libeap/tests/hwsim/test_ap_vlan.py

   1 #!/usr/bin/python
   2 #
   3 # Test cases for AP VLAN
   4 # Copyright (c) 2013-2014, Jouni Malinen <j@w1.fi>
   5 #
   6 # This software may be distributed under the terms of the BSD license.
   7 # See README for more details.
   8
   9 from remotehost import remote_compatible
  10 import time
  11 import subprocess
  12 import logging
  13 logger = logging.getLogger(__name__)
  14
  15 try:
  16     import netifaces
  17     netifaces_imported = True
  18 except ImportError:
  19     netifaces_imported = False
  20
  21 import hwsim_utils
  22 import hostapd
  23 from utils import iface_is_in_bridge, HwsimSkip
  24 import os
  25 from tshark import run_tshark
  26
  27 def test_ap_vlan_open(dev, apdev):
  28     """AP VLAN with open network"""
  29     params = { "ssid": "test-vlan-open",
  30                "dynamic_vlan": "1",
  31                "accept_mac_file": "hostapd.accept" }
  32     hapd = hostapd.add_ap(apdev[0], params)
  33
  34     dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  35     dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  36     dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  37     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
  38     hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
  39     hwsim_utils.test_connectivity(dev[2], hapd)
  40
  41 def test_ap_vlan_file_open(dev, apdev):
  42     """AP VLAN with open network and vlan_file mapping"""
  43     params = { "ssid": "test-vlan-open",
  44                "dynamic_vlan": "1",
  45                "vlan_file": "hostapd.vlan",
  46                "accept_mac_file": "hostapd.accept" }
  47     hapd = hostapd.add_ap(apdev[0], params)
  48
  49     dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  50     dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  51     dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
  52     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
  53     hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
  54     hwsim_utils.test_connectivity(dev[2], hapd)
  55
  56 def test_ap_vlan_wpa2(dev, apdev):
  57     """AP VLAN with WPA2-PSK"""
  58     params = hostapd.wpa2_params(ssid="test-vlan",
  59                                  passphrase="12345678")
  60     params['dynamic_vlan'] = "1"
  61     params['accept_mac_file'] = "hostapd.accept"
  62     hapd = hostapd.add_ap(apdev[0], params)
  63
  64     dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
  65     dev[1].connect("test-vlan", psk="12345678", scan_freq="2412")
  66     dev[2].connect("test-vlan", psk="12345678", scan_freq="2412")
  67     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
  68     hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
  69     hwsim_utils.test_connectivity(dev[2], hapd)
  70
  71 def test_ap_vlan_wpa2_radius(dev, apdev):
  72     """AP VLAN with WPA2-Enterprise and RADIUS attributes"""
  73     params = hostapd.wpa2_eap_params(ssid="test-vlan")
  74     params['dynamic_vlan'] = "1"
  75     hapd = hostapd.add_ap(apdev[0], params)
  76
  77     dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
  78                    identity="vlan1",
  79                    password_hex="0123456789abcdef0123456789abcdef",
  80                    scan_freq="2412")
  81     dev[1].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
  82                    identity="vlan2",
  83                    password_hex="0123456789abcdef0123456789abcdef",
  84                    scan_freq="2412")
  85     dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
  86                    identity="pax.user@example.com",
  87                    password_hex="0123456789abcdef0123456789abcdef",
  88                    scan_freq="2412")
  89     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
  90     hwsim_utils.test_connectivity_iface(dev[1], hapd, "brvlan2")
  91     hwsim_utils.test_connectivity(dev[2], hapd)
  92
  93 def test_ap_vlan_wpa2_radius_2(dev, apdev):
  94     """AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes"""
  95     params = hostapd.wpa2_eap_params(ssid="test-vlan")
  96     params['dynamic_vlan'] = "1"
  97     hapd = hostapd.add_ap(apdev[0], params)
  98
  99     dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 100                    identity="vlan1b",
 101                    password_hex="0123456789abcdef0123456789abcdef",
 102                    scan_freq="2412")
 103
 104     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 105
 106 def test_ap_vlan_wpa2_radius_id_change(dev, apdev):
 107     """AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID"""
 108     generic_ap_vlan_wpa2_radius_id_change(dev, apdev, False)
 109
 110 def test_ap_vlan_tagged_wpa2_radius_id_change(dev, apdev):
 111     """AP tagged VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID"""
 112     ifname1 = 'wlan0.1'
 113     ifname2 = 'wlan0.2'
 114     try:
 115         # Create tagged interface for wpa_supplicant
 116         subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
 117                          'name', ifname1, 'type', 'vlan', 'id', '1'])
 118         subprocess.call(['ifconfig', ifname1, 'up'])
 119
 120         subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
 121                          'name', ifname2, 'type', 'vlan', 'id', '2'])
 122         subprocess.call(['ifconfig', ifname2, 'up'])
 123
 124         generic_ap_vlan_wpa2_radius_id_change(dev, apdev, True)
 125     finally:
 126         subprocess.call(['ifconfig', ifname1, 'down'])
 127         subprocess.call(['ifconfig', ifname2, 'down'])
 128         subprocess.call(['ip', 'link', 'del', ifname1])
 129         subprocess.call(['ip', 'link', 'del', ifname2])
 130
 131 def generic_ap_vlan_wpa2_radius_id_change(dev, apdev, tagged):
 132     as_params = { "ssid": "as",
 133                   "beacon_int": "2000",
 134                   "radius_server_clients": "auth_serv/radius_clients.conf",
 135                   "radius_server_auth_port": '18128',
 136                   "eap_server": "1",
 137                   "eap_user_file": "auth_serv/eap_user.conf",
 138                   "ca_cert": "auth_serv/ca.pem",
 139                   "server_cert": "auth_serv/server.pem",
 140                   "private_key": "auth_serv/server.key" }
 141     authserv = hostapd.add_ap(apdev[1], as_params)
 142
 143     params = hostapd.wpa2_eap_params(ssid="test-vlan")
 144     params['dynamic_vlan'] = "1"
 145     params['auth_server_port'] = "18128"
 146     hapd = hostapd.add_ap(apdev[0], params)
 147
 148     identity = "vlan1tagged" if tagged else "vlan1"
 149
 150     dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 151                    identity=identity,
 152                    password_hex="0123456789abcdef0123456789abcdef",
 153                    scan_freq="2412")
 154     if tagged:
 155         hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.1",
 156                                           ifname2="brvlan1")
 157     else:
 158         hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 159
 160     logger.info("VLAN-ID -> 2")
 161
 162     authserv.disable()
 163     authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
 164     authserv.enable()
 165
 166     dev[0].dump_monitor()
 167     dev[0].request("REAUTHENTICATE")
 168     ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
 169     if ev is None:
 170         raise Exception("EAP reauthentication timed out")
 171     ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
 172     if ev is None:
 173         raise Exception("4-way handshake after reauthentication timed out")
 174     state = dev[0].get_status_field('wpa_state')
 175     if state != "COMPLETED":
 176         raise Exception("Unexpected state after reauth: " + state)
 177     sta = hapd.get_sta(dev[0].own_addr())
 178     if 'vlan_id' not in sta:
 179         raise Exception("No VLAN ID in STA info")
 180     if (not tagged) and (sta['vlan_id'] != '2'):
 181         raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
 182     if tagged:
 183         hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1="wlan0.2",
 184                                           ifname2="brvlan2")
 185     else:
 186         hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
 187
 188     logger.info("VLAN-ID -> 1")
 189     time.sleep(1)
 190
 191     authserv.disable()
 192     authserv.set('eap_user_file', "auth_serv/eap_user.conf")
 193     authserv.enable()
 194
 195     dev[0].dump_monitor()
 196     dev[0].request("REAUTHENTICATE")
 197     ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
 198     if ev is None:
 199         raise Exception("EAP reauthentication timed out")
 200     ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
 201     if ev is None:
 202         raise Exception("4-way handshake after reauthentication timed out")
 203     state = dev[0].get_status_field('wpa_state')
 204     if state != "COMPLETED":
 205         raise Exception("Unexpected state after reauth: " + state)
 206     sta = hapd.get_sta(dev[0].own_addr())
 207     if 'vlan_id' not in sta:
 208         raise Exception("No VLAN ID in STA info")
 209     if (not tagged) and (sta['vlan_id'] != '1'):
 210         raise Exception("Unexpected VLAN ID: " + sta['vlan_id'])
 211     time.sleep(0.2)
 212     try:
 213         if tagged:
 214             hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
 215                                               ifname1="wlan0.1",
 216                                               ifname2="brvlan1")
 217         else:
 218             hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 219     except Exception, e:
 220         # It is possible for new bridge setup to not be ready immediately, so
 221         # try again to avoid reporting issues related to that.
