acba61dd
 CLIENT_TRAFFIC_SECRET_0 b8262496c6fbb8a78df5af85c18cc159655179f1861e17778c625df5e0c7f169 1f88c6b45cb7c9e75492ddba23dabfc2bbc618c5310569c99d429c17590af035
 CLIENT_TRAFFIC_SECRET_0 b8262496c6fbb8a78df5af85c18cc159655179f1861e17778c625df5e0c7f169 1f88c6b45cb7c9e75492ddba23dabfc2bbc618c5310569c99d429c17590af035
+SERVER_HANDSHAKE_TRAFFIC_SECRET 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 85af992cea0855895f32d5884f081126dc8c2bd8570b4bf0bfae138a43fe4ad8
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 37974823ad042ee931fab6c3c7a7bbf575e7336a649715bd1f4513264bdaa10b
+SERVER_TRAFFIC_SECRET_0 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 14d9231e7319596d62e08cf58e690d7861e2e135e2f2132ecfde4c7839097b26
+SERVER_HANDSHAKE_TRAFFIC_SECRET 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 85af992cea0855895f32d5884f081126dc8c2bd8570b4bf0bfae138a43fe4ad8
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 37974823ad042ee931fab6c3c7a7bbf575e7336a649715bd1f4513264bdaa10b
+SERVER_TRAFFIC_SECRET_0 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 14d9231e7319596d62e08cf58e690d7861e2e135e2f2132ecfde4c7839097b26
+CLIENT_TRAFFIC_SECRET_0 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 ce6e56c78154fab6417e93eb7a693238919317ad6d2e048e07bfea0eae951452
+CLIENT_TRAFFIC_SECRET_0 4a40255bd96cbacd13f6d17a6a30004acaffe9ec5f013c4c13c76fcc8abc3648 ce6e56c78154fab6417e93eb7a693238919317ad6d2e048e07bfea0eae951452
+SERVER_HANDSHAKE_TRAFFIC_SECRET ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e c6bc511e7216949368aa85f2f542ed1652a0c844bfef31933bacd15faee854d9
+CLIENT_HANDSHAKE_TRAFFIC_SECRET ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e 76378d162880a0dbc83b6c2b9313f9723177afe00ea27d9963cdf2b389ae1bdd
+SERVER_TRAFFIC_SECRET_0 ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e c58cd1704926ed2d84a44f377d05e0f782db01b2f99a7469c9126c8f28fa7dd9
+SERVER_HANDSHAKE_TRAFFIC_SECRET ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e c6bc511e7216949368aa85f2f542ed1652a0c844bfef31933bacd15faee854d9
+CLIENT_HANDSHAKE_TRAFFIC_SECRET ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e 76378d162880a0dbc83b6c2b9313f9723177afe00ea27d9963cdf2b389ae1bdd
+SERVER_TRAFFIC_SECRET_0 ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e c58cd1704926ed2d84a44f377d05e0f782db01b2f99a7469c9126c8f28fa7dd9
+CLIENT_TRAFFIC_SECRET_0 ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e 61f2ec84c01d3e84584db6cee014571ca729085ea6eed62cd0d8652caa4001ba
+CLIENT_TRAFFIC_SECRET_0 ca72297d60168ee675e30fb1ed65bed3427af509c9a7a5175a405b6c0cfb7a6e 61f2ec84c01d3e84584db6cee014571ca729085ea6eed62cd0d8652caa4001ba
+SERVER_HANDSHAKE_TRAFFIC_SECRET 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 3a98abd0d829bf843f3c30fc2a8452b00a79191e7ea296d32e9cd6f64580529d
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 1af77abe68f72055ee3f40ec7c4a74f1c5477f18e0469117e9795398b0d021e6
+SERVER_TRAFFIC_SECRET_0 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 6b5e1442dbdccdab0fdc83640588e6bbc0991e5d026a8b0d8edf5b792f5797ef
+SERVER_HANDSHAKE_TRAFFIC_SECRET 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 3a98abd0d829bf843f3c30fc2a8452b00a79191e7ea296d32e9cd6f64580529d
+CLIENT_HANDSHAKE_TRAFFIC_SECRET 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 1af77abe68f72055ee3f40ec7c4a74f1c5477f18e0469117e9795398b0d021e6
+SERVER_TRAFFIC_SECRET_0 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 6b5e1442dbdccdab0fdc83640588e6bbc0991e5d026a8b0d8edf5b792f5797ef
+CLIENT_TRAFFIC_SECRET_0 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 0f185d9e915a67f9dce28768a734bb4f085379f07c05bd9cb9d44a4f578944e7
+CLIENT_TRAFFIC_SECRET_0 5e805cc68309771b5ac210a2384d9fdbfbc3053be3deb87d170fe347c41508b1 0f185d9e915a67f9dce28768a734bb4f085379f07c05bd9cb9d44a4f578944e7

