mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-03 12:48:35 -05:00
a00a3458ed
Check whether the unexpected BSS entry is based on having received a Beacon frame instead of Probe Response frame. While this test case is using a huge beacon_int value, it is still possible for mac80211_hwsim timing to work in a way that a Beacon frame is sent. That made this test case fail in some rare cases. Fix this by ignoring the BSS entry if it is based on Beacon frame instead of Probe Response frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
402 lines
14 KiB
Python
402 lines
14 KiB
Python
# Test cases for hostapd tracking unconnected stations
|
|
# Copyright (c) 2015, Jouni Malinen <j@w1.fi>
|
|
#
|
|
# This software may be distributed under the terms of the BSD license.
|
|
# See README for more details.
|
|
|
|
import logging
|
|
logger = logging.getLogger()
|
|
import subprocess
|
|
import time
|
|
|
|
import hostapd
|
|
from wpasupplicant import WpaSupplicant
|
|
from utils import parse_ie
|
|
|
|
def test_ap_track_sta(dev, apdev):
|
|
"""Dualband AP tracking unconnected stations"""
|
|
try:
|
|
_test_ap_track_sta(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta(dev, apdev):
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"track_sta_max_num": "2" }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"track_sta_max_num": "100",
|
|
"track_sta_max_age": "1" }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
for i in range(2):
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[2].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
|
|
addr0 = dev[0].own_addr()
|
|
addr1 = dev[1].own_addr()
|
|
addr2 = dev[2].own_addr()
|
|
|
|
track = hapd.request("TRACK_STA_LIST")
|
|
if addr0 not in track or addr1 not in track:
|
|
raise Exception("Station missing from 2.4 GHz tracking")
|
|
if addr2 in track:
|
|
raise Exception("Unexpected station included in 2.4 GHz tracking")
|
|
|
|
track = hapd2.request("TRACK_STA_LIST")
|
|
if addr0 not in track or addr2 not in track:
|
|
raise Exception("Station missing from 5 GHz tracking")
|
|
if addr1 in track:
|
|
raise Exception("Unexpected station included in 5 GHz tracking")
|
|
|
|
# Test expiration
|
|
time.sleep(1.1)
|
|
track = hapd.request("TRACK_STA_LIST")
|
|
if addr0 not in track or addr1 not in track:
|
|
raise Exception("Station missing from 2.4 GHz tracking (expiration)")
|
|
track = hapd2.request("TRACK_STA_LIST")
|
|
if addr0 in track or addr2 in track:
|
|
raise Exception("Station not expired from 5 GHz tracking")
|
|
|
|
# Test maximum list length
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[2].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
track = hapd.request("TRACK_STA_LIST")
|
|
if len(track.splitlines()) != 2:
|
|
raise Exception("Unexpected number of entries: %d" % len(track.splitlines()))
|
|
if addr1 not in track or addr2 not in track:
|
|
raise Exception("Station missing from 2.4 GHz tracking (max limit)")
|
|
|
|
def test_ap_track_sta_no_probe_resp(dev, apdev):
|
|
"""Dualband AP not replying to probes from dualband STA on 2.4 GHz"""
|
|
try:
|
|
_test_ap_track_sta_no_probe_resp(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta_no_probe_resp(dev, apdev):
|
|
dev[0].flush_scan_cache()
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"beacon_int": "10000",
|
|
"no_probe_resp_if_seen_on": apdev[1]['ifname'] }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"track_sta_max_num": "100" }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[0].scan(freq=2437, type="ONLY")
|
|
dev[0].scan(freq=2437, type="ONLY")
|
|
|
|
bss = dev[0].get_bss(bssid)
|
|
if bss:
|
|
ie = parse_ie(bss['ie'])
