-
Notifications
You must be signed in to change notification settings - Fork 4
Setup network testing environment on Raspberry Pi
- Brief
- Configuration with scripts
- Manual steps
- Reference
This page describes the setup network testing environment on Raspberry Pi. We want to use Raspberry Pi 4 as a testing platform for testing.
One of the cases can perform manual or automated tests for WiFi connection and TCP/UDP communication. To do this, you must properly configure it by:
- Setup WiFi AP on Raspberry Pi
- Run UDP/TCP echo server
- Install network packet analyzer
- Build chip tools for network testing
Before you start:
- Ensure you have administrative access to your Raspberry Pi. The network setup will be modified as part of the installation: local access, with screen and keyboard connected to your Raspberry Pi, is recommended. Then you can use the ssh or VNC server (for desktop distribution) to connect to RPi.
- Connect your Raspberry Pi to the Ethernet network and boot the Raspberry Pi OS or Ubuntu 20.04 (recommended).
Create your workspace directory
mdkir [workspace name] && cd [workspace name]
Clone CHIP project repository
git clone --recurse-submodules --branch development https://github.com/ARMmbed/connectedhomeip.git .
Setup CHIP environment for Linux
bash scripts/setup/setup_ubuntu_20_04_lts.sh
Setup network testing environment. You can change default settings by editing the setup_network_env script's variables such as AP SSID and password or DCHP server address.
bash scripts/setup/setup_network_env.sh
That's all. The WiFi access point is created. Echo servers and network packet analyzer are installed. Ready-to-use chip tools you can find in the $HOME/NetTools directory.
In order to work as an access point, the Raspberry Pi needs to have the hostapd access point software package installed:
sudo apt install hostapd
Enable the wireless access point service and set it to start when your Raspberry Pi boots:
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
In order to provide network management services (DNS, DHCP) to wireless clients, the Raspberry Pi needs to have the dnsmasq software package installed:
sudo apt install dnsmasq
Finally, install netfilter-persistent and its plugin iptables-persistent. This utilty helps by saving firewall rules and restoring them when the Raspberry Pi boots:
sudo DEBIAN_FRONTEND=noninteractive apt install -y netfilter-persistent iptables-persistent
Define the wireless interface IP configuration
The Raspberry Pi runs a DHCP server for the wireless network; this requires static IP configuration for the wireless interface (wlan0) in the Raspberry Pi. The Raspberry Pi also acts as the router on the wireless network, and as is customary, we will give it the first IP address in the network: 192.168.4.1 (note: Please select another IP network for wireless if IP network 192.168.4.0 is already in use by your Ethernet LAN.).
To configure the static IP address, edit the configuration file for dhcpcd with:
sudo nano /etc/dhcpcd.conf
Go to the end of the file and add the following:
interface wlan0
static ip_address=192.168.4.1/24
nohook wpa_supplicant
Enable routing and IP masquerading
This section configures the Raspberry Pi to let wireless clients access computers on the main (Ethernet) network, and from there the internet. NOTE: If you wish to block wireless clients from accessing the Ethernet network and the internet, skip this section.
To enable routing, i.e. to allow traffic to flow from one network to the other in the Raspberry Pi, create a file using the following command, with the contents below:
sudo nano /etc/sysctl.d/routed-ap.conf
File contents:
# https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md
# Enable IPv4 routing
net.ipv4.ip_forward=1
Enabling routing will allow hosts from network 192.168.4.0/24 to reach the LAN and the main router towards the internet. In order to allow traffic between clients on this foreign wireless network and the internet without changing the configuration of the main router, the Raspberry Pi can substitute the IP address of wireless clients with its own IP address on the LAN using a "masquerade" firewall rule.
The main router will see all outgoing traffic from wireless clients as coming from the Raspberry Pi, allowing communication with the internet. The Raspberry Pi will receive all incoming traffic, substitute the IP addresses back, and forward traffic to the original wireless client. This process is configured by adding a single firewall rule in the Raspberry Pi:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now save the current firewall rules for IPv4 (including the rule above) and IPv6 to be loaded at boot by the netfilter-persistent service:
sudo netfilter-persistent save
Filtering rules are saved to the directory /etc/iptables/. If in the future you change the configuration of your firewall, make sure to save the configuration before rebooting.
