def test_hapd_ctrl_set_accept_mac_file_vlan(dev, apdev):
"""hostapd and SET accept_mac_file ctrl_iface command (VLAN ID)"""
ssid = "hapd-ctrl"
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
params = {"ssid": ssid}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
hapd.send_file(filename, filename)
hapd.request("SET macaddr_acl 1")
if "OK" not in hapd.request("SET accept_mac_file " + filename):
raise Exception("Unexpected SET failure")
dev[1].wait_disconnected(timeout=15)
dev[0].wait_disconnected(timeout=15)
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_hapd_ctrl_set_deny_mac_file(dev, apdev):
"""hostapd and SET deny_mac_file ctrl_iface command"""
ssid = "hapd-ctrl"
filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
params = {"ssid": ssid}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
hapd.send_file(filename, filename)
if "OK" not in hapd.request("SET deny_mac_file " + filename):
raise Exception("Unexpected SET failure")
dev[0].wait_disconnected(timeout=15)
ev = dev[1].wait_event(["CTRL-EVENT-DISCONNECTED"], 1)
if ev is not None:
raise Exception("Unexpected disconnection")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_acl_deny(dev, apdev):
"""MAC ACL deny list"""
ssid = "acl"
params = {}
filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
hostapd.send_file(apdev[0], filename, filename)
params['ssid'] = ssid
params['deny_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", passive=True)
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected association")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_open(dev, apdev):
"""AP VLAN with open network"""
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
hostapd.send_file(apdev[0], filename, filename)
params = {
"ssid": "test-vlan-open",
"dynamic_vlan": "1",
"accept_mac_file": filename
}
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_wpa2(dev, apdev):
"""AP VLAN with WPA2-PSK"""
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
hostapd.send_file(apdev[0], filename, filename)
params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678")
params['dynamic_vlan'] = "1"
params['accept_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
dev[1].connect("test-vlan", psk="12345678", scan_freq="2412")
dev[2].connect("test-vlan", psk="12345678", scan_freq="2412")
hapd.wait_sta()
hapd.wait_sta()
hapd.wait_sta()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_reconnect(dev, apdev):
"""AP VLAN with WPA2-PSK connect, disconnect, connect"""
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
hostapd.send_file(apdev[0], filename, filename)
params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678")
params['dynamic_vlan'] = "1"
params['accept_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
logger.info("connect sta")
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
hapd.wait_sta()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
logger.info("disconnect sta")
dev[0].request("REMOVE_NETWORK all")
dev[0].wait_disconnected(timeout=10)
time.sleep(1)
logger.info("reconnect sta")
dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
hapd.wait_sta()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_wpa2_radius_local(dev, apdev):
"""AP VLAN with WPA2-Enterprise and local file setting VLAN IDs"""
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
hostapd.send_file(apdev[0], filename, filename)
params = hostapd.wpa2_eap_params(ssid="test-vlan")
params['dynamic_vlan'] = "0"
params['vlan_file'] = "hostapd.vlan"
params['vlan_bridge'] = "test_br_vlan"
params['accept_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
dev[0].connect("test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
dev[1].connect("test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
dev[2].connect("test-vlan",
key_mgmt="WPA-EAP",
eap="PAX",
identity="*****@*****.**",
password_hex="0123456789abcdef0123456789abcdef",
scan_freq="2412")
hapd.wait_sta()
hapd.wait_sta()
hapd.wait_sta()
hwsim_utils.test_connectivity_iface(dev[0], hapd, "test_br_vlan1")
hwsim_utils.test_connectivity_iface(dev[1], hapd, "test_br_vlan2")
hwsim_utils.test_connectivity(dev[2], hapd)
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_acl_accept(dev, apdev):
"""MAC ACL accept list"""
ssid = "acl"
params = {}
filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
hostapd.send_file(apdev[0], filename, filename)
params['ssid'] = ssid
params['accept_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[0].request("REMOVE_NETWORK all")
dev[1].request("REMOVE_NETWORK all")
hapd.request("SET macaddr_acl 1")
dev[1].dump_monitor()
dev[1].connect(ssid, key_mgmt="NONE", scan_freq="2412", wait_connect=False)
