# Scanning tests # Copyright (c) 2013-2016, Jouni Malinen # # This software may be distributed under the terms of the BSD license. # See README for more details. from remotehost import remote_compatible import binascii import time import logging logger = logging.getLogger() import os import struct import subprocess import hostapd from wpasupplicant import WpaSupplicant from utils import * from tshark import run_tshark from test_ap_csa import switch_channel, wait_channel_switch, csa_supported def check_scan(dev, params, other_started=False, test_busy=False): if not other_started: dev.dump_monitor() id = dev.request("SCAN " + params) if "FAIL" in id: raise Exception("Failed to start scan") id = int(id) if test_busy: if "FAIL-BUSY" not in dev.request("SCAN"): raise Exception("SCAN command while already scanning not rejected") if other_started: ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"]) if ev is None: raise Exception("Other scan did not start") if "id=" + str(id) in ev: raise Exception("Own scan id unexpectedly included in start event") ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Other scan did not complete") if "id=" + str(id) in ev: raise Exception("Own scan id unexpectedly included in completed event") ev = dev.wait_event(["CTRL-EVENT-SCAN-STARTED"]) if ev is None: raise Exception("Scan did not start") if "id=" + str(id) not in ev: raise Exception("Scan id not included in start event") if test_busy: if "FAIL-BUSY" not in dev.request("SCAN"): raise Exception("SCAN command while already scanning not rejected") ev = dev.wait_event(["CTRL-EVENT-SCAN-RESULTS"]) if ev is None: raise Exception("Scan did not complete") if "id=" + str(id) not in ev: raise Exception("Scan id not included in completed event") def check_scan_retry(dev, params, bssid): for i in range(0, 5): check_scan(dev, "freq=2412-2462,5180 use_id=1") if int(dev.get_bss(bssid)['age']) <= 1: return raise Exception("Unexpectedly old BSS entry") @remote_compatible def test_scan(dev, apdev): """Control interface behavior on scan parameters""" hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] logger.info("Full scan") check_scan(dev[0], "use_id=1", test_busy=True) logger.info("Limited channel scan") check_scan_retry(dev[0], "freq=2412-2462,5180 use_id=1", bssid) # wait long enough to allow next scans to be verified not to find the AP time.sleep(2) logger.info("Passive single-channel scan") check_scan(dev[0], "freq=2457 passive=1 use_id=1") logger.info("Active single-channel scan") check_scan(dev[0], "freq=2452 passive=0 use_id=1") if int(dev[0].get_bss(bssid)['age']) < 2: raise Exception("Unexpectedly updated BSS entry") logger.info("Active single-channel scan on AP's operating channel") check_scan_retry(dev[0], "freq=2412 passive=0 use_id=1", bssid) @remote_compatible def test_scan_tsf(dev, apdev): """Scan and TSF updates from Beacon/Probe Response frames""" hostapd.add_ap(apdev[0], {"ssid": "test-scan", 'beacon_int': "100"}) bssid = apdev[0]['bssid'] tsf = [] for passive in [1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1]: check_scan(dev[0], "freq=2412 passive=%d use_id=1" % passive) bss = dev[0].get_bss(bssid) if bss: tsf.append(int(bss['tsf'])) logger.info("TSF: " + bss['tsf']) if tsf[-3] <= tsf[-4]: # For now, only write this in the log without failing the test case # since mac80211_hwsim does not yet update the Timestamp field in # Probe Response frames. logger.info("Probe Response did not update TSF") #raise Exception("Probe Response did not update TSF") if tsf[-1] <= tsf[-3]: raise Exception("Beacon did not update TSF") if 0 in tsf: raise Exception("0 TSF reported") @remote_compatible def test_scan_only(dev, apdev): """Control interface behavior on scan parameters with type=only""" hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] logger.info("Full scan") check_scan(dev[0], "type=only use_id=1") logger.info("Limited channel scan") check_scan_retry(dev[0], "type=only freq=2412-2462,5180 use_id=1", bssid) # wait long enough to allow next scans to be verified not to find the AP time.sleep(2) logger.info("Passive single-channel scan") check_scan(dev[0], "type=only freq=2457 passive=1 use_id=1") logger.info("Active single-channel scan") check_scan(dev[0], "type=only freq=2452 passive=0 use_id=1") if int(dev[0].get_bss(bssid)['age']) < 2: raise Exception("Unexpectedly updated