docker-compose.yml

@@ -34,7 +34,8 @@ services:
  - ${PWD}/src/QUIC-Ivy-Attacker/ivy/:/PFV/QUIC-Ivy-Attacker/ivy/
  - ${PWD}/src/QUIC-Ivy-Attacker/ivy/include/1.7:/PFV/QUIC-Ivy-Attacker/ivy/include/1.7
  networks:
- - net
+ net:
+ ipv4_address: "s"
  privileged: true
  environment:
  - ROOT_PATH=${PWD} # TODO remove eventually
@@ -81,7 +82,8 @@ services:
  - ${PWD}/src/QUIC-Ivy-Attacker/ivy/include/1.7:/PFV/QUIC-Ivy-Attacker/ivy/include/1.7
  - /tmp/.X11-unix:/tmp/.X11-unix
  networks:
- - net
+ net:
+ ipv4_address: 172.27.0.3
  privileged: true
  security_opt:
  - seccomp:unconfined
@@ -134,7 +136,8 @@ services:
  - ${PWD}/src/QUIC-Ivy-Attacker/ivy/include/1.7:/PFV/QUIC-Ivy-Attacker/ivy/include/1.7
  - /tmp/.X11-unix:/tmp/.X11-unix
  networks:
- - net
+ net:
+ ipv4_address: 172.27.0.4
  privileged: true
  security_opt:
  - seccomp:unconfined
@@ -187,7 +190,8 @@ services:
  - ${PWD}/src/QUIC-Ivy-Attacker/ivy/include/1.7:/PFV/QUIC-Ivy-Attacker/ivy/include/1.7
  - /tmp/.X11-unix:/tmp/.X11-unix
  networks:
- - net
+ net:
+ ipv4_address: 172.27.0.5
  privileged: true
  security_opt:
  - seccomp:unconfined
@@ -205,7 +209,61 @@ services:
  - /dev/dri:/dev/dri
  depends_on:
  - ivy-standalone
-
+
+ frr:
+ hostname: frr-ivy
+ container_name: frr-ivy
+ image: "frr-ivy:latest"
+ command: python3 pfv.py --update_ivy --getstats --worker --compile --docker
+ privileged: true
+ ports:
+ - "49161:80"
+ volumes:
+ - ${PWD}/src/pfv/pfv.py:/PFV/pfv.py
+ - ${PWD}/src/webapp/pfv_client.py:/PFV/webapp/pfv_client.py
+ - ${PWD}/src/pfv/res/shadow/shadow_client_test.yml:/PFV/topo.gml
+ - ${PWD}/src/pfv/res/shadow/shadow_client_test.yml:/PFV/shadow_client_test.yml
+ - ${PWD}/src/pfv/res/shadow/shadow_server_test.yml:/PFV/shadow_server_test.yml
+ - ${PWD}/src/pfv/res/shadow/shadow_client_test_template.yml:/PFV/shadow_client_test_template.yml
