From ee2b0d19f5b21591a1d9ea29314c2e3e82a1bb3e Mon Sep 17 00:00:00 2001 From: Michael Braun Date: Mon, 5 Oct 2015 16:14:25 +0200 Subject: [PATCH] tests: Verify group encryption is set up for VLANs early Check that there are no unencrypted frames when using hostapd with VLANs and WPA before the first station connects to the VLAN. Signed-off-by: Michael Braun --- tests/hwsim/test_ap_vlan.py | 83 +++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/tests/hwsim/test_ap_vlan.py b/tests/hwsim/test_ap_vlan.py index 822bf99ed..ef2532199 100644 --- a/tests/hwsim/test_ap_vlan.py +++ b/tests/hwsim/test_ap_vlan.py @@ -20,6 +20,8 @@ except ImportError: import hwsim_utils import hostapd from utils import iface_is_in_bridge, HwsimSkip +import os +from tshark import run_tshark def test_ap_vlan_open(dev, apdev): """AP VLAN with open network""" @@ -382,3 +384,84 @@ def test_ap_vlan_iface_cleanup_multibss(dev, apdev): hapd.request("DISABLE") finally: ap_vlan_iface_cleanup_multibss_cleanup() + +def test_ap_vlan_without_station(dev, apdev, p): + """AP VLAN with WPA2-PSK and no station""" + try: + subprocess.call(['brctl', 'addbr', 'brvlan1']) + subprocess.call(['brctl', 'setfd', 'brvlan1', '0']) + subprocess.call(['ifconfig', 'brvlan1', 'up']) + # use a passphrase wlantest does not know, so it cannot + # inject decrypted frames into pcap + params = hostapd.wpa2_params(ssid="test-vlan", + passphrase="12345678x") + params['dynamic_vlan'] = "1"; + params['vlan_file'] = 'hostapd.wlan3.vlan' + params['accept_mac_file'] = "hostapd.accept"; + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + # inject some traffic + sa = hapd.own_addr() + da = "ff:ff:ff:ff:ff:00" + hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1') + hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa)) + hapd.request('DATA_TEST_CONFIG 0') + time.sleep(.1) + + dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412") + + # inject some traffic + sa = hapd.own_addr() + da = "ff:ff:ff:ff:ff:01" + hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1') + hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa)) + hapd.request('DATA_TEST_CONFIG 0') + + # let the AP send couple of Beacon frames + time.sleep(1) + out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"), + "wlan.da == ff:ff:ff:ff:ff:00", + ["wlan.fc.protected"]) + + if out is not None: + lines = out.splitlines() + if len(lines) < 1: + raise Exception("first frame not observed") + state = 1 + for l in lines: + is_protected = int(l, 16) + if is_protected != 1: + state = 0 + if state != 1: + raise Exception("Broadcast packets were not encrypted when no station was connected") + else: + raise Exception("first frame not observed") + + out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"), + "wlan.da == ff:ff:ff:ff:ff:01", + ["wlan.fc.protected"]) + + if out is not None: + lines = out.splitlines() + if len(lines) < 1: + raise Exception("second frame not observed") + state = 1 + for l in lines: + is_protected = int(l, 16) + if is_protected != 1: + state = 0 + if state != 1: + raise Exception("Broadcast packets were not encrypted when station was connected") + else: + raise Exception("second frame not observed") + + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + + finally: + subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down']) + subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'], + stderr=open('/dev/null', 'w')) + subprocess.call(['brctl', 'delbr', 'brvlan1'])