def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev): """TDLS failure due to BSSID mismatch""" try: ssid = "test-wpa2-psk" passphrase = "12345678" params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['bridge'] = 'ap-br0' hapd = hostapd.add_ap(apdev[0], params) hostapd.add_ap(apdev[1], params) wlantest_setup(hapd) subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) dev[0].connect(ssid, psk=passphrase, scan_freq="2412", bssid=apdev[0]['bssid']) dev[1].connect(ssid, psk=passphrase, scan_freq="2412", bssid=apdev[1]['bssid']) hwsim_utils.test_connectivity_sta(dev[0], dev[1]) hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0") addr0 = dev[0].p2p_interface_addr() dev[1].tdls_setup(addr0) time.sleep(1) hwsim_utils.test_connectivity_sta(dev[0], dev[1]) finally: subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down']) subprocess.call(['brctl', 'delbr', 'ap-br0'])
def test_ap_wpa2_in_different_bridge(dev, apdev): """hostapd behavior with interface in different bridge""" ifname = apdev[0]['ifname'] br_ifname = 'ext-ap-br0' try: ssid = "test-wpa2-psk" passphrase = "12345678" subprocess.call(['brctl', 'addbr', br_ifname]) subprocess.call(['brctl', 'setfd', br_ifname, '0']) subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up']) subprocess.call(['iw', ifname, 'set', 'type', '__ap']) subprocess.call(['brctl', 'addif', br_ifname, ifname]) time.sleep(0.5) params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['bridge'] = 'ap-br0' hapd = hostapd.add_ap(ifname, params) subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) brname = hapd.get_driver_status_field('brname') if brname != 'ap-br0': raise Exception("Incorrect bridge: " + brname) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0") if hapd.get_driver_status_field("added_bridge") != "1": raise Exception("Unexpected added_bridge value") if hapd.get_driver_status_field("added_if_into_bridge") != "1": raise Exception("Unexpected added_if_into_bridge value") dev[0].request("DISCONNECT") hapd.disable() finally: subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down']) subprocess.call(['brctl', 'delif', br_ifname, ifname], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', br_ifname])
def test_ap_vlan_wpa2_radius(dev, apdev): """AP VLAN with WPA2-Enterprise and RADIUS attributes""" params = hostapd.wpa2_eap_params(ssid="test-vlan") params["dynamic_vlan"] = "1" hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].connect( "test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="vlan1", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412", ) dev[1].connect( "test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="vlan2", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412", ) dev[2].connect( "test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412", ) hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_open_per_sta_vif(dev, apdev): """AP VLAN with open network""" params = { "ssid": "test-vlan-open", "per_sta_vif": "1" } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, apdev[0]['ifname'] + ".4096")
def test_ap_vlan_open(dev, apdev): """AP VLAN with open network""" params = {"ssid": "test-vlan-open", "dynamic_vlan": "1", "accept_mac_file": "hostapd.accept"} hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_wpa2_radius_2(dev, apdev): """AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes""" params = hostapd.wpa2_eap_params(ssid="test-vlan") params['dynamic_vlan'] = "1" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="vlan1b", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
def test_ap_vlan_wpa2(dev, apdev): """AP VLAN with WPA2-PSK""" params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678") params["dynamic_vlan"] = "1" params["accept_mac_file"] = "hostapd.accept" hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") dev[1].connect("test-vlan", psk="12345678", scan_freq="2412") dev[2].connect("test-vlan", psk="12345678", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_tagged(dev, apdev): """AP VLAN with tagged interface""" params = { "ssid": "test-vlan-open", "dynamic_vlan": "1", "vlan_tagged_interface": "lo", "accept_mac_file": "hostapd.accept" } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brlo.1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brlo.2") hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_wpa2_radius_id_change(dev, apdev): """AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID""" as_params = { "ssid": "as", "beacon_int": "2000", "radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_auth_port": "18128", "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf", "ca_cert": "auth_serv/ca.pem", "server_cert": "auth_serv/server.pem", "private_key": "auth_serv/server.key", } authserv = hostapd.add_ap(apdev[1]["ifname"], as_params) params = hostapd.wpa2_eap_params(ssid="test-vlan") params["dynamic_vlan"] = "1" params["auth_server_port"] = "18128" hapd = hostapd.add_ap(apdev[0]["ifname"], params) dev[0].connect( "test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="vlan1", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412", ) hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") authserv.disable() authserv.set("eap_user_file", "auth_serv/eap_user_vlan.conf") authserv.enable() dev[0].dump_monitor() dev[0].request("REAUTHENTICATE") ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) if ev is None: raise Exception("EAP reauthentication timed out") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5) if ev is None: raise Exception("4-way handshake after reauthentication timed out") state = dev[0].get_status_field("wpa_state") if state != "COMPLETED": raise Exception("Unexpected state after reauth: " + state) hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
def test_ap_vlan_reconnect(dev, apdev): """AP VLAN with WPA2-PSK connect, disconnect, connect""" params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678") params['dynamic_vlan'] = "1" params['accept_mac_file'] = "hostapd.accept" hapd = hostapd.add_ap(apdev[0], params) logger.info("connect sta") dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") logger.info("disconnect sta") dev[0].request("REMOVE_NETWORK all") dev[0].wait_disconnected(timeout=10) time.sleep(1) logger.info("reconnect sta") dev[0].connect("test-vlan", psk="12345678", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
def test_ap_wds_sta(dev, apdev): """WPA2-PSK AP with STA using 4addr mode""" ssid = "test-wpa2-psk" passphrase = "qwertyuiop" params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params["wds_sta"] = "1" params["wds_bridge"] = "wds-br0" hapd = hostapd.add_ap(apdev[0]["ifname"], params) try: subprocess.call(["brctl", "addbr", "wds-br0"]) subprocess.call(["brctl", "setfd", "wds-br0", "0"]) subprocess.call(["ip", "link", "set", "dev", "wds-br0", "up"]) subprocess.call(["iw", dev[0].ifname, "set", "4addr", "on"]) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) finally: subprocess.call(["iw", dev[0].ifname, "set", "4addr", "off"]) subprocess.call(["ip", "link", "set", "dev", "wds-br0", "down"]) subprocess.call(["brctl", "delbr", "wds-br0"])
def test_ap_wds_sta(dev, apdev): """WPA2-PSK AP with STA using 4addr mode""" ssid = "test-wpa2-psk" passphrase = 'qwertyuiop' params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['wds_sta'] = "1" params['wds_bridge'] = "wds-br0" hostapd.add_ap(apdev[0]['ifname'], params) try: subprocess.call(['sudo', 'brctl', 'addbr', 'wds-br0']) subprocess.call(['sudo', 'brctl', 'setfd', 'wds-br0', '0']) subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'wds-br0', 'up']) subprocess.call(['sudo', 'iw', dev[0].ifname, 'set', '4addr', 'on']) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], "wds-br0", max_tries=15) finally: subprocess.call(['sudo', 'iw', dev[0].ifname, 'set', '4addr', 'off']) subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'wds-br0', 'down']) subprocess.call(['sudo', 'brctl', 'delbr', 'wds-br0'])
def test_ap_wds_sta(dev, apdev): """WPA2-PSK AP with STA using 4addr mode""" ssid = "test-wpa2-psk" passphrase = 'qwertyuiop' params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['wds_sta'] = "1" params['wds_bridge'] = "wds-br0" hapd = hostapd.add_ap(apdev[0], params) try: dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0']) dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up']) dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on']) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("SET reassoc_same_bss_optim 1") dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=5, timeout=1) finally: dev[0].request("SET reassoc_same_bss_optim 0") dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down']) dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_wds_sta_wep(dev, apdev): """WEP AP with STA using 4addr mode""" ssid = "test-wds-wep" params = {} params['ssid'] = ssid params["ieee80211n"] = "0" params['wep_key0'] = '"hello"' params['wds_sta'] = "1" params['wds_bridge'] = "wds-br0" hapd = hostapd.add_ap(apdev[0], params) try: dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0']) dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up']) dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on']) dev[0].connect(ssid, key_mgmt="NONE", wep_key0='"hello"', scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("SET reassoc_same_bss_optim 1") dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=5, timeout=1) finally: dev[0].request("SET reassoc_same_bss_optim 0") dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down']) dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_vlan_wpa2_radius_local(dev, apdev): """AP VLAN with WPA2-Enterprise and local file setting VLAN IDs""" params = hostapd.wpa2_eap_params(ssid="test-vlan") params['dynamic_vlan'] = "0" params['vlan_file'] = "hostapd.vlan" params['vlan_bridge'] = "test_br_vlan" params['accept_mac_file'] = "hostapd.accept" hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity="*****@*****.**", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "test_br_vlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "test_br_vlan2") hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_wds_sta(dev, apdev): """WPA2-PSK AP with STA using 4addr mode""" ssid = "test-wpa2-psk" passphrase = 'qwertyuiop' params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) params['wds_sta'] = "1" params['wds_bridge'] = "wds-br0" hapd = hostapd.add_ap(apdev[0], params) try: dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0']) dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up']) dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on']) dev[0].connect(ssid, psk=passphrase, scan_freq="2412") ev = hapd.wait_event(["WDS-STA-INTERFACE-ADDED"], timeout=10) if ev is None: raise Exception("No WDS-STA-INTERFACE-ADDED event seen") if "sta_addr=" + dev[0].own_addr() not in ev: raise Exception("No sta_addr match in " + ev) if "ifname=" + hapd.ifname + ".sta" not in ev: raise Exception("No ifname match in " + ev) sta = hapd.get_sta(dev[0].own_addr()) if "wds_sta_ifname" not in sta: raise Exception("Missing wds_sta_ifname in STA data") if "ifname=" + sta['wds_sta_ifname'] not in ev: raise Exception("wds_sta_ifname %s not in event: %s" % (sta['wds_sta_ifname'], ev)) hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15) dev[0].request("SET reassoc_same_bss_optim 1") dev[0].request("REATTACH") dev[0].wait_connected() hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=5, timeout=1) finally: dev[0].request("SET reassoc_same_bss_optim 0") dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off']) dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down']) dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_vlan_psk(dev, apdev, params): """AP VLAN based on PSK/passphrase""" psk_file = os.path.join(params['logdir'], 'ap_vlan_psk.wpa_psk') with open(psk_file, 'w') as f: f.write('vlanid=1 00:00:00:00:00:00 passphrase-for-vlan-1\n') f.write('vlanid=2 00:00:00:00:00:00 passphrase-for-vlan-2\n') f.write('vlanid=3 00:00:00:00:00:00 passphrase-for-vlan-3\n') ssid = 'test-vlan-rsn' params = hostapd.wpa2_params(ssid=ssid) params['dynamic_vlan'] = "1" params['wpa_psk_file'] = psk_file hapd = hostapd.add_ap(apdev[0], params) dev[0].connect(ssid, psk="passphrase-for-vlan-1", scan_freq="2412") dev[1].connect(ssid, psk="passphrase-for-vlan-2", scan_freq="2412") dev[2].connect(ssid, psk="passphrase-for-vlan-3", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def test_ap_vlan_file_open2(dev, apdev): """AP VLAN with open network and vlan_file mapping (2)""" filename = hostapd.acl_file(dev, apdev, 'hostapd.accept2') hostapd.send_file(apdev[0], filename, filename) params = { "ssid": "test-vlan-open", "dynamic_vlan": "1", "vlan_file": "hostapd.vlan2", "accept_mac_file": filename } hapd = hostapd.add_ap(apdev[0], params) dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity_iface(dev[2], hapd, "hwsimbr3") if filename.startswith('/tmp/'): os.unlink(filename)
def test_ap_vlan_sae(dev, apdev, params): """AP VLAN based on SAE Password Identifier""" for i in range(3): if "SAE" not in dev[i].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae-vlan") params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['pw1|vlanid=1|id=id1', 'pw2|mac=ff:ff:ff:ff:ff:ff|vlanid=2|id=id2', 'pw3|vlanid=3|id=id3'] params['dynamic_vlan'] = "1" hapd = hostapd.add_ap(apdev[0], params) for i in range(3): dev[i].request("SET sae_groups ") dev[i].connect("test-sae-vlan", sae_password="******" % (i + 1), sae_password_id="id%d" % (i + 1), key_mgmt="SAE", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def test_ap_vlan_sae(dev, apdev, params): """AP VLAN based on SAE Password Identifier""" for i in range(3): if "SAE" not in dev[i].get_capability("auth_alg"): raise HwsimSkip("SAE not supported") params = hostapd.wpa2_params(ssid="test-sae-vlan") params['wpa_key_mgmt'] = 'SAE' params['sae_password'] = ['pw1|vlanid=1|id=id1', 'pw2|mac=ff:ff:ff:ff:ff:ff|vlanid=2|id=id2', 'pw3|vlanid=3|id=id3'] params['dynamic_vlan'] = "1" hapd = hostapd.add_ap(apdev[0], params) for i in range(3): dev[i].request("SET sae_groups ") dev[i].connect("test-sae-vlan", sae_password="******" % (i + 1), sae_password_id="id%d" % (i + 1), key_mgmt="SAE", scan_freq="2412") hapd.wait_sta() hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2") hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def