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
if ev is not None:
raise Exception("Unexpected association")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_acl_mgmt(dev, apdev):
"""MAC ACL accept/deny management"""
ssid = "acl"
params = {}
filename = hostapd.acl_file(dev, apdev, 'hostapd.macaddr')
hostapd.send_file(apdev[0], filename, filename)
params['ssid'] = ssid
params['deny_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
logger.info("accept: " + str(accept))
deny = hapd.request("DENY_ACL SHOW").splitlines()
logger.info("deny: " + str(deny))
if len(accept) != 0:
raise Exception("Unexpected number of accept entries")
if len(deny) != 3:
raise Exception("Unexpected number of deny entries")
if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
raise Exception("Missing deny entry")
hapd.request("ACCEPT_ACL ADD_MAC 22:33:44:55:66:77")
hapd.request("DENY_ACL ADD_MAC 22:33:44:55:66:88 VLAN_ID=2")
accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
logger.info("accept: " + str(accept))
deny = hapd.request("DENY_ACL SHOW").splitlines()
logger.info("deny: " + str(deny))
if len(accept) != 1:
raise Exception("Unexpected number of accept entries (2)")
if len(deny) != 4:
raise Exception("Unexpected number of deny entries (2)")
if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
raise Exception("Missing deny entry (2)")
if "22:33:44:55:66:88 VLAN_ID=2" not in deny:
raise Exception("Missing deny entry (2)")
if "22:33:44:55:66:77 VLAN_ID=0" not in accept:
raise Exception("Missing accept entry (2)")
hapd.request("ACCEPT_ACL DEL_MAC 22:33:44:55:66:77")
hapd.request("DENY_ACL DEL_MAC 22:33:44:55:66:88")
accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
logger.info("accept: " + str(accept))
deny = hapd.request("DENY_ACL SHOW").splitlines()
logger.info("deny: " + str(deny))
if len(accept) != 0:
raise Exception("Unexpected number of accept entries (3)")
if len(deny) != 3:
raise Exception("Unexpected number of deny entries (3)")
if "01:01:01:01:01:01 VLAN_ID=0" not in deny:
raise Exception("Missing deny entry (3)")
hapd.request("ACCEPT_ACL CLEAR")
hapd.request("DENY_ACL CLEAR")
accept = hapd.request("ACCEPT_ACL SHOW").splitlines()
logger.info("accept: " + str(accept))
deny = hapd.request("DENY_ACL SHOW").splitlines()
logger.info("deny: " + str(deny))
if len(accept) != 0:
raise Exception("Unexpected number of accept entries (4)")
if len(deny) != 0:
raise Exception("Unexpected number of deny entries (4)")
dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
dev[0].connect(ssid, key_mgmt="NONE", scan_freq="2412")
dev[0].dump_monitor()
hapd.request("DENY_ACL ADD_MAC " + dev[0].own_addr())
dev[0].wait_disconnected()
dev[0].request("DISCONNECT")
if filename.startswith('/tmp/'):
os.unlink(filename)
def test_ap_vlan_without_station(dev, apdev, p):
"""AP VLAN with WPA2-PSK and no station"""
try:
filename = hostapd.acl_file(dev, apdev, 'hostapd.accept')
hostapd.send_file(apdev[0], filename, filename)
subprocess.call(['brctl', 'addbr', 'brvlan1'])
subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
subprocess.call(['ifconfig', 'brvlan1', 'up'])
# use a passphrase wlantest does not know, so it cannot
# inject decrypted frames into pcap
params = hostapd.wpa2_params(ssid="test-vlan", passphrase="12345678x")
params['dynamic_vlan'] = "1"
params['vlan_file'] = 'hostapd.wlan3.vlan'
params['accept_mac_file'] = filename
hapd = hostapd.add_ap(apdev[0], params)
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:00"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
time.sleep(.1)
dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:01"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
# let the AP send couple of Beacon frames
time.sleep(1)
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:00", ["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
# Newer kernel versions filter out frames when there are no
# authorized stations on an AP/AP_VLAN interface, so do not
# trigger an error here.
logger.info("first frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception(
"Broadcast packets were not encrypted when no station was connected"
)
else:
raise Exception("first frame not observed")
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:01", ["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
raise Exception("second frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception(
"Broadcast packets were not encrypted when station was connected"
)
else:
raise Exception("second frame not observed")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
if filename.startswith('/tmp/'):
os.unlink(filename)
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'brvlan1'])
