hostap/tests/hwsim
Jouni Malinen 61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
..
auth_serv tests: Suite B with RSA keys 2017-09-18 12:12:48 +03:00
tnc tests: Use QUIET=1 option to make build.sh output much shorter 2014-12-29 15:49:05 +02:00
vm tests: Print higher debug level on console 2017-07-08 15:19:24 +03:00
bss-1.conf
bss-2-dup.conf
bss-2.conf
bss-3.conf
bss-4.conf tests: Beacon request - active scan mode and many BSSs 2017-01-03 19:53:03 +02:00
bss-5.conf tests: Beacon request - active scan mode and many BSSs 2017-01-03 19:53:03 +02:00
bss-6.conf tests: Beacon request - active scan mode and many BSSs 2017-01-03 19:53:03 +02:00
bss-ht40-1.conf
bss-ht40-2.conf
build.sh
check_kernel.py tests: Catch various lockdep warnings 2017-07-08 15:18:40 +03:00
dictionary.radius tests: More WPA2 PSK from RADIUS Tunnel-Password coverage 2017-02-08 23:48:20 +02:00
example-hostapd.config tests: Enable DPP in default configuration files 2017-09-06 21:21:56 +03:00
example-setup.txt tests: Document rfkill workaround for systemd for hwsim tests 2017-03-29 15:03:16 +03:00
example-wpa_supplicant.config tests: Enable DPP in default configuration files 2017-09-06 21:21:56 +03:00
fst_module_aux.py tests: Remove unused import subprocess 2016-06-27 21:10:35 +03:00
fst_test_common.py
hostapd.accept
hostapd.macaddr tests: Cover both binary search branches in hostapd_maclist_found() 2016-12-26 18:28:40 +02:00
hostapd.py
hostapd.vlan tests: VLAN using vlan_file mapping 2014-03-30 17:06:34 +03:00
hostapd.wlan3.vlan
hostapd.wlan4.vlan
hostapd.wpa_psk
hwsim.py
hwsim_utils.py tests: Extend test_connectivity to check disconnection 2017-03-27 17:31:10 +03:00
multi-bss-acs.conf tests: Add test cases for automatic channel selection 2013-11-03 21:30:31 +02:00
multi-bss-iface-per_sta_vif.conf
multi-bss-iface.conf tests: Verify correct VLAN operation in multi-BSS multi-VLAN case 2015-06-14 13:40:50 +03:00
multi-bss.conf
netlink.py
nl80211.py
p2p0.conf
p2p1.conf
p2p2.conf
p2p_utils.py tests: Remove extra semicolons from python scripts 2016-07-03 22:37:01 +03:00
radius_das.py
README
remotehost.py tests: Remove extra semicolons from python scripts 2016-07-03 22:37:01 +03:00
rfkill.py
run-all.sh
run-tests.py tests: Write TEST-START and TEST-STOP into kernel logs with timestamps 2017-05-27 11:08:16 +03:00
start.sh tests: Enable D-Bus test on more platforms 2017-09-10 21:52:54 +03:00
stop.sh
test_ap_acs.py tests: Automatic channel selection failures 2017-03-04 17:30:15 +02:00
test_ap_ciphers.py tests: WPA-PSK/TKIP countermeasures (detected by two STAs) 2017-02-10 19:48:12 +02:00
test_ap_config.py
test_ap_csa.py
test_ap_dynamic.py tests: Increase timeout in ap_bss_config_file for CTRL-EVENT-TERMINATING 2017-01-29 14:32:17 +02:00
test_ap_eap.py tests: Remove forgotten print from ap_wpa2_eap_sim_zero_db_timeout 2017-09-10 02:15:05 +03:00
test_ap_ft.py tests: FT with AP-to-AP broadcast messages 2017-05-03 22:16:14 +03:00
test_ap_hs20.py tests: ProxyARP error cases 2017-03-04 11:44:55 +02:00
test_ap_ht.py tests: HT40 with both plus and minus allowed 2017-04-29 16:35:23 +03:00
test_ap_mixed.py
test_ap_open.py tests: DISABLE_NETWORK during connection and blacklist behavior 2017-04-29 18:00:26 +03:00
test_ap_params.py tests: AP with wowlan_triggers 2016-12-30 00:45:04 +02:00
test_ap_pmf.py
test_ap_psk.py tests: Rename ap_wpa2_psk_file test 2017-03-06 23:38:48 +02:00
test_ap_qosmap.py
test_ap_roam.py
test_ap_tdls.py tests: TDLS_CHAN_SWITCH error case 2017-01-08 17:16:01 +02:00
test_ap_track.py
test_ap_vht.py tests: VHT and 40 MHz channel configuration falling back to 20 MHz 2017-02-06 19:26:07 +02:00
test_ap_vlan.py tests: Increase timeout in ap_vlan_iface_cleanup_multibss* 2017-01-29 14:42:05 +02:00
test_ap_wps.py tests: hostapd with zero length ap_pin parameter 2017-08-18 21:10:52 +03:00
test_authsrv.py tests: Fix authsrv_errors_1 and authsrv_errors_3 when running on host 2017-03-07 18:13:05 +02:00
test_autoscan.py
test_bgscan.py tests: Additional bgscan test coverage 2017-01-08 14:44:35 +02:00
test_cfg80211.py
