+ ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
+ if ev is None:
+ raise Exception("GAS query timed out")
+
+ ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=1)
+ if ev is None or "Operator Icon Metadata" not in ev:
+ raise Exception("Did not receive Operator Icon Metadata")
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=10)
+ if ev is None:
+ raise Exception("ANQP-QUERY-DONE event not seen")
+ if "result=SUCCESS" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+ bss = dev[0].get_bss(bssid)
+ if "hs20_operator_icon_metadata" not in bss:
+ raise Exception("hs20_operator_icon_metadata missing from BSS entry")
+ if bss["hs20_operator_icon_metadata"] != binascii.hexlify(value).decode():
+ print(binascii.hexlify(value))
+ raise Exception("Unexpected hs20_operator_icon_metadata value: " +
+ bss["hs20_operator_icon_metadata"])
+
+ run_req_hs20_icon(dev, bssid)
+
+def test_ap_hs20_req_hs20_icon_oom(dev, apdev):
+ """Hotspot 2.0 icon fetch OOM with REQ_HS20_ICON"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
+ "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
+ params['osu_ssid'] = '"HS 2.0 OSU open"'
+ params['osu_method_list'] = "1"
+ params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
+ params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
+ params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
+ params['osu_server_uri'] = "https://example.com/osu/"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].scan_for_bss(bssid, freq="2412")
+
+ if "FAIL" not in dev[0].request("REQ_HS20_ICON 11:22:33:44:55:66 w1fi_logo"):
+ raise Exception("REQ_HS20_ICON succeeded with unknown BSSID")
+
+ with alloc_fail(dev[0], 1, "hs20_build_anqp_req;hs20_anqp_send_req"):
+ if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON succeeded during OOM")
+
+ with alloc_fail(dev[0], 1, "gas_query_req;hs20_anqp_send_req"):
+ if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON succeeded during OOM")
+
+ with alloc_fail(dev[0], 1, "=hs20_anqp_send_req"):
+ if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON succeeded during OOM")
+ with alloc_fail(dev[0], 2, "=hs20_anqp_send_req"):
+ if "FAIL" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON succeeded during OOM")
+
+ if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON failed")
+ ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on RX-HS20-ICON (1)")
+
+ with alloc_fail(dev[0], 1, "hs20_get_icon"):
+ if "FAIL" not in dev[0].request("GET_HS20_ICON " + bssid + "w1fi_logo 0 100"):
+ raise Exception("GET_HS20_ICON succeeded during OOM")
+
+ if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("DEL_HS20_ICON failed")
+
+ with alloc_fail(dev[0], 1, "=hs20_process_icon_binary_file"):
+ if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON failed")
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+def test_ap_hs20_req_hs20_icon_parallel(dev, apdev):
+ """Hotspot 2.0 OSU provider and multi-icon parallel fetch with REQ_HS20_ICON"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hs20_icon'] = [ "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png",
+ "128:80:zxx:image/png:test_logo:auth_serv/sha512-server.pem" ]
+ params['osu_ssid'] = '"HS 2.0 OSU open"'
+ params['osu_method_list'] = "1"
+ params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
+ params['osu_icon'] = [ "w1fi_logo", "w1fi_logo2" ]
+ params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
+ params['osu_server_uri'] = "https://example.com/osu/"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].scan_for_bss(bssid, freq="2412")
+
+ # First, fetch two icons from the AP to wpa_supplicant
+
+ if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("REQ_HS20_ICON failed")
+
+ if "OK" not in dev[0].request("REQ_HS20_ICON " + bssid + " test_logo"):
+ raise Exception("REQ_HS20_ICON failed")
+ ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on RX-HS20-ICON (1)")
+ ev = dev[0].wait_event(["RX-HS20-ICON"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on RX-HS20-ICON (2)")
+
+ # Then, fetch the icons from wpa_supplicant for validation
+
+ hdr, data1 = get_icon(dev[0], bssid, "w1fi_logo")
+ hdr, data2 = get_icon(dev[0], bssid, "test_logo")
+
+ with open('w1fi_logo.png', 'r') as f:
+ data = f.read()
+ if data1 != data:
+ raise Exception("Unexpected icon data (1)")
+
+ with open('auth_serv/sha512-server.pem', 'r') as f:
+ data = f.read()
+ if data2 != data:
+ raise Exception("Unexpected icon data (2)")
+
+ # Finally, delete the icons from wpa_supplicant
+
+ if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " w1fi_logo"):
+ raise Exception("DEL_HS20_ICON failed")
+ if "OK" not in dev[0].request("DEL_HS20_ICON " + bssid + " test_logo"):
+ raise Exception("DEL_HS20_ICON failed")
+
+def test_ap_hs20_fetch_osu_stop(dev, apdev):
+ """Hotspot 2.0 OSU provider fetch stopped"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
+ params['osu_ssid'] = '"HS 2.0 OSU open"'
+ params['osu_method_list'] = "1"
+ params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
+ params['osu_icon'] = "w1fi_logo"
+ params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
+ params['osu_server_uri'] = "https://example.com/osu/"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dir = "/tmp/osu-fetch"
+ if os.path.isdir(dir):
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ else:
+ try:
+ os.makedirs(dir)
+ except:
+ pass
+ try:
+ dev[0].request("SET osu_dir " + dir)
+ dev[0].request("SCAN freq=2412-2462")
+ ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
+ if ev is None:
+ raise Exception("Scan did not start")
+ if "FAIL" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU accepted while scanning")
+ ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
+ if ev is None:
+ raise Exception("Scan timed out")
+ hapd.set("ext_mgmt_frame_handling", "1")
+ dev[0].request("FETCH_ANQP")
+ if "FAIL" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU accepted while in FETCH_ANQP")
+ dev[0].request("STOP_FETCH_ANQP")
+ dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
+ dev[0].dump_monitor()
+ hapd.dump_monitor()
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+ for i in range(5):
+ msg = hapd.mgmt_rx()
+ if msg['subtype'] == 13:
+ break
+ if "FAIL" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU accepted while in INTERWORKING_SELECT")
+ ev = dev[0].wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
+ timeout=15)
+ if ev is None:
+ raise Exception("Network selection timed out")
+
