[PATCH] tests: add kernel BSS leak tests

Johannes Berg johannes at sipsolutions.net
Thu Dec 8 08:29:43 PST 2016 

From: Johannes Berg <johannes.berg at intel.com>

Add two tests that check if the kernel BSS leak (when we
get a deauth or otherwise abandon an association attempt)
is present in the kernel.

Signed-off-by: Johannes Berg <johannes.berg at intel.com>
---
 tests/hwsim/test_kernel.py | 54 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 tests/hwsim/test_kernel.py

diff --git a/tests/hwsim/test_kernel.py b/tests/hwsim/test_kernel.py
new file mode 100644
index 000000000000..373be9496ac1
--- /dev/null
+++ b/tests/hwsim/test_kernel.py
@@ -0,0 +1,54 @@
+# Test a few kernel bugs
+# Copyright (c) 2016, Intel Deutschland GmbH
+#
+# Author: Johannes Berg <johannes.berg at intel.com>
+#
+# This software may be distributed under the terms of the BSD license.
+# See README for more details.
+
+import hostapd
+import binascii
+
+def _test_kernel_bss_leak(dev, apdev, deauth):
+    ssid = "test-bss-leak"
+    passphrase = 'qwertyuiop'
+    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+    hapd = hostapd.add_ap(apdev[0], params)
+    hapd.set("ext_mgmt_frame_handling", "1")
+    dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
+    while True:
+        pkt = hapd.mgmt_rx()
+        if not pkt:
+            raise Exception("MGMT RX wait timed out for auth frame")
+        if pkt['fc'] & 0xc:
+            continue
+        if pkt['subtype'] == 0: # assoc request
+            if deauth:
+                # return a deauth immediately
+                hapd.mgmt_tx({
+                    'fc': 0xc0,
+                    'sa': pkt['da'],
+                    'da': pkt['sa'],
+                    'bssid': pkt['bssid'],
+                    'payload': '\x01\x00',
+                })
+            break
+        else:
+            hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % (
+                         binascii.hexlify(pkt['frame']), ))
+    hapd.set("ext_mgmt_frame_handling", "0")
+
+    hapd.request("STOP_AP")
+
+    dev[0].request("REMOVE_NETWORK all")
+    dev[0].wait_disconnected()
+
+    dev[0].flush_scan_cache(freq=5180)
+    res = dev[0].request("SCAN_RESULTS")
+    if len(res.splitlines()) > 1:
+        raise Exception("BSS entry should no longer be around")
+
+def test_kernel_bss_leak_deauth(dev, apdev):
+    return _test_kernel_bss_leak(dev, apdev, deauth=True)
+def test_kernel_bss_leak_timeout(dev, apdev):
+    return _test_kernel_bss_leak(dev, apdev, deauth=False)
-- 
2.9.3

More information about the Hostap mailing list