test_connect_cmd.py tests: cfg80211 connect command with bssid_hint 2017-05-12 00:33:06 +03:00
test_dbus.py tests: Make dbus_scan_abort more robust 2017-09-20 15:37:58 +03:00
test_dbus_old.py
test_dfs.py tests: Verify DFS channel switch both in and outside ETSI 2017-05-13 20:01:44 +03:00
test_dpp.py tests: Verify data connectivity with DPP AKM 2017-08-24 23:47:58 +03:00
test_eap_proto.py tests: Additional EAP-TTLS error path 2017-07-08 16:21:38 +03:00
test_erp.py tests: Write MSK dump files from authentication server 2017-09-05 19:29:01 +03:00
test_ext_password.py
test_fils.py tests: FILS SK with PFS and PMKSA caching 2017-09-13 22:17:58 +03:00
test_fst_config.py
test_fst_module.py
test_gas.py tests: Extend ANQP_GET coverage for new functionality 2017-03-10 17:03:55 +02:00
test_hapd_ctrl.py tests: Update FT test cases for new RRB message format 2017-05-03 21:55:29 +03:00
test_hostapd_oom.py
test_hs20_filter.py
test_ibss.py tests: Disable HT in ibss_rsn to avoid a strange issue with mac80211 2017-01-14 13:54:02 +02:00
test_ieee8021x.py
test_kernel.py
test_mbo.py tests: MBO ANQP 2017-03-10 18:59:12 +02:00
test_module_tests.py
test_monitor_interface.py
test_nfc_p2p.py
test_nfc_wps.py tests: Additional hostapd WPS control interface coverage 2016-12-28 14:31:42 +02:00
test_offchannel_tx.py
test_owe.py tests: key_mgmt values OWE and DPP 2017-07-03 14:33:58 +03:00
test_p2p_autogo.py tests: Use global control interface in autogo_m2d test 2017-09-10 22:03:54 +03:00
test_p2p_channel.py tests: Use global control interface in test_p2p_channel.py 2017-07-08 16:06:38 +03:00
test_p2p_concurrency.py
test_p2p_device.py tests: P2P autonomous GO switching channels with cfg80211 P2P Device 2016-12-30 23:56:35 +02:00
test_p2p_discovery.py tests: P2P device discovery and p2p_find restart 2017-03-14 20:41:51 +02:00
test_p2p_ext.py
test_p2p_grpform.py
test_p2p_invitation.py
test_p2p_messages.py
test_p2p_persistent.py
test_p2p_service.py tests: Make p2p_service_discovery_peer_not_listening a bit more robust 2017-04-29 22:40:01 +03:00
test_p2p_set.py tests: Mark 525 tests as remote compatible 2016-06-27 21:47:37 +03:00
test_p2p_wifi_display.py tests: Wi-Fi Display extensions to P2P with R2 subelems 2017-03-01 12:16:10 +02:00
test_p2ps.py
test_peerkey.py tests: RSN AP deinit during PeerKey negotiation 2017-02-12 11:18:03 +02:00
test_pmksa_cache.py tests: RSN pre-authentication based on pre-connection scan results 2017-09-12 16:47:30 +03:00
test_radio_work.py
test_radius.py tests: Fix radius_acct_failure_sta_data test 2017-09-10 22:05:33 +03:00
test_rfkill.py
test_rrm.py tests: Fix missing function on some rrm test case error paths 2017-09-10 21:54:38 +03:00
test_sae.py tests: SAE commit message override on wpa_supplicant 2017-09-04 13:32:04 +03:00
test_scan.py tests: Scan for a specific BSSID 2017-07-05 02:02:35 +03:00
test_sigma_dut.py tests: sigma_dut with Suite B 2017-09-15 00:38:21 +03:00
test_ssid.py
test_sta_dynamic.py
test_suite_b.py tests: Suite B with RSA keys 2017-09-18 12:12:48 +03:00
test_tnc.py tests: Update base64 OOM test cases to match implementation changes 2017-06-17 18:04:32 +03:00
test_wep.py
test_wext.py
test_wmediumd.py tests: Add a test of mesh RANN 2017-03-29 14:06:08 +03:00
test_wnm.py tests: Make wnm_bss_tm_req_with_mbo_ie more robust 2017-07-18 13:29:07 +03:00
test_wpas_ap.py tests: wpa_supplicant AP mode - HT disabled 2017-03-11 11:20:17 +02:00
test_wpas_config.py tests: Clear country code at the end of wpas_config_file 2017-02-07 23:03:35 +02:00
test_wpas_ctrl.py tests: wpa_supplicant get_pref_freq_list_override 2017-02-16 12:08:22 +02:00
test_wpas_mesh.py tests: Add mesh RSSI threshold test 2017-05-08 16:26:06 +03:00
test_wpas_wmm_ac.py tests: Additional WMM AP parsing coverage 2017-02-11 12:12:41 +02:00
tshark.py
utils.py
w1fi_logo.png
wlantest.py tests: Add support for wlantest for remote hwsim tests 2016-05-28 16:34:09 +03:00
wpasupplicant.py Add group_mgmt network parameter for PMF cipher selection 2017-09-26 17:40:02 +03:00
wps-ctrl-cred
wps-ctrl-cred2
wps-mixed-cred
wps-wep-cred

