[PATCHv2 1/3] tests: verify group encryption is set up for vlans early
Michael Braun
michael-dev
Mon Oct 5 07:14:25 PDT 2015
Check that there are no unencrypted frames when using hostapd with VLANs and
WPA before the first station connects to the VLAN.
Signed-off-by: Michael Braun <michael-dev at fami-braun.de>
---
tests/hwsim/test_ap_vlan.py | 83 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 83 insertions(+)
diff --git a/tests/hwsim/test_ap_vlan.py b/tests/hwsim/test_ap_vlan.py
index 822bf99..ef25321 100644
--- a/tests/hwsim/test_ap_vlan.py
+++ b/tests/hwsim/test_ap_vlan.py
@@ -20,6 +20,8 @@ except ImportError:
import hwsim_utils
import hostapd
from utils import iface_is_in_bridge, HwsimSkip
+import os
+from tshark import run_tshark
def test_ap_vlan_open(dev, apdev):
"""AP VLAN with open network"""
@@ -382,3 +384,84 @@ def test_ap_vlan_iface_cleanup_multibss(dev, apdev):
hapd.request("DISABLE")
finally:
ap_vlan_iface_cleanup_multibss_cleanup()
+
+def test_ap_vlan_without_station(dev, apdev, p):
+ """AP VLAN with WPA2-PSK and no station"""
+ try:
+ subprocess.call(['brctl', 'addbr', 'brvlan1'])
+ subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
+ subprocess.call(['ifconfig', 'brvlan1', 'up'])
+ # use a passphrase wlantest does not know, so it cannot
+ # inject decrypted frames into pcap
+ params = hostapd.wpa2_params(ssid="test-vlan",
+ passphrase="12345678x")
+ params['dynamic_vlan'] = "1";
+ params['vlan_file'] = 'hostapd.wlan3.vlan'
+ params['accept_mac_file'] = "hostapd.accept";
+ hapd = hostapd.add_ap(apdev[0]['ifname'], params)
+
+ # inject some traffic
+ sa = hapd.own_addr()
+ da = "ff:ff:ff:ff:ff:00"
+ hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
+ hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
+ hapd.request('DATA_TEST_CONFIG 0')
+ time.sleep(.1)
+
+ dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
+
+ # inject some traffic
+ sa = hapd.own_addr()
+ da = "ff:ff:ff:ff:ff:01"
+ hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
+ hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
+ hapd.request('DATA_TEST_CONFIG 0')
+
+ # let the AP send couple of Beacon frames
+ time.sleep(1)
+ out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
+ "wlan.da == ff:ff:ff:ff:ff:00",
+ ["wlan.fc.protected"])
+
+ if out is not None:
+ lines = out.splitlines()
+ if len(lines) < 1:
+ raise Exception("first frame not observed")
+ state = 1
+ for l in lines:
+ is_protected = int(l, 16)
+ if is_protected != 1:
+ state = 0
+ if state != 1:
+ raise Exception("Broadcast packets were not encrypted when no station was connected")
+ else:
+ raise Exception("first frame not observed")
+
+ out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
+ "wlan.da == ff:ff:ff:ff:ff:01",
+ ["wlan.fc.protected"])
+
+ if out is not None:
+ lines = out.splitlines()
+ if len(lines) < 1:
+ raise Exception("second frame not observed")
+ state = 1
+ for l in lines:
+ is_protected = int(l, 16)
+ if is_protected != 1:
+ state = 0
+ if state != 1:
+ raise Exception("Broadcast packets were not encrypted when station was connected")
+ else:
+ raise Exception("second frame not observed")
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+
+ finally:
+ subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
+ subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
+ stderr=open('/dev/null', 'w'))
+ subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
+ stderr=open('/dev/null', 'w'))
+ subprocess.call(['brctl', 'delbr', 'brvlan1'])
--
2.1.4
More information about the Hostap
mailing list