+ - ${PWD}/src/pfv/res/shadow/shadow_server_test_template.yml:/PFV/shadow_server_test_template.yml
+ - ${PWD}/data/tls-keys:/PFV/tls-keys
+ - ${PWD}/data/tickets:/PFV/tickets
+ - ${PWD}/data/qlogs:/PFV/qlogs
+ - ${PWD}/src/pfv/pfv_stats/:/PFV/pfv_stats/
+ - ${PWD}/src/pfv/pfv_utils/:/PFV/pfv_utils/
+ - ${PWD}/src/pfv/pfv_runner/:/PFV/pfv_runner/
+ - ${PWD}/src/pfv/pfv_tester/:/PFV/pfv_tester/
+ - ${PWD}/src/pfv/ivy_utils/:/PFV/ivy_utils/
+ - ${PWD}/src/pfv/logger/:/PFV/logger/
+ - ${PWD}/src/pfv/argument_parser/:/PFV/argument_parser/
+ - ${PWD}/src/pfv/configs/:/PFV/configs/
+ - ${PWD}/src/QUIC-Ivy-Attacker/protocol-testing/:/PFV/QUIC-Ivy-Attacker/protocol-testing/
+ - ${PWD}/src/QUIC-Ivy-Attacker/doc/examples/quic:/PFV/QUIC-Ivy-Attacker/doc/examples/quic
+ # - ${PWD}/src/QUIC-Ivy-Attacker/ivy/ivy_to_cpp.py:/PFV/QUIC-Ivy-Attacker/ivy/ivy_to_cpp.py
+ # - ${PWD}/src/QUIC-Ivy-Attacker/ivy/ivy_cpp_types.py:/PFV/QUIC-Ivy-Attacker/ivy/ivy_cpp_types.py
+ - ${PWD}/src/QUIC-Ivy-Attacker/ivy/:/PFV/QUIC-Ivy-Attacker/ivy/
+ - ${PWD}/src/QUIC-Ivy-Attacker/ivy/include/1.7:/PFV/QUIC-Ivy-Attacker/ivy/include/1.7
+ - /tmp/.X11-unix:/tmp/.X11-unix
+ networks:
+ net:
+ ipv4_address: 172.27.0.6
+ security_opt:
+ - seccomp:unconfined
+ cap_add:
+ - NET_ADMIN
+ tmpfs:
+ - /dev/shm:rw,nosuid,nodev,exec,size=1024g
+ environment:
+ - DISPLAY=${DISPLAY}
+ - XAUTHORITY=~/.Xauthority
+ - ROOT_PATH=${PWD} # TODO remove eventually
+ - MPLBACKEND='Agg'
+ restart: always
+ devices:
+ - /dev/dri:/dev/dri
+ depends_on:
+ - ivy-standalone
+
  #################################################
  # PlantUML -> useless still only png or svg -> not dynamic
  #################################################
@@ -215,7 +273,7 @@ services:
  # expose:
  # - "8080"
  # networks:
- # - net
+ # net
  # volumes:
  # - ./plantUML/fonts:/usr/share/fonts/drawio
 
