tests: Add ebtables rules for ProxyARP

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-12-16 00:41:52 +02:00 committed by Jouni Malinen
parent a95c6973aa
commit 19cbe06238
2 changed files with 40 additions and 0 deletions

View file

@ -2775,6 +2775,28 @@ def _test_proxyarp_open(dev, apdev, params):
subprocess.call(['brctl', 'setfd', 'ap-br0', '0']) subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up']) subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
for chain in [ 'FORWARD', 'OUTPUT' ]:
subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
'-d', 'Broadcast', '-o', apdev[0]['ifname'],
'-j', 'DROP'])
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
'--ip6-icmp-type', 'neighbor-solicitation',
'-o', apdev[0]['ifname'], '-j', 'DROP'])
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
'--ip6-icmp-type', 'neighbor-advertisement',
'-o', apdev[0]['ifname'], '-j', 'DROP'])
subprocess.call(['ebtables', '-A', chain,
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
'--ip6-icmp-type', 'router-solicitation',
'-o', apdev[0]['ifname'], '-j', 'DROP'])
# Multicast Listener Report Message
subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
'-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
'--ip6-icmp-type', '143',
'-o', apdev[0]['ifname'], '-j', 'DROP'])
cmd = {} cmd = {}
cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0', cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
'-w', cap_br, '-s', '2000'], '-w', cap_br, '-s', '2000'],
@ -2994,6 +3016,10 @@ def _test_proxyarp_open(dev, apdev, params):
logger.info("After disconnect: " + str(matches)) logger.info("After disconnect: " + str(matches))
if len(matches) > 0: if len(matches) > 0:
raise Exception("Unexpected neighbor entries after disconnect") raise Exception("Unexpected neighbor entries after disconnect")
cmd = subprocess.Popen(['ebtables', '-L', '--Lc'], stdout=subprocess.PIPE)
res = cmd.stdout.read()
cmd.stdout.close()
logger.info("ebtables results:\n" + res)
def test_proxyarp_open(dev, apdev, params): def test_proxyarp_open(dev, apdev, params):
"""ProxyARP with open network""" """ProxyARP with open network"""
@ -3001,6 +3027,8 @@ def test_proxyarp_open(dev, apdev, params):
try: try:
res = _test_proxyarp_open(dev, apdev, params) res = _test_proxyarp_open(dev, apdev, params)
finally: finally:
subprocess.call(['ebtables', '-F', 'FORWARD'])
subprocess.call(['ebtables', '-F', 'OUTPUT'])
subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'], subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
stderr=open('/dev/null', 'w')) stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'ap-br0'], subprocess.call(['brctl', 'delbr', 'ap-br0'],

View file

@ -49,6 +49,18 @@ echo 'adm:x:0:' > /etc/group
echo 'admin:x:0:' >> /etc/group echo 'admin:x:0:' >> /etc/group
# root should exist # root should exist
echo 'root:x:0:0:root:/tmp:/bin/bash' > /etc/passwd echo 'root:x:0:0:root:/tmp:/bin/bash' > /etc/passwd
cat > /etc/ethertypes <<EOF
IPv4 0800 ip ip4
ARP 0806 ether-arp
IPv6 86DD ip6
EOF
cat > /etc/protocols <<EOF
ip 0 IP
icmp 1 ICMP
tcp 6 TCP
udp 17 UDP
ipv6-icmp 58 IPv6-ICMP
EOF
# local network is needed for some tests # local network is needed for some tests
ip link set lo up ip link set lo up