Hello!
I am thinking about adding some sort of framework to wpa_supplicant and/or the
mac80211 stack to allow purposefully creating bad station behaviour in order to
test robustness of APs.
Some ideas so far:
1) Allow supplicant to do bad state-machine transitions (start 4-way before
associating, for instance).
2) Randomly corrupt mgt frames in driver and/or mac80211 stack and/or
supplicant.
3) Possibly allow user to make specific corruptions. This would probably be
in supplicant
only, and I am not sure how this would be configured. Maybe allow user to
over-ride
existing IEs and add bogus ones of their own choosing.
4) Maybe some specific tests like putting in over-flow sized lengths of IEs.
Has anyone done anything similar they would like to share?
Johannes: Any interest in having such a framework in upstream kernels?
Any other ideas for how to improve this feature set?
Thanks,
Ben
--
Ben Greear <[email protected]>
Candela Technologies Inc http://www.candelatech.com
