def test_private_dns_mode_strict_connectivity_toggle_networks(self):
""" Verify private DNS strict mode connectivity by toggling networks
Steps:
1. Set private DNS strict mode
2. DUT is connected to mobile network
3. Verify connectivity and DNS queries going to port 853
4. Switch to wifi network
5. Verify connectivity and DNS queries going to port 853
6. Switch back to mobile network
7. Verify connectivity and DNS queries going to port 853
8. Repeat steps 1-7 for TMO, VZW and different private DNS servers
"""
for ad in self.android_devices:
self.log.info("Carrier is: %s" % get_operator_name(self.log, ad))
for dns in self.private_dns_servers:
self.log.info("Setting strict mode private dns: %s" % dns)
# set private dns mode
cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_STRICT, dns)
# verify dns over tls on mobile network
self._test_private_dns_mode(
self.dut, None, None, True, dns)
# verify dns over tls on wifi network
self._test_private_dns_mode(
self.dut, self.ipv4_ipv6_network, None, True, dns)
# verify dns over tls on mobile network
wutils.reset_wifi(self.dut)
self._test_private_dns_mode(
self.dut, None, None, True, dns)
def test_dns_over_tls_no_reset_packets(self):
""" Verify there are no TCP packets with RST flags
Steps:
1. Enable opportunistic or strict mode
2. Ping hosts and verify that there are TCP pkts with RST flags
"""
# start tcpdump on device
self._start_tcp_dump(self.dut)
# set private DNS to opportunistic mode
cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)
# connect DUT to wifi network
wutils.start_wifi_connection_scan_and_ensure_network_found(
self.dut, self.ipv4_ipv6_network[SSID])
wutils.wifi_connect(self.dut, self.ipv4_ipv6_network)
for host in self.ping_hosts:
wutils.validate_connection(self.dut, host)
# stop tcpdump on device
pcap_file = self._stop_tcp_dump(self.dut)
# check that there no RST TCP packets
self._verify_rst_packets(pcap_file)
def setup_class(self):
"""Setup devices for tests and unpack params."""
# unpack user params
req_params = ("wifi_network",
"file_size",
"download_file_ipv4",
"download_file_ipv6",
"dbs_supported_models")
self.unpack_userparams(req_params)
self.file_path = DOWNLOAD_PATH + self.download_file_ipv4.split("/")[-1]
self.file_size = float(self.file_size)
for ad in self.android_devices:
self.log.info("Operator on %s is %s" % \
(ad.serial, get_operator_name(self.log, ad)))
ad.reboot()
nutils.verify_lte_data_and_tethering_supported(ad)
nutils.set_chrome_browser_permissions(ad)
cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OFF)
try:
ad.adb.shell(instr_cmd)
except AdbError:
self.log.warn("cmd %s failed on %s" % (instr_cmd, ad.serial))
self.tcpdumps = []
self.hs_enabled = []
def test_guestgate_captive_portal_private_dns_off(self):
"""Verify captive portal network.
Steps:
1. Turn off private dns mode
2. Connect to guestgate captive portal network
3. Verify connectivity
"""
# turn off private dns
cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OFF)
# verify connection to captive portal network
self._verify_captive_portal(self.gg_captive_portal)
def test_guestgate_captive_portal_default(self):
"""Verify captive portal network.
Steps:
1. Set default private dns mode
2. Connect to guestgate captive portal network
3. Verify connectivity
"""
# set private dns to opportunistic
cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)
# verify connection to captive portal network
self._verify_captive_portal(self.gg_captive_portal)
def test_guestgate_captive_portal_private_dns_strict(self):
"""Verify captive portal network.