generic_pmksa_cache_preauth(dev, apdev, extraparams, identity, databridge, force_disconnect=False): if not extraparams: extraparams = [{}, {}] try: params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' for key, value in extraparams[0].items(): params[key] = value hapd = hostapd.add_ap(apdev[0], params) hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0']) hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) eap_connect(dev[0], hapd, "PAX", identity, password_hex="0123456789abcdef0123456789abcdef") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' params['rsn_preauth'] = '1' params['rsn_preauth_interfaces'] = databridge for key, value in extraparams[1].items(): params[key] = value hostapd.add_ap(apdev[1], params) bssid1 = apdev[1]['bssid'] dev[0].scan(freq="2412") success = False status_seen = False for i in range(0, 50): if not status_seen: status = dev[0].request("STATUS") if "Pre-authentication EAPOL state machines:" in status: status_seen = True time.sleep(0.1) pmksa = dev[0].get_pmksa(bssid1) if pmksa: success = True break if not success: raise Exception("No PMKSA cache entry created from pre-authentication") if not status_seen: raise Exception("Pre-authentication EAPOL status was not available") dev[0].scan(freq="2412") if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") dev[0].request("ROAM " + bssid1) ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("Roaming with the AP timed out") if "CTRL-EVENT-EAP-STARTED" in ev: raise Exception("Unexpected EAP exchange") pmksa2 = dev[0].get_pmksa(bssid1) if pmksa2 is None: raise Exception("No PMKSA cache entry") if pmksa['pmkid'] != pmksa2['pmkid']: raise Exception("Unexpected PMKID change") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge) if not force_disconnect: return # Disconnect the STA from both APs to avoid forceful ifdown by the # test script on a VLAN that this has an associated STA. That used to # trigger a mac80211 warning. dev[0].request("DISCONNECT") hapd.request("DISABLE") finally: hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 'down', '2>', '/dev/null'], shell=True) hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0', '2>', '/dev/null'], shell=True)
def test_pmksa_cache_preauth_vlan_used(dev, apdev): """RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)""" try: subprocess.call(['brctl', 'addbr', 'brvlan1']) subprocess.call(['brctl', 'setfd', 'brvlan1', '0']) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' params['dynamic_vlan'] = '1' params['vlan_file'] = 'hostapd.wlan3.vlan' hapd = hostapd.add_ap(apdev[0]['ifname'], params) subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) eap_connect(dev[0], apdev[0], "PAX", "vlan1", password_hex="0123456789abcdef0123456789abcdef") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' params['rsn_preauth'] = '1' params['rsn_preauth_interfaces'] = 'brvlan1' params['dynamic_vlan'] = '1' params['vlan_file'] = 'hostapd.wlan4.vlan' hostapd.add_ap(apdev[1]['ifname'], params) bssid1 = apdev[1]['bssid'] dev[0].scan(freq="2412") success = False status_seen = False for i in range(0, 50): if not status_seen: status = dev[0].request("STATUS") if "Pre-authentication EAPOL state machines:" in status: status_seen = True time.sleep(0.1) pmksa = dev[0].get_pmksa(bssid1) if pmksa: success = True break if not success: raise Exception("No PMKSA cache entry created from pre-authentication") if not status_seen: raise Exception("Pre-authentication EAPOL status was not available") dev[0].scan(freq="2412") if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") dev[0].request("ROAM " + bssid1) ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("Roaming with the AP timed out") if "CTRL-EVENT-EAP-STARTED" in ev: raise Exception("Unexpected EAP exchange") pmksa2 = dev[0].get_pmksa(bssid1) if pmksa2 is None: raise Exception("No PMKSA cache entry") if pmksa['pmkid'] != pmksa2['pmkid']: raise Exception("Unexpected PMKID change") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") # Disconnect the STA from both APs to avoid forceful ifdown by the # test script on a VLAN that this has an associated STA. That used to # trigger a mac80211 warning. dev[0].request("DISCONNECT") hapd.request("DISABLE") finally: subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down']) subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'ap-br0'], stderr=open('/dev/null', 'w')) subprocess.call(['brctl', 'delbr', 'brvlan1'])