 222         logger.info("First VLAN-ID 1 data test failed - try again")
 223         if tagged:
 224             hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
 225                                               ifname1="wlan0.1",
 226                                               ifname2="brvlan1")
 227         else:
 228             hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 229
 230 def test_ap_vlan_wpa2_radius_required(dev, apdev):
 231     """AP VLAN with WPA2-Enterprise and RADIUS attributes required"""
 232     params = hostapd.wpa2_eap_params(ssid="test-vlan")
 233     params['dynamic_vlan'] = "2"
 234     hostapd.add_ap(apdev[0], params)
 235
 236     dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 237                    identity="vlan1",
 238                    password_hex="0123456789abcdef0123456789abcdef",
 239                    scan_freq="2412")
 240     dev[2].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 241                    identity="pax.user@example.com",
 242                    password_hex="0123456789abcdef0123456789abcdef",
 243                    scan_freq="2412", wait_connect=False)
 244     ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED",
 245                             "CTRL-EVENT-DISCONNECTED"], timeout=20)
 246     if ev is None:
 247         raise Exception("Timeout on connection attempt")
 248     if "CTRL-EVENT-CONNECTED" in ev:
 249         raise Exception("Unexpected success without tunnel parameters")
 250
 251 def test_ap_vlan_tagged(dev, apdev):
 252     """AP VLAN with tagged interface"""
 253     params = { "ssid": "test-vlan-open",
 254                "dynamic_vlan": "1",
 255                "vlan_tagged_interface": "lo",
 256                "accept_mac_file": "hostapd.accept" }
 257     hapd = hostapd.add_ap(apdev[0], params)
 258
 259     dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
 260     dev[1].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
 261     dev[2].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
 262     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brlo.1")
 263     hwsim_utils.test_connectivity_iface(dev[1], hapd, "brlo.2")
 264     hwsim_utils.test_connectivity(dev[2], hapd)
 265
 266 def ap_vlan_iface_cleanup_multibss_cleanup():
 267     subprocess.call(['ifconfig', 'dummy0', 'down'],
 268                     stderr=open('/dev/null', 'w'))
 269     ifnames = [ 'wlan3.1', 'wlan3.2', 'wlan3-2.1', 'wlan3-2.2', 'dummy0.2',
 270                 'dummy0.1', 'dummy0', 'brvlan1', 'brvlan2' ]
 271     for ifname in ifnames:
 272         subprocess.call(['ip', 'link', 'del', ifname],
 273                         stderr=open('/dev/null', 'w'))
 274
 275 def ap_vlan_iface_test_and_prepare_environ():
 276     ifaces = netifaces.interfaces()
 277     if "dummy0" in ifaces:
 278         raise Exception("dummy0 already exists before")
 279     ifaces = netifaces.interfaces()
 280     if "dummy0.1" in ifaces:
 281         raise Exception("dummy0.1 already exists before")
 282
 283     subprocess.call(['ip', 'link', 'add', 'dummy0', 'type', 'dummy'])
 284     subprocess.call(['ifconfig', 'dummy0', 'up'])
 285
 286     ifaces = netifaces.interfaces()
 287     if not("dummy0" in ifaces):
 288         raise HwsimSkip("failed to add dummy0 - missing kernel config DUMMY ?")
 289
 290     subprocess.call(['ip', 'link', 'add', 'link', 'dummy0', 'name', 'dummy0.1',
 291                      'type', 'vlan', 'id', '1'])
 292
 293     ifaces = netifaces.interfaces()
 294     if not("dummy0.1" in ifaces):
 295         raise HwsimSkip("failed to add dummy0.1 - missing kernel config VLAN_8021Q ?")
 296
 297     subprocess.call(['ip', 'link', 'del', 'dummy0.1'])
 298
 299     ifaces = netifaces.interfaces()
 300     if "dummy0.1" in ifaces:
 301         raise Exception("dummy0.1 was not removed before testing")
 302
 303 def test_ap_vlan_iface_cleanup_multibss(dev, apdev):
 304     """AP VLAN operation in multi-BSS multi-VLAN case"""
 305     ap_vlan_iface_cleanup_multibss(dev, apdev, 'multi-bss-iface.conf')
 306
 307 def ap_vlan_iface_cleanup_multibss(dev, apdev, cfgfile):
 308     # AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID
 309     # check that multiple bss do not interfere with each other with respect
 310     # to deletion of bridge and tagged interface.
 311
 312     if not netifaces_imported:
 313         raise HwsimSkip("python module netifaces not available")
 314
 315     try:
 316         ap_vlan_iface_cleanup_multibss_cleanup()
 317         ap_vlan_iface_test_and_prepare_environ()
 318
 319         as_params = { "ssid": "as",
 320                       "beacon_int": "2000",
 321                       "radius_server_clients": "auth_serv/radius_clients.conf",
 322                       "radius_server_auth_port": '18128',
 323                       "eap_server": "1",
 324                       "eap_user_file": "auth_serv/eap_user.conf",
 325                       "ca_cert": "auth_serv/ca.pem",
 326                       "server_cert": "auth_serv/server.pem",
 327                       "private_key": "auth_serv/server.key",
 328                       "vlan_naming": "1" }
 329         authserv = hostapd.add_ap(apdev[1], as_params)
 330
 331         # start the actual test
 332         hapd = hostapd.add_iface(apdev[0], cfgfile)
 333         hapd1 = hostapd.Hostapd("wlan3-2", 1)
 334         hapd1.enable()
 335
 336         ifaces = netifaces.interfaces()
 337         if "brvlan1" in ifaces:
 338             raise Exception("bridge brvlan1 already exists before")
 339         if "brvlan2" in ifaces:
 340             raise Exception("bridge brvlan2 already exists before")
 341
 342         dev[0].connect("bss-1", key_mgmt="WPA-EAP", eap="PAX",
 343                        identity="vlan1",
 344                        password_hex="0123456789abcdef0123456789abcdef",
 345                        scan_freq="2412")
 346
 347         ifaces = netifaces.interfaces()
 348         if not("brvlan1" in ifaces):
 349             raise Exception("bridge brvlan1 was not created")
 350
 351         hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 352         if not iface_is_in_bridge("brvlan1", "dummy0.1"):
 353             raise Exception("dummy0.1 not in brvlan1")
 354
 355         dev[1].connect("bss-2", key_mgmt="WPA-EAP", eap="PAX",
 356                        identity="vlan1",
 357                        password_hex="0123456789abcdef0123456789abcdef",
 358                        scan_freq="2412")
 359
 360         hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
 361         if not iface_is_in_bridge("brvlan1", "dummy0.1"):
 362             raise Exception("dummy0.1 not in brvlan1")
 363
 364         authserv.disable()
 365         authserv.set('eap_user_file', "auth_serv/eap_user_vlan.conf")
 366         authserv.enable()
 367
 368         logger.info("wlan0 -> VLAN 2")
 369
 370         dev[0].dump_monitor()
 371         dev[0].request("REAUTHENTICATE")