|
|
# Check whether this is from a Beacon frame (TIM element included) since
|
|
# it is possible that a Beacon frame was received during the active
|
|
# scan. This test should fail only if a Probe Response frame was
|
|
# received.
|
|
if 5 not in ie:
|
|
raise Exception("2.4 GHz AP found unexpectedly")
|
|
|
|
def test_ap_track_sta_no_auth(dev, apdev):
|
|
"""Dualband AP rejecting authentication from dualband STA on 2.4 GHz"""
|
|
try:
|
|
_test_ap_track_sta_no_auth(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta_no_auth(dev, apdev):
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"track_sta_max_num": "100",
|
|
"no_auth_if_seen_on": apdev[1]['ifname'] }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"track_sta_max_num": "100" }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
|
|
dev[1].connect("track", key_mgmt="NONE", scan_freq="2437")
|
|
|
|
dev[0].connect("track", key_mgmt="NONE", scan_freq="2437",
|
|
freq_list="2437", wait_connect=False)
|
|
dev[1].request("DISCONNECT")
|
|
ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
|
|
"CTRL-EVENT-AUTH-REJECT" ], timeout=10)
|
|
if ev is None:
|
|
raise Exception("Unknown connection result")
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
raise Exception("Unexpected connection")
|
|
if "status_code=82" not in ev:
|
|
raise Exception("Unexpected rejection reason: " + ev)
|
|
if "ie=34" not in ev:
|
|
raise Exception("No Neighbor Report element: " + ev)
|
|
dev[0].request("DISCONNECT")
|
|
|
|
def test_ap_track_sta_no_auth_passive(dev, apdev):
|
|
"""AP rejecting authentication from dualband STA on 2.4 GHz (passive)"""
|
|
try:
|
|
_test_ap_track_sta_no_auth_passive(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta_no_auth_passive(dev, apdev):
|
|
dev[0].flush_scan_cache()
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"no_auth_if_seen_on": apdev[1]['ifname'] }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"interworking": "1",
|
|
"venue_name": "eng:Venue",
|
|
"track_sta_max_num": "100" }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
for i in range(10):
|
|
dev[0].request("SCAN freq=5200 passive=1")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=5)
|
|
if ev is None:
|
|
raise Exception("Scan did not complete")
|
|
if dev[0].get_bss(bssid2):
|
|
break
|
|
if i == 9:
|
|
raise Exception("AP not found with passive scans")
|
|
|
|
if "OK" not in dev[0].request("ANQP_GET " + bssid2 + " 258"):
|
|
raise Exception("ANQP_GET command failed")
|
|
ev = dev[0].wait_event(["RX-ANQP"], timeout=1)
|
|
if ev is None or "Venue Name" not in ev:
|
|
raise Exception("Did not receive Venue Name")
|
|
|
|
dev[0].connect("track", key_mgmt="NONE", scan_freq="2437",
|
|
freq_list="2437", wait_connect=False)
|
|
ev = dev[0].wait_event([ "CTRL-EVENT-CONNECTED",
|
|
"CTRL-EVENT-AUTH-REJECT" ], timeout=10)
|
|
if ev is None:
|
|
raise Exception("Unknown connection result")
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
raise Exception("Unexpected connection")
|
|
if "status_code=82" not in ev:
|
|
raise Exception("Unexpected rejection reason: " + ev)
|
|
dev[0].request("DISCONNECT")
|
|
|
|
def test_ap_track_sta_force_5ghz(dev, apdev):
|
|
"""Dualband AP forcing dualband STA to connect on 5 GHz"""
|
|
try:
|
|
_test_ap_track_sta_force_5ghz(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta_force_5ghz(dev, apdev):
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"no_probe_resp_if_seen_on": apdev[1]['ifname'],
|
|
"no_auth_if_seen_on": apdev[1]['ifname'] }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"track_sta_max_num": "100" }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
|
|
dev[0].connect("track", key_mgmt="NONE", scan_freq="2437 5200")
|
|
freq = dev[0].get_status_field('freq')
|
|
if freq != '5200':
|
|
raise Exception("Unexpected operating channel")
|
|
dev[0].request("DISCONNECT")
|
|
|
|
def test_ap_track_sta_force_2ghz(dev, apdev):
|
|
"""Dualband AP forcing dualband STA to connect on 2.4 GHz"""
|
|
try:
|
|
_test_ap_track_sta_force_2ghz(dev, apdev)
|
|
finally:
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
|
|
def _test_ap_track_sta_force_2ghz(dev, apdev):
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"track_sta_max_num": "100" }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "a",
|
|
"channel": "40",
|
|
"no_probe_resp_if_seen_on": apdev[0]['ifname'],
