def test_private_dns_mode_strict_connectivity_toggle_networks(self): """ Verify private DNS strict mode connectivity by toggling networks Steps: 1. Set private DNS strict mode 2. DUT is connected to mobile network 3. Verify connectivity and DNS queries going to port 853 4. Switch to wifi network 5. Verify connectivity and DNS queries going to port 853 6. Switch back to mobile network 7. Verify connectivity and DNS queries going to port 853 8. Repeat steps 1-7 for TMO, VZW and different private DNS servers """ for ad in self.android_devices: self.log.info("Carrier is: %s" % get_operator_name(self.log, ad)) for dns in self.private_dns_servers: self.log.info("Setting strict mode private dns: %s" % dns) # set private dns mode cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_STRICT, dns) # verify dns over tls on mobile network self._test_private_dns_mode( self.dut, None, None, True, dns) # verify dns over tls on wifi network self._test_private_dns_mode( self.dut, self.ipv4_ipv6_network, None, True, dns) # verify dns over tls on mobile network wutils.reset_wifi(self.dut) self._test_private_dns_mode( self.dut, None, None, True, dns)
def test_dns_over_tls_no_reset_packets(self): """ Verify there are no TCP packets with RST flags Steps: 1. Enable opportunistic or strict mode 2. Ping hosts and verify that there are TCP pkts with RST flags """ # start tcpdump on device self._start_tcp_dump(self.dut) # set private DNS to opportunistic mode cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC) # connect DUT to wifi network wutils.start_wifi_connection_scan_and_ensure_network_found( self.dut, self.ipv4_ipv6_network[SSID]) wutils.wifi_connect(self.dut, self.ipv4_ipv6_network) for host in self.ping_hosts: wutils.validate_connection(self.dut, host) # stop tcpdump on device pcap_file = self._stop_tcp_dump(self.dut) # check that there no RST TCP packets self._verify_rst_packets(pcap_file)
def setup_class(self): """Setup devices for tests and unpack params.""" # unpack user params req_params = ("wifi_network", "file_size", "download_file_ipv4", "download_file_ipv6", "dbs_supported_models") self.unpack_userparams(req_params) self.file_path = DOWNLOAD_PATH + self.download_file_ipv4.split("/")[-1] self.file_size = float(self.file_size) for ad in self.android_devices: self.log.info("Operator on %s is %s" % \ (ad.serial, get_operator_name(self.log, ad))) ad.reboot() nutils.verify_lte_data_and_tethering_supported(ad) nutils.set_chrome_browser_permissions(ad) cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OFF) try: ad.adb.shell(instr_cmd) except AdbError: self.log.warn("cmd %s failed on %s" % (instr_cmd, ad.serial)) self.tcpdumps = [] self.hs_enabled = []
def test_guestgate_captive_portal_private_dns_off(self): """Verify captive portal network. Steps: 1. Turn off private dns mode 2. Connect to guestgate captive portal network 3. Verify connectivity """ # turn off private dns cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OFF) # verify connection to captive portal network self._verify_captive_portal(self.gg_captive_portal)
def test_guestgate_captive_portal_default(self): """Verify captive portal network. Steps: 1. Set default private dns mode 2. Connect to guestgate captive portal network 3. Verify connectivity """ # set private dns to opportunistic cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC) # verify connection to captive portal network self._verify_captive_portal(self.gg_captive_portal)
def test_guestgate_captive_portal_private_dns_strict(self): """Verify captive portal network. Steps: 1. Set strict private dns mode 2. Connect to guestgate captive portal network 3. Verify connectivity """ # set private dns to strict mode cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_STRICT, cconst.DNS_GOOGLE) # verify connection to captive portal network self._verify_captive_portal(self.gg_captive_portal)
def test_private_dns_mode_strict_invalid_hostnames(self): """ Verify that invalid hostnames are not saved for strict mode Steps: 1. Set private DNS to strict mode with invalid hostname 2. Verify that invalid hostname is not saved """ invalid_hostnames = ["!%@&!*", "12093478129", "9.9.9.9", "sdkfjhasdf"] for hostname in invalid_hostnames: cutils.set_private_dns( self.dut, cconst.PRIVATE_DNS_MODE_STRICT, hostname) mode = self.dut.droid.getPrivateDnsMode() specifier = self.dut.droid.getPrivateDnsSpecifier() asserts.assert_true( mode == cconst.PRIVATE_DNS_MODE_STRICT and specifier != hostname, "Able to set invalid private DNS strict mode")