Automated hostapd/wpa_supplicant testing with mac80211_hwsim
------------------------------------------------------------

This directory contains testing infrastructure and test cases to run
automated tests of full hostapd and wpa_supplicant functionality. This
testing is done with the help of mac80211_hwsim which is Linux kernel
driver that simulates IEEE 802.11 radios without requiring any
additional hardware. This setup most of the hostapd and wpa_supplicant
functionality (and large parts of the Linux cfg80211 and mac80211
functionality for that matter) to be tested.

mac80211_hwsim is loaded with five simulated radios to allow different
device combinations to be tested. wlantest is used analyze raw packets
captured through the hwsim0 monitor interface that capture all frames
sent on all channels. wlantest is used to store the frames for
analysis. Three wpa_supplicant processes are used to control three
virtual radios and one hostapd process is used to dynamically control
the other two virtual radios. wpa_supplicant/hostapd test functionality
is used to verify that data connection (both unicast and broadcast)
works between two netdevs.

The python scripts and tools in this directory control test case
execution. They interact wpa_supplicant and hostapd through control
interfaces to perform the operations. In addition, wlantest_cli is used
to verify that operations have been performed correctly and that the
network connection works in the expected way.

These test cases are run automatically against the hostap.git commits
for regression testing and to help in keeping the hostap.git master
branch in stable state. Results from these tests are available here:
http://buildbot.w1.fi/hwsim/


Building binaries for testing
-----------------------------

You will need to build (or use already built) components to be
tested. These are available in the hostap.git repository and can be
built for example as follows:

cd ../../wpa_supplicant
cp ../tests/hwsim/example-wpa_supplicant.config .config
make clean
make
cd ../hostapd
cp ../tests/hwsim/example-hostapd.config .config
make clean
make hostapd hlr_auc_gw
cd ../wlantest
make clean
make

Alternatively, the build.sh script here can be used to run these steps
with conditional creation of .config files only if they do not exist.

The test scripts can find the binaries in the locations where they were
built. It is also possible to install wlantest_cli somewhere on the path
to use pre-built tools.

Please note that some of the configuration parameters used to enable
more testing coverage may require development packages that may not be
installed by default in many distributions. For example, following
Debian/Ubuntu packages are likely to be needed:
- binutils-dev
- libsqlite3-dev
- libpcap-dev

example-setup.txt provides more complete step-by-step example on how a
test setup can be built.


wpaspy
------

The python scripts use wpaspy.py to interact with the wpa_supplicant
control interface, but the run-tests.py script adds the (relative)
path into the environment so it doesn't need to be installed.


mac80211_hwsim
--------------

mac80211_hwsim kernel module is available from the upstream Linux
kernel. Some Linux distributions enable it by default. If that's not the
case, you can either enable it in the kernel configuration
(CONFIG_MAC80211_HWSIM=m) and rebuild your kernel or use Backports with
CPTCFG_MAC80211_HWSIM=m to replace the wireless LAN components in the
base kernel.


sudo
----

Some parts of the testing process requires root privileges. The test
scripts are currently using sudo to achieve this. To be able to run the
tests, you'll probably want to enable sudo with a timeout to not expire
password entry very quickly. For example, use this in the sudoers file:

Defaults        env_reset,timestamp_timeout=180

Or on a dedicated test system, you could even disable password prompting
with this in sudoers:

%sudo   ALL=NOPASSWD: ALL


Other network interfaces
------------------------

Some of the test scripts are still using hardcoded interface names, so
the easiest way of making things work is to avoid using other network
devices that may use conflicting interface names. For example, unload
any wireless LAN driver before running the tests and make sure that
wlan0..4 gets assigned as the interface names for the mac80211_hwsim
radios. It may also be possible to rename the interface expectations in
run-tests.py to allow other names to be used.