+ dev[0].dump_monitor()
+ if "OK" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU failed")
+ dev[0].request("CANCEL_FETCH_OSU")
+
+ for i in range(15):
+ time.sleep(0.5)
+ if dev[0].get_driver_status_field("scan_state") == "SCAN_COMPLETED":
+ break
+
+ dev[0].dump_monitor()
+ if "OK" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU failed")
+ if "FAIL" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU accepted while in FETCH_OSU")
+ ev = dev[0].wait_event(["GAS-QUERY-START"], 10)
+ if ev is None:
+ raise Exception("GAS timed out")
+ if "FAIL" not in dev[0].request("FETCH_OSU"):
+ raise Exception("FETCH_OSU accepted while in FETCH_OSU")
+ dev[0].request("CANCEL_FETCH_OSU")
+ ev = dev[0].wait_event(["GAS-QUERY-DONE"], 10)
+ if ev is None:
+ raise Exception("GAS event timed out after CANCEL_FETCH_OSU")
+ finally:
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ os.rmdir(dir)
+
+def test_ap_hs20_fetch_osu_proto(dev, apdev):
+ """Hotspot 2.0 OSU provider and protocol testing"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dir = "/tmp/osu-fetch"
+ if os.path.isdir(dir):
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ else:
+ try:
+ os.makedirs(dir)
+ except:
+ pass
+
+ tests = [ ( "Empty provider list (no OSU SSID field)", '' ),
+ ( "HS 2.0: Not enough room for OSU SSID",
+ binascii.unhexlify('01') ),
+ ( "HS 2.0: Invalid OSU SSID Length 33",
+ binascii.unhexlify('21') + 33*'A' ),
+ ( "HS 2.0: Not enough room for Number of OSU Providers",
+ binascii.unhexlify('0130') ),
+ ( "Truncated OSU Provider",
+ binascii.unhexlify('013001020000') ),
+ ( "HS 2.0: Ignored 5 bytes of extra data after OSU Providers",
+ binascii.unhexlify('0130001122334455') ),
+ ( "HS 2.0: Not enough room for OSU Friendly Name Length",
+ binascii.unhexlify('013001000000') ),
+ ( "HS 2.0: Not enough room for OSU Friendly Name Duples",
+ build_prov('0100') ),
+ ( "Invalid OSU Friendly Name", build_prov('040000000000') ),
+ ( "Invalid OSU Friendly Name(2)", build_prov('040004000000') ),
+ ( "HS 2.0: Not enough room for OSU Server URI length",
+ build_prov('0000') ),
+ ( "HS 2.0: Not enough room for OSU Server URI",
+ build_prov('000001') ),
+ ( "HS 2.0: Not enough room for OSU Method list length",
+ build_prov('000000') ),
+ ( "HS 2.0: Not enough room for OSU Method list",
+ build_prov('00000001') ),
+ ( "HS 2.0: Not enough room for Icons Available Length",
+ build_prov('00000000') ),
+ ( "HS 2.0: Not enough room for Icons Available Length(2)",
+ build_prov('00000001ff00') ),
+ ( "HS 2.0: Not enough room for Icons Available",
+ build_prov('000000000100') ),
+ ( "HS 2.0: Invalid Icon Metadata",
+ build_prov('00000000010000') ),
+ ( "HS 2.0: Not room for Icon Type",
+ build_prov('000000000900111122223333330200') ),
+ ( "HS 2.0: Not room for Icon Filename length",
+ build_prov('000000000900111122223333330100') ),
+ ( "HS 2.0: Not room for Icon Filename",
+ build_prov('000000000900111122223333330001') ),
+ ( "HS 2.0: Not enough room for OSU_NAI",
+ build_prov('000000000000') ),
+ ( "HS 2.0: Not enough room for OSU_NAI(2)",
+ build_prov('00000000000001') ),
+ ( "HS 2.0: Not enough room for OSU Service Description Length",
+ build_prov('00000000000000') ),
+ ( "HS 2.0: Not enough room for OSU Service Description Length(2)",
+ build_prov('0000000000000000') ),
+ ( "HS 2.0: Not enough room for OSU Service Description Duples",
+ build_prov('000000000000000100') ),
+ ( "Invalid OSU Service Description",
+ build_prov('00000000000000040000000000') ),
+ ( "Invalid OSU Service Description(2)",
+ build_prov('00000000000000040004000000') ) ]
+
+ try:
+ dev[0].request("SET osu_dir " + dir)
+ run_fetch_osu_icon_failure(hapd, dev, bssid)
+ for note, prov in tests:
+ run_fetch_osu(hapd, dev, bssid, note, prov)
+ finally:
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ os.rmdir(dir)
+
+def test_ap_hs20_fetch_osu_invalid_dir(dev, apdev):
+ """Hotspot 2.0 OSU provider and invalid directory"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
+ params['osu_ssid'] = '"HS 2.0 OSU open"'
+ params['osu_method_list'] = "1"
+ params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
+ params['osu_icon'] = "w1fi_logo"
+ params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
+ params['osu_server_uri'] = "https://example.com/osu/"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dir = "/tmp/osu-fetch-no-such-dir"
+ dev[0].scan_for_bss(bssid, freq="2412")
+ dev[0].request("SET osu_dir " + dir)
+ dev[0].request("FETCH_OSU no-scan")
+ ev = dev[0].wait_event(["Could not write OSU provider information"],
+ timeout=15)
+ if ev is None:
+ raise Exception("Timeout on OSU fetch")
+
+def test_ap_hs20_fetch_osu_oom(dev, apdev):
+ """Hotspot 2.0 OSU provider and OOM"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
+ params['osu_ssid'] = '"HS 2.0 OSU open"'
+ params['osu_method_list'] = "1"
+ params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
+ params['osu_icon'] = "w1fi_logo"
+ params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
+ params['osu_server_uri'] = "https://example.com/osu/"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dir = "/tmp/osu-fetch"
+ if os.path.isdir(dir):
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ else:
+ try:
+ os.makedirs(dir)
+ except:
+ pass
+ dev[0].scan_for_bss(bssid, freq="2412")
+ try:
+ dev[0].request("SET osu_dir " + dir)
+ with alloc_fail(dev[0], 1, "=hs20_osu_add_prov"):
+ dev[0].request("FETCH_OSU no-scan")
+ ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
+ if ev is None:
+ raise Exception("Timeout on OSU fetch")
+ with alloc_fail(dev[0], 1, "hs20_anqp_send_req;hs20_next_osu_icon"):
+ dev[0].request("FETCH_OSU no-scan")
+ ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=30)
+ if ev is None:
+ raise Exception("Timeout on OSU fetch")
+ finally:
+ files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
+ for f in files:
+ os.remove(dir + "/" + f)
+ os.rmdir(dir)
+
+def build_prov(prov):
+ data = binascii.unhexlify(prov)
+ return binascii.unhexlify('013001') + struct.pack('<H', len(data)) + data
+
+def handle_osu_prov_fetch(hapd, dev, prov):
+ # GAS/ANQP query for OSU Providers List
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+ dialog_token = gas['dialog_token']
+
+ resp = action_response(query)
+ osu_prov = struct.pack('<HH', 0xdddd, len(prov) + 6) + binascii.unhexlify('506f9a110800') + prov
+ data = struct.pack('<H', len(osu_prov)) + osu_prov