 372         ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
 373         if ev is None:
 374             raise Exception("EAP reauthentication timed out")
 375         ev = dev[0].wait_event(["WPA: Key negotiation completed"], timeout=5)
 376         if ev is None:
 377             raise Exception("4-way handshake after reauthentication timed out")
 378         state = dev[0].get_status_field('wpa_state')
 379         if state != "COMPLETED":
 380             raise Exception("Unexpected state after reauth: " + state)
 381
 382         ifaces = netifaces.interfaces()
 383         if not ("brvlan1" in ifaces):
 384             raise Exception("bridge brvlan1 has been removed too early")
 385
 386         hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2",
 387                                             max_tries=5)
 388
 389         if not iface_is_in_bridge("brvlan2", "dummy0.2"):
 390             raise Exception("dummy0.2 not in brvlan2")
 391
 392         logger.info("test wlan1 == VLAN 1")
 393         hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan1")
 394         if not iface_is_in_bridge("brvlan1", "dummy0.1"):
 395             raise Exception("dummy0.1 not in brvlan1")
 396
 397         logger.info("wlan1 -> VLAN 2")
 398
 399         dev[1].dump_monitor()
 400         dev[1].request("REAUTHENTICATE")
 401         ev = dev[1].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=15)
 402         if ev is None:
 403             raise Exception("EAP reauthentication timed out")
 404         ev = dev[1].wait_event(["WPA: Key negotiation completed"], timeout=5)
 405         if ev is None:
 406             raise Exception("4-way handshake after reauthentication timed out")
 407         state = dev[1].get_status_field('wpa_state')
 408         if state != "COMPLETED":
 409             raise Exception("Unexpected state after reauth: " + state)
 410
 411         # it can take some time for data connectivity to be updated
 412         hwsim_utils.test_connectivity_iface(dev[1], hapd1, "brvlan2",
 413                                             max_tries=5)
 414         logger.info("test wlan0 == VLAN 2")
 415         hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan2")
 416
 417         if not iface_is_in_bridge("brvlan2", "dummy0.2"):
 418             raise Exception("dummy0.2 not in brvlan2")
 419
 420         ifaces = netifaces.interfaces()
 421         if "brvlan1" in ifaces:
 422             raise Exception("bridge brvlan1 has not been cleaned up")
 423
 424         # disconnect dev0 first to test a corner case
 425         dev[0].request("DISCONNECT")
 426         dev[0].wait_disconnected()
 427         dev[1].request("DISCONNECT")
 428         dev[1].wait_disconnected()
 429
 430         # station removal needs some time
 431         for i in range(5):
 432             time.sleep(1)
 433             ifaces = netifaces.interfaces()
 434             if "brvlan2" not in ifaces:
 435                 break
 436
 437         ifaces = netifaces.interfaces()
 438         if "brvlan2" in ifaces:
 439             raise Exception("bridge brvlan2 has not been cleaned up")
 440
 441         hapd.request("DISABLE")
 442     finally:
 443         ap_vlan_iface_cleanup_multibss_cleanup()
 444
 445 def test_ap_vlan_iface_cleanup_multibss_per_sta_vif(dev, apdev):
 446     """AP VLAN operation in multi-BSS multi-VLAN case with per-sta-vif set"""
 447
 448     # AP VLAN with WPA2-Enterprise and RADIUS attributes changing VLANID
 449     # check that multiple bss do not interfere with each other with respect
 450     # to deletion of bridge and tagged interface. per_sta_vif is enabled.
