nixos/tests/wpa_supplicant: test duplicate SSID with different BSSID
This commit is contained in:
Léana 江
@@ -13,8 +13,31 @@ let
|
|||||||
|
|
||||||
naughtyPassphrase = ''!,./;'[]\-=<>?:"{}|_+@$%^&*()`~ # ceci n'est pas un commentaire'';
|
naughtyPassphrase = ''!,./;'[]\-=<>?:"{}|_+@$%^&*()`~ # ceci n'est pas un commentaire'';
|
||||||
|
|
||||||
|
runBssidTest =
|
||||||
|
name: expectedBssid: extraConfig:
|
||||||
|
runSimulatorTest name extraConfig ''
|
||||||
|
with subtest("Daemon can connect to the right access point"):
|
||||||
|
machine.wait_for_unit("wpa_supplicant-wlan1.service")
|
||||||
|
machine.wait_until_succeeds(
|
||||||
|
"wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"
|
||||||
|
)
|
||||||
|
machine.wait_until_succeeds(
|
||||||
|
"wpa_cli -i wlan1 status | grep -q bssid=${expectedBssid}"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
|
||||||
runConnectionTest =
|
runConnectionTest =
|
||||||
name: extraConfig:
|
name: extraConfig:
|
||||||
|
runSimulatorTest name extraConfig ''
|
||||||
|
with subtest("Daemon can connect to the access point"):
|
||||||
|
machine.wait_for_unit("wpa_supplicant-wlan1.service")
|
||||||
|
machine.wait_until_succeeds(
|
||||||
|
"wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"
|
||||||
|
)
|
||||||
|
'';
|
||||||
|
|
||||||
|
runSimulatorTest =
|
||||||
|
name: extraConfig: extraTestScript:
|
||||||
runTest {
|
runTest {
|
||||||
name = "wpa_supplicant-${name}";
|
name = "wpa_supplicant-${name}";
|
||||||
inherit meta;
|
inherit meta;
|
||||||
@@ -50,12 +73,22 @@ let
|
|||||||
bssid = "02:00:00:00:00:01";
|
bssid = "02:00:00:00:00:01";
|
||||||
};
|
};
|
||||||
wlan0-2 = {
|
wlan0-2 = {
|
||||||
|
ssid = "nixos-test-mixed";
|
||||||
|
authentication = {
|
||||||
|
mode = "wpa3-sae-transition";
|
||||||
|
saeAddToMacAllow = true;
|
||||||
|
saePasswordsFile = pkgs.writeText "password" naughtyPassphrase;
|
||||||
|
wpaPasswordFile = pkgs.writeText "password" naughtyPassphrase;
|
||||||
|
};
|
||||||
|
bssid = "02:00:00:00:00:02";
|
||||||
|
};
|
||||||
|
wlan0-3 = {
|
||||||
ssid = "nixos-test-wpa2";
|
ssid = "nixos-test-wpa2";
|
||||||
authentication = {
|
authentication = {
|
||||||
mode = "wpa2-sha256";
|
mode = "wpa2-sha256";
|
||||||
wpaPassword = naughtyPassphrase;
|
wpaPassword = naughtyPassphrase;
|
||||||
};
|
};
|
||||||
bssid = "02:00:00:00:00:02";
|
bssid = "02:00:00:00:00:03";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -85,11 +118,7 @@ let
|
|||||||
machine.wait_for_unit("hostapd.service")
|
machine.wait_for_unit("hostapd.service")
|
||||||
machine.copy_from_vm("/run/hostapd/wlan0.hostapd.conf")
|
machine.copy_from_vm("/run/hostapd/wlan0.hostapd.conf")
|
||||||
|
|
||||||
with subtest("Daemon can connect to the access point"):
|
${extraTestScript}
|
||||||
machine.wait_for_unit("wpa_supplicant-wlan1.service")
|
|
||||||
machine.wait_until_succeeds(
|
|
||||||
"wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"
|
|
||||||
)
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -129,6 +158,18 @@ in
|
|||||||
psk = "password";
|
psk = "password";
|
||||||
authProtocols = [ "SAE" ];
|
authProtocols = [ "SAE" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Test duplicate SSID generation
|
||||||
|
duplicate1 = {
|
||||||
|
ssid = "duplicate";
|
||||||
|
bssid = "00:00:00:00:00:01";
|
||||||
|
psk = "password";
|
||||||
|
};
|
||||||
|
duplicate2 = {
|
||||||
|
ssid = "duplicate";
|
||||||
|
bssid = "00:00:00:00:00:02";
|
||||||
|
psk = "password";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -148,6 +189,12 @@ in
|
|||||||
assert int(machine.succeed(f"grep -c sae-only {config_file}")) == 1
|
assert int(machine.succeed(f"grep -c sae-only {config_file}")) == 1
|
||||||
assert int(machine.succeed(f"grep -c mixed-wpa {config_file}")) == 2
|
assert int(machine.succeed(f"grep -c mixed-wpa {config_file}")) == 2
|
||||||
|
|
||||||
|
with subtest("Duplicate SSID network blocks have been generated"):
|
||||||
|
# more duplication due to fallbacks
|
||||||
|
assert int(machine.succeed(f"grep -c duplicate {config_file}")) == 4
|
||||||
|
assert int(machine.succeed(f"grep -c bssid=00:00:00:00:00:01 {config_file}")) == 2
|
||||||
|
assert int(machine.succeed(f"grep -c bssid=00:00:00:00:00:02 {config_file}")) == 2
|
||||||
|
|
||||||
# save file for manual inspection
|
# save file for manual inspection
|
||||||
machine.copy_from_vm(config_file)
|
machine.copy_from_vm(config_file)
|
||||||
'';
|
'';
|
||||||
@@ -222,4 +269,23 @@ in
|
|||||||
authProtocols = [ "WPA-PSK-SHA256" ];
|
authProtocols = [ "WPA-PSK-SHA256" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Test connection with the highest prio "matching" network block found.
|
||||||
|
# "Matching" meaning with the right SSID and BSSID
|
||||||
|
bssidGuard = runBssidTest "bssid-guard" "02:00:00:00:00:02" {
|
||||||
|
networks = {
|
||||||
|
"1_first" = {
|
||||||
|
ssid = "nixos-test-mixed";
|
||||||
|
bssid = "02:00:00:00:00:01";
|
||||||
|
pskRaw = "ext:psk_nixos_test";
|
||||||
|
};
|
||||||
|
"2_second" = {
|
||||||
|
ssid = "nixos-test-mixed";
|
||||||
|
bssid = "02:00:00:00:00:02";
|
||||||
|
pskRaw = "ext:psk_nixos_test";
|
||||||
|
priority = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user