+ resp['payload'] = anqp_initial_resp(dialog_token, 0) + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["RX-HS20-ANQP"], timeout=5)
+ if ev is None:
+ raise Exception("ANQP query response for OSU Providers not received")
+ if "OSU Providers list" not in ev:
+ raise Exception("ANQP query response for OSU Providers not received(2)")
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("ANQP query for OSU Providers list not completed")
+
+def start_osu_fetch(hapd, dev, bssid, note):
+ hapd.set("ext_mgmt_frame_handling", "0")
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, freq="2412")
+ hapd.set("ext_mgmt_frame_handling", "1")
+ dev[0].dump_monitor()
+ dev[0].request("NOTE " + note)
+ dev[0].request("FETCH_OSU no-scan")
+
+def wait_osu_fetch_completed(dev):
+ ev = dev[0].wait_event(["OSU provider fetch completed"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on OSU fetch")
+
+def run_fetch_osu_icon_failure(hapd, dev, bssid):
+ start_osu_fetch(hapd, dev, bssid, "Icon fetch failure")
+
+ prov = binascii.unhexlify('01ff' + '01' + '800019000b656e6754657374204f53550c66696e54657374692d4f53551868747470733a2f2f6578616d706c652e636f6d2f6f73752f01011b00800050007a787809696d6167652f706e6709773166695f6c6f676f002a0013656e674578616d706c652073657276696365731566696e4573696d65726b6b6970616c76656c756a61')
+ handle_osu_prov_fetch(hapd, dev, prov)
+
+ # GAS/ANQP query for icon
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+ dialog_token = gas['dialog_token']
+
+ resp = action_response(query)
+ # Unexpected Advertisement Protocol in response
+ adv_proto = struct.pack('8B', 108, 6, 127, 0xdd, 0x00, 0x11, 0x22, 0x33)
+ data = struct.pack('<H', 0)
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("ANQP query for icon not completed")
+
+ wait_osu_fetch_completed(dev)
+
+def run_fetch_osu(hapd, dev, bssid, note, prov):
+ start_osu_fetch(hapd, dev, bssid, note)
+ handle_osu_prov_fetch(hapd, dev, prov)
+ wait_osu_fetch_completed(dev)
+
+def test_ap_hs20_ft(dev, apdev):
+ """Hotspot 2.0 connection with FT"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['wpa_key_mgmt'] = "FT-EAP"
+ params['nas_identifier'] = "nas1.w1.fi"
+ params['r1_key_holder'] = "000102030405"
+ params["mobility_domain"] = "a1b2"
+ params["reassociation_deadline"] = "1000"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'domain': "example.com",
+ 'update_identifier': "1234" })
+ interworking_select(dev[0], bssid, "home", freq="2412")
+ interworking_connect(dev[0], bssid, "TTLS")
+ dev[0].dump_monitor()
+ key_mgmt = dev[0].get_status_field("key_mgmt")
+ if key_mgmt != "FT-EAP":
+ raise Exception("Unexpected key_mgmt: " + key_mgmt)
+ # speed up testing by avoiding unnecessary scanning of other channels
+ nid = dev[0].get_status_field("id")
+ dev[0].set_network(nid, "scan_freq", "2412")
+
+ params = hs20_ap_params()
+ hapd2 = hostapd.add_ap(apdev[1], params)
+
+ hapd.disable()
+ ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=10)
+ if ev is None:
+ raise Exception("Disconnection not reported")
+ ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=5)
+ if ev is None:
+ raise Exception("Connection to AP2 not reported")
+ key_mgmt = dev[0].get_status_field("key_mgmt")
+ if key_mgmt != "WPA2/IEEE 802.1X/EAP":
+ raise Exception("Unexpected key_mgmt: " + key_mgmt)
+
+def test_ap_hs20_remediation_sql(dev, apdev, params):
+ """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ try:
+ import sqlite3
+ except ImportError:
+ raise HwsimSkip("No sqlite3 module available")
+ dbfile = os.path.join(params['logdir'], "eap-user.db")
+ try:
+ os.remove(dbfile)
+ except:
+ pass
+ con = sqlite3.connect(dbfile)
+ with con:
+ cur = con.cursor()
+ cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
+ cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
+ cur.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
+ cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
+ cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
+
+ try:
+ params = { "ssid": "as", "beacon_int": "2000",
+ "radius_server_clients": "auth_serv/radius_clients.conf",
+ "radius_server_auth_port": '18128',
+ "eap_server": "1",
+ "eap_user_file": "sqlite:" + dbfile,
+ "ca_cert": "auth_serv/ca.pem",
+ "server_cert": "auth_serv/server.pem",
+ "private_key": "auth_serv/server.key",
+ "subscr_remediation_url": "https://example.org/",
+ "subscr_remediation_method": "1" }
+ hostapd.add_ap(apdev[1], params)
+
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['auth_server_port'] = "18128"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].request("SET pmf 1")
+ dev[0].hs20_enable()
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "user-mschapv2",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem" })
+ interworking_select(dev[0], bssid, freq="2412")
+ interworking_connect(dev[0], bssid, "TTLS")
+ ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on subscription remediation notice")
+ if " 1 https://example.org/" not in ev:
+ raise Exception("Unexpected subscription remediation event contents")
+
+ with con:
+ cur = con.cursor()
+ cur.execute("SELECT * from authlog")
+ rows = cur.fetchall()
+ if len(rows) < 1:
+ raise Exception("No authlog entries")
+
+ finally:
+ os.remove(dbfile)
+ dev[0].request("SET pmf 0")
+
+def test_ap_hs20_sim_provisioning(dev, apdev, params):
+ """Hotspot 2.0 AAA server behavior for SIM provisioning"""
+ check_eap_capa(dev[0], "SIM")
+ try:
+ import sqlite3
+ except ImportError:
+ raise HwsimSkip("No sqlite3 module available")
+ dbfile = os.path.join(params['logdir'], "ap_hs20_sim_provisioning-eap-user.db")
+ try:
+ os.remove(dbfile)
+ except:
+ pass
+ con = sqlite3.connect(dbfile)
+ with con:
+ cur = con.cursor()
+ cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER, last_msk TEXT)")
+ cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
+ cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('1','SIM')")
+ cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
+ cur.execute("CREATE TABLE current_sessions(mac_addr TEXT PRIMARY KEY, identity TEXT, start_time TEXT, nas TEXT, hs20_t_c_filtering BOOLEAN, waiting_coa_ack BOOLEAN, coa_ack_received BOOLEAN)")
+
+ try:
+ params = { "ssid": "as", "beacon_int": "2000",
+ "radius_server_clients": "auth_serv/radius_clients.conf",
+ "radius_server_auth_port": '18128',
+ "eap_server": "1",
+ "eap_user_file": "sqlite:" + dbfile,
+ "eap_sim_db": "unix:/tmp/hlr_auc_gw.sock",
+ "ca_cert": "auth_serv/ca.pem",
+ "server_cert": "auth_serv/server.pem",
+ "private_key": "auth_serv/server.key",
+ "hs20_sim_provisioning_url":