The DHCP and DNS services are provided by dnsmasq. The default configuration file serves as a template for all possible configuration options, whereas we only need a few. It is easier to start from an empty file.
Rename the default configuration file and edit a new one:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
Add the following to the file and save it:
interface=wlan0 # Listening interface
dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h
# Pool of IP addresses served via DHCP
domain=wlan # Local wireless DNS domain
address=/gw.wlan/192.168.4.1
# Alias for this router
The Raspberry Pi will deliver IP addresses between 192.168.4.2 and 192.168.4.20, with a lease time of 24 hours, to wireless DHCP clients. You should be able to reach the Raspberry Pi under the name gw.wlan from wireless clients.
Create the hostapd configuration file, located at /etc/hostapd/hostapd.conf, to add the various parameters for your new wireless network.
sudo nano /etc/hostapd/hostapd.conf
Add the settings to the configuration file.
Example configuration:
country_code=PL
interface=wlan0
ssid=ARMnet
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=ARMnet123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
country_code - it configures the computer to use the correct wireless frequencies in the United Kingdom. Adapt this line and specify the two-letter ISO code of your country. ssid - network name, should not have quotes around them. wpa_passphrase - network password, The passphrase should be between 8 and 64 characters in length. hw_mode - supported hardware WiFi protocol. Possible values:
- a = IEEE 802.11a (5 GHz) (Raspberry Pi 3B+ onwards)
- b = IEEE 802.11b (2.4 GHz)
- g = IEEE 802.11g (2.4 GHz)
Note that when changing the hw_mode, you may need to also change the channel.
Now restart your Raspberry Pi and verify that the wireless access point becomes automatically available.
sudo systemctl reboot
sudo apt install network-manager
Use the network manager command-line interface to create WiFi AP.
Check network interface (wlan0 for RaspberryPI), set connection name (i.e. WiFiAp), set auto-connect option, set SSID of your wireless network.
sudo nmcli con add type wifi ifname wlan0 con-name WiFiAp autoconnect true ssid <network ssid>
Set WiFi interface settings such as access point mode, the frequency band of the network, security protocol and IPv4 address shared.
sudo nmcli con modify WiFiAp 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared
Set WiFi security settings such as WPA protocol ("wpa" - allow WPA or "rsn" - allow WPA2/RSN), key management used for the connection, Pre-Shared-Key for WPA networks.
sudo nmcli con modify WiFiAp 802-11-wireless-security.proto rsn wifi-sec.key-mgmt wpa-psk wifi-sec.psk "<network password>"
sudo nmcli con up WiFiAp
For this case we can use Echo Service it is a very simple Linux service that simply echos back whatever it is sent.
echo is part of the openbsd-inetd package which can be installed with:
sudo apt-get update
sudo apt-get install openbsd-inetd
Once installed, you will need to edit /etc/inetd.conf and add a few lines using the editor of your choice (the commented lines were already present, I just added the echo lines):
#:INTERNAL: Internal services
#discard stream tcp nowait root internal
#discard dgram udp wait root internal
#daytime stream tcp nowait root internal
#time stream tcp nowait root internal
echo stream tcp nowait root internal
echo dgram udp wait root internal
Then restart inetd:
sudo service openbsd-inetd restart
Finally, verify that echo service is connected properly:
netstat -a | less
You should see TCP and UDP active servers on LISTEN state.
The network traffic observation tool is welcome for testing TCP/UDP communication.
For this purpose, we install tcpdump application.
tcpdump is a network packet analyzer, which lets you see the conversation packets.
Installing tcpdump
tcpdump is not installed by default on Raspbian. We need to call:
sudo apt-get install tcpdump
Use tcpdump
tcpdump starts tcpdump running, but be prepared for a flood of information if you run tcpdump without any arguments.
Useful arguments:
-
"-i" limit the packet dump to a specific interface i.e.
-i eth0 - "-D" view the interfaces available to tcpdump
-
"port" limit the packet dump to a specific port i.e.
port 80 -
"host" limit the packet dump to a specific host i.e.
host 192.168.0.1 - "-c" limit how many packets you capture
- "-v" produce more verbose output
- "-X" printing more details of each packet
Note: To capture packets from our echo server run:
sudo tcpdump -i wlan0 port 7 -vvX
Build CHIP tools tutorial: Buil CHIP tools
https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md