def test_ap_wpa2_tdls_bssid_mismatch(dev, apdev):
"""TDLS failure due to BSSID mismatch"""
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(apdev[0], params)
hostapd.add_ap(apdev[1], params)
wlantest_setup(hapd)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[0]['bssid'])
dev[1].connect(ssid, psk=passphrase, scan_freq="2412",
bssid=apdev[1]['bssid'])
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
addr0 = dev[0].p2p_interface_addr()
dev[1].tdls_setup(addr0)
time.sleep(1)
hwsim_utils.test_connectivity_sta(dev[0], dev[1])
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'])
subprocess.call(['brctl', 'delbr', 'ap-br0'])
def test_ap_wpa2_in_different_bridge(dev, apdev):
"""hostapd behavior with interface in different bridge"""
ifname = apdev[0]['ifname']
br_ifname = 'ext-ap-br0'
try:
ssid = "test-wpa2-psk"
passphrase = "12345678"
subprocess.call(['brctl', 'addbr', br_ifname])
subprocess.call(['brctl', 'setfd', br_ifname, '0'])
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'up'])
subprocess.call(['iw', ifname, 'set', 'type', '__ap'])
subprocess.call(['brctl', 'addif', br_ifname, ifname])
time.sleep(0.5)
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['bridge'] = 'ap-br0'
hapd = hostapd.add_ap(ifname, params)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
brname = hapd.get_driver_status_field('brname')
if brname != 'ap-br0':
raise Exception("Incorrect bridge: " + brname)
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
if hapd.get_driver_status_field("added_bridge") != "1":
raise Exception("Unexpected added_bridge value")
if hapd.get_driver_status_field("added_if_into_bridge") != "1":
raise Exception("Unexpected added_if_into_bridge value")
dev[0].request("DISCONNECT")
hapd.disable()
finally:
subprocess.call(['ip', 'link', 'set', 'dev', br_ifname, 'down'])
subprocess.call(['brctl', 'delif', br_ifname, ifname],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', br_ifname])
def test_ap_vlan_wpa2_radius(dev, apdev):
"""AP VLAN with WPA2-Enterprise and RADIUS attributes"""
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params["dynamic_vlan"] = "1"
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
dev[0].connect(
"test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="vlan1",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412",
)
dev[1].connect(
"test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="vlan2",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412",
)
dev[2].connect(
"test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412",
)
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_open_per_sta_vif(dev, apdev):
"""AP VLAN with open network"""
params = { "ssid": "test-vlan-open",
"per_sta_vif": "1" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd,
apdev[0]['ifname'] + ".4096")
def test_ap_vlan_open(dev, apdev):
"""AP VLAN with open network"""
params = {"ssid": "test-vlan-open", "dynamic_vlan": "1", "accept_mac_file": "hostapd.accept"}
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_wpa2_radius_2(dev, apdev):
"""AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes"""
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params['dynamic_vlan'] = "1"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
identity="vlan1b",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
def test_ap_vlan_wpa2(dev, apdev):
"""AP VLAN with WPA2-PSK"""
params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678")
params["dynamic_vlan"] = "1"
params["accept_mac_file"] = "hostapd.accept"
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
dev[1].connect("test-vlan", psk="12345678", scan_freq="2412")
dev[2].connect("test-vlan", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_tagged(dev, apdev):
"""AP VLAN with tagged interface"""
params = { "ssid": "test-vlan-open",
"dynamic_vlan": "1",
"vlan_tagged_interface": "lo",
"accept_mac_file": "hostapd.accept" }
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brlo.1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brlo.2")
hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_vlan_wpa2_radius_id_change(dev, apdev):
"""AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID"""
as_params = {
"ssid": "as",
"beacon_int": "2000",
"radius_server_clients": "auth_serv/radius_clients.conf",