+ "https://example.org/?hotspot2dot0-mobile-identifier-hash=",
+ "subscr_remediation_method": "1" }
+ hostapd.add_ap(apdev[1], params)
+
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['auth_server_port'] = "18128"
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].request("SET pmf 1")
+ dev[0].hs20_enable()
+ dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="SIM",
+ ieee80211w="1",
+ identity="1232010000000000",
+ password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+ scan_freq="2412", update_identifier="54321")
+ ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=0.5)
+ if ev is not None:
+ raise Exception("Unexpected subscription remediation notice")
+ dev[0].request("REMOVE_NETWORK all")
+ dev[0].wait_disconnected()
+ dev[0].dump_monitor()
+
+ dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="SIM",
+ ieee80211w="1",
+ identity="1232010000000000",
+ password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581",
+ scan_freq="2412", update_identifier="0")
+ ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
+ if ev is None:
+ raise Exception("Timeout on subscription remediation notice")
+ if " 1 https://example.org/?hotspot2dot0-mobile-identifier-hash=" not in ev:
+ raise Exception("Unexpected subscription remediation event contents: " + ev)
+ id_hash = ev.split(' ')[2].split('=')[1]
+
+ with con:
+ cur = con.cursor()
+ cur.execute("SELECT * from authlog")
+ rows = cur.fetchall()
+ if len(rows) < 1:
+ raise Exception("No authlog entries")
+
+ with con:
+ cur = con.cursor()
+ cur.execute("SELECT * from sim_provisioning")
+ rows = cur.fetchall()
+ if len(rows) != 1:
+ raise Exeception("Unexpected number of rows in sim_provisioning (%d; expected %d)" % (len(rows), 1))
+ logger.info("sim_provisioning: " + str(rows))
+ if len(rows[0][0]) != 32:
+ raise Exception("Unexpected mobile_identifier_hash length in DB")
+ if rows[0][1] != "232010000000000":
+ raise Exception("Unexpected IMSI in DB")
+ if rows[0][2] != dev[0].own_addr():
+ raise Exception("Unexpected MAC address in DB")
+ if rows[0][0] != id_hash:
+ raise Exception("hotspot2dot0-mobile-identifier-hash mismatch")
+ finally:
+ dev[0].request("SET pmf 0")
+
+def test_ap_hs20_external_selection(dev, apdev):
+ """Hotspot 2.0 connection using external network selection and creation"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['disable_dgaf'] = '1'
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
+ ieee80211w="1",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412", update_identifier="54321",
+ roaming_consortium_selection="1020304050")
+ if dev[0].get_status_field("hs20") != "3":
+ raise Exception("Unexpected hs20 indication")
+ network_id = dev[0].get_status_field("id")
+ sel = dev[0].get_network(network_id, "roaming_consortium_selection")
+ if sel != "1020304050":
+ raise Exception("Unexpected roaming_consortium_selection value: " + sel)
+
+def test_ap_hs20_random_mac_addr(dev, apdev):
+ """Hotspot 2.0 connection with random MAC address"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['disable_dgaf'] = '1'
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
+ wpas.interface_add("wlan5")
+ addr = wpas.p2p_interface_addr()
+ wpas.request("SET mac_addr 1")
+ wpas.request("SET preassoc_mac_addr 1")
+ wpas.request("SET rand_addr_lifetime 60")
+ wpas.hs20_enable()
+ wpas.flush_scan_cache()
+ id = wpas.add_cred_values({ 'realm': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'domain': "example.com",
+ 'update_identifier': "1234" })
+ interworking_select(wpas, bssid, "home", freq="2412")
+ interworking_connect(wpas, bssid, "TTLS")
+ addr1 = wpas.get_driver_status_field("addr")
+ if addr == addr1:
+ raise Exception("Did not use random MAC address")
+
+ sta = hapd.get_sta(addr)
+ if sta['addr'] != "FAIL":
+ raise Exception("Unexpected STA association with permanent address")
+ sta = hapd.get_sta(addr1)
+ if sta['addr'] != addr1:
+ raise Exception("STA association with random address not found")
+
+def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
+ """Multiple networks and cred removal"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['nai_realm'] = [ "0,example.com,25[3:26]"]
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].add_network()
+ dev[0].hs20_enable()
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "user",
+ 'password': "password" })
+ interworking_select(dev[0], bssid, freq="2412")
+ interworking_connect(dev[0], bssid, "PEAP")
+ dev[0].add_network()
+
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected(timeout=10)
+
+ hapd.disable()
+ hapd.set("ssid", "another ssid")
+ hapd.enable()
+
+ interworking_select(dev[0], bssid, freq="2412")
+ interworking_connect(dev[0], bssid, "PEAP")
+ dev[0].add_network()
+ if len(dev[0].list_networks()) != 5:
+ raise Exception("Unexpected number of networks prior to remove_crec")
+
+ dev[0].dump_monitor()
+ dev[0].remove_cred(id)
+ if len(dev[0].list_networks()) != 3:
+ raise Exception("Unexpected number of networks after to remove_crec")
+ dev[0].wait_disconnected(timeout=10)
+
+def test_ap_hs20_interworking_add_network(dev, apdev):
+ """Hotspot 2.0 connection using INTERWORKING_ADD_NETWORK"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['nai_realm'] = [ "0,example.com,21[3:26][6:7][99:99]" ]
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].add_cred_values(default_cred(user="user"))
+ interworking_select(dev[0], bssid, freq=2412)
+ id = dev[0].interworking_add_network(bssid)
+ dev[0].select_network(id, freq=2412)
+ dev[0].wait_connected()
+
+def _test_ap_hs20_proxyarp(dev, apdev):
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['disable_dgaf'] = '0'
+ params['proxy_arp'] = '1'
+ hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
+ if "OK" in hapd.request("ENABLE"):
+ raise Exception("Incomplete hostapd configuration was accepted")
+ hapd.set("ap_isolate", "1")
+ if "OK" in hapd.request("ENABLE"):
+ raise Exception("Incomplete hostapd configuration was accepted")
+ hapd.set('bridge', 'ap-br0')
+ hapd.dump_monitor()
+ try:
+ hapd.enable()
+ except:
+ # For now, do not report failures due to missing kernel support
+ raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
+ ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
+ if ev is None:
+ raise Exception("AP startup timed out")
+ if "AP-ENABLED" not in ev:
+ raise Exception("AP startup failed")
+
+ dev[0].hs20_enable()
+ subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'domain': "example.com",