@@ -224,7 +282,7 @@ services:
  # expose:
  # - "8000"
  # networks:
- # - net
+ # net
  # volumes:
  # - ./plantUML/fonts:/usr/share/fonts/drawio
 
@@ -237,7 +295,7 @@ services:
  # - plantuml-server
  # - image-export
  # networks:
- # - net
+ # net
  # volumes:
  # - ./plantUML/PostConfig.js:/usr/local/tomcat/webapps/draw/js/PostConfig.js
  # - ./plantUML/PreConfig.js:/usr/local/tomcat/webapps/draw/js/PreConfig.js
@@ -248,3 +306,8 @@ services:
 networks:
  net:
  driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: "172.27.0.0/24"
+ # - gateway: "172.27.0.1"

src/containers/Dockerfile.frr

@@ -0,0 +1,38 @@
+ARG image
+
+FROM $image:latest
+
+# add GPG key
+RUN curl -s https://deb.frrouting.org/frr/keys.gpg | tee /usr/share/keyrings/frrouting.gpg > /dev/null
+# libjson-c3 libreadline7
+RUN apt-get update && \
+ apt-get install -y libpcre3-dev apt-transport-https ca-certificates curl wget logrotate \
+ libc-ares2 vim procps gnupg2 lsb-release apt-utils \
+ libprotobuf-c-dev protobuf-c-compiler tini && rm -rf /var/lib/apt/lists/*
+
+# possible values for FRRVER: frr-6 frr-7 frr-8 frr-9 frr-stable
+# frr-stable will be the latest official stable release
+RUN FRRVER="frr-stable"; echo deb '[signed-by=/usr/share/keyrings/frrouting.gpg]' https://deb.frrouting.org/frr \
+ $(lsb_release -s -c) $FRRVER | tee -a /etc/apt/sources.list.d/frr.list
+
+# update and install FRR
+RUN apt -y update && apt install -y frr frr-pythontools
+
+
+
+# Own the config / PID files
+RUN mkdir -p /var/run/frr
+RUN chown -R frr:frr /etc/frr /var/run/frr
+
+# Simple init manager for reaping processes and forwarding signals
+# ADD src/containers/res/frr/start_tini.sh .
+ADD src/containers/res/frr/update_conf.sh .
+ADD src/containers/res/frr/start_daemon.sh .
+ADD src/containers/res/frr/stop_daemon.sh .
+# RUN bash start_tini.sh
+RUN bash update_conf.sh
+# RUN ["(", "/usr/bin/tini", "--", "bash", "start_daemon.sh", ")", "&"]
+# RUN (/usr/bin/tini -- bash start_daemon.sh) &
+# CMD ["bash update_conf.sh"]
+
+# RUN "/bin/bash -c 'source /usr/lib/frr/frrcommon.sh && /usr/lib/frr/watchfrr $(daemon_list)'"

src/containers/res/frr/start_daemon.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)

src/containers/res/frr/start_tini.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/tini --

src/containers/res/frr/stop_daemon.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+
+# # Error messages with PIDs
+# error_messages=$(/etc/init.d/frr stop 2>&1)
+
+# # Extract PIDs
+# zebra_pid=$(echo "$error_messages" | grep -oP 'zebra, pid \K\d+')
+# staticd_pid=$(echo "$error_messages" | grep -oP 'staticd, pid \K\d+')
+# bgpd_pid=$(echo "$error_messages" | grep -oP 'bgpd, pid \K\d+')
+# mgmtd_pid=$(echo "$error_messages" | grep -oP 'mgmtd, pid \K\d+')
+
+# # Function to stop FRR daemon by PID
+# stop_frr_daemon() {
+# pid=$1
+# if [ -n "$pid" ]; then
+# echo "Stopping FRR daemon with PID $pid"
+# kill -TERM $pid
+# sleep 2
+# if kill -0 $pid 2>/dev/null; then
+# echo "Forcibly stopping FRR daemon with PID $pid"
+# kill -9 $pid
+# else
+# echo "FRR daemon with PID $pid stopped gracefully"
+# fi
+# fi
+# }
+
+# # Stop FRR daemons
+# stop_frr_daemon $zebra_pid
+# stop_frr_daemon $staticd_pid
+# stop_frr_daemon $bgpd_pid
+# stop_frr_daemon $mgmtd_pid
+
+# /etc/init.d/frr start
+
+ip netns exec implem /usr/lib/frr/watchfrr.sh restart all