Please also note that some commonly enabled tools, like NetworkManager,
may end up trying to control new network interfaces automatically. This
can result in conflicts with the test scripts and you may need to
disable such network services or at least mark the mac80211_hwsim wlan#
interfaces as umanaged. As an example, this can be done in
/etc/NetworkManager/NetworkManager.conf with following addition:

[keyfile]
unmanaged-devices=mac:02:00:00:00:00:00;mac:02:00:00:00:01:00;mac:02:00:00:00:02:00;mac:02:00:00:00:03:00;mac:02:00:00:00:04:00


Running tests
-------------

Simplest way to run a full set of the test cases is by running
run-all.sh in tests/hwsim directory. This will use start.sh to load the
mac80211_hwsim module and start wpa_supplicant, hostapd, and various
test tools. run-tests.sh is then used to run through all the defined
test cases and stop.sh to stop the programs and unload the kernel
module.

run-all.sh can be used to run the same test cases under different
conditions:

# run normal test cases
./run-all.sh

# run normal test cases under valgrind
./run-all.sh valgrind

# run normal test cases with Linux tracing
./run-all.sh trace

# run normal test cases with multi channel support (see details below)
./run-all.sh channels=<num of channels>

run-all.sh directs debug logs into the logs subdirectory (or $LOGDIR if
present in the environment). Log file names include the current UNIX
timestamp and a postfix to identify the specific log:
- *.log0 = wpa_supplicant debug log for the first radio
- *.log1 = wpa_supplicant debug log for the second radio
- *.log2 = wpa_supplicant debug log for the third radio
- *.hostapd = hostapd debug log
- hwsim0 = wlantest debug log
- hwsim0.pcapng = capture with all frames exchanged during the tests
- *.log = debug prints from the test scripts
- trace.dat = Linux tracing record (if enabled)
- hlr_auc_gw - hlr_auc_gw (EAP-SIM/AKA/AKA' authentication) log
- auth_serv - hostapd as RADIUS authentication server log


For manual testing, ./start.sh can be used to initialize interfaces and
programs and run-tests.py to execute one or more test
cases. run-tests.py output verbosity can be controlled with -d (more
verbose debug output) and -q (less verbose output) on the command
line. "-f <module name>" (pointing to file test_<module name>.py) can be
used to specify that all test cases from a single file are to be
run. Test name as the last command line argument can be specified that a
single test case is to be run (e.g., "./run-tests.py ap_pmf_required").

Notice that some tests require the driver to support concurrent
operation on multi channels in order to run. These tests will be skipped
in case the driver does not support multi channels. To enable support
for multi channel, the number of supported channel is passed as an
argument to run-all.sh or start.sh


Adding/modifying test cases
---------------------------

All the test cases are defined in the test_*.py files. These are python
scripts that can use the local helper classes to interact with the test
components. While various python constructs can be used in the scripts,
only a minimal level of python knowledge should really be needed to
modify and add new test cases. The easiest starting point for this is
likely to take a look at some of the example scripts. When working on a
new test, run-tests.py with -d and the test case name on the command
line is a convenient way of verifying functionality.

run-tests.py will automatically import all test cases from the test_*.py
files in this directory. All functions starting with the "test_" prefix
in these files are assumed to be test cases. Each test case is named by
the function name following the "test_" prefix.


Results database
----------------

run-tests.py can be requested to write results from the execution of
each test case into an sqlite database. The "-S <path to database>" and
"-b <build id>" command line arguments can be used to do that. The
database must have been prepared before this, e.g., with following:

cat | sqlite3 /tmp/example.db <<EOF
CREATE TABLE results (test,result,run,time,duration,build,commitid);
CREATE INDEX results_idx ON results (test);
CREATE INDEX results_idx2 ON results (run);
CREATE TABLE tests (test,description);
CREATE UNIQUE INDEX tests_idx ON tests (test);
CREATE TABLE logs (test,run,type,contents);
CREATE INDEX logs_idx ON logs (test);
CREATE INDEX logs_idx2 ON logs (run);
EOF