+ 'update_identifier': "1234" })
+ interworking_select(dev[0], bssid, "home", freq="2412")
+ interworking_connect(dev[0], bssid, "TTLS")
+
+ dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412")
+ time.sleep(0.1)
+
+ addr0 = dev[0].p2p_interface_addr()
+ addr1 = dev[1].p2p_interface_addr()
+
+ src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
+ src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
+
+ pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
+ ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
+ opt=src_ll_opt0)
+ if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2",
+ ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2",
+ opt=src_ll_opt1)
+ if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2",
+ ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2",
+ opt=src_ll_opt1)
+ if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After connect: " + str(matches))
+ if len(matches) != 3:
+ raise Exception("Unexpected number of neighbor entries after connect")
+ if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
+ raise Exception("dev0 addr missing")
+ if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
+ raise Exception("dev1 addr(1) missing")
+ if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
+ raise Exception("dev1 addr(2) missing")
+ dev[0].request("DISCONNECT")
+ dev[1].request("DISCONNECT")
+ time.sleep(0.5)
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After disconnect: " + str(matches))
+ if len(matches) > 0:
+ raise Exception("Unexpected neighbor entries after disconnect")
+
+def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
+ """Hotspot 2.0 connection with hidden SSId in scan results"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+
+ hapd = hostapd.add_ap(apdev[0], { "ssid": 'secret',
+ "ignore_broadcast_ssid": "1" })
+ dev[0].scan_for_bss(bssid, freq=2412)
+ hapd.disable()
+ hapd_global = hostapd.HostapdGlobal(apdev[0])
+ hapd_global.flush()
+ hapd_global.remove(apdev[0]['ifname'])
+
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'domain': "example.com" })
+ interworking_select(dev[0], bssid, "home", freq="2412")
+ interworking_connect(dev[0], bssid, "TTLS")
+
+ # clear BSS table to avoid issues in following test cases
+ dev[0].request("DISCONNECT")
+ dev[0].wait_disconnected()
+ hapd.disable()
+ dev[0].flush_scan_cache()
+ dev[0].flush_scan_cache()
+
+def test_ap_hs20_proxyarp(dev, apdev):
+ """Hotspot 2.0 and ProxyARP"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ try:
+ _test_ap_hs20_proxyarp(dev, apdev)
+ finally:
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
+ stderr=open('/dev/null', 'w'))
+ subprocess.call(['brctl', 'delbr', 'ap-br0'],
+ stderr=open('/dev/null', 'w'))
+
+def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['disable_dgaf'] = '1' if disabled else '0'
+ params['proxy_arp'] = '1'
+ params['na_mcast_to_ucast'] = '1'
+ params['ap_isolate'] = '1'
+ params['bridge'] = 'ap-br0'
+ hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
+ try:
+ hapd.enable()
+ except:
+ # For now, do not report failures due to missing kernel support
+ raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
+ ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
+ if ev is None:
+ raise Exception("AP startup timed out")
+
+ dev[0].hs20_enable()
+ subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'domain': "example.com",
+ 'update_identifier': "1234" })
+ interworking_select(dev[0], bssid, "home", freq="2412")
+ interworking_connect(dev[0], bssid, "TTLS")
+
+ dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412")
+ time.sleep(0.1)
+
+ addr0 = dev[0].p2p_interface_addr()
+
+ src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
+
+ pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
+ ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
+ opt=src_ll_opt0)
+ if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
+ ip_dst="ff01::1")
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ pkt = build_na(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::44",
+ ip_dst="ff01::1", target="aaaa:bbbb:cccc::55")
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.123", chaddr=addr0)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+ # another copy for additional code coverage
+ pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.123", chaddr=addr0)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After connect: " + str(matches))
+ if len(matches) != 2:
+ raise Exception("Unexpected number of neighbor entries after connect")
+ if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
+ raise Exception("dev0 addr missing")
+ if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
+ raise Exception("dev0 IPv4 addr missing")
+ dev[0].request("DISCONNECT")
+ dev[1].request("DISCONNECT")
+ time.sleep(0.5)
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After disconnect: " + str(matches))
+ if len(matches) > 0:
+ raise Exception("Unexpected neighbor entries after disconnect")
+
+def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
+ """Hotspot 2.0 and ProxyARP with DGAF disabled"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ try:
+ _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
+ finally:
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
+ stderr=open('/dev/null', 'w'))
+ subprocess.call(['brctl', 'delbr', 'ap-br0'],
+ stderr=open('/dev/null', 'w'))
+
+def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
+ """Hotspot 2.0 and ProxyARP with DGAF enabled"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ try:
+ _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
+ finally:
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
+ stderr=open('/dev/null', 'w'))
+ subprocess.call(['brctl', 'delbr', 'ap-br0'],
+ stderr=open('/dev/null', 'w'))
+
+def ip_checksum(buf):
+ sum = 0
+ if len(buf) & 0x01:
+ buf += '\x00'
+ for i in range(0, len(buf), 2):
+ val, = struct.unpack('H', buf[i:i+2])
+ sum += val
+ while (sum >> 16):
+ sum = (sum & 0xffff) + (sum >> 16)
+ return struct.pack('H', ~sum & 0xffff)
+
+def ipv6_solicited_node_mcaddr(target):
+ prefix = socket.inet_pton(socket.AF_INET6, "ff02::1:ff00:0")
+ mask = socket.inet_pton(socket.AF_INET6, "::ff:ffff")
+ _target = socket.inet_pton(socket.AF_INET6, target)
+ p = struct.unpack('4I', prefix)
+ m = struct.unpack('4I', mask)
+ t = struct.unpack('4I', _target)
+ res = (p[0] | (t[0] & m[0]),
+ p[1] | (t[1] & m[1]),
+ p[2] | (t[2] & m[2]),
+ p[3] | (t[3] & m[3]))
