def run_macsec_psk_ns(dev, apdev, params):
try:
subprocess.check_call([
"ip", "link", "add", "veth0", "type", "veth", "peer", "name",
"veth1"
])
except subprocess.CalledProcessError:
raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
prefix = "macsec_psk_ns"
conffile = os.path.join(params['logdir'], prefix + ".conf")
pidfile = os.path.join(params['logdir'], prefix + ".pid")
logfile0 = os.path.join(params['logdir'], prefix + ".veth0.log")
logfile1 = os.path.join(params['logdir'], prefix + ".veth1.log")
cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
for i in range(2):
try:
subprocess.check_call(["ip", "netns", "add", "ns%d" % i])
except subprocess.CalledProcessError:
raise HwsimSkip(
"network namespace not supported (kernel CONFIG_NAMESPACES, CONFIG_NET_NS)"
)
subprocess.check_call(
["ip", "link", "set",
"veth%d" % i, "netns",
"ns%d" % i])
subprocess.check_call([
"ip", "netns", "exec",
"ns%d" % i, "ip", "link", "set", "dev",
"veth%d" % i, "up"
])
cmd = {}
cmd[0] = WlantestCapture('veth0', cap_veth0, netns='ns0')
cmd[1] = WlantestCapture('veth1', cap_veth1, netns='ns1')
write_conf(conffile + '0')
write_conf(conffile + '1', mka_priority=100)
prg = os.path.join(params['logdir'],
'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
if not os.path.exists(prg):
prg = '../../wpa_supplicant/wpa_supplicant'
arg = [
"ip", "netns", "exec", "ns0", prg, '-BdddtKW', '-P', pidfile + '0',
'-f', logfile0, '-g', '/tmp/wpas-veth0', '-Dmacsec_linux', '-c',
conffile + '0', '-i', "veth0"
]
logger.info("Start wpa_supplicant: " + str(arg))
try:
subprocess.check_call(arg)
except subprocess.CalledProcessError:
raise HwsimSkip(
"macsec supported (wpa_supplicant CONFIG_MACSEC, CONFIG_DRIVER_MACSEC_LINUX; kernel CONFIG_MACSEC)"
)
if os.path.exists("wpa_supplicant-macsec2"):
logger.info(
"Use alternative wpa_supplicant binary for one of the macsec devices"
)
prg = "wpa_supplicant-macsec2"
arg = [
"ip", "netns", "exec", "ns1", prg, '-BdddtKW', '-P', pidfile + '1',
'-f', logfile1, '-g', '/tmp/wpas-veth1', '-Dmacsec_linux', '-c',
conffile + '1', '-i', "veth1"
]
logger.info("Start wpa_supplicant: " + str(arg))
subprocess.check_call(arg)
wpas0 = WpaSupplicant('veth0', '/tmp/wpas-veth0')
wpas1 = WpaSupplicant('veth1', '/tmp/wpas-veth1')
log_ip_macsec_ns()
log_ip_link_ns()
logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
logger.info("wpas1 STATUS-DRIVER:\n" + wpas1.request("STATUS-DRIVER"))
for i in range(10):
macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
macsec_ifname1 = wpas1.get_driver_status_field("parent_ifname")
if "Number of Keys" in wpas0.request("STATUS"):
key_tx0 = int(wpas0.get_status_field("Number of Keys Distributed"))
key_rx0 = int(wpas0.get_status_field("Number of Keys Received"))
else:
key_tx0 = 0
key_rx0 = 0
if "Number of Keys" in wpas1.request("STATUS"):
key_tx1 = int(wpas1.get_status_field("Number of Keys Distributed"))
key_rx1 = int(wpas1.get_status_field("Number of Keys Received"))
else:
key_tx1 = 0
