tests: MACsec PSK with bridge interface
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
0d09bd0832
commit
a2acadf605
1 changed files with 108 additions and 0 deletions
|
@ -296,6 +296,114 @@ def run_macsec_psk(dev, apdev, params, prefix, integ_only=False, port0=None,
|
||||||
for i in range(len(cmd)):
|
for i in range(len(cmd)):
|
||||||
cmd[i].terminate()
|
cmd[i].terminate()
|
||||||
|
|
||||||
|
def cleanup_macsec_br(count):
|
||||||
|
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
|
||||||
|
for i in range(count):
|
||||||
|
wpas.interface_remove("veth%d" % i)
|
||||||
|
subprocess.call(["ip", "link", "del", "veth%d" % i],
|
||||||
|
stderr=open('/dev/null', 'w'))
|
||||||
|
subprocess.call(["ip", "link", "set", "brveth", "down"])
|
||||||
|
subprocess.call(["brctl", "delbr", "brveth"])
|
||||||
|
|
||||||
|
def test_macsec_psk_br2(dev, apdev):
|
||||||
|
"""MACsec PSK (bridge; 2 devices)"""
|
||||||
|
try:
|
||||||
|
run_macsec_psk_br(dev, apdev, 2, [10, 20])
|
||||||
|
finally:
|
||||||
|
cleanup_macsec_br(count=2)
|
||||||
|
|
||||||
|
def test_macsec_psk_br2_same_prio(dev, apdev):
|
||||||
|
"""MACsec PSK (bridge; 2 devices, same mka_priority)"""
|
||||||
|
try:
|
||||||
|
run_macsec_psk_br(dev, apdev, 2, [None, None])
|
||||||
|
finally:
|
||||||
|
cleanup_macsec_br(count=2)
|
||||||
|
|
||||||
|
def test_macsec_psk_br3(dev, apdev):
|
||||||
|
"""MACsec PSK (bridge; 3 devices)"""
|
||||||
|
try:
|
||||||
|
run_macsec_psk_br(dev, apdev, 3, [10, 20, 30])
|
||||||
|
finally:
|
||||||
|
cleanup_macsec_br(count=3)
|
||||||
|
|
||||||
|
def test_macsec_psk_br3_same_prio(dev, apdev):
|
||||||
|
"""MACsec PSK (bridge; 3 devices, same mka_priority)"""
|
||||||
|
try:
|
||||||
|
run_macsec_psk_br(dev, apdev, 3, [None, None, None])
|
||||||
|
finally:
|
||||||
|
cleanup_macsec_br(count=3)
|
||||||
|
|
||||||
|
def run_macsec_psk_br(dev, apdev, count, mka_priority):
|
||||||
|
subprocess.check_call(["brctl", "addbr", "brveth"])
|
||||||
|
subprocess.call(["echo 8 > /sys/devices/virtual/net/brveth/bridge/group_fwd_mask"],
|
||||||
|
shell=True)
|
||||||
|
|
||||||
|
try:
|
||||||
|
for i in range(count):
|
||||||
|
subprocess.check_call([ "ip", "link", "add", "veth%d" % i,
|
||||||
|
"type", "veth",
|
||||||
|
"peer", "name", "vethbr%d" % i ])
|
||||||
|
subprocess.check_call(["ip", "link", "set", "vethbr%d" % i, "up"])
|
||||||
|
subprocess.check_call([ "brctl", "addif", "brveth",
|
||||||
|
"vethbr%d" % i ])
|
||||||
|
except subprocess.CalledProcessError:
|
||||||
|
raise HwsimSkip("veth not supported (kernel CONFIG_VETH)")
|
||||||
|
|
||||||
|
subprocess.check_call(["ip", "link", "set", "brveth", "up"])
|
||||||
|
|
||||||
|
log_ip_link()
|
||||||
|
|
||||||
|
wpa = add_wpas_interfaces(count=count)
|
||||||
|
for i in range(count):
|
||||||
|
set_mka_psk_config(wpa[i], mka_priority=mka_priority[i])
|
||||||
|
wpa[i].dump_monitor()
|
||||||
|
wait_mka_done(wpa)
|
||||||
|
|
||||||
|
macsec_ifname = []
|
||||||
|
for i in range(count):
|
||||||
|
macsec_ifname.append(wpa[i].get_driver_status_field("parent_ifname"))
|
||||||
|
|
||||||
|
timeout = 2
|
||||||
|
max_tries = 2 if count > 2 else 1
|
||||||
|
success_seen = False
|
||||||
|
failure_seen = False
|
||||||
|
for i in range(1, count):
|
||||||
|
try:
|
||||||
|
hwsim_utils.test_connectivity(wpa[0], wpa[i],
|
||||||
|
ifname1=macsec_ifname[0],
|
||||||
|
ifname2=macsec_ifname[i],
|
||||||
|
send_len=1400,
|
||||||
|
timeout=timeout, max_tries=max_tries)
|
||||||
|
success_seen = True
|
||||||
|
logger.info("Traffic test %d<->%d success" % (0, i))
|
||||||
|
except:
|
||||||
|
failure_seen = True
|
||||||
|
logger.info("Traffic test %d<->%d failure" % (0, i))
|
||||||
|
for i in range(2, count):
|
||||||
|
try:
|
||||||
|
hwsim_utils.test_connectivity(wpa[1], wpa[i],
|
||||||
|
ifname1=macsec_ifname[1],
|
||||||
|
ifname2=macsec_ifname[i],
|
||||||
|
send_len=1400,
|
||||||
|
timeout=timeout, max_tries=max_tries)
|
||||||
|
success_seen = True
|
||||||
|
logger.info("Traffic test %d<->%d success" % (1, i))
|
||||||
|
except:
|
||||||
|
failure_seen = True
|
||||||
|
logger.info("Traffic test %d<->%d failure" % (1, i))
|
||||||
|
|
||||||
|
if not success_seen:
|
||||||
|
raise Exception("None of the data traffic tests succeeded")
|
||||||
|
|
||||||
|
# Something seems to be failing with three device tests semi-regularly, so
|
||||||
|
# do not report this as a failed test case until the real reason behind
|
||||||
|
# those failures have been determined.
|
||||||
|
if failure_seen:
|
||||||
|
if count < 3:
|
||||||
|
raise Exception("Data traffic test failed")
|
||||||
|
else:
|
||||||
|
logger.info("Data traffic test failed - ignore for now for >= 3 device cases")
|
||||||
|
|
||||||
def test_macsec_psk_ns(dev, apdev, params):
|
def test_macsec_psk_ns(dev, apdev, params):
|
||||||
"""MACsec PSK (netns)"""
|
"""MACsec PSK (netns)"""
|
||||||
try:
|
try:
|
||||||
|
|
Loading…
Reference in a new issue