From a2acadf605c1a3f49f4def81c1728f13cba362ad Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 27 Dec 2018 15:57:45 +0200 Subject: [PATCH] tests: MACsec PSK with bridge interface Signed-off-by: Jouni Malinen --- tests/hwsim/test_macsec.py | 108 +++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/tests/hwsim/test_macsec.py b/tests/hwsim/test_macsec.py index c24c47268..67638f0d3 100644 --- a/tests/hwsim/test_macsec.py +++ b/tests/hwsim/test_macsec.py @@ -296,6 +296,114 @@ def run_macsec_psk(dev, apdev, params, prefix, integ_only=False, port0=None, for i in range(len(cmd)): cmd[i].terminate() +def cleanup_macsec_br(count): + wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') + for i in range(count): + wpas.interface_remove("veth%d" % i) + subprocess.call(["ip", "link", "del", "veth%d" % i], + stderr=open('/dev/null', 'w')) + subprocess.call(["ip", "link", "set", "brveth", "down"]) + subprocess.call(["brctl", "delbr", "brveth"]) + +def test_macsec_psk_br2(dev, apdev): + """MACsec PSK (bridge; 2 devices)""" + try: + run_macsec_psk_br(dev, apdev, 2, [10, 20]) + finally: + cleanup_macsec_br(count=2) + +def test_macsec_psk_br2_same_prio(dev, apdev): + """MACsec PSK (bridge; 2 devices, same mka_priority)""" + try: + run_macsec_psk_br(dev, apdev, 2, [None, None]) + finally: + cleanup_macsec_br(count=2) + +def test_macsec_psk_br3(dev, apdev): + """MACsec PSK (bridge; 3 devices)""" + try: + run_macsec_psk_br(dev, apdev, 3, [10, 20, 30]) + finally: + cleanup_macsec_br(count=3) + +def test_macsec_psk_br3_same_prio(dev, apdev): + """MACsec PSK (bridge; 3 devices, same mka_priority)""" + try: + run_macsec_psk_br(dev, apdev, 3, [None, None, None]) + finally: + cleanup_macsec_br(count=3) + +def run_macsec_psk_br(dev, apdev, count, mka_priority): + subprocess.check_call(["brctl", "addbr", "brveth"]) + subprocess.call(["echo 8 > /sys/devices/virtual/net/brveth/bridge/group_fwd_mask"], + shell=True) + + try: + for i in range(count): + subprocess.check_call([ "ip", "link", "add", "veth%d" % i, + "type", "veth", + "peer", "name", "vethbr%d" % i ]) + subprocess.check_call(["ip", "link", "set", "vethbr%d" % i, "up"]) + subprocess.check_call([ "brctl", "addif", "brveth", + "vethbr%d" % i ]) + except subprocess.CalledProcessError: + raise HwsimSkip("veth not supported (kernel CONFIG_VETH)") + + subprocess.check_call(["ip", "link", "set", "brveth", "up"]) + + log_ip_link() + + wpa = add_wpas_interfaces(count=count) + for i in range(count): + set_mka_psk_config(wpa[i], mka_priority=mka_priority[i]) + wpa[i].dump_monitor() + wait_mka_done(wpa) + + macsec_ifname = [] + for i in range(count): + macsec_ifname.append(wpa[i].get_driver_status_field("parent_ifname")) + + timeout = 2 + max_tries = 2 if count > 2 else 1 + success_seen = False + failure_seen = False + for i in range(1, count): + try: + hwsim_utils.test_connectivity(wpa[0], wpa[i], + ifname1=macsec_ifname[0], + ifname2=macsec_ifname[i], + send_len=1400, + timeout=timeout, max_tries=max_tries) + success_seen = True + logger.info("Traffic test %d<->%d success" % (0, i)) + except: + failure_seen = True + logger.info("Traffic test %d<->%d failure" % (0, i)) + for i in range(2, count): + try: + hwsim_utils.test_connectivity(wpa[1], wpa[i], + ifname1=macsec_ifname[1], + ifname2=macsec_ifname[i], + send_len=1400, + timeout=timeout, max_tries=max_tries) + success_seen = True + logger.info("Traffic test %d<->%d success" % (1, i)) + except: + failure_seen = True + logger.info("Traffic test %d<->%d failure" % (1, i)) + + if not success_seen: + raise Exception("None of the data traffic tests succeeded") + + # Something seems to be failing with three device tests semi-regularly, so + # do not report this as a failed test case until the real reason behind + # those failures have been determined. + if failure_seen: + if count < 3: + raise Exception("Data traffic test failed") + else: + logger.info("Data traffic test failed - ignore for now for >= 3 device cases") + def test_macsec_psk_ns(dev, apdev, params): """MACsec PSK (netns)""" try: