tests: Verify group encryption is set up for VLANs early

Check that there are no unencrypted frames when using hostapd with VLANs
and WPA before the first station connects to the VLAN.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This commit is contained in:
Michael Braun 2015-10-05 16:14:25 +02:00 committed by Jouni Malinen
parent 7cebc8e210
commit ee2b0d19f5

View file

@ -20,6 +20,8 @@ except ImportError:
import hwsim_utils import hwsim_utils
import hostapd import hostapd
from utils import iface_is_in_bridge, HwsimSkip from utils import iface_is_in_bridge, HwsimSkip
import os
from tshark import run_tshark
def test_ap_vlan_open(dev, apdev): def test_ap_vlan_open(dev, apdev):
"""AP VLAN with open network""" """AP VLAN with open network"""
@ -382,3 +384,84 @@ def test_ap_vlan_iface_cleanup_multibss(dev, apdev):
hapd.request("DISABLE") hapd.request("DISABLE")
finally: finally:
ap_vlan_iface_cleanup_multibss_cleanup() ap_vlan_iface_cleanup_multibss_cleanup()
def test_ap_vlan_without_station(dev, apdev, p):
"""AP VLAN with WPA2-PSK and no station"""
try:
subprocess.call(['brctl', 'addbr', 'brvlan1'])
subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
subprocess.call(['ifconfig', 'brvlan1', 'up'])
# use a passphrase wlantest does not know, so it cannot
# inject decrypted frames into pcap
params = hostapd.wpa2_params(ssid="test-vlan",
passphrase="12345678x")
params['dynamic_vlan'] = "1";
params['vlan_file'] = 'hostapd.wlan3.vlan'
params['accept_mac_file'] = "hostapd.accept";
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:00"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
time.sleep(.1)
dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
# inject some traffic
sa = hapd.own_addr()
da = "ff:ff:ff:ff:ff:01"
hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
hapd.request('DATA_TEST_CONFIG 0')
# let the AP send couple of Beacon frames
time.sleep(1)
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:00",
["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
raise Exception("first frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception("Broadcast packets were not encrypted when no station was connected")
else:
raise Exception("first frame not observed")
out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
"wlan.da == ff:ff:ff:ff:ff:01",
["wlan.fc.protected"])
if out is not None:
lines = out.splitlines()
if len(lines) < 1:
raise Exception("second frame not observed")
state = 1
for l in lines:
is_protected = int(l, 16)
if is_protected != 1:
state = 0
if state != 1:
raise Exception("Broadcast packets were not encrypted when station was connected")
else:
raise Exception("second frame not observed")
dev[0].request("DISCONNECT")
dev[0].wait_disconnected()
finally:
subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
stderr=open('/dev/null', 'w'))
subprocess.call(['brctl', 'delbr', 'brvlan1'])