def ap_vlan_iface_cleanup_multibss(dev, apdev, cfgfile): # AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID # check that multiple bss do not interfere with each other with respect # to deletion of bridge and tagged interface. if not netifaces_imported: raise HwsimSkip("python module netifaces not available") try: ap_vlan_iface_cleanup_multibss_cleanup() ap_vlan_iface_test_and_prepare_environ() as_params = { "ssid": "as", "beacon_int": "2000", "radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_auth_port": '18128', "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf", "ca_cert": "auth_serv/ca.pem", "server_cert": "auth_serv/server.pem", "private_key": "auth_serv/server.key", "vlan_naming": "1" } authserv = hostapd.add_ap(apdev[1], as_params) # start the actual test hapd = hostapd.add_iface(apdev[0], cfgfile) hapd1 = hostapd.Hostapd("wlan3-2", 1) hapd1.enable() ifaces = netifaces.interfaces() if "brvlan1" in ifaces: raise Exception("bridge brvlan1 already exists before") if "brvlan2" in ifaces: raise Exception("bridge brvlan2 already exists before") dev[0].connect("bss-1", key_mgmt="WPA-EAP", eap="PAX", identity="vlan1", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") ifaces = netifaces.interfaces() if not("brvlan1" in ifaces): raise Exception("bridge brvlan1 was not created") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") if not iface_is_in_bridge("brvlan1", "dummy0.1"): raise Exception("dummy0.1 not in brvlan1") dev[1].connect("bss-2", key_mgmt="WPA-EAP", eap="PAX", identity="vlan1", password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1") if not iface_is_in_bridge("brvlan1", "dummy0.1"): raise Exception("dummy0.1 not in brvlan1") authserv.disable() authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf") authserv.enable() logger.info("wlan0 -> VLAN 2") dev[0].dump_monitor() dev[0].request("REAUTHENTICATE") ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) if ev is None: raise Exception("EAP reauthentication timed out") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5) if ev is None: raise Exception("4-way handshake after reauthentication timed out") state = dev[0].get_status_field('wpa_state') if state != "COMPLETED": raise Exception("Unexpected state after reauth: " + state) ifaces = netifaces.interfaces() if not ("brvlan1" in ifaces): raise Exception("bridge brvlan1 has been removed too early") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2", max_tries=5) if not iface_is_in_bridge("brvlan2", "dummy0.2"): raise Exception("dummy0.2 not in brvlan2") logger.info("test wlan1 == VLAN 1") hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1") if not iface_is_in_bridge("brvlan1", "dummy0.1"): raise Exception("dummy0.1 not in brvlan1") logger.info("wlan1 -> VLAN 2") dev[1].dump_monitor() dev[1].request("REAUTHENTICATE") ev = dev[1].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) if ev is None: raise Exception("EAP reauthentication timed out") ev = dev[1].wait_event(["WPA: Key negotiation completed"], timeout=5) if ev is None: raise Exception("4-way handshake after reauthentication timed out") state = dev[1].get_status_field('wpa_state') if state != "COMPLETED": raise Exception("Unexpected state after reauth: " + state) # it can take some time for data connectivity to be updated hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan2", max_tries=5) logger.info("test wlan0 == VLAN 2") hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2") if not iface_is_in_bridge("brvlan2", "dummy0.2"): raise Exception("dummy0.2 not in brvlan2") ifaces = netifaces.interfaces() if "brvlan1" in ifaces: raise Exception("bridge brvlan1 has not been cleaned up") # disconnect dev0 first to test a corner case dev[0].request("DISCONNECT") dev[0].wait_disconnected() dev[1].request("DISCONNECT") dev[1].wait_disconnected() # station removal needs some time for i in range(5): time.sleep(1) ifaces = netifaces.interfaces() if "brvlan2" not in ifaces: break ifaces = netifaces.interfaces() if "brvlan2" in ifaces: raise Exception("bridge brvlan2 has not been cleaned up") hapd.request("DISABLE") finally: ap_vlan_iface_cleanup_multibss_cleanup()
def generic_pmksa_cache_preauth(dev, apdev, extraparams, identity, databridge, force_disconnect=False): if not extraparams: extraparams = [{}, {}] try: params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' for key, value in extraparams[0].iteritems(): params[key] = value hapd = hostapd.add_ap(apdev[0], params) hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0']) hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) eap_connect(dev[0], hapd, "PAX", identity, password_hex="0123456789abcdef0123456789abcdef") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge) params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap") params['bridge'] = 'ap-br0' params['rsn_preauth'] = '1' params['rsn_preauth_interfaces'] = databridge for key, value in extraparams[1].iteritems(): params[key] = value hostapd.add_ap(apdev[1], params) bssid1 = apdev[1]['bssid'] dev[0].scan(freq="2412") success = False status_seen = False for i in range(0, 50): if not status_seen: status = dev[0].request("STATUS") if "Pre-authentication EAPOL state machines:" in status: status_seen = True time.sleep(0.1) pmksa = dev[0].get_pmksa(bssid1) if pmksa: success = True break if not success: raise Exception( "No PMKSA cache entry created from pre-authentication") if not status_seen: raise Exception( "Pre-authentication EAPOL status was not available") dev[0].scan(freq="2412") if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"): raise Exception("Scan results missing RSN element info") dev[0].request("ROAM " + bssid1) ev = dev[0].wait_event( ["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-CONNECTED"], timeout=10) if ev is None: raise Exception("Roaming with the AP timed out") if "CTRL-EVENT-EAP-STARTED" in ev: raise Exception("Unexpected EAP exchange") pmksa2 = dev[0].get_pmksa(bssid1) if pmksa2 is None: raise Exception("No PMKSA cache entry") if pmksa['pmkid'] != pmksa2['pmkid']: raise Exception("Unexpected PMKID change") # Verify connectivity in the correct VLAN hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge) if not force_disconnect: return # Disconnect the STA from both APs to avoid forceful ifdown by the # test script on a VLAN that this has an associated STA. That used to # trigger a mac80211 warning. dev[0].request("DISCONNECT") hapd.request("DISABLE") finally: hostapd.cmd_execute( apdev[0], ['ip', 'link', 'set', 'dev', 'ap-br0', 'down', '2>', '/dev/null'], shell=True) hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0', '2>', '/dev/null'], shell=True)
def generic_ap_vlan_wpa2_radius_id_change(dev, apdev, tagged): as_params = { "ssid": "as", "beacon_int": "2000", "radius_server_clients": "auth_serv/radius_clients.conf", "radius_server_auth_port": '18128', "eap_server": "1", "eap_user_file": "auth_serv/eap_user.conf", "ca_cert": "auth_serv/ca.pem", "server_cert": "auth_serv/server.pem", "private_key": "auth_serv/server.key" } authserv = hostapd.add_ap(apdev[1], as_params) params = hostapd.wpa2_eap_params(ssid="test-vlan") params['dynamic_vlan'] = "1" params['auth_server_port'] = "18128" hapd = hostapd.add_ap(apdev[0], params) identity = "vlan1tagged" if tagged else "vlan1" dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX", identity=identity, password_hex="0123456789abcdef0123456789abcdef", scan_freq="2412") if tagged: hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1", ifname2="brvlan1") else: hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") logger.info("VLAN-ID -> 2") authserv.disable() authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf") authserv.enable() dev[0].dump_monitor() dev[0].request("REAUTHENTICATE") ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) if ev is None: raise Exception("EAP reauthentication timed out") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5) if ev is None: raise Exception("4-way handshake after reauthentication timed out") state = dev[0].get_status_field('wpa_state') if state != "COMPLETED": raise Exception("Unexpected state after reauth: " + state) sta = hapd.get_sta(dev[0].own_addr()) if 'vlan_id' not in sta: raise Exception("No VLAN ID in STA info") if (not tagged) and (sta['vlan_id'] != '2'): raise Exception("Unexpected VLAN ID: " + sta['vlan_id']) if tagged: hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.2", ifname2="brvlan2") else: hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2") logger.info("VLAN-ID -> 1") time.sleep(1) authserv.disable() authserv.set('eap_user_file', "auth_serv/eap_user.conf") authserv.enable() dev[0].dump_monitor() dev[0].request("REAUTHENTICATE") ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15) if ev is None: raise Exception("EAP reauthentication timed out") ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5) if ev is None: raise Exception("4-way handshake after reauthentication timed out") state = dev[0].get_status_field('wpa_state') if state != "COMPLETED": raise Exception("Unexpected state after reauth: " + state) sta = hapd.get_sta(dev[0].own_addr()) if 'vlan_id' not in sta: raise Exception("No VLAN ID in STA info") if (not tagged) and (sta['vlan_id'] != '1'): raise Exception("Unexpected VLAN ID: " + sta['vlan_id']) time.sleep(0.2) try: if tagged: hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1", ifname2="brvlan1") else: hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1") except Exception, e: # It is possible for new bridge setup to not be ready immediately, so # try again to avoid reporting issues related to that. logger.info("First VLAN-ID 1 data test failed - try again") if tagged: hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1", ifname2="brvlan1") else: hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")