binwifi: Add client isolation; use on portals.

Client isolation prevents the AP from routing traffic between two
clients of a WLAN. This improves security on networks where the clients
don't need to talk to each other, like provisioning and guest networks.

Fixes b/34289885.

Change-Id: Ic9364f261adeab2225e7402c5aea2e9a12b8e407
diff --git a/dm/binwifi.py b/dm/binwifi.py
index 56d3f98..5d3d7d0 100644
--- a/dm/binwifi.py
+++ b/dm/binwifi.py
@@ -88,6 +88,7 @@
     if landevice_i == 2:
       yield (wlankey + 'Enable'), True
       yield (wlankey + 'SSIDAdvertisementEnabled'), False
+      yield (wlankey + 'X_CATAWAMPUS-ORG_ClientIsolation'), True
       yield (wlankey + 'X_CATAWAMPUS-ORG_OverrideSSID'), 'GFiberSetupAutomation'
 
 
@@ -99,6 +100,7 @@
     if landevice_i == 2:
       yield (wlankey + 'Enable'), True
       yield (wlankey + 'SSIDAdvertisementEnabled'), True
+      yield (wlankey + 'X_CATAWAMPUS-ORG_ClientIsolation'), True
       yield (wlankey + 'X_CATAWAMPUS-ORG_OverrideSSID'), 'Google Fiber Wi-Fi'
 
   yield ('Device.CaptivePortal.URL',
@@ -670,6 +672,8 @@
   X_CATAWAMPUS_ORG_AutoChannelAlgorithm = tr.cwmptypes.TriggerEnum(
       ['LEGACY', 'INITIAL', 'DYNAMIC'], 'LEGACY')
 
+  X_CATAWAMPUS_ORG_ClientIsolation = tr.cwmptypes.TriggerBool(False)
+
   _RecommendedChannel_2G = tr.cwmptypes.Trigger(
       tr.cwmptypes.ReadOnly(
           tr.cwmptypes.FileBacked(
@@ -853,6 +857,9 @@
 
     if not self.SSIDAdvertisementEnabled:
       cmd += ['-H']
+    if self.X_CATAWAMPUS_ORG_ClientIsolation:
+      cmd += ['-C']
+
     if self.new_config.AutoChannelEnable:
       acalg = self.X_CATAWAMPUS_ORG_AutoChannelAlgorithm
       if acalg == 'INITIAL':
diff --git a/dm/binwifi_test.py b/dm/binwifi_test.py
index 2cd25c2..e684862 100644
--- a/dm/binwifi_test.py
+++ b/dm/binwifi_test.py
@@ -499,6 +499,20 @@
     # Same output as 'b'
     self.assertTrue('-p a/b' in ' '.join(buf.splitlines()))
 
+  def testClientIsolation(self):
+    bw = self.WlanConfiguration(
+        'wifi0', '_portal', 'br1', band='5', width_5g=80)
+    bw.StartTransaction()
+    bw.RadioEnabled = True
+    bw.Enable = True
+    bw.SSID = 'Test SSID 1'
+    _, buf = self.GatherOutput(bw)
+    self.assertFalse('-C' in ' '.join(buf.splitlines()))
+
+    bw.X_CATAWAMPUS_ORG_ClientIsolation = True
+    _, buf = self.GatherOutput(bw)
+    self.assertTrue('-C' in ' '.join(buf.splitlines()))
+
   def testWidth(self):
     bw = self.WlanConfiguration(
         'wifi0', '', 'br0', band='5', width_5g=80)
diff --git a/dm/brcmwifi.py b/dm/brcmwifi.py
index 6878800..d7f03b1 100644
--- a/dm/brcmwifi.py
+++ b/dm/brcmwifi.py
@@ -553,6 +553,7 @@
                    'X_CATAWAMPUS-ORG_AutoChanType',
                    'X_CATAWAMPUS-ORG_AllowAutoDisable',
                    'X_CATAWAMPUS-ORG_AutoDisableRecommended',
+                   'X_CATAWAMPUS-ORG_ClientIsolation',
                    'X_CATAWAMPUS-ORG_OverrideSSID',
                    'X_CATAWAMPUS-ORG_Suffix24G'])
 
diff --git a/dm/fakewifi.py b/dm/fakewifi.py
index 370d561..a883b94 100644
--- a/dm/fakewifi.py
+++ b/dm/fakewifi.py
@@ -127,6 +127,7 @@
   X_CATAWAMPUS_ORG_AutoChannelAlgorithm = tr.cwmptypes.Enum(
       ['LEGACY', 'INITIAL', 'DYNAMIC'], 'LEGACY')
   X_CATAWAMPUS_ORG_AutoChanType = tr.cwmptypes.ReadOnlyString('NONDFS')
+  X_CATAWAMPUS_ORG_ClientIsolation = tr.cwmptypes.Bool(False)
   X_CATAWAMPUS_ORG_Width24G = tr.cwmptypes.ReadOnlyString('20')
   X_CATAWAMPUS_ORG_Width5G = tr.cwmptypes.ReadOnlyString('40')
   X_CATAWAMPUS_ORG_AutoDisableRecommended = tr.cwmptypes.ReadOnlyBool(False)
diff --git a/tr/schema/x-cata098.xml b/tr/schema/x-cata098.xml
index caa34d5..5d1d678 100644
--- a/tr/schema/x-cata098.xml
+++ b/tr/schema/x-cata098.xml
@@ -133,6 +133,12 @@
           <boolean/>

         </syntax>

       </parameter>

+      <parameter name="X_CATAWAMPUS-ORG_ClientIsolation" access="readWrite">

+        <description>If ClientIsolation is True, CPE will isolate clients on the network from each other.</description>

+        <syntax>

+          <boolean/>

+        </syntax>

+      </parameter>

       <parameter name="X_CATAWAMPUS-ORG_AutoChannelAlgorithm" access="readWrite">

         <description>If LEGACY, use old-style /bin/wifi autochannel recommendation.  If INITIAL, use boot-time waveguide recommendation.  If DYNAMIC, use real-time waveguide recommendation.</description>

         <syntax>