def test_hapd_ctrl_set_accept_mac_file_vlan(dev, apdev): """hostapd and SET accept_mac_file ctrl_iface command (VLAN ID)""" ssid = "hapd-ctrl" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412") hapd.send_file(filename, filename) hapd.request("SET macaddr_acl 1") if "OK" not in hapd.request("SET accept_mac_file " + filename): raise Exception("Unexpected SET failure") dev[1].wait_disconnected(timeout=15) dev[0].wait_disconnected(timeout=15) if filename.startswith('/tmp/'): os.unlink(filename)
def test_hapd_ctrl_set_deny_mac_file(dev, apdev): """hostapd and SET deny_mac_file ctrl_iface command""" ssid = "hapd-ctrl" filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr') params = {"ssid": ssid} hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412") hapd.send_file(filename, filename) if "OK" not in hapd.request("SET deny_mac_file " + filename): raise Exception("Unexpected SET failure") dev[0].wait_disconnected(timeout=15) ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], 1) if ev is not None: raise Exception("Unexpected disconnection") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_acl_deny(dev, apdev): """MAC ACL deny list""" ssid = "acl" params = {} filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr') hostapd.send_file(apdev[0], filename, filename) params['ssid'] = ssid params['deny_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", passive=True) dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412") dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected association") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_open(dev, apdev): """AP VLAN with open network""" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') hostapd.send_file(apdev[0], filename, filename) params = { "ssid": "test-vlan-open", "dynamic_vlan": "1", "accept_mac_file": filename } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity(dev[2], hapd) if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_wpa2(dev, apdev): """AP VLAN with WPA2-PSK""" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') hostapd.send_file(apdev[0], filename, filename) params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678") params['dynamic_vlan'] = "1" params['accept_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") dev[1].connect("test-vlan", psk="12345678", scan_freq="2412") dev[2].connect("test-vlan", psk="12345678", scan_freq="2412") hapd.wait_sta() hapd.wait_sta() hapd.wait_sta() hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity(dev[2], hapd) if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_reconnect(dev, apdev): """AP VLAN with WPA2-PSK connect, disconnect, connect""" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') hostapd.send_file(apdev[0], filename, filename) params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678") params['dynamic_vlan'] = "1" params['accept_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) logger.info("connect sta") dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") hapd.wait_sta() hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") logger.info("disconnect sta") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected(timeout=10) time.sleep(1) logger.info("reconnect sta") dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") hapd.wait_sta() hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_wpa2_radius_local(dev, apdev): """AP VLAN with WPA2-Enterprise and local file setting VLAN IDs""" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') hostapd.send_file(apdev[0], filename, filename) params = hostapd.wpa2_eap_params(ssid="test-vlan") params['dynamic_vlan'] = "0" params['vlan_file'] = "hostapd.vlan" params['vlan_bridge'] = "test_br_vlan" params['accept_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hapd.wait_sta() hapd.wait_sta() hapd.wait_sta() hwsim_utils.test_connectivity_iface(dev[0], hapd, "test_br_vlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "test_br_vlan2") hwsim_utils.test_connectivity(dev[2], hapd) if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_acl_accept(dev, apdev): """MAC ACL accept list""" ssid = "acl" params = {} filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr') hostapd.send_file(apdev[0], filename, filename) params['ssid'] = ssid params['accept_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412") dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412") dev[0].request("REMOVE_NETWORK all") dev[1].request("REMOVE_NETWORK all") hapd.request("SET macaddr_acl 1") dev[1].dump_monitor() dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) if ev is not None: raise Exception("Unexpected association") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_acl_mgmt(dev, apdev): """MAC ACL accept/deny management""" ssid = "acl" params = {} filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr') hostapd.send_file(apdev[0], filename, filename) params['ssid'] = ssid