BSS entry") logger.info("Active single-channel scan on AP's operating channel") check_scan_retry(dev[0], "type=only freq=2412 passive=0 use_id=1", bssid) @remote_compatible def test_scan_external_trigger(dev, apdev): """Avoid operations during externally triggered scan""" hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger']) check_scan(dev[0], "use_id=1", other_started=True) def test_scan_bss_expiration_count(dev, apdev): """BSS entry expiration based on scan results without match""" if "FAIL" not in dev[0].request("BSS_EXPIRE_COUNT 0"): raise Exception("Invalid BSS_EXPIRE_COUNT accepted") if "OK" not in dev[0].request("BSS_EXPIRE_COUNT 2"): raise Exception("BSS_EXPIRE_COUNT failed") hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] dev[0].scan(freq="2412", only_new=True) if bssid not in dev[0].request("SCAN_RESULTS"): raise Exception("BSS not found in initial scan") hapd.request("DISABLE") # Try to give enough time for hostapd to have stopped mac80211 from # beaconing before checking a new scan. This is needed with UML time travel # testing. hapd.ping() time.sleep(0.2) dev[0].scan(freq="2412", only_new=True) if bssid not in dev[0].request("SCAN_RESULTS"): raise Exception("BSS not found in first scan without match") dev[0].scan(freq="2412", only_new=True) if bssid in dev[0].request("SCAN_RESULTS"): raise Exception("BSS found after two scans without match") @remote_compatible def test_scan_bss_expiration_age(dev, apdev): """BSS entry expiration based on age""" try: if "FAIL" not in dev[0].request("BSS_EXPIRE_AGE COUNT 9"): raise Exception("Invalid BSS_EXPIRE_AGE accepted") if "OK" not in dev[0].request("BSS_EXPIRE_AGE 10"): raise Exception("BSS_EXPIRE_AGE failed") hapd = hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] # Allow couple more retries to avoid reporting errors during heavy load for i in range(5): dev[0].scan(freq="2412") if bssid in dev[0].request("SCAN_RESULTS"): break if bssid not in dev[0].request("SCAN_RESULTS"): raise Exception("BSS not found in initial scan") hapd.request("DISABLE") logger.info("Waiting for BSS entry to expire") time.sleep(7) if bssid not in dev[0].request("SCAN_RESULTS"): raise Exception("BSS expired too quickly") ev = dev[0].wait_event(["CTRL-EVENT-BSS-REMOVED"], timeout=15) if ev is None: raise Exception("BSS entry expiration timed out") if bssid in dev[0].request("SCAN_RESULTS"): raise Exception("BSS not removed after expiration time") finally: dev[0].request("BSS_EXPIRE_AGE 180") @remote_compatible def test_scan_filter(dev, apdev): """Filter scan results based on SSID""" try: if "OK" not in dev[0].request("SET filter_ssids 1"): raise Exception("SET failed") id = dev[0].connect("test-scan", key_mgmt="NONE", only_add_network=True) hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] hostapd.add_ap(apdev[1], {"ssid": "test-scan2"}) bssid2 = apdev[1]['bssid'] dev[0].scan(freq="2412", only_new=True) if bssid not in dev[0].request("SCAN_RESULTS"): raise Exception("BSS not found in scan results") if bssid2 in dev[0].request("SCAN_RESULTS"): raise Exception("Unexpected BSS found in scan results") dev[0].set_network_quoted(id, "ssid", "") dev[0].scan(freq="2412") id2 = dev[0].connect("test", key_mgmt="NONE", only_add_network=True) dev[0].scan(freq="2412") finally: dev[0].request("SET filter_ssids 0") @remote_compatible def test_scan_int(dev, apdev): """scan interval configuration""" try: if "FAIL" not in dev[0].request("SCAN_INTERVAL -1"): raise Exception("Accepted invalid scan interval") if "OK" not in dev[0].request("SCAN_INTERVAL 1"): raise Exception("Failed to set scan interval") dev[0].connect("not-used", key_mgmt="NONE", scan_freq="2412", wait_connect=False) times = {} for i in range(0, 3): logger.info("Waiting for scan to start") start = os.times()[4] ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=5) if ev is None: raise Exception("did not start a scan") stop = os.times()[4] times[i] = stop - start logger.info("Waiting for scan to complete") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10) if ev is None: raise Exception("did not complete a scan") logger.info("times=" + str(times)) if times[0] > 1 or times[1] < 0.5 or times[1] > 1.5 or times[2] < 0.5 or times[2] > 1.5: raise Exception("Unexpected scan timing: " + str(times)) finally: dev[0].request("SCAN_INTERVAL 5") def