+ return socket.inet_ntop(socket.AF_INET6, struct.pack('4I', *res))
+
+def build_icmpv6(ipv6_addrs, type, code, payload):
+ start = struct.pack("BB", type, code)
+ end = payload
+ icmp = start + '\x00\x00' + end
+ pseudo = ipv6_addrs + struct.pack(">LBBBB", len(icmp), 0, 0, 0, 58)
+ csum = ip_checksum(pseudo + icmp)
+ return start + csum + end
+
+def build_ra(src_ll, ip_src, ip_dst, cur_hop_limit=0, router_lifetime=0,
+ reachable_time=0, retrans_timer=0, opt=None):
+ link_mc = binascii.unhexlify("3333ff000002")
+ _src_ll = binascii.unhexlify(src_ll.replace(':',''))
+ proto = '\x86\xdd'
+ ehdr = link_mc + _src_ll + proto
+ _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
+ _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
+
+ adv = struct.pack('>BBHLL', cur_hop_limit, 0, router_lifetime,
+ reachable_time, retrans_timer)
+ if opt:
+ payload = adv + opt
+ else:
+ payload = adv
+ icmp = build_icmpv6(_ip_src + _ip_dst, 134, 0, payload)
+
+ ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
+ ipv6 += _ip_src + _ip_dst
+
+ return ehdr + ipv6 + icmp
+
+def build_ns(src_ll, ip_src, ip_dst, target, opt=None):
+ link_mc = binascii.unhexlify("3333ff000002")
+ _src_ll = binascii.unhexlify(src_ll.replace(':',''))
+ proto = '\x86\xdd'
+ ehdr = link_mc + _src_ll + proto
+ _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
+ if ip_dst is None:
+ ip_dst = ipv6_solicited_node_mcaddr(target)
+ _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
+
+ reserved = '\x00\x00\x00\x00'
+ _target = socket.inet_pton(socket.AF_INET6, target)
+ if opt:
+ payload = reserved + _target + opt
+ else:
+ payload = reserved + _target
+ icmp = build_icmpv6(_ip_src + _ip_dst, 135, 0, payload)
+
+ ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
+ ipv6 += _ip_src + _ip_dst
+
+ return ehdr + ipv6 + icmp
+
+def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
+ hapd_bssid=None):
+ if hapd_bssid:
+ if src_ll is None:
+ src_ll = hapd_bssid
+ cmd = "DATA_TEST_FRAME ifname=ap-br0 "
+ else:
+ if src_ll is None:
+ src_ll = dev.p2p_interface_addr()
+ cmd = "DATA_TEST_FRAME "
+
+ if opt is None:
+ opt = "\x01\x01" + binascii.unhexlify(src_ll.replace(':',''))
+
+ pkt = build_ns(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
+ opt=opt)
+ if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+def build_na(src_ll, ip_src, ip_dst, target, opt=None, flags=0):
+ link_mc = binascii.unhexlify("3333ff000002")
+ _src_ll = binascii.unhexlify(src_ll.replace(':',''))
+ proto = '\x86\xdd'
+ ehdr = link_mc + _src_ll + proto
+ _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
+ _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
+
+ _target = socket.inet_pton(socket.AF_INET6, target)
+ if opt:
+ payload = struct.pack('>Bxxx', flags) + _target + opt
+ else:
+ payload = struct.pack('>Bxxx', flags) + _target
+ icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload)
+
+ ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
+ ipv6 += _ip_src + _ip_dst
+
+ return ehdr + ipv6 + icmp
+
+def send_na(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
+ hapd_bssid=None):
+ if hapd_bssid:
+ if src_ll is None:
+ src_ll = hapd_bssid
+ cmd = "DATA_TEST_FRAME ifname=ap-br0 "
+ else:
+ if src_ll is None:
+ src_ll = dev.p2p_interface_addr()
+ cmd = "DATA_TEST_FRAME "
+
+ pkt = build_na(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
+ opt=opt)
+ if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+def build_dhcp_ack(dst_ll, src_ll, ip_src, ip_dst, yiaddr, chaddr,
+ subnet_mask="255.255.255.0", truncated_opt=False,
+ wrong_magic=False, force_tot_len=None, no_dhcp=False,
+ udp_checksum=True):
+ _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
+ _src_ll = binascii.unhexlify(src_ll.replace(':',''))
+ proto = '\x08\x00'
+ ehdr = _dst_ll + _src_ll + proto
+ _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
+ _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
+ _subnet_mask = socket.inet_pton(socket.AF_INET, subnet_mask)
+
+ _ciaddr = '\x00\x00\x00\x00'
+ _yiaddr = socket.inet_pton(socket.AF_INET, yiaddr)
+ _siaddr = '\x00\x00\x00\x00'
+ _giaddr = '\x00\x00\x00\x00'
+ _chaddr = binascii.unhexlify(chaddr.replace(':','') + "00000000000000000000")
+ payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
+ payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
+ # magic
+ if wrong_magic:
+ payload += '\x63\x82\x53\x00'
+ else:
+ payload += '\x63\x82\x53\x63'
+ if truncated_opt:
+ payload += '\x22\xff\x00'
+ # Option: DHCP Message Type = ACK
+ payload += '\x35\x01\x05'
+ # Pad Option
+ payload += '\x00'
+ # Option: Subnet Mask
+ payload += '\x01\x04' + _subnet_mask
+ # Option: Time Offset
+ payload += struct.pack('>BBL', 2, 4, 0)
+ # End Option
+ payload += '\xff'
+ # Pad Option
+ payload += '\x00\x00\x00\x00'
+
+ if no_dhcp:
+ payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
+ payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
+
+ if udp_checksum:
+ pseudohdr = _ip_src + _ip_dst + struct.pack('>BBH', 0, 17,
+ 8 + len(payload))
+ udphdr = struct.pack('>HHHH', 67, 68, 8 + len(payload), 0)
+ checksum, = struct.unpack('>H', ip_checksum(pseudohdr + udphdr + payload))
+ else:
+ checksum = 0
+ udp = struct.pack('>HHHH', 67, 68, 8 + len(payload), checksum) + payload
+
+ if force_tot_len:
+ tot_len = force_tot_len
+ else:
+ tot_len = 20 + len(udp)
+ start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
+ ipv4 = start + '\x00\x00' + _ip_src + _ip_dst
+ csum = ip_checksum(ipv4)
+ ipv4 = start + csum + _ip_src + _ip_dst
+
+ return ehdr + ipv4 + udp
+
+def build_arp(dst_ll, src_ll, opcode, sender_mac, sender_ip,
+ target_mac, target_ip):
+ _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
+ _src_ll = binascii.unhexlify(src_ll.replace(':',''))
+ proto = '\x08\x06'
+ ehdr = _dst_ll + _src_ll + proto
+
+ _sender_mac = binascii.unhexlify(sender_mac.replace(':',''))
+ _sender_ip = socket.inet_pton(socket.AF_INET, sender_ip)
+ _target_mac = binascii.unhexlify(target_mac.replace(':',''))
+ _target_ip = socket.inet_pton(socket.AF_INET, target_ip)
+
+ arp = struct.pack('>HHBBH', 1, 0x0800, 6, 4, opcode)
+ arp += _sender_mac + _sender_ip
+ arp += _target_mac + _target_ip
+
+ return ehdr + arp
+
+def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1,
+ sender_mac=None, sender_ip="0.0.0.0",
+ target_mac="00:00:00:00:00:00", target_ip="0.0.0.0",
+ hapd_bssid=None):
+ if hapd_bssid:
+ if src_ll is None:
+ src_ll = hapd_bssid
+ if sender_mac is None:
+ sender_mac = hapd_bssid