params['deny_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) accept = hapd.request("ACCEPT_ACL SHOW").splitlines() logger.info("accept: " + str(accept)) deny = hapd.request("DENY_ACL SHOW").splitlines() logger.info("deny: " + str(deny)) if len(accept) != 0: raise Exception("Unexpected number of accept entries") if len(deny) != 3: raise Exception("Unexpected number of deny entries") if "01:01:01:01:01:01 VLAN_ID=0" not in deny: raise Exception("Missing deny entry") hapd.request("ACCEPT_ACL ADD_MAC 22:33:44:55:66:77") hapd.request("DENY_ACL ADD_MAC 22:33:44:55:66:88 VLAN_ID=2") accept = hapd.request("ACCEPT_ACL SHOW").splitlines() logger.info("accept: " + str(accept)) deny = hapd.request("DENY_ACL SHOW").splitlines() logger.info("deny: " + str(deny)) if len(accept) != 1: raise Exception("Unexpected number of accept entries (2)") if len(deny) != 4: raise Exception("Unexpected number of deny entries (2)") if "01:01:01:01:01:01 VLAN_ID=0" not in deny: raise Exception("Missing deny entry (2)") if "22:33:44:55:66:88 VLAN_ID=2" not in deny: raise Exception("Missing deny entry (2)") if "22:33:44:55:66:77 VLAN_ID=0" not in accept: raise Exception("Missing accept entry (2)") hapd.request("ACCEPT_ACL DEL_MAC 22:33:44:55:66:77") hapd.request("DENY_ACL DEL_MAC 22:33:44:55:66:88") accept = hapd.request("ACCEPT_ACL SHOW").splitlines() logger.info("accept: " + str(accept)) deny = hapd.request("DENY_ACL SHOW").splitlines() logger.info("deny: " + str(deny)) if len(accept) != 0: raise Exception("Unexpected number of accept entries (3)") if len(deny) != 3: raise Exception("Unexpected number of deny entries (3)") if "01:01:01:01:01:01 VLAN_ID=0" not in deny: raise Exception("Missing deny entry (3)") hapd.request("ACCEPT_ACL CLEAR") hapd.request("DENY_ACL CLEAR") accept = hapd.request("ACCEPT_ACL SHOW").splitlines() logger.info("accept: " + str(accept)) deny = hapd.request("DENY_ACL SHOW").splitlines() logger.info("deny: " + str(deny)) if len(accept) != 0: raise Exception("Unexpected number of accept entries (4)") if len(deny) != 0: raise Exception("Unexpected number of deny entries (4)") dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412") dev[0].dump_monitor() hapd.request("DENY_ACL ADD_MAC " + dev[0].own_addr()) dev[0].wait_disconnected() dev[0].request("DISCONNECT") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_without_station(dev, apdev, p): """AP VLAN with WPA2-PSK and no station""" try: filename = hostapd.acl_file(dev, apdev, 'hostapd.accept') hostapd.send_file(apdev[0], filename, filename) subprocess.call(['brctl', 'addbr', 'brvlan1']) subprocess.call(['brctl', 'setfd', 'brvlan1', '0']) subprocess.call(['ifconfig', 'brvlan1', 'up']) # use a passphrase wlantest does not know, so it cannot # inject decrypted frames into pcap params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678x") params['dynamic_vlan'] = "1" params['vlan_file'] = 'hostapd.wlan3.vlan' params['accept_mac_file'] = filename hapd = hostapd.add_ap(apdev[0], params) # inject some traffic sa = hapd.own_addr() da = "ff:ff:ff:ff:ff:00" hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1') hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa)) hapd.request('DATA_TEST_CONFIG 0') time.sleep(.1) dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412") # inject some traffic sa = hapd.own_addr() da = "ff:ff:ff:ff:ff:01" hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1') hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa)) hapd.request('DATA_TEST_CONFIG 0') # let the AP send couple of Beacon frames time.sleep(1) out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"), "wlan.da == ff:ff:ff:ff:ff:00", ["wlan.fc.protected"]) if out is not None: lines = out.splitlines() if len(lines) < 1: # Newer kernel versions filter out frames when there are no # authorized stations on an AP/AP_VLAN interface, so do not # trigger an error here. logger.info("first frame not observed") state = 1 for l in lines: is_protected = int(l, 16) if is_protected != 1: state = 0 if state != 1: raise Exception( "Broadcast packets were not encrypted when no station was connected" ) else: raise Exception("first frame not observed") out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"), "wlan.da == ff:ff:ff:ff:ff:01", ["wlan.fc.protected"]) if out is not None: lines = out.splitlines() if len(lines) < 1: raise Exception("second frame not observed") state = 1 for l in lines: is_protected = int(l, 16) if is_protected != 1: state = 0 if state != 1: raise Exception( "Broadcast packets were not encrypted when station was connected" ) else: raise Exception("second frame not observed") dev[0].request("DISCONNECT") dev[0].wait_disconnected() if filename.startswith('/tmp/'): os.unlink(filename) finally: subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down']) subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'brvlan1'])