"radius_server_auth_port": "18128",
"eap_server": "1",
"eap_user_file": "auth_serv/eap_user.conf",
"ca_cert": "auth_serv/ca.pem",
"server_cert": "auth_serv/server.pem",
"private_key": "auth_serv/server.key",
}
authserv = hostapd.add_ap(apdev[1]["ifname"], as_params)
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params["dynamic_vlan"] = "1"
params["auth_server_port"] = "18128"
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
dev[0].connect(
"test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="vlan1",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412",
)
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
authserv.disable()
authserv.set("eap_user_file", "auth_serv/eap_user_vlan.conf")
authserv.enable()
dev[0].dump_monitor()
dev[0].request("REAUTHENTICATE")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP reauthentication timed out")
ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
if ev is None:
raise Exception("4-way handshake after reauthentication timed out")
state = dev[0].get_status_field("wpa_state")
if state != "COMPLETED":
raise Exception("Unexpected state after reauth: " + state)
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
def test_ap_vlan_reconnect(dev, apdev):
"""AP VLAN with WPA2-PSK connect, disconnect, connect"""
params = hostapd.wpa2_params(ssid="test-vlan",
passphrase="12345678")
params['dynamic_vlan'] = "1"
params['accept_mac_file'] = "hostapd.accept"
hapd = hostapd.add_ap(apdev[0], params)
logger.info("connect sta")
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
logger.info("disconnect sta")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected(timeout=10)
time.sleep(1)
logger.info("reconnect sta")
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
def test_ap_wds_sta(dev, apdev):
"""WPA2-PSK AP with STA using 4addr mode"""
ssid = "test-wpa2-psk"
passphrase = "qwertyuiop"
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params["wds_sta"] = "1"
params["wds_bridge"] = "wds-br0"
hapd = hostapd.add_ap(apdev[0]["ifname"], params)
try:
subprocess.call(["brctl", "addbr", "wds-br0"])
subprocess.call(["brctl", "setfd", "wds-br0", "0"])
subprocess.call(["ip", "link", "set", "dev", "wds-br0", "up"])
subprocess.call(["iw", dev[0].ifname, "set", "4addr", "on"])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0", max_tries=15)
finally:
subprocess.call(["iw", dev[0].ifname, "set", "4addr", "off"])
subprocess.call(["ip", "link", "set", "dev", "wds-br0", "down"])
subprocess.call(["brctl", "delbr", "wds-br0"])
def test_ap_wds_sta(dev, apdev):
"""WPA2-PSK AP with STA using 4addr mode"""
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hostapd.add_ap(apdev[0]['ifname'], params)
try:
subprocess.call(['sudo', 'brctl', 'addbr', 'wds-br0'])
subprocess.call(['sudo', 'brctl', 'setfd', 'wds-br0', '0'])
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
subprocess.call(['sudo', 'iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], "wds-br0", max_tries=15)
finally:
subprocess.call(['sudo', 'iw', dev[0].ifname, 'set', '4addr', 'off'])
subprocess.call(['sudo', 'ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
subprocess.call(['sudo', 'brctl', 'delbr', 'wds-br0'])
def test_ap_wds_sta(dev, apdev):
"""WPA2-PSK AP with STA using 4addr mode"""
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hapd = hostapd.add_ap(apdev[0], params)
try:
dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("SET reassoc_same_bss_optim 1")
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=5, timeout=1)
finally:
dev[0].request("SET reassoc_same_bss_optim 0")
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_wds_sta_wep(dev, apdev):
"""WEP AP with STA using 4addr mode"""
ssid = "test-wds-wep"
params = {}
params['ssid'] = ssid
params["ieee80211n"] = "0"
params['wep_key0'] = '"hello"'
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hapd = hostapd.add_ap(apdev[0], params)
try:
dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid, key_mgmt="NONE", wep_key0='"hello"',
scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("SET reassoc_same_bss_optim 1")
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=5, timeout=1)
finally:
dev[0].request("SET reassoc_same_bss_optim 0")