+ cmd = "DATA_TEST_FRAME ifname=ap-br0 "
+ else:
+ if src_ll is None:
+ src_ll = dev.p2p_interface_addr()
+ if sender_mac is None:
+ sender_mac = dev.p2p_interface_addr()
+ cmd = "DATA_TEST_FRAME "
+
+ pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode,
+ sender_mac=sender_mac, sender_ip=sender_ip,
+ target_mac=target_mac, target_ip=target_ip)
+ if "OK" not in dev.request(cmd + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+def get_permanent_neighbors(ifname):
+ cmd = subprocess.Popen(['ip', 'nei'], stdout=subprocess.PIPE)
+ res = cmd.stdout.read().decode()
+ cmd.stdout.close()
+ return [ line for line in res.splitlines() if "PERMANENT" in line and ifname in line ]
+
+def get_bridge_macs(ifname):
+ cmd = subprocess.Popen(['brctl', 'showmacs', ifname],
+ stdout=subprocess.PIPE)
+ res = cmd.stdout.read()
+ cmd.stdout.close()
+ return res
+
+def tshark_get_arp(cap, filter):
+ res = run_tshark(cap, filter,
+ [ "eth.dst", "eth.src",
+ "arp.src.hw_mac", "arp.src.proto_ipv4",
+ "arp.dst.hw_mac", "arp.dst.proto_ipv4" ],
+ wait=False)
+ frames = []
+ for l in res.splitlines():
+ frames.append(l.split('\t'))
+ return frames
+
+def tshark_get_ns(cap):
+ res = run_tshark(cap, "icmpv6.type == 135",
+ [ "eth.dst", "eth.src",
+ "ipv6.src", "ipv6.dst",
+ "icmpv6.nd.ns.target_address",
+ "icmpv6.opt.linkaddr" ],
+ wait=False)
+ frames = []
+ for l in res.splitlines():
+ frames.append(l.split('\t'))
+ return frames
+
+def tshark_get_na(cap):
+ res = run_tshark(cap, "icmpv6.type == 136",
+ [ "eth.dst", "eth.src",
+ "ipv6.src", "ipv6.dst",
+ "icmpv6.nd.na.target_address",
+ "icmpv6.opt.linkaddr" ],
+ wait=False)
+ frames = []
+ for l in res.splitlines():
+ frames.append(l.split('\t'))
+ return frames
+
+def _test_proxyarp_open(dev, apdev, params, ebtables=False):
+ prefix = "proxyarp_open"
+ if ebtables:
+ prefix += "_ebtables"
+ cap_br = os.path.join(params['logdir'], prefix + ".ap-br0.pcap")
+ cap_dev0 = os.path.join(params['logdir'],
+ prefix + ".%s.pcap" % dev[0].ifname)
+ cap_dev1 = os.path.join(params['logdir'],
+ prefix + ".%s.pcap" % dev[1].ifname)
+ cap_dev2 = os.path.join(params['logdir'],
+ prefix + ".%s.pcap" % dev[2].ifname)
+
+ bssid = apdev[0]['bssid']
+ params = { 'ssid': 'open' }
+ params['proxy_arp'] = '1'
+ hapd = hostapd.add_ap(apdev[0], params, no_enable=True)
+ hapd.set("ap_isolate", "1")
+ hapd.set('bridge', 'ap-br0')
+ hapd.dump_monitor()
+ try:
+ hapd.enable()
+ except:
+ # For now, do not report failures due to missing kernel support
+ raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
+ ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
+ if ev is None:
+ raise Exception("AP startup timed out")
+ if "AP-ENABLED" not in ev:
+ raise Exception("AP startup failed")
+
+ params2 = { 'ssid': 'another' }
+ hapd2 = hostapd.add_ap(apdev[1], params2, no_enable=True)
+ hapd2.set('bridge', 'ap-br0')
+ hapd2.enable()
+
+ subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
+ subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
+
+ if ebtables:
+ for chain in [ 'FORWARD', 'OUTPUT' ]:
+ try:
+ subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
+ '-d', 'Broadcast', '-o', apdev[0]['ifname'],
+ '-j', 'DROP'])
+ except:
+ raise HwsimSkip("No ebtables available")
+
+ time.sleep(0.5)
+ cmd = {}
+ cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
+ '-w', cap_br, '-s', '2000'],
+ stderr=open('/dev/null', 'w'))
+ cmd[1] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[0].ifname,
+ '-w', cap_dev0, '-s', '2000'],
+ stderr=open('/dev/null', 'w'))
+ cmd[2] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[1].ifname,
+ '-w', cap_dev1, '-s', '2000'],
+ stderr=open('/dev/null', 'w'))
+ cmd[3] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[2].ifname,
+ '-w', cap_dev2, '-s', '2000'],
+ stderr=open('/dev/null', 'w'))
+
+ dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
+ dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
+ dev[2].connect("another", key_mgmt="NONE", scan_freq="2412")
+ time.sleep(0.1)
+
+ brcmd = subprocess.Popen(['brctl', 'show'], stdout=subprocess.PIPE)
+ res = brcmd.stdout.read().decode()
+ brcmd.stdout.close()
+ logger.info("Bridge setup: " + res)
+
+ brcmd = subprocess.Popen(['brctl', 'showstp', 'ap-br0'],
+ stdout=subprocess.PIPE)
+ res = brcmd.stdout.read().decode()
+ brcmd.stdout.close()
+ logger.info("Bridge showstp: " + res)
+
+ addr0 = dev[0].p2p_interface_addr()
+ addr1 = dev[1].p2p_interface_addr()
+ addr2 = dev[2].p2p_interface_addr()
+
+ pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.124", chaddr=addr0)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+ # Change address and verify unicast
+ pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.123", chaddr=addr0,
+ udp_checksum=False)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # Not-associated client MAC address
+ pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.125", chaddr="22:33:44:55:66:77")
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # No IP address
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="0.0.0.0", chaddr=addr1)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # Zero subnet mask
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.126", chaddr=addr1,
+ subnet_mask="0.0.0.0")
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # Truncated option
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.127", chaddr=addr1,
+ truncated_opt=True)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # Wrong magic
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.128", chaddr=addr1,
+ wrong_magic=True)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # Wrong IPv4 total length
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.129", chaddr=addr1,
+ force_tot_len=1000)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ # BOOTP
+ pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
+ ip_src="192.168.1.1", ip_dst="255.255.255.255",
+ yiaddr="192.168.1.129", chaddr=addr1,
+ no_dhcp=True)
+ if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt).decode()):
+ raise Exception("DATA_TEST_FRAME failed")
+
+ macs = get_bridge_macs("ap-br0")
+ logger.info("After connect (showmacs): " + str(macs))
+
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After connect: " + str(matches))
+ if len(matches) != 1:
+ raise Exception("Unexpected number of neighbor entries after connect")
+ if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
+ raise Exception("dev0 IPv4 addr missing")
+
+ targets = [ "192.168.1.123", "192.168.1.124", "192.168.1.125",