test_scan_bss_operations(dev, apdev): """Control interface behavior on BSS parameters""" hostapd.add_ap(apdev[0], {"ssid": "test-scan"}) bssid = apdev[0]['bssid'] hostapd.add_ap(apdev[1], {"ssid": "test2-scan"}) bssid2 = apdev[1]['bssid'] dev[0].scan(freq="2412") dev[0].scan(freq="2412") dev[0].scan(freq="2412") id1 = dev[0].request("BSS FIRST MASK=0x1").splitlines()[0].split('=')[1] id2 = dev[0].request("BSS LAST MASK=0x1").splitlines()[0].split('=')[1] res = dev[0].request("BSS RANGE=ALL MASK=0x20001") if "id=" + id1 not in res: raise Exception("Missing BSS " + id1) if "id=" + id2 not in res: raise Exception("Missing BSS " + id2) if "====" not in res: raise Exception("Missing delim") if "####" not in res: raise Exception("Missing end") res = dev[0].request("BSS RANGE=ALL MASK=0") if "id=" + id1 not in res: raise Exception("Missing BSS " + id1) if "id=" + id2 not in res: raise Exception("Missing BSS " + id2) if "====" in res: raise Exception("Unexpected delim") if "####" in res: raise Exception("Unexpected end delim") res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines() if len(res) != 2: raise Exception("Unexpected result: " + str(res)) res = dev[0].request("BSS FIRST MASK=0x1") if "id=" + id1 not in res: raise Exception("Unexpected result: " + res) res = dev[0].request("BSS LAST MASK=0x1") if "id=" + id2 not in res: raise Exception("Unexpected result: " + res) res = dev[0].request("BSS ID-" + id1 + " MASK=0x1") if "id=" + id1 not in res: raise Exception("Unexpected result: " + res) res = dev[0].request("BSS NEXT-" + id1 + " MASK=0x1") if "id=" + id2 not in res: raise Exception("Unexpected result: " + res) res = dev[0].request("BSS NEXT-" + id2 + " MASK=0x1") if "id=" in res: raise Exception("Unexpected result: " + res) if len(dev[0].request("BSS RANGE=" + id2 + " MASK=0x1").splitlines()) != 0: raise Exception("Unexpected RANGE=1 result") if len(dev[0].request("BSS RANGE=" + id1 + "- MASK=0x1").splitlines()) != 2: raise Exception("Unexpected RANGE=0- result") if len(dev[0].request("BSS RANGE=-" + id2 + " MASK=0x1").splitlines()) != 2: raise Exception("Unexpected RANGE=-1 result") if len(dev[0].request("BSS RANGE=" + id1 + "-" + id2 + " MASK=0x1").splitlines()) != 2: raise Exception("Unexpected RANGE=0-1 result") if len(dev[0].request("BSS RANGE=" + id2 + "-" + id2 + " MASK=0x1").splitlines()) != 1: raise Exception("Unexpected RANGE=1-1 result") if len(dev[0].request("BSS RANGE=" + str(int(id2) + 1) + "-" + str(int(id2) + 10) + " MASK=0x1").splitlines()) != 0: raise Exception("Unexpected RANGE=2-10 result") if len(dev[0].request("BSS RANGE=0-" + str(int(id2) + 10) + " MASK=0x1").splitlines()) != 2: raise Exception("Unexpected RANGE=0-10 result") if len(dev[0].request("BSS RANGE=" + id1 + "-" + id1 + " MASK=0x1").splitlines()) != 1: raise Exception("Unexpected RANGE=0-0 result") res = dev[0].request("BSS p2p_dev_addr=FOO") if "FAIL" in res or "id=" in res: raise Exception("Unexpected result: " + res) res = dev[0].request("BSS p2p_dev_addr=00:11:22:33:44:55") if "FAIL" in res or "id=" in res: raise Exception("Unexpected result: " + res) dev[0].request("BSS_FLUSH 1000") res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines() if len(res) != 2: raise Exception("Unexpected result after BSS_FLUSH 1000") dev[0].request("BSS_FLUSH 0") res = dev[0].request("BSS RANGE=ALL MASK=0x1").splitlines() if len(res) != 0: raise Exception("Unexpected result after BSS_FLUSH 0") @remote_compatible def test_scan_and_interface_disabled(dev, apdev): """Scan operation when interface gets disabled""" try: dev[0].request("SCAN") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"]) if ev is None: raise Exception("Scan did not start") dev[0].request("DRIVER_EVENT INTERFACE_DISABLED") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=7) if ev is not None: raise Exception("Scan completed unexpectedly") # verify that scan is rejected if "FAIL" not in dev[0].request("SCAN"): raise Exception("New scan request was accepted unexpectedly") dev[0].request("DRIVER_EVENT INTERFACE_ENABLED") dev[0].scan(freq="2412") finally: dev[0].request("DRIVER_EVENT INTERFACE_ENABLED") @remote_compatible def test_scan_for_auth(dev, apdev): """cfg80211 workaround with scan-for-auth""" hapd = hostapd.add_ap(apdev[0], {"ssid": "open"}) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") # Block sme-connect radio work with an external radio work item, so that # SELECT_NETWORK can decide to use fast associate without a new scan while # cfg80211 still has the matching BSS entry, but the actual connection is # not yet started. id = dev[0].request("RADIO_WORK add block-work") ev = dev[0].wait_event(["EXT-RADIO-WORK-START"]) if ev is None: raise Exception("Timeout while waiting radio work to start") dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[0].dump_monitor() # Clear cfg80211 BSS table. res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2457', 'flush']) if res != 0: raise HwsimSkip("iw scan trigger flush not supported") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5) if ev is None: raise Exception("External flush scan timed out") # Release blocking radio work to allow connection to go through with the # cfg80211 BSS entry missing. dev[0].request("RADIO_WORK done " + id) dev[0].wait_connected(timeout=15) @remote_compatible def test_scan_for_auth_fail(dev, apdev): """cfg80211 workaround with scan-for-auth failing""" hapd = hostapd.add_ap(apdev[0], {"ssid": "open"}) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") # Block sme-connect radio work with an external radio work item, so that # SELECT_NETWORK can decide to use fast associate without a new scan while # cfg80211 still has the matching BSS entry, but the actual connection is # not yet started. id = dev[0].request("RADIO_WORK add block-work") ev = dev[0].wait_event(["EXT-RADIO-WORK-START"]) if ev is None: raise Exception("Timeout while waiting radio work to start") dev[0].connect("open", key_mgmt="NONE", scan_freq="2412", wait_connect=False) dev[0].dump_monitor() hapd.disable() # Clear cfg80211 BSS table. res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2457', 'flush']) if res != 0: raise HwsimSkip("iw scan trigger flush not supported") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5) if ev is None: raise Exception("External flush scan timed out") # Release blocking radio work to allow connection to go through with the # cfg80211 BSS entry missing. dev[0].request("RADIO_WORK done " + id) ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS", "CTRL-EVENT-CONNECTED"], 15) if ev is None: raise Exception("Scan event missing") if "CTRL-EVENT-CONNECTED" in ev: raise Exception("Unexpected connection") dev[0].request("DISCONNECT") @remote_compatible def test_scan_for_auth_wep(dev, apdev): """cfg80211 scan-for-auth workaround with WEP keys""" check_wep_capa(dev[0]) dev[0].flush_scan_cache() hapd = hostapd.add_ap(apdev[0], {"ssid": "wep", "wep_key0": '"abcde"', "auth_algs": "2"}) dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412") # Block sme-connect radio work with an external radio work item, so that # SELECT_NETWORK can decide to use fast associate without a new scan while # cfg80211 still has the matching BSS entry, but the actual connection is # not yet started. id = dev[0].request("RADIO_WORK add block-work") ev = dev[0].wait_event(["EXT-RADIO-WORK-START"]) if ev is None: raise Exception("Timeout while waiting radio work to start") dev[0].connect("wep", key_mgmt="NONE", wep_key0='"abcde"', auth_alg="SHARED", scan_freq="2412", wait_connect=False) dev[0].dump_monitor() # Clear cfg80211 BSS table. res, data = dev[0].cmd_execute(['iw', dev[0].ifname, 'scan', 'trigger', 'freq', '2457', 'flush']) if res != 0: raise HwsimSkip("iw scan trigger flush not supported") ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5) if ev is None: raise Exception("External flush scan timed out") # Release blocking radio work to allow connection to go through with the # cfg80211 BSS entry missing. dev[0].request("RADIO_WORK done " + id) dev[0].wait_connected(timeout=15) @remote_compatible def test_scan_hidden(dev, apdev): """Control interface behavior on scan parameters""" dev[0].flush_scan_cache() ssid = "test-scan" wrong_ssid = "wrong" hapd = hostapd.add_ap(apdev[0], {"ssid": ssid, "ignore_broadcast_ssid": "1"}) bssid = apdev[0]['bssid'] check_scan(dev[0], "freq=2412 use_id=1") try: payload = struct.pack('BB', 0, len(wrong_ssid)) + wrong_ssid.encode() ssid_list = struct.pack('BB', 84, len(payload)) + payload cmd = "VENDOR_ELEM_ADD 14 " + binascii.hexlify(ssid_list).decode() if "OK" not in dev[0].request(cmd): raise Exception("VENDOR_ELEM_ADD failed") check_scan(dev[0], "freq=2412 use_id=1") payload = struct.pack('