key_rx1 = 0
if key_rx0 > 0 and key_tx1 > 0:
break
time.sleep(1)
cmd[2] = WlantestCapture(macsec_ifname0, cap_macsec0, netns='ns0')
cmd[3] = WlantestCapture(macsec_ifname1, cap_macsec1, netns='ns0')
time.sleep(0.5)
logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
log_ip_macsec_ns()
hwsim_utils.test_connectivity(wpas0,
wpas1,
ifname1=macsec_ifname0,
ifname2=macsec_ifname1,
send_len=1400)
log_ip_macsec_ns()
subprocess.check_call([
'ip', 'netns', 'exec', 'ns0', 'ip', 'addr', 'add', '192.168.248.17/30',
'dev', macsec_ifname0
])
subprocess.check_call([
'ip', 'netns', 'exec', 'ns1', 'ip', 'addr', 'add', '192.168.248.18/30',
'dev', macsec_ifname1
])
c = subprocess.Popen(
['ip', 'netns', 'exec', 'ns0', 'ping', '-c', '2', '192.168.248.18'],
stdout=subprocess.PIPE)
res = c.stdout.read().decode()
c.stdout.close()
logger.info("ping:\n" + res)
if "2 packets transmitted, 2 received" not in res:
raise Exception("ping did not work")
wpas0.close_monitor()
wpas0.request("TERMINATE")
wpas0.close_control()
del wpas0
wpas1.close_monitor()
wpas1.request("TERMINATE")
wpas1.close_control()
del wpas1
time.sleep(1)
for i in range(len(cmd)):
cmd[i].close()
def run_macsec_psk_ns(dev, apdev, params):
try:
subprocess.check_call(["ip", "link", "add", "veth0", "type", "veth",
"peer", "name", "veth1"])
except subprocess.CalledProcessError:
raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
prefix = "macsec_psk_ns"
conffile = os.path.join(params['logdir'], prefix + ".conf")
pidfile = os.path.join(params['logdir'], prefix + ".pid")
logfile0 = os.path.join(params['logdir'], prefix + ".veth0.log")
logfile1 = os.path.join(params['logdir'], prefix + ".veth1.log")
cap_veth0 = os.path.join(params['logdir'], prefix + ".veth0.pcap")
cap_veth1 = os.path.join(params['logdir'], prefix + ".veth1.pcap")
cap_macsec0 = os.path.join(params['logdir'], prefix + ".macsec0.pcap")
cap_macsec1 = os.path.join(params['logdir'], prefix + ".macsec1.pcap")
for i in range(2):
try:
subprocess.check_call(["ip", "netns", "add", "ns%d" % i])
except subprocess.CalledProcessError:
raise HwsimSkip("network namespace not supported (kernel CONFIG_NAMESPACES, CONFIG_NET_NS)")
subprocess.check_call(["ip", "link", "set", "veth%d" % i,
"netns", "ns%d" %i])
subprocess.check_call(["ip", "netns", "exec", "ns%d" % i,
"ip", "link", "set", "dev", "veth%d" % i,
"up"])
cmd = {}
cmd[0] = subprocess.Popen(['ip', 'netns', 'exec', 'ns0',
'tcpdump', '-p', '-U', '-i', 'veth0',
'-w', cap_veth0, '-s', '2000',
'--immediate-mode'],
stderr=open('/dev/null', 'w'))
cmd[1] = subprocess.Popen(['ip', 'netns', 'exec', 'ns1',
'tcpdump', '-p', '-U', '-i', 'veth1',
'-w', cap_veth1, '-s', '2000',
'--immediate-mode'],
stderr=open('/dev/null', 'w'))
write_conf(conffile + '0')
write_conf(conffile + '1', mka_priority=100)
prg = os.path.join(params['logdir'],
'alt-wpa_supplicant/wpa_supplicant/wpa_supplicant')
if not os.path.exists(prg):
prg = '../../wpa_supplicant/wpa_supplicant'
arg = ["ip", "netns", "exec", "ns0",
