mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
tests: Add kernel BSS leak tests
Add two tests that check if the kernel BSS leak (when we get a deauth or otherwise abandon an association attempt) is present in the kernel. This is for a long-standing cfg80211/mac80211 issue that got fixed with the kernel commit 'cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts'. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
52358b08f5
commit
c7c4600260
57
tests/hwsim/test_kernel.py
Normal file
57
tests/hwsim/test_kernel.py
Normal file
@ -0,0 +1,57 @@
|
||||
# Test a few kernel bugs
|
||||
# Copyright (c) 2016, Intel Deutschland GmbH
|
||||
#
|
||||
# Author: Johannes Berg <johannes.berg@intel.com>
|
||||
#
|
||||
# This software may be distributed under the terms of the BSD license.
|
||||
# See README for more details.
|
||||
|
||||
import hostapd
|
||||
import binascii
|
||||
|
||||
def _test_kernel_bss_leak(dev, apdev, deauth):
|
||||
ssid = "test-bss-leak"
|
||||
passphrase = 'qwertyuiop'
|
||||
params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
|
||||
hapd = hostapd.add_ap(apdev[0], params)
|
||||
hapd.set("ext_mgmt_frame_handling", "1")
|
||||
dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False)
|
||||
while True:
|
||||
pkt = hapd.mgmt_rx()
|
||||
if not pkt:
|
||||
raise Exception("MGMT RX wait timed out for auth frame")
|
||||
if pkt['fc'] & 0xc:
|
||||
continue
|
||||
if pkt['subtype'] == 0: # assoc request
|
||||
if deauth:
|
||||
# return a deauth immediately
|
||||
hapd.mgmt_tx({
|
||||
'fc': 0xc0,
|
||||
'sa': pkt['da'],
|
||||
'da': pkt['sa'],
|
||||
'bssid': pkt['bssid'],
|
||||
'payload': '\x01\x00',
|
||||
})
|
||||
break
|
||||
else:
|
||||
hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=%s" % (
|
||||
binascii.hexlify(pkt['frame']), ))
|
||||
hapd.set("ext_mgmt_frame_handling", "0")
|
||||
|
||||
hapd.request("STOP_AP")
|
||||
|
||||
dev[0].request("REMOVE_NETWORK all")
|
||||
dev[0].wait_disconnected()
|
||||
|
||||
dev[0].flush_scan_cache(freq=5180)
|
||||
res = dev[0].request("SCAN_RESULTS")
|
||||
if len(res.splitlines()) > 1:
|
||||
raise Exception("BSS entry should no longer be around")
|
||||
|
||||
def test_kernel_bss_leak_deauth(dev, apdev):
|
||||
"""cfg80211/mac80211 BSS leak on deauthentication"""
|
||||
return _test_kernel_bss_leak(dev, apdev, deauth=True)
|
||||
|
||||
def test_kernel_bss_leak_timeout(dev, apdev):
|
||||
"""cfg80211/mac80211 BSS leak on timeout"""
|
||||
return _test_kernel_bss_leak(dev, apdev, deauth=False)
|
Loading…
Reference in New Issue
Block a user