]>
git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_hs20_filter.py
1 # Hotspot 2.0 filtering tests
2 # Copyright (c) 2015, Intel Deutschland GmbH
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
12 from utils
import HwsimSkip
, require_under_vm
15 from test_ap_hs20
import build_arp
, build_na
, hs20_ap_params
16 from test_ap_hs20
import interworking_select
, interworking_connect
19 logger
= logging
.getLogger()
21 class IPAssign(object):
22 def __init__(self
, iface
, addr
, ipv6
=False):
27 self
._cmd
.append('-6')
28 self
._cmd
.append('addr')
31 subprocess
.call(self
._cmd
+ ['add', self
._addr
, 'dev', self
._iface
])
33 # wait for DAD to finish
35 o
= subprocess
.check_output(self
._cmd
+ ['show', 'tentative', 'dev', self
._iface
]).decode()
36 if self
._addr
not in o
:
39 def __exit__(self
, type, value
, traceback
):
40 subprocess
.call(self
._cmd
+ ['del', self
._addr
, 'dev', self
._iface
])
42 def hs20_filters_connect(dev
, apdev
, disable_dgaf
=False, proxy_arp
=False):
43 bssid
= apdev
[0]['bssid']
44 params
= hs20_ap_params()
45 params
['hessid'] = bssid
47 # Do not disable dgaf, to test that the station drops unicast IP packets
49 params
['disable_dgaf'] = '0'
50 params
['proxy_arp'] = '1'
51 params
['ap_isolate'] = '1'
52 params
['bridge'] = 'ap-br0'
55 hapd
= hostapd
.add_ap(apdev
[0], params
)
57 # For now, do not report failures due to missing kernel support.
58 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in the kernel")
60 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
61 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
65 id = dev
[0].add_cred_values({'realm': "example.com",
66 'username': "hs20-test",
67 'password': "password",
68 'ca_cert': "auth_serv/ca.pem",
69 'domain': "example.com",
70 'update_identifier': "1234"})
71 interworking_select(dev
[0], bssid
, "home", freq
="2412")
72 interworking_connect(dev
[0], bssid
, "TTLS")
78 def _test_ip4_gtk_drop(devs
, apdevs
, params
, dst
):
80 procfile
= '/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast' % devs
[0].ifname
81 if not os
.path
.exists(procfile
):
82 raise HwsimSkip("kernel doesn't have capability")
84 [dev
, hapd
] = hs20_filters_connect(devs
, apdevs
)
85 with
IPAssign(dev
.ifname
, '10.0.0.1/24'):
86 s
= socket
.socket(socket
.AF_INET
, socket
.SOCK_DGRAM
)
87 s
.bind(("10.0.0.1", 12345))
91 pkt
+= hapd
.own_addr().replace(':', '')
93 pkt
+= '45000020786840004011ae600a0000040a000001'
94 pkt
+= '30393039000c0000'
95 pkt
+= '61736466' # "asdf"
96 if "OK" not in hapd
.request('DATA_TEST_FRAME ' + pkt
):
97 raise Exception("DATA_TEST_FRAME failed")
99 logger
.info(s
.recvfrom(1024))
100 logger
.info("procfile=" + procfile
+ " val=" + open(procfile
, 'r').read().rstrip())
101 raise Exception("erroneously received frame!")
102 except socket
.timeout
:
103 # this is the expected behaviour
106 def test_ip4_gtk_drop_bcast(devs
, apdevs
, params
):
107 _test_ip4_gtk_drop(devs
, apdevs
, params
, dst
='ffffffffffff')
109 def test_ip4_gtk_drop_mcast(devs
, apdevs
, params
):
110 _test_ip4_gtk_drop(devs
, apdevs
, params
, dst
='ff0000000000')
112 def _test_ip6_gtk_drop(devs
, apdevs
, params
, dst
):
115 procfile
= '/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast' % devs
[0].ifname
116 if not os
.path
.exists(procfile
):
117 raise HwsimSkip("kernel doesn't have capability")
119 [dev
, hapd
] = hs20_filters_connect(devs
, apdevs
)
121 with
IPAssign(dev
.ifname
, 'fdaa::1/48', ipv6
=True):
122 s
= socket
.socket(socket
.AF_INET6
, socket
.SOCK_DGRAM
)
123 s
.bind(("fdaa::1", 12345))
127 pkt
+= hapd
.own_addr().replace(':', '')
129 pkt
+= '60000000000c1140fdaa0000000000000000000000000002fdaa0000000000000000000000000001'
130 pkt
+= '30393039000cde31'
131 pkt
+= '61736466' # "asdf"
132 if "OK" not in hapd
.request('DATA_TEST_FRAME ' + pkt
):
133 raise Exception("DATA_TEST_FRAME failed")
135 logger
.info(s
.recvfrom(1024))
136 logger
.info("procfile=" + procfile
+ " val=" + open(procfile
, 'r').read().rstrip())
137 raise Exception("erroneously received frame!")
138 except socket
.timeout
:
139 # this is the expected behaviour
142 def test_ip6_gtk_drop_bcast(devs
, apdevs
, params
):
143 _test_ip6_gtk_drop(devs
, apdevs
, params
, dst
='ffffffffffff')
145 def test_ip6_gtk_drop_mcast(devs
, apdevs
, params
):
146 _test_ip6_gtk_drop(devs
, apdevs
, params
, dst
='ff0000000000')
148 def test_ip4_drop_gratuitous_arp(devs
, apdevs
, params
):
150 procfile
= '/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp' % devs
[0].ifname
151 if not os
.path
.exists(procfile
):
152 raise HwsimSkip("kernel doesn't have capability")
154 [dev
, hapd
] = hs20_filters_connect(devs
, apdevs
)
156 with
IPAssign(dev
.ifname
, '10.0.0.2/24'):
157 # add an entry that can be updated by gratuitous ARP
158 subprocess
.call(['ip', 'neigh', 'add', '10.0.0.1', 'lladdr', '02:00:00:00:00:ff', 'nud', 'reachable', 'dev', dev
.ifname
])
162 ap_addr
= hapd
.own_addr()
163 cl_addr
= dev
.own_addr()
164 pkt
= build_arp(cl_addr
, ap_addr
, 2, ap_addr
, '10.0.0.1', ap_addr
, '10.0.0.1')
165 pkt
= binascii
.hexlify(pkt
).decode()
167 if "OK" not in hapd
.request('DATA_TEST_FRAME ' + pkt
):
168 raise Exception("DATA_TEST_FRAME failed")
170 if hapd
.own_addr() in subprocess
.check_output(['ip', 'neigh', 'show']).decode():
171 raise Exception("gratuitous ARP frame updated erroneously")
173 subprocess
.call(['ip', 'neigh', 'del', '10.0.0.1', 'dev', dev
.ifname
])
175 def test_ip6_drop_unsolicited_na(devs
, apdevs
, params
):
177 procfile
= '/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na' % devs
[0].ifname
178 if not os
.path
.exists(procfile
):
179 raise HwsimSkip("kernel doesn't have capability")
181 [dev
, hapd
] = hs20_filters_connect(devs
, apdevs
)
183 with
IPAssign(dev
.ifname
, 'fdaa::1/48', ipv6
=True):
184 # add an entry that can be updated by unsolicited NA
185 subprocess
.call(['ip', '-6', 'neigh', 'add', 'fdaa::2', 'lladdr', '02:00:00:00:00:ff', 'nud', 'reachable', 'dev', dev
.ifname
])
187 ap_addr
= hapd
.own_addr()
188 cl_addr
= dev
.own_addr()
189 pkt
= build_na(ap_addr
, 'fdaa::2', 'ff02::1', 'fdaa::2', flags
=0x20,
190 opt
=binascii
.unhexlify('0201' + ap_addr
.replace(':', '')))
191 pkt
= binascii
.hexlify(pkt
).decode()
193 if "OK" not in hapd
.request('DATA_TEST_FRAME ' + pkt
):
194 raise Exception("DATA_TEST_FRAME failed")
196 if hapd
.own_addr() in subprocess
.check_output(['ip', 'neigh', 'show']).decode():
197 raise Exception("unsolicited NA frame updated erroneously")
199 subprocess
.call(['ip', '-6', 'neigh', 'del', 'fdaa::2', 'dev', dev
.ifname
])