 451     ap_vlan_iface_cleanup_multibss(dev, apdev,
 452                                    'multi-bss-iface-per_sta_vif.conf')
 453
 454 def test_ap_vlan_without_station(dev, apdev, p):
 455     """AP VLAN with WPA2-PSK and no station"""
 456     try:
 457         subprocess.call(['brctl', 'addbr', 'brvlan1'])
 458         subprocess.call(['brctl', 'setfd', 'brvlan1', '0'])
 459         subprocess.call(['ifconfig', 'brvlan1', 'up'])
 460         # use a passphrase wlantest does not know, so it cannot
 461         # inject decrypted frames into pcap
 462         params = hostapd.wpa2_params(ssid="test-vlan",
 463                                      passphrase="12345678x")
 464         params['dynamic_vlan'] = "1"
 465         params['vlan_file'] = 'hostapd.wlan3.vlan'
 466         params['accept_mac_file'] = "hostapd.accept"
 467         hapd = hostapd.add_ap(apdev[0], params)
 468
 469         # inject some traffic
 470         sa = hapd.own_addr()
 471         da = "ff:ff:ff:ff:ff:00"
 472         hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
 473         hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
 474         hapd.request('DATA_TEST_CONFIG 0')
 475         time.sleep(.1)
 476
 477         dev[0].connect("test-vlan", psk="12345678x", scan_freq="2412")
 478
 479         # inject some traffic
 480         sa = hapd.own_addr()
 481         da = "ff:ff:ff:ff:ff:01"
 482         hapd.request('DATA_TEST_CONFIG 1 ifname=brvlan1')
 483         hapd.request('DATA_TEST_TX {} {} 0'.format(da, sa))
 484         hapd.request('DATA_TEST_CONFIG 0')
 485
 486         # let the AP send couple of Beacon frames
 487         time.sleep(1)
 488         out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
 489                          "wlan.da == ff:ff:ff:ff:ff:00",
 490                          ["wlan.fc.protected"])
 491
 492         if out is not None:
 493             lines = out.splitlines()
 494             if len(lines) < 1:
 495                 raise Exception("first frame not observed")
 496             state = 1
 497             for l in lines:
 498                 is_protected = int(l, 16)
 499                 if is_protected != 1:
 500                     state = 0
 501             if state != 1:
 502                 raise Exception("Broadcast packets were not encrypted when no station was connected")
 503         else:
 504             raise Exception("first frame not observed")
 505
 506         out = run_tshark(os.path.join(p['logdir'], "hwsim0.pcapng"),
 507                          "wlan.da == ff:ff:ff:ff:ff:01",
 508                          ["wlan.fc.protected"])
 509
 510         if out is not None:
 511             lines = out.splitlines()
 512             if len(lines) < 1:
 513                 raise Exception("second frame not observed")
 514             state = 1
 515             for l in lines:
 516                 is_protected = int(l, 16)
 517                 if is_protected != 1:
 518                     state = 0
 519             if state != 1:
 520                 raise Exception("Broadcast packets were not encrypted when station was connected")
 521         else:
 522             raise Exception("second frame not observed")
 523
 524         dev[0].request("DISCONNECT")
 525         dev[0].wait_disconnected()
 526
 527     finally:
 528         subprocess.call(['ip', 'link', 'set', 'dev', 'brvlan1', 'down'])
 529         subprocess.call(['ip', 'link', 'set', 'dev', 'wlan3.1', 'down'],
 530                         stderr=open('/dev/null', 'w'))
 531         subprocess.call(['brctl', 'delif', 'brvlan1', 'wlan3.1'],
 532                         stderr=open('/dev/null', 'w'))
 533         subprocess.call(['brctl', 'delbr', 'brvlan1'])
 534
 535 @remote_compatible
 536 def test_ap_open_per_sta_vif(dev, apdev):
 537     """AP VLAN with open network"""
 538     params = { "ssid": "test-vlan-open",
 539                "per_sta_vif": "1" }
 540     hapd = hostapd.add_ap(apdev[0], params)
 541
 542     dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
 543     hwsim_utils.test_connectivity_iface(dev[0], hapd,