src/containers/res/frr/update_conf.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+
+
+cat <<EOF > /etc/frr/daemons
+# This file tells the frr package which daemons to start. 
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activating a daemon for the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+# The watchfrr, zebra and staticd daemons are always started.
+#
+bgpd=yes 
+ospfd=no 
+ospf6d=no 
+ripd=no 
+ripngd=no 
+isisd=no 
+pimd=no 
+pim6d=no 
+ldpd=no 
+nhrpd=no 
+eigrpd=no 
+babeld=no 
+sharpd=no 
+pbrd=no 
+bfdd=no 
+fabricd=no 
+vrrpd=no 
+pathd=no 
+
+#
+# If this option is set the /etc/init.d/frr script automatically loads
+# the config via "vtysh -b" when the servers are started.
+# Check /etc/pam.d/frr if you intend to use "vtysh"!
+#
+vtysh_enable=yes 
+zebra_options=" -A 127.0.0.1 -s 90000000" 
+mgmtd_options=" -A 127.0.0.1" 
+bgpd_options=" -A 127.0.0.1 -p 179" 
+ospfd_options=" -A 127.0.0.1" 
+ospf6d_options=" -A ::1" 
+ripd_options=" -A 127.0.0.1" 
+ripngd_options=" -A ::1" 
+isisd_options=" -A 127.0.0.1" 
+pimd_options=" -A 127.0.0.1" 
+pim6d_options=" -A ::1" 
+ldpd_options=" -A 127.0.0.1" 
+nhrpd_options=" -A 127.0.0.1" 
+eigrpd_options=" -A 127.0.0.1" 
+babeld_options=" -A 127.0.0.1" 
+sharpd_options=" -A 127.0.0.1" 
+pbrd_options=" -A 127.0.0.1" 
+staticd_options="-A 127.0.0.1" 
+bfdd_options=" -A 127.0.0.1" 
+fabricd_options="-A 127.0.0.1" 
+vrrpd_options=" -A 127.0.0.1" 
+pathd_options=" -A 127.0.0.1" 
+# If you want to pass a common option to all daemons, you can use the
+# "frr_global_options" variable.
+#
+#frr_global_options=""
+
+
+# The list of daemons to watch is automatically generated by the init script.
+# This variable can be used to pass options to watchfrr that will be passed
+# prior to the daemon list.
+#
+# To make watchfrr create/join the specified netns, add the the "--netns"
+# option here. It will only have an effect in /etc/frr/<somename>/daemons, and
+# you need to start FRR with "/usr/lib/frr/frrinit.sh start <somename>".
+#
+#watchfrr_options=""
+
+
+# configuration profile
+#
+#frr_profile="traditional"
+#frr_profile="datacenter"
+
+
+# This is the maximum number of FD's that will be available. Upon startup this
+# is read by the control files and ulimit is called. Uncomment and use a
+# reasonable value for your setup if you are expecting a large number of peers
+# in say BGP.
+#
+#MAX_FDS=1024
+
+# Uncomment this option if you want to run FRR as a non-root user. Note that
+# you should know what you are doing since most of the daemons need root
+# to work. This could be useful if you want to run FRR in a container
+# for instance.
+# FRR_NO_ROOT="yes"
+
+# For any daemon, you can specify a "wrap" command to start instead of starting
+# the daemon directly. This will simply be prepended to the daemon invocation.
+# These variables have the form daemon_wrap, where 'daemon' is the name of the
+# daemon (the same pattern as the daemon_options variables).
+#
+# Note that when daemons are started, they are told to daemonize with the `-d`
+# option. This has several implications. For one, the init script expects that
+# when it invokes a daemon, the invocation returns immediately. If you add a
+# wrap command here, it must comply with this expectation and daemonize as
+# well, or the init script will never return. Furthermore, because daemons are
+# themselves daemonized with -d, you must ensure that your wrapper command is
+# capable of following child processes after a fork() if you need it to do so.
+#
+# If your desired wrapper does not support daemonization, you can wrap it with
+# a utility program that daemonizes programs, such as 'daemonize'. An example
+# of this might look like:
+#
+# bgpd_wrap="/usr/bin/daemonize /usr/bin/mywrapper"
+#
+# This is particularly useful for programs which record processes but lack
+# daemonization options, such as perf and rr.
+#
+# If you wish to wrap all daemons in the same way, you may set the "all_wrap"
+# variable.
+#
+#all_wrap=""
+EOF
+
+cat /etc/frr/daemons
+