def test_dns_server_link_properties_strict_mode(self): """ Verify DNS server in the link properties when set in strict mode Steps: 1. Set DNS server hostname in Private DNS settings (stict mode) 2. Verify that DNS server set in settings is in link properties 3. Verify for WiFi as well as LTE """ # start tcpdump on device self._start_tcp_dump(self.dut) # set private DNS to strict mode cutils.set_private_dns( self.dut, cconst.PRIVATE_DNS_MODE_STRICT, cconst.DNS_GOOGLE) # connect DUT to wifi network wutils.start_wifi_connection_scan_and_ensure_network_found( self.dut, self.ipv4_ipv6_network[SSID]) wutils.wifi_connect(self.dut, self.ipv4_ipv6_network) for host in self.ping_hosts: wutils.validate_connection(self.dut, host) # DNS server in link properties for wifi network link_prop = self.dut.droid.connectivityGetActiveLinkProperties() wifi_dns_servers = link_prop['PrivateDnsServerName'] self.log.info("Link prop: %s" % wifi_dns_servers) # DUT is on LTE data wutils.reset_wifi(self.dut) time.sleep(1) # wait till lte network becomes active for host in self.ping_hosts: wutils.validate_connection(self.dut, host) # DNS server in link properties for cell network link_prop = self.dut.droid.connectivityGetActiveLinkProperties() lte_dns_servers = link_prop['PrivateDnsServerName'] self.log.info("Link prop: %s" % lte_dns_servers) # stop tcpdump on device pcap_file = self._stop_tcp_dump(self.dut) # Verify DNS server in link properties asserts.assert_true(cconst.DNS_GOOGLE in wifi_dns_servers, "Hostname not in link properties - wifi network") asserts.assert_true(cconst.DNS_GOOGLE in lte_dns_servers, "Hostname not in link properites - cell network")
def _test_private_dns_mode(self, ad, net, dns_mode, use_tls, hostname=None): """ Test private DNS mode Args: 1. ad: android device object 2. net: wifi network to connect to, LTE network if None 3. dns_mode: private DNS mode 4. use_tls: if True, the DNS packets should be encrypted 5. hostname: private DNS hostname to set to """ # set private dns mode if dns_mode: cutils.set_private_dns(self.dut, dns_mode, hostname) # connect to wifi if net: wutils.start_wifi_connection_scan_and_ensure_network_found( self.dut, net[SSID]) wutils.wifi_connect(self.dut, net) # start tcpdump on the device self._start_tcp_dump(self.dut) # ping hosts should pass for host in self.ping_hosts: self.log.info("Pinging %s" % host) status = wutils.validate_connection(self.dut, host) asserts.assert_true(status, "Failed to ping host %s" % host) self.log.info("Ping successful") # stop tcpdump pcap_file = self._stop_tcp_dump(self.dut) # verify DNS queries self._verify_dns_queries_over_tls(pcap_file, use_tls) # reset wifi wutils.reset_wifi(self.dut)
def test_private_dns_mode_opportunistic_connectivity_toggle_networks(self): """ Verify private DNS opportunistic mode connectivity by toggling networks Steps: 1. Set private DNS opportunistic mode 2. DUT is connected to mobile network 3. Verify connectivity and DNS queries going to port 853 for TMO and port 53 for VZW 4. Switch to wifi network set with private DNS server 5. Verify connectivity and DNS queries going to port 853 6. Switch back to mobile network 7. Verify connectivity and DNS queries going to port 853 for TMO and port 53 for VZW 8. Repeat steps 1-7 for TMO, VZW and different private DNS servers """ for ad in self.android_devices: carrier = get_operator_name(self.log, ad) self.log.info("Carrier is: %s" % carrier) use_tls = True if carrier == "tmo" else False for dns in self.private_dns_servers: self.log.info("Setting opportunistic private dns mode") # set private dns mode cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC) # verify dns over tls on mobile network self._test_private_dns_mode( self.dut, None, None, use_tls, dns) # verify dns over tls on wifi network self._test_private_dns_mode( self.dut, self.ipv4_ipv6_network, None, True, dns) # verify dns over tls on mobile network wutils.reset_wifi(self.dut) self._test_private_dns_mode( self.dut, None, None, use_tls, dns)
def teardown_class(self): """Reset devices.""" cutils.set_private_dns(self.dut, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC) wutils.reset_wifi(self.dut) self.dut.droid.telephonyToggleDataConnection(True)
def teardown_class(self): for ad in self.android_devices: cutils.set_private_dns(ad, cconst.PRIVATE_DNS_MODE_OPPORTUNISTIC)