+ "192.168.1.126" ]
+ for target in targets:
+ send_arp(dev[1], sender_ip="192.168.1.100", target_ip=target)
+
+ for target in targets:
+ send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101",
+ target_ip=target)
+
+ for target in targets:
+ send_arp(dev[2], sender_ip="192.168.1.103", target_ip=target)
+
+ # ARP Probe from wireless STA
+ send_arp(dev[1], target_ip="192.168.1.127")
+ # ARP Announcement from wireless STA
+ send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127")
+ send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127",
+ opcode=2)
+
+ macs = get_bridge_macs("ap-br0")
+ logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
+
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After ARP Probe + Announcement: " + str(matches))
+
+ # ARP Request for the newly introduced IP address from wireless STA
+ send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
+
+ # ARP Request for the newly introduced IP address from bridge
+ send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
+ target_ip="192.168.1.127")
+ send_arp(dev[2], sender_ip="192.168.1.103", target_ip="192.168.1.127")
+
+ # ARP Probe from bridge
+ send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130")
+ send_arp(dev[2], target_ip="192.168.1.131")
+ # ARP Announcement from bridge (not to be learned by AP for proxyarp)
+ send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
+ target_ip="192.168.1.130")
+ send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
+ target_ip="192.168.1.130", opcode=2)
+ send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131")
+ send_arp(dev[2], sender_ip="192.168.1.131", target_ip="192.168.1.131",
+ opcode=2)
+
+ macs = get_bridge_macs("ap-br0")
+ logger.info("After ARP Probe + Announcement (showmacs): " + str(macs))
+
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After ARP Probe + Announcement: " + str(matches))
+
+ # ARP Request for the newly introduced IP address from wireless STA
+ send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130")
+ # ARP Response from bridge (AP does not proxy for non-wireless devices)
+ send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130",
+ target_ip="192.168.1.123", opcode=2)
+
+ # ARP Request for the newly introduced IP address from wireless STA
+ send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.131")
+ # ARP Response from bridge (AP does not proxy for non-wireless devices)
+ send_arp(dev[2], dst_ll=addr0, sender_ip="192.168.1.131",
+ target_ip="192.168.1.123", opcode=2)
+
+ # ARP Request for the newly introduced IP address from bridge
+ send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
+ target_ip="192.168.1.130")
+ send_arp(dev[2], sender_ip="192.168.1.104", target_ip="192.168.1.131")
+
+ # ARP Probe from wireless STA (duplicate address; learned through DHCP)
+ send_arp(dev[1], target_ip="192.168.1.123")
+ # ARP Probe from wireless STA (duplicate address; learned through ARP)
+ send_arp(dev[0], target_ip="192.168.1.127")
+
+ # Gratuitous ARP Reply for another STA's IP address
+ send_arp(dev[0], opcode=2, sender_mac=addr0, sender_ip="192.168.1.127",
+ target_mac=addr1, target_ip="192.168.1.127")
+ send_arp(dev[1], opcode=2, sender_mac=addr1, sender_ip="192.168.1.123",
+ target_mac=addr0, target_ip="192.168.1.123")
+ # ARP Request to verify previous mapping
+ send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.123")
+ send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
+
+ try:
+ hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
+ except Exception as e:
+ logger.info("test_connectibity_iface failed: " + str(e))
+ raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
+ hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
+ hwsim_utils.test_connectivity(dev[0], dev[1])
+
+ dev[0].request("DISCONNECT")
+ dev[1].request("DISCONNECT")
+ time.sleep(0.5)
+ for i in range(len(cmd)):
+ cmd[i].terminate()
+ macs = get_bridge_macs("ap-br0")
+ logger.info("After disconnect (showmacs): " + str(macs))
+ matches = get_permanent_neighbors("ap-br0")
+ logger.info("After disconnect: " + str(matches))
+ if len(matches) > 0:
+ raise Exception("Unexpected neighbor entries after disconnect")
+ if ebtables:
+ cmd = subprocess.Popen(['ebtables', '-L', '--Lc'],
+ stdout=subprocess.PIPE)
+ res = cmd.stdout.read().decode()
+ cmd.stdout.close()
+ logger.info("ebtables results:\n" + res)
+
+ # Verify that expected ARP messages were seen and no unexpected
+ # ARP messages were seen.
+
+ arp_req = tshark_get_arp(cap_dev0, "arp.opcode == 1")
+ arp_reply = tshark_get_arp(cap_dev0, "arp.opcode == 2")
+ logger.info("dev0 seen ARP requests:\n" + str(arp_req))
+ logger.info("dev0 seen ARP replies:\n" + str(arp_reply))
+
+ if [ 'ff:ff:ff:ff:ff:ff', addr1,
+ addr1, '192.168.1.100',
+ '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
+ raise Exception("dev0 saw ARP request from dev1")
+ if [ 'ff:ff:ff:ff:ff:ff', addr2,
+ addr2, '192.168.1.103',
+ '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
+ raise Exception("dev0 saw ARP request from dev2")
+ # TODO: Uncomment once fixed in kernel
+ #if [ 'ff:ff:ff:ff:ff:ff', bssid,
+ # bssid, '192.168.1.101',
+ # '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
+ # raise Exception("dev0 saw ARP request from br")
+
+ if ebtables:
+ for req in arp_req:
+ if req[1] != addr0:
+ raise Exception("Unexpected foreign ARP request on dev0")
+
+ arp_req = tshark_get_arp(cap_dev1, "arp.opcode == 1")
+ arp_reply = tshark_get_arp(cap_dev1, "arp.opcode == 2")
+ logger.info("dev1 seen ARP requests:\n" + str(arp_req))
+ logger.info("dev1 seen ARP replies:\n" + str(arp_reply))
+
+ if [ 'ff:ff:ff:ff:ff:ff', addr2,
+ addr2, '192.168.1.103',
+ '00:00:00:00:00:00', '192.168.1.123' ] in arp_req:
+ raise Exception("dev1 saw ARP request from dev2")
+ if [addr1, addr0, addr0, '192.168.1.123', addr1, '192.168.1.100'] not in arp_reply:
+ raise Exception("dev1 did not get ARP response for 192.168.1.123")
+
+ if ebtables:
+ for req in arp_req:
+ if req[1] != addr1:
+ raise Exception("Unexpected foreign ARP request on dev1")
+
+ arp_req = tshark_get_arp(cap_dev2, "arp.opcode == 1")
+ arp_reply = tshark_get_arp(cap_dev2, "arp.opcode == 2")
+ logger.info("dev2 seen ARP requests:\n" + str(arp_req))
+ logger.info("dev2 seen ARP replies:\n" + str(arp_reply))
+
+ if [ addr2, addr0,
+ addr0, '192.168.1.123',
+ addr2, '192.168.1.103' ] not in arp_reply:
+ raise Exception("dev2 did not get ARP response for 192.168.1.123")