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_vlan_wpa2_radius_local(dev, apdev):
"""AP VLAN with WPA2-Enterprise and local file setting VLAN IDs"""
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params['dynamic_vlan'] = "0"
params['vlan_file'] = "hostapd.vlan"
params['vlan_bridge'] = "test_br_vlan"
params['accept_mac_file'] = "hostapd.accept"
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "test_br_vlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "test_br_vlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
def test_ap_wds_sta(dev, apdev):
"""WPA2-PSK AP with STA using 4addr mode"""
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hapd = hostapd.add_ap(apdev[0], params)
try:
dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
ev = hapd.wait_event(["WDS-STA-INTERFACE-ADDED"], timeout=10)
if ev is None:
raise Exception("No WDS-STA-INTERFACE-ADDED event seen")
if "sta_addr=" + dev[0].own_addr() not in ev:
raise Exception("No sta_addr match in " + ev)
if "ifname=" + hapd.ifname + ".sta" not in ev:
raise Exception("No ifname match in " + ev)
sta = hapd.get_sta(dev[0].own_addr())
if "wds_sta_ifname" not in sta:
raise Exception("Missing wds_sta_ifname in STA data")
if "ifname=" + sta['wds_sta_ifname'] not in ev:
raise Exception("wds_sta_ifname %s not in event: %s" %
(sta['wds_sta_ifname'], ev))
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=15)
dev[0].request("SET reassoc_same_bss_optim 1")
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "wds-br0",
max_tries=5, timeout=1)
finally:
dev[0].request("SET reassoc_same_bss_optim 0")
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_wds_sta_wep(dev, apdev):
"""WEP AP with STA using 4addr mode"""
ssid = "test-wds-wep"
params = {}
params['ssid'] = ssid
params["ieee80211n"] = "0"
params['wep_key0'] = '"hello"'
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hapd = hostapd.add_ap(apdev[0], params)
try:
dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid,
key_mgmt="NONE",
wep_key0='"hello"',
scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=15)
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=15)
dev[0].request("SET reassoc_same_bss_optim 1")
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=5,
timeout=1)
finally:
dev[0].request("SET reassoc_same_bss_optim 0")
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_vlan_psk(dev, apdev, params):
"""AP VLAN based on PSK/passphrase"""
psk_file = os.path.join(params['logdir'], 'ap_vlan_psk.wpa_psk')
with open(psk_file, 'w') as f:
f.write('vlanid=1 00:00:00:00:00:00 passphrase-for-vlan-1\n')
f.write('vlanid=2 00:00:00:00:00:00 passphrase-for-vlan-2\n')
f.write('vlanid=3 00:00:00:00:00:00 passphrase-for-vlan-3\n')
ssid = 'test-vlan-rsn'
params = hostapd.wpa2_params(ssid=ssid)
params['dynamic_vlan'] = "1"
params['wpa_psk_file'] = psk_file
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk="passphrase-for-vlan-1", scan_freq="2412")
dev[1].connect(ssid, psk="passphrase-for-vlan-2", scan_freq="2412")
dev[2].connect(ssid, psk="passphrase-for-vlan-3", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def test_ap_vlan_file_open2(dev, apdev):
"""AP VLAN with open network and vlan_file mapping (2)"""
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept2')
hostapd.send_file(apdev[0], filename, filename)
params = {
"ssid": "test-vlan-open",
"dynamic_vlan": "1",
"vlan_file": "hostapd.vlan2",
"accept_mac_file": filename
}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity_iface(dev[2], hapd, "hwsimbr3")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_psk(dev, apdev, params):
"""AP VLAN based on PSK/passphrase"""
psk_file = os.path.join(params['logdir'], 'ap_vlan_psk.wpa_psk')
with open(psk_file, 'w') as f:
f.write('vlanid=1 00:00:00:00:00:00 passphrase-for-vlan-1\n')
f.write('vlanid=2 00:00:00:00:00:00 passphrase-for-vlan-2\n')
f.write('vlanid=3 00:00:00:00:00:00 passphrase-for-vlan-3\n')
ssid = 'test-vlan-rsn'
params = hostapd.wpa2_params(ssid=ssid)
params['dynamic_vlan'] = "1"
params['wpa_psk_file'] = psk_file
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, psk="passphrase-for-vlan-1", scan_freq="2412")
dev[1].connect(ssid, psk="passphrase-for-vlan-2", scan_freq="2412")
dev[2].connect(ssid, psk="passphrase-for-vlan-3", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def test_ap_vlan_sae(dev, apdev, params):