 544                                         apdev[0]['ifname'] + ".4096")
 545
 546 @remote_compatible
 547 def test_ap_vlan_open_per_sta_vif(dev, apdev):
 548     """AP VLAN (dynamic) with open network"""
 549     params = { "ssid": "test-vlan-open",
 550                "per_sta_vif": "1",
 551                "dynamic_vlan": "1" }
 552     hapd = hostapd.add_ap(apdev[0], params)
 553
 554     dev[0].connect("test-vlan-open", key_mgmt="NONE", scan_freq="2412")
 555     hwsim_utils.test_connectivity_iface(dev[0], hapd,
 556                                         apdev[0]['ifname'] + ".4096")
 557
 558 def test_ap_vlan_wpa2_radius_tagged(dev, apdev):
 559     """AP VLAN with WPA2-Enterprise and RADIUS EGRESS_VLANID attributes"""
 560     ifname = 'wlan0.1'
 561     try:
 562         params = hostapd.wpa2_eap_params(ssid="test-vlan")
 563         params['dynamic_vlan'] = "1"
 564         params["vlan_naming"] = "1"
 565         hapd = hostapd.add_ap(apdev[0], params)
 566
 567         dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 568                        identity="vlan1tagged",
 569                        password_hex="0123456789abcdef0123456789abcdef",
 570                        scan_freq="2412")
 571
 572         # Create tagged interface for wpa_supplicant
 573         subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
 574                          'name', ifname, 'type', 'vlan', 'id', '1'])
 575         subprocess.call(['ifconfig', ifname, 'up'])
 576
 577         hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1=ifname,
 578                                           ifname2="brvlan1")
 579     finally:
 580         subprocess.call(['ifconfig', ifname, 'down'])
 581         subprocess.call(['ip', 'link', 'del', ifname])
 582
 583 def test_ap_vlan_wpa2_radius_mixed(dev, apdev):
 584     """AP VLAN with WPA2-Enterprise and tagged+untagged VLANs"""
 585     ifname = 'wlan0.1'
 586     try:
 587         params = hostapd.wpa2_eap_params(ssid="test-vlan")
 588         params['dynamic_vlan'] = "1"
 589         params["vlan_naming"] = "1"
 590         hapd = hostapd.add_ap(apdev[0], params)
 591
 592         dev[0].connect("test-vlan", key_mgmt="WPA-EAP", eap="PAX",
 593                        identity="vlan12mixed",
 594                        password_hex="0123456789abcdef0123456789abcdef",
 595                        scan_freq="2412")
 596
 597         # Add tagged VLAN interface to wpa_supplicant interface for testing
 598         subprocess.call(['ip', 'link', 'add', 'link', dev[0].ifname,
 599                          'name', ifname, 'type', 'vlan', 'id', '1'])
 600         subprocess.call(['ifconfig', ifname, 'up'])
 601
 602         logger.info("Test connectivity in untagged VLAN 2")
 603         hwsim_utils.run_connectivity_test(dev[0], hapd, 0,
 604                                           ifname1=dev[0].ifname,
 605                                           ifname2="brvlan2")
 606         logger.info("Test connectivity in tagged VLAN 1")
 607         hwsim_utils.run_connectivity_test(dev[0], hapd, 0, ifname1=ifname,
 608                                           ifname2="brvlan1")
 609     finally:
 610         subprocess.call(['ifconfig', ifname, 'down'])
 611         subprocess.call(['ip', 'link', 'del', ifname])
 612
 613 def test_ap_vlan_reconnect(dev, apdev):
 614     """AP VLAN with WPA2-PSK connect, disconnect, connect"""
 615     params = hostapd.wpa2_params(ssid="test-vlan",
 616                                  passphrase="12345678")
 617     params['dynamic_vlan'] = "1"
 618     params['accept_mac_file'] = "hostapd.accept"
 619     hapd = hostapd.add_ap(apdev[0], params)
 620
 621     logger.info("connect sta")
 622     dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
 623     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")
 624     logger.info("disconnect sta")
 625     dev[0].request("REMOVE_NETWORK all")
 626     dev[0].wait_disconnected(timeout=10)
 627     time.sleep(1)
 628     logger.info("reconnect sta")
 629     dev[0].connect("test-vlan", psk="12345678", scan_freq="2412")
 630     hwsim_utils.test_connectivity_iface(dev[0], hapd, "brvlan1")