Steps:
1. Set strict private dns mode
2. Connect to guestgate captive portal network
3. Verify connectivity
"""
# set private dns to strict mode
cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_STRICT,
cconst.DNS_GOOGLE)
# verify connection to captive portal network
self._verify_captive_portal(self.gg_captive_portal)
def test_private_dns_mode_strict_invalid_hostnames(self):
""" Verify that invalid hostnames are not saved for strict mode
Steps:
1. Set private DNS to strict mode with invalid hostname
2. Verify that invalid hostname is not saved
"""
invalid_hostnames = ["!%@&!*", "12093478129", "9.9.9.9", "sdkfjhasdf"]
for hostname in invalid_hostnames:
cutils.set_private_dns(
self.dut, cconst.PRIVATE_DNS_MODE_STRICT, hostname)
mode = self.dut.droid.getPrivateDnsMode()
specifier = self.dut.droid.getPrivateDnsSpecifier()
asserts.assert_true(
mode == cconst.PRIVATE_DNS_MODE_STRICT and specifier != hostname,
"Able to set invalid private DNS strict mode")
def test_dns_server_link_properties_strict_mode(self):
""" Verify DNS server in the link properties when set in strict mode
Steps:
1. Set DNS server hostname in Private DNS settings (stict mode)
2. Verify that DNS server set in settings is in link properties
3. Verify for WiFi as well as LTE
"""
# start tcpdump on device
self._start_tcp_dump(self.dut)
# set private DNS to strict mode
cutils.set_private_dns(
self.dut, cconst.PRIVATE_DNS_MODE_STRICT, cconst.DNS_GOOGLE)
# connect DUT to wifi network
wutils.start_wifi_connection_scan_and_ensure_network_found(
self.dut, self.ipv4_ipv6_network[SSID])
wutils.wifi_connect(self.dut, self.ipv4_ipv6_network)
for host in self.ping_hosts:
wutils.validate_connection(self.dut, host)
# DNS server in link properties for wifi network
link_prop = self.dut.droid.connectivityGetActiveLinkProperties()
wifi_dns_servers = link_prop['PrivateDnsServerName']
self.log.info("Link prop: %s" % wifi_dns_servers)
# DUT is on LTE data
wutils.reset_wifi(self.dut)
time.sleep(1) # wait till lte network becomes active
for host in self.ping_hosts:
wutils.validate_connection(self.dut, host)
# DNS server in link properties for cell network
link_prop = self.dut.droid.connectivityGetActiveLinkProperties()
lte_dns_servers = link_prop['PrivateDnsServerName']
self.log.info("Link prop: %s" % lte_dns_servers)
# stop tcpdump on device
pcap_file = self._stop_tcp_dump(self.dut)
# Verify DNS server in link properties
asserts.assert_true(cconst.DNS_GOOGLE in wifi_dns_servers,
"Hostname not in link properties - wifi network")
asserts.assert_true(cconst.DNS_GOOGLE in lte_dns_servers,
"Hostname not in link properites - cell network")
def _test_private_dns_mode(self, ad, net, dns_mode, use_tls, hostname=None):
""" Test private DNS mode
Args:
1. ad: android device object
2. net: wifi network to connect to, LTE network if None
3. dns_mode: private DNS mode
4. use_tls: if True, the DNS packets should be encrypted
5. hostname: private DNS hostname to set to
"""
# set private dns mode
if dns_mode:
cutils.set_private_dns(self.dut, dns_mode, hostname)
# connect to wifi
if net:
wutils.start_wifi_connection_scan_and_ensure_network_found(
self.dut, net[SSID])
wutils.wifi_connect(self.dut, net)
# start tcpdump on the device
self._start_tcp_dump(self.dut)
# ping hosts should pass
for host in self.ping_hosts:
self.log.info("Pinging %s" % host)
status = wutils.validate_connection(self.dut, host)
asserts.assert_true(status, "Failed to ping host %s" % host)
self.log.info("Ping successful")
# stop tcpdump
pcap_file = self._stop_tcp_dump(self.dut)
# verify DNS queries
self._verify_dns_queries_over_tls(pcap_file, use_tls)
# reset wifi
wutils.reset_wifi(self.dut)
def test_private_dns_mode_opportunistic_connectivity_toggle_networks(self):
""" Verify private DNS opportunistic mode connectivity by toggling networks
Steps:
1. Set private DNS opportunistic mode
2. DUT is connected to mobile network
3. Verify connectivity and DNS queries going to port 853 for TMO
and port 53 for VZW
4. Switch to wifi network set with private DNS server
5. Verify connectivity and DNS queries going to port 853
6. Switch back to mobile network
7. Verify connectivity and DNS queries going to port 853 for TMO
and port 53 for VZW
8. Repeat steps 1-7 for TMO, VZW and different private DNS servers
"""
for ad in self.android_devices:
carrier = get_operator_name(self.log, ad)
self.log.info("Carrier is: %s" % carrier)
use_tls = True if carrier == "tmo" else False
for dns in self.private_dns_servers:
self.log.info("Setting opportunistic private dns mode")
# set private dns mode
cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)
# verify dns over tls on mobile network
self._test_private_dns_mode(
self.dut, None, None, use_tls, dns)
# verify dns over tls on wifi network
self._test_private_dns_mode(
self.dut, self.ipv4_ipv6_network, None, True, dns)
# verify dns over tls on mobile network
wutils.reset_wifi(self.dut)
self._test_private_dns_mode(
self.dut, None, None, use_tls, dns)
def teardown_class(self):
"""Reset devices."""
cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)
wutils.reset_wifi(self.dut)
self.dut.droid.telephonyToggleDataConnection(True)
def teardown_class(self):
for ad in self.android_devices:
cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)