prg, '-BdddtKW', '-P', pidfile + '0', '-f', logfile0,
'-g', '/tmp/wpas-veth0',
'-Dmacsec_linux', '-c', conffile + '0', '-i', "veth0"]
logger.info("Start wpa_supplicant: " + str(arg))
try:
subprocess.check_call(arg)
except subprocess.CalledProcessError:
raise HwsimSkip("macsec supported (wpa_supplicant CONFIG_MACSEC, CONFIG_DRIVER_MACSEC_LINUX; kernel CONFIG_MACSEC)")
if os.path.exists("wpa_supplicant-macsec2"):
logger.info("Use alternative wpa_supplicant binary for one of the macsec devices")
prg = "wpa_supplicant-macsec2"
arg = ["ip", "netns", "exec", "ns1",
prg, '-BdddtKW', '-P', pidfile + '1', '-f', logfile1,
'-g', '/tmp/wpas-veth1',
'-Dmacsec_linux', '-c', conffile + '1', '-i', "veth1"]
logger.info("Start wpa_supplicant: " + str(arg))
subprocess.check_call(arg)
wpas0 = WpaSupplicant('veth0', '/tmp/wpas-veth0')
wpas1 = WpaSupplicant('veth1', '/tmp/wpas-veth1')
log_ip_macsec_ns()
log_ip_link_ns()
logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
logger.info("wpas0 STATUS-DRIVER:\n" + wpas0.request("STATUS-DRIVER"))
logger.info("wpas1 STATUS-DRIVER:\n" + wpas1.request("STATUS-DRIVER"))
macsec_ifname0 = wpas0.get_driver_status_field("parent_ifname")
macsec_ifname1 = wpas1.get_driver_status_field("parent_ifname")
for i in range(10):
key_tx0 = int(wpas0.get_status_field("Number of Keys Distributed"))
key_rx0 = int(wpas0.get_status_field("Number of Keys Received"))
key_tx1 = int(wpas1.get_status_field("Number of Keys Distributed"))
key_rx1 = int(wpas1.get_status_field("Number of Keys Received"))
if key_rx0 > 0 and key_tx1 > 0:
break
time.sleep(1)
cmd[2] = subprocess.Popen(['ip', 'netns', 'exec', 'ns0',
'tcpdump', '-p', '-U', '-i', macsec_ifname0,
'-w', cap_macsec0, '-s', '2000',
'--immediate-mode'],
stderr=open('/dev/null', 'w'))
cmd[3] = subprocess.Popen(['ip', 'netns', 'exec', 'ns0',
'tcpdump', '-p', '-U', '-i', macsec_ifname1,
'-w', cap_macsec1, '-s', '2000',
'--immediate-mode'],
stderr=open('/dev/null', 'w'))
time.sleep(0.5)
logger.info("wpas0 STATUS:\n" + wpas0.request("STATUS"))
logger.info("wpas1 STATUS:\n" + wpas1.request("STATUS"))
log_ip_macsec_ns()
hwsim_utils.test_connectivity(wpas0, wpas1,
ifname1=macsec_ifname0,
ifname2=macsec_ifname1,
send_len=1400)
log_ip_macsec_ns()
subprocess.check_call(['ip', 'netns', 'exec', 'ns0',
'ip', 'addr', 'add', '192.168.248.17/30',
'dev', macsec_ifname0])
subprocess.check_call(['ip', 'netns', 'exec', 'ns1',
'ip', 'addr', 'add', '192.168.248.18/30',
'dev', macsec_ifname1])
c = subprocess.Popen(['ip', 'netns', 'exec', 'ns0',
'ping', '-c', '2', '192.168.248.18'],
stdout=subprocess.PIPE)
res = c.stdout.read().decode()
c.stdout.close()
logger.info("ping:\n" + res)
if "2 packets transmitted, 2 received" not in res:
raise Exception("ping did not work")
wpas0.close_monitor()
wpas0.request("TERMINATE")
wpas0.close_control()
del wpas0
wpas1.close_monitor()
wpas1.request("TERMINATE")
wpas1.close_control()
del wpas1
time.sleep(1)
for i in range(len(cmd)):
cmd[i].terminate()
