diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-23 20:20:23 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-23 20:20:23 +0200 |
commit | db67bc204e77fb2dd7d4a76672c63bc9bbfc07e1 (patch) | |
tree | b7e61ea893f7ff0768abbdb8f02f7c7842b3a4c4 /smoketest | |
parent | f25e1c9fa166c22d2a329ae435ae8be4f80985ef (diff) | |
parent | 35a46e4abfcece1beefb898ebd7fcb688fc55de5 (diff) | |
download | vyos-1x-db67bc204e77fb2dd7d4a76672c63bc9bbfc07e1.tar.gz vyos-1x-db67bc204e77fb2dd7d4a76672c63bc9bbfc07e1.zip |
Merge pull request #2159 from c-po/t5491-wifi
wifi: T5491: allow white-/blacklisting station MAC addresses for security
Diffstat (limited to 'smoketest')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wireless.py | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 875ca9dc6..f8686edd8 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -234,9 +234,51 @@ class WirelessInterfaceTest(BasicInterfaceTest.TestCase): self.assertIn(interface, bridge_members) self.cli_delete(bridge_path) - self.cli_delete(self._base_path) + + def test_wireless_security_station_address(self): + interface = 'wlan0' + ssid = 'VyOS-ACL' + + hostapd_accept_station_conf = f'/run/hostapd/{interface}_station_accept.conf' + hostapd_deny_station_conf = f'/run/hostapd/{interface}_station_deny.conf' + + accept_mac = ['00:00:00:00:ac:01', '00:00:00:00:ac:02', '00:00:00:00:ac:03', '00:00:00:00:ac:04'] + deny_mac = ['00:00:00:00:de:01', '00:00:00:00:de:02', '00:00:00:00:de:03', '00:00:00:00:de:04'] + + self.cli_set(self._base_path + [interface, 'ssid', ssid]) + self.cli_set(self._base_path + [interface, 'country-code', 'se']) + self.cli_set(self._base_path + [interface, 'type', 'access-point']) + self.cli_set(self._base_path + [interface, 'security', 'station-address', 'mode', 'accept']) + + for mac in accept_mac: + self.cli_set(self._base_path + [interface, 'security', 'station-address', 'accept', 'mac', mac]) + for mac in deny_mac: + self.cli_set(self._base_path + [interface, 'security', 'station-address', 'deny', 'mac', mac]) + self.cli_commit() + # in accept mode all addresses are allowed unless specified in the deny list + tmp = get_config_value(interface, 'macaddr_acl') + self.assertEqual(tmp, '0') + + accept_list = read_file(hostapd_accept_station_conf) + for mac in accept_mac: + self.assertIn(mac, accept_list) + + deny_list = read_file(hostapd_deny_station_conf) + for mac in deny_mac: + self.assertIn(mac, deny_list) + + # Switch mode accept -> deny + self.cli_set(self._base_path + [interface, 'security', 'station-address', 'mode', 'deny']) + self.cli_commit() + # In deny mode all addresses are denied unless specified in the allow list + tmp = get_config_value(interface, 'macaddr_acl') + self.assertEqual(tmp, '1') + + # Check for running process + self.assertTrue(process_named_running('hostapd')) + if __name__ == '__main__': check_kmod('mac80211_hwsim') unittest.main(verbosity=2) |