|
|
"no_auth_if_seen_on": apdev[0]['ifname'] }
|
|
hapd2 = hostapd.add_ap(apdev[1], params)
|
|
bssid2 = apdev[1]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid2, freq=5200, force_scan=True)
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
|
|
dev[0].connect("track", key_mgmt="NONE", scan_freq="2437 5200")
|
|
freq = dev[0].get_status_field('freq')
|
|
if freq != '2437':
|
|
raise Exception("Unexpected operating channel")
|
|
dev[0].request("DISCONNECT")
|
|
|
|
def test_ap_track_taxonomy(dev, apdev):
|
|
"""AP tracking STA taxonomy"""
|
|
try:
|
|
_test_ap_track_taxonomy(dev, apdev)
|
|
finally:
|
|
dev[1].request("SET p2p_disabled 0")
|
|
subprocess.call(['iw', 'reg', 'set', '00'])
|
|
dev[0].flush_scan_cache()
|
|
dev[1].flush_scan_cache()
|
|
dev[2].flush_scan_cache()
|
|
|
|
def _test_ap_track_taxonomy(dev, apdev):
|
|
params = { "ssid": "track",
|
|
"country_code": "US",
|
|
"hw_mode": "g",
|
|
"channel": "6",
|
|
"track_sta_max_num": "2" }
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
bssid = apdev[0]['bssid']
|
|
|
|
dev[0].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
addr0 = dev[0].own_addr()
|
|
dev[0].connect("track", key_mgmt="NONE", scan_freq="2437")
|
|
|
|
dev[1].request("SET p2p_disabled 1")
|
|
dev[1].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
addr1 = dev[1].own_addr()
|
|
dev[1].connect("track", key_mgmt="NONE", scan_freq="2437")
|
|
|
|
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
|
|
wpas.interface_add("wlan5")
|
|
wpas.request("SET model_name track test")
|
|
wpas.scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
addr = wpas.own_addr()
|
|
wpas.connect("track", key_mgmt="NONE", scan_freq="2437")
|
|
|
|
if "FAIL" not in hapd.request("SIGNATURE abc"):
|
|
raise Exception("SIGNATURE failure not reported (1)")
|
|
if "FAIL" not in hapd.request("SIGNATURE 22:33:44:55:66:77"):
|
|
raise Exception("SIGNATURE failure not reported (2)")
|
|
|
|
res = hapd.request("SIGNATURE " + addr0)
|
|
logger.info("sta0: " + res)
|
|
if not res.startswith("wifi4|probe:"):
|
|
raise Exception("Unexpected SIGNATURE prefix")
|
|
if "|assoc:" not in res:
|
|
raise Exception("Missing assoc info in SIGNATURE")
|
|
if "wps:track_test" in res:
|
|
raise Exception("Unexpected WPS model name")
|
|
|
|
res = hapd.request("SIGNATURE " + addr1)
|
|
logger.info("sta1: " + res)
|
|
if not res.startswith("wifi4|probe:"):
|
|
raise Exception("Unexpected SIGNATURE prefix")
|
|
if "|assoc:" not in res:
|
|
raise Exception("Missing assoc info in SIGNATURE")
|
|
if "wps:" in res:
|
|
raise Exception("Unexpected WPS info");
|
|
if ",221(0050f2,4)," in res:
|
|
raise Exception("Unexpected WPS IE info");
|
|
if ",221(506f9a,9)," in res:
|
|
raise Exception("Unexpected P2P IE info");
|
|
|
|
res = hapd.request("SIGNATURE " + addr)
|
|
logger.info("sta: " + res)
|
|
if not res.startswith("wifi4|probe:"):
|
|
raise Exception("Unexpected SIGNATURE prefix")
|
|
if "|assoc:" not in res:
|
|
raise Exception("Missing assoc info in SIGNATURE")
|
|
if "wps:track_test" not in res:
|
|
raise Exception("Missing WPS model name")
|
|
if ",221(0050f2,4)," not in res:
|
|
raise Exception("Missing WPS IE info");
|
|
if ",221(506f9a,9)," not in res:
|
|
raise Exception("Missing P2P IE info");
|
|
|
|
addr2 = dev[2].own_addr()
|
|
res = hapd.request("SIGNATURE " + addr2)
|
|
if "FAIL" not in res:
|
|
raise Exception("Unexpected SIGNATURE success for sta2 (1)")
|
|
|
|
for i in range(10):
|
|
dev[2].request("SCAN freq=2437 passive=1")
|
|
ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
|
|
if ev is None:
|
|
raise Exception("Scan did not complete")
|
|
if dev[2].get_bss(bssid):
|
|
break
|
|
|
|
res = hapd.request("SIGNATURE " + addr2)
|
|
if "FAIL" not in res:
|
|
raise Exception("Unexpected SIGNATURE success for sta2 (2)")
|
|
|
|
dev[2].connect("track", key_mgmt="NONE", scan_freq="2437")
|
|
|
|
res = hapd.request("SIGNATURE " + addr2)
|
|
if "FAIL" not in res and len(res) > 0:
|
|
raise Exception("Unexpected SIGNATURE success for sta2 (3)")
|
|
|
|
dev[2].scan_for_bss(bssid, freq=2437, force_scan=True)
|
|
|
|
res = hapd.request("SIGNATURE " + addr2)
|
|
logger.info("sta2: " + res)
|
|
if not res.startswith("wifi4|probe:"):
|
|
raise Exception("Unexpected SIGNATURE prefix")
|
|
if "|assoc:" not in res:
|
|
raise Exception("Missing assoc info in SIGNATURE")
|