diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2020-10-02 12:05:03 +0300 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-10-05 15:05:59 +0200 |
| commit | 13600d098723ca4567aa380144617e5c1791bbbc (patch) | |
| tree | 8f383312a5471627aa7f12ebbbaea92bee33e538 /sys/linux/test/80211_scan | |
| parent | c08b5b69b246ffabf41061b686968f4391146b4b (diff) | |
sys/linux/test: refactor and extend 802.11 tests
80211_setup_station is extended with frame injections and delays that
are arranged in such a way that the device successuflly joins an
access point.
80211_scan is a new test that starts a channel scan and then injects a
beacon and a probe response.
These additions were tested manually and were observed to fulfill
their purpose.
Diffstat (limited to 'sys/linux/test/80211_scan')
| -rw-r--r-- | sys/linux/test/80211_scan | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sys/linux/test/80211_scan b/sys/linux/test/80211_scan new file mode 100644 index 000000000..32247fea3 --- /dev/null +++ b/sys/linux/test/80211_scan @@ -0,0 +1,23 @@ +# requires: -sandbox=namespace + +r0 = socket$nl_generic(0x10, 0x3, 0x10) +r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') +ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) + +# Set station mode for wlan1. + +sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={AUTO, r1, 0x5, 0x0, 0x0, {{AUTO, AUTO, AUTO}, {@val={AUTO, AUTO, r2, nil}, @void}}, [@NL80211_ATTR_IFTYPE={AUTO, AUTO, 0x2, nil}]}, AUTO}, AUTO, AUTO, AUTO, 0x0}, 0x0) + +# Trigger a scan. + +sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={AUTO, r1, 0x5, 0x0, 0x0, {{AUTO, AUTO, AUTO}, {@val={AUTO, AUTO, r2, nil}, @void}}, [@NL80211_ATTR_IE={AUTO, AUTO, [@random={0xdd, AUTO, 'abcdefghijk'}], nil}, @NL80211_ATTR_SCAN_SSIDS={AUTO, AUTO, AUTO, AUTO, [{AUTO, AUTO, @default_ap_ssid, nil}], nil}]}, AUTO}, AUTO, AUTO, AUTO, 0x0}, 0x0) + +# Inject a beacon. + +syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &AUTO=@mgmt_frame=@beacon={@wo_ht={{AUTO, AUTO, AUTO, AUTO, AUTO, 0, 0, 0, 0, AUTO, 0}, {0, 0}, @device_b, @device_a, @from_mac=@device_a, {0,0}}, 0x0, @default, 0x1, @val={AUTO, AUTO, @default_ap_ssid}, @val={AUTO, AUTO, [{0x2,0x1}, {0x4,0x1}, {0xb,0x1}, {0x16,0x1}, {0x0c,0x0}, {0x12,0x0}, {0x18,0x0}, {0x24, 0x0}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, []}, AUTO) + +# Wait 5 ms and inject a probe response. + +nanosleep(&AUTO={0x0,0x4C4B40}, &AUTO={0,0}) + +syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={@wo_ht={{AUTO, AUTO, AUTO, AUTO, AUTO, 0, 0, 0, 0, AUTO, 0}, {0, 0}, @device_b, @device_a, @from_mac=@device_a, {0,0}}, 0x0, @default, 0x1, @val={AUTO, AUTO, @default_ap_ssid}, @val={AUTO, AUTO, [{0x2,0x1}, {0x4,0x1}, {0xb,0x1}, {0x16,0x1}, {0x0c,0}, {0x12,0x0}, {0x18,0x0}, {0x24,0x0}]}, @void, @void, @void, @void, @void, @void, []}, AUTO) |