"""AP VLAN based on SAE Password Identifier"""
for i in range(3):
if "SAE" not in dev[i].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae-vlan")
params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['pw1|vlanid=1|id=id1',
'pw2|mac=ff:ff:ff:ff:ff:ff|vlanid=2|id=id2',
'pw3|vlanid=3|id=id3']
params['dynamic_vlan'] = "1"
hapd = hostapd.add_ap(apdev[0], params)
for i in range(3):
dev[i].request("SET sae_groups ")
dev[i].connect("test-sae-vlan", sae_password="******" % (i + 1),
sae_password_id="id%d" % (i + 1),
key_mgmt="SAE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def test_ap_wds_sta(dev, apdev):
"""WPA2-PSK AP with STA using 4addr mode"""
ssid = "test-wpa2-psk"
passphrase = 'qwertyuiop'
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
params['wds_sta'] = "1"
params['wds_bridge'] = "wds-br0"
hapd = hostapd.add_ap(apdev[0], params)
try:
dev[0].cmd_execute(['brctl', 'addbr', 'wds-br0'])
dev[0].cmd_execute(['brctl', 'setfd', 'wds-br0', '0'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'up'])
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'on'])
dev[0].connect(ssid, psk=passphrase, scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=15)
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=15)
dev[0].request("SET reassoc_same_bss_optim 1")
dev[0].request("REATTACH")
dev[0].wait_connected()
hwsim_utils.test_connectivity_iface(dev[0],
hapd,
"wds-br0",
max_tries=5,
timeout=1)
finally:
dev[0].request("SET reassoc_same_bss_optim 0")
dev[0].cmd_execute(['iw', dev[0].ifname, 'set', '4addr', 'off'])
dev[0].cmd_execute(['ip', 'link', 'set', 'dev', 'wds-br0', 'down'])
dev[0].cmd_execute(['brctl', 'delbr', 'wds-br0'])
def test_ap_vlan_sae(dev, apdev, params):
"""AP VLAN based on SAE Password Identifier"""
for i in range(3):
if "SAE" not in dev[i].get_capability("auth_alg"):
raise HwsimSkip("SAE not supported")
params = hostapd.wpa2_params(ssid="test-sae-vlan")
params['wpa_key_mgmt'] = 'SAE'
params['sae_password'] = ['pw1|vlanid=1|id=id1',
'pw2|mac=ff:ff:ff:ff:ff:ff|vlanid=2|id=id2',
'pw3|vlanid=3|id=id3']
params['dynamic_vlan'] = "1"
hapd = hostapd.add_ap(apdev[0], params)
for i in range(3):
dev[i].request("SET sae_groups ")
dev[i].connect("test-sae-vlan", sae_password="******" % (i + 1),
sae_password_id="id%d" % (i + 1),
key_mgmt="SAE", scan_freq="2412")
hapd.wait_sta()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity_iface(dev[2], hapd, "brvlan3")
def generic_pmksa_cache_preauth(dev, apdev, extraparams, identity, databridge,
force_disconnect=False):
if not extraparams:
extraparams = [{}, {}]
try:
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
for key, value in extraparams[0].items():
params[key] = value
hapd = hostapd.add_ap(apdev[0], params)
hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
eap_connect(dev[0], hapd, "PAX", identity,
password_hex="0123456789abcdef0123456789abcdef")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
params['rsn_preauth'] = '1'
params['rsn_preauth_interfaces'] = databridge
for key, value in extraparams[1].items():
params[key] = value
hostapd.add_ap(apdev[1], params)
bssid1 = apdev[1]['bssid']
dev[0].scan(freq="2412")
success = False
status_seen = False
for i in range(0, 50):
if not status_seen:
status = dev[0].request("STATUS")
if "Pre-authentication EAPOL state machines:" in status:
status_seen = True
time.sleep(0.1)
pmksa = dev[0].get_pmksa(bssid1)
if pmksa:
success = True
break
if not success:
raise Exception("No PMKSA cache entry created from pre-authentication")
if not status_seen:
raise Exception("Pre-authentication EAPOL status was not available")
dev[0].scan(freq="2412")
if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing RSN element info")
dev[0].request("ROAM " + bssid1)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
"CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Roaming with the AP timed out")
if "CTRL-EVENT-EAP-STARTED" in ev:
raise Exception("Unexpected EAP exchange")
pmksa2 = dev[0].get_pmksa(bssid1)
if pmksa2 is None:
raise Exception("No PMKSA cache entry")
if pmksa['pmkid'] != pmksa2['pmkid']:
raise Exception("Unexpected PMKID change")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
if not force_disconnect:
return
# Disconnect the STA from both APs to avoid forceful ifdown by the
# test script on a VLAN that this has an associated STA. That used to
# trigger a mac80211 warning.
dev[0].request("DISCONNECT")
hapd.request("DISABLE")
finally:
hostapd.cmd_execute(apdev[0], ['ip', 'link', 'set', 'dev',
'ap-br0', 'down', '2>', '/dev/null'],
shell=True)
hostapd.cmd_execute(apdev[0], ['brctl', 'delbr', 'ap-br0',
'2>', '/dev/null'], shell=True)
def test_pmksa_cache_preauth_vlan_used(dev, apdev):
"""RSN pre-authentication to generate PMKSA cache entry (station with VLAN set)"""
try:
subprocess.call(['brctl', 'addbr', 'brvlan1'])
subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
params['dynamic_vlan'] = '1'
params['vlan_file'] = 'hostapd.wlan3.vlan'
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
eap_connect(dev[0], apdev[0], "PAX", "vlan1",
password_hex="0123456789abcdef0123456789abcdef")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
params['rsn_preauth'] = '1'
params['rsn_preauth_interfaces'] = 'brvlan1'
params['dynamic_vlan'] = '1'
params['vlan_file'] = 'hostapd.wlan4.vlan'
hostapd.add_ap(apdev[1]['ifname'], params)
bssid1 = apdev[1]['bssid']
dev[0].scan(freq="2412")
success = False
status_seen = False
for i in range(0, 50):
if not status_seen:
status = dev[0].request("STATUS")
if "Pre-authentication EAPOL state machines:" in status:
status_seen = True
time.sleep(0.1)
pmksa = dev[0].get_pmksa(bssid1)
if pmksa:
success = True
break
if not success:
raise Exception("No PMKSA cache entry created from pre-authentication")
if not status_seen:
raise Exception("Pre-authentication EAPOL status was not available")
dev[0].scan(freq="2412")
if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing RSN element info")
dev[0].request("ROAM " + bssid1)
ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED",
"CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Roaming with the AP timed out")
if "CTRL-EVENT-EAP-STARTED" in ev:
raise Exception("Unexpected EAP exchange")
pmksa2 = dev[0].get_pmksa(bssid1)
if pmksa2 is None:
raise Exception("No PMKSA cache entry")
if pmksa['pmkid'] != pmksa2['pmkid']:
raise Exception("Unexpected PMKID change")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
# Disconnect the STA from both APs to avoid forceful ifdown by the
# test script on a VLAN that this has an associated STA. That used to
# trigger a mac80211 warning.
dev[0].request("DISCONNECT")
hapd.request("DISABLE")
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['ip', 'link', 'set', 'dev', 'wlan4.1', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan4.1'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'ap-br0'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'brvlan1'])
def ap_vlan_iface_cleanup_multibss(dev, apdev, cfgfile):
# AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID
# check that multiple bss do not interfere with each other with respect
# to deletion of bridge and tagged interface.
if not netifaces_imported:
raise HwsimSkip("python module netifaces not available")
try:
ap_vlan_iface_cleanup_multibss_cleanup()
ap_vlan_iface_test_and_prepare_environ()
as_params = { "ssid": "as",
"beacon_int": "2000",
"radius_server_clients": "auth_serv/radius_clients.conf",
"radius_server_auth_port": '18128',
"eap_server": "1",
"eap_user_file": "auth_serv/eap_user.conf",
"ca_cert": "auth_serv/ca.pem",
"server_cert": "auth_serv/server.pem",
"private_key": "auth_serv/server.key",
"vlan_naming": "1" }
authserv = hostapd.add_ap(apdev[1], as_params)
# start the actual test
hapd = hostapd.add_iface(apdev[0], cfgfile)
hapd1 = hostapd.Hostapd("wlan3-2", 1)
hapd1.enable()
ifaces = netifaces.interfaces()
if "brvlan1" in ifaces:
raise Exception("bridge brvlan1 already exists before")
if "brvlan2" in ifaces:
raise Exception("bridge brvlan2 already exists before")
dev[0].connect("bss-1", key_mgmt="WPA-EAP", eap="PAX",
identity="vlan1",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
ifaces = netifaces.interfaces()
if not("brvlan1" in ifaces):
raise Exception("bridge brvlan1 was not created")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
if not iface_is_in_bridge("brvlan1", "dummy0.1"):
raise Exception("dummy0.1 not in brvlan1")
dev[1].connect("bss-2", key_mgmt="WPA-EAP", eap="PAX",
identity="vlan1",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
if not iface_is_in_bridge("brvlan1", "dummy0.1"):
raise Exception("dummy0.1 not in brvlan1")
authserv.disable()
authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
authserv.enable()
logger.info("wlan0 -> VLAN 2")
dev[0].dump_monitor()
dev[0].request("REAUTHENTICATE")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP reauthentication timed out")
ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
if ev is None:
raise Exception("4-way handshake after reauthentication timed out")
state = dev[0].get_status_field('wpa_state')
if state != "COMPLETED":
raise Exception("Unexpected state after reauth: " + state)
ifaces = netifaces.interfaces()
if not ("brvlan1" in ifaces):
raise Exception("bridge brvlan1 has been removed too early")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2",
max_tries=5)
if not iface_is_in_bridge("brvlan2", "dummy0.2"):
raise Exception("dummy0.2 not in brvlan2")
logger.info("test wlan1 == VLAN 1")
hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
if not iface_is_in_bridge("brvlan1", "dummy0.1"):
raise Exception("dummy0.1 not in brvlan1")
logger.info("wlan1 -> VLAN 2")
dev[1].dump_monitor()
dev[1].request("REAUTHENTICATE")
ev = dev[1].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP reauthentication timed out")
ev = dev[1].wait_event(["WPA: Key negotiation completed"], timeout=5)
if ev is None:
raise Exception("4-way handshake after reauthentication timed out")
state = dev[1].get_status_field('wpa_state')
if state != "COMPLETED":
raise Exception("Unexpected state after reauth: " + state)
# it can take some time for data connectivity to be updated
hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan2",
max_tries=5)
logger.info("test wlan0 == VLAN 2")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
if not iface_is_in_bridge("brvlan2", "dummy0.2"):
raise Exception("dummy0.2 not in brvlan2")
ifaces = netifaces.interfaces()
if "brvlan1" in ifaces:
raise Exception("bridge brvlan1 has not been cleaned up")
# disconnect dev0 first to test a corner case
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
dev[1].request("DISCONNECT")
dev[1].wait_disconnected()
# station removal needs some time
for i in range(5):
time.sleep(1)
ifaces = netifaces.interfaces()
if "brvlan2" not in ifaces:
break
ifaces = netifaces.interfaces()
if "brvlan2" in ifaces:
raise Exception("bridge brvlan2 has not been cleaned up")
hapd.request("DISABLE")
finally:
ap_vlan_iface_cleanup_multibss_cleanup()
def generic_pmksa_cache_preauth(dev,
apdev,
extraparams,
identity,
databridge,
force_disconnect=False):
if not extraparams:
extraparams = [{}, {}]
try:
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
for key, value in extraparams[0].iteritems():
params[key] = value
hapd = hostapd.add_ap(apdev[0], params)
hapd.cmd_execute(['brctl', 'setfd', 'ap-br0', '0'])
hapd.cmd_execute(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
eap_connect(dev[0],
hapd,
"PAX",
identity,
password_hex="0123456789abcdef0123456789abcdef")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
params['bridge'] = 'ap-br0'
params['rsn_preauth'] = '1'
params['rsn_preauth_interfaces'] = databridge
for key, value in extraparams[1].iteritems():
params[key] = value
hostapd.add_ap(apdev[1], params)
bssid1 = apdev[1]['bssid']
dev[0].scan(freq="2412")
success = False
status_seen = False
for i in range(0, 50):
if not status_seen:
status = dev[0].request("STATUS")
if "Pre-authentication EAPOL state machines:" in status:
status_seen = True
time.sleep(0.1)
pmksa = dev[0].get_pmksa(bssid1)
if pmksa:
success = True
break
if not success:
raise Exception(
"No PMKSA cache entry created from pre-authentication")
if not status_seen:
raise Exception(
"Pre-authentication EAPOL status was not available")
dev[0].scan(freq="2412")
if "[WPA2-EAP-CCMP-preauth]" not in dev[0].request("SCAN_RESULTS"):
raise Exception("Scan results missing RSN element info")
dev[0].request("ROAM " + bssid1)
ev = dev[0].wait_event(
["CTRL-EVENT-EAP-STARTED", "CTRL-EVENT-CONNECTED"], timeout=10)
if ev is None:
raise Exception("Roaming with the AP timed out")
if "CTRL-EVENT-EAP-STARTED" in ev:
raise Exception("Unexpected EAP exchange")
pmksa2 = dev[0].get_pmksa(bssid1)
if pmksa2 is None:
raise Exception("No PMKSA cache entry")
if pmksa['pmkid'] != pmksa2['pmkid']:
raise Exception("Unexpected PMKID change")
# Verify connectivity in the correct VLAN
hwsim_utils.test_connectivity_iface(dev[0], hapd, databridge)
if not force_disconnect:
return
# Disconnect the STA from both APs to avoid forceful ifdown by the
# test script on a VLAN that this has an associated STA. That used to
# trigger a mac80211 warning.
dev[0].request("DISCONNECT")
hapd.request("DISABLE")
finally:
hostapd.cmd_execute(
apdev[0],
['ip', 'link', 'set', 'dev', 'ap-br0', 'down', '2>', '/dev/null'],
shell=True)
hostapd.cmd_execute(apdev[0],
['brctl', 'delbr', 'ap-br0', '2>', '/dev/null'],
shell=True)
def generic_ap_vlan_wpa2_radius_id_change(dev, apdev, tagged):
as_params = { "ssid": "as",
"beacon_int": "2000",
"radius_server_clients": "auth_serv/radius_clients.conf",
"radius_server_auth_port": '18128',
"eap_server": "1",
"eap_user_file": "auth_serv/eap_user.conf",
"ca_cert": "auth_serv/ca.pem",
"server_cert": "auth_serv/server.pem",
"private_key": "auth_serv/server.key" }
authserv = hostapd.add_ap(apdev[1], as_params)
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params['dynamic_vlan'] = "1"
params['auth_server_port'] = "18128"
hapd = hostapd.add_ap(apdev[0], params)
identity = "vlan1tagged" if tagged else "vlan1"
dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
identity=identity,
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
if tagged:
hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1",
ifname2="brvlan1")
else:
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
logger.info("VLAN-ID -> 2")
authserv.disable()
authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
authserv.enable()
dev[0].dump_monitor()
dev[0].request("REAUTHENTICATE")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP reauthentication timed out")
ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
if ev is None:
raise Exception("4-way handshake after reauthentication timed out")
state = dev[0].get_status_field('wpa_state')
if state != "COMPLETED":
raise Exception("Unexpected state after reauth: " + state)
sta = hapd.get_sta(dev[0].own_addr())
if 'vlan_id' not in sta:
raise Exception("No VLAN ID in STA info")
if (not tagged) and (sta['vlan_id'] != '2'):
raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
if tagged:
hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.2",
ifname2="brvlan2")
else:
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
logger.info("VLAN-ID -> 1")
time.sleep(1)
authserv.disable()
authserv.set('eap_user_file', "auth_serv/eap_user.conf")
authserv.enable()
dev[0].dump_monitor()
dev[0].request("REAUTHENTICATE")
ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
if ev is None:
raise Exception("EAP reauthentication timed out")
ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
if ev is None:
raise Exception("4-way handshake after reauthentication timed out")
state = dev[0].get_status_field('wpa_state')
if state != "COMPLETED":
raise Exception("Unexpected state after reauth: " + state)
sta = hapd.get_sta(dev[0].own_addr())
if 'vlan_id' not in sta:
raise Exception("No VLAN ID in STA info")
if (not tagged) and (sta['vlan_id'] != '1'):
raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
time.sleep(0.2)
try:
if tagged:
hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
ifname1="wlan0.1",
ifname2="brvlan1")
else:
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
except Exception, e:
# It is possible for new bridge setup to not be ready immediately, so
# try again to avoid reporting issues related to that.
logger.info("First VLAN-ID 1 data test failed - try again")
if tagged:
hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
ifname1="wlan0.1",
ifname2="brvlan1")
else:
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
