Example #1
0
// Verify that decideProtocol returns UnknownProtocol when given packet for
// which it does not have a plugin.
func TestProcess_unknownProtocol(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIpPortTuple(4,
		net.ParseIP("10.0.0.1"), 34898,
		net.ParseIP("192.168.0.1"), PORT+1)
	assert.Equal(t, protos.UnknownProtocol, test.udp.decideProtocol(&tuple))
}
Example #2
0
// Verify that decideProtocol returns the protocol assocated with the
// packet's destination port.
func Test_decideProtocol_byDstPort(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIpPortTuple(4,
		net.ParseIP("10.0.0.1"), 34898,
		net.ParseIP("192.168.0.1"), PORT)
	assert.Equal(t, PROTO, test.udp.decideProtocol(&tuple))
}
Example #3
0
// Verify that Process ignores empty packets.
func TestProcess_emptyPayload(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIpPortTuple(4,
		net.ParseIP("192.168.0.1"), PORT,
		net.ParseIP("10.0.0.1"), 34898)
	emptyPkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: []byte{}}
	test.udp.Process(nil, emptyPkt)
	assert.Nil(t, test.plugin.pkt)
}
Example #4
0
// Verify that Process finds the plugin associated with the packet and invokes
// ProcessUdp on it.
func TestProcess_nonEmptyPayload(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIpPortTuple(4,
		net.ParseIP("192.168.0.1"), PORT,
		net.ParseIP("10.0.0.1"), 34898)
	payload := []byte{1}
	pkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: payload}
	test.udp.Process(pkt)
	assert.Equal(t, pkt, test.plugin.pkt)
}
Example #5
0
// Benchmark that runs with parallelism to help find concurrency related
// issues. To run with parallelism, the 'go test' cpu flag must be set
// greater than 1, otherwise it just runs concurrently but not in parallel.
func BenchmarkParallelProcess(b *testing.B) {
	rand.Seed(18)
	p := protocols{}
	p.tcp = make(map[protos.Protocol]protos.TcpPlugin)
	p.tcp[1] = &TestProtocol{Ports: []int{ServerPort}}
	tcp, _ := NewTcp(p)

	b.ResetTimer()
	b.RunParallel(func(pb *testing.PB) {
		for pb.Next() {
			pkt := &protos.Packet{
				Ts: time.Now(),
				Tuple: common.NewIpPortTuple(4,
					net.ParseIP(ServerIp), ServerPort,
					net.ParseIP(ClientIp), uint16(rand.Intn(65535))),
				Payload: []byte{1, 2, 3, 4},
			}
			tcp.Process(nil, &layers.TCP{}, pkt)
		}
	})
}
Example #6
0
func TestGapInStreamShouldDropState(t *testing.T) {
	gap := 0
	var state []byte

	data1 := []byte{1, 2, 3, 4}
	data2 := []byte{5, 6, 7, 8}

	tp := &TestProtocol{Ports: []int{ServerPort}}
	tp.gap = func(t *common.TcpTuple, d uint8, n int, p protos.ProtocolData) (protos.ProtocolData, bool) {
		fmt.Printf("lost: %v\n", n)
		gap += n
		return p, true // drop state
	}
	tp.parse = func(p *protos.Packet, t *common.TcpTuple, d uint8, priv protos.ProtocolData) protos.ProtocolData {
		if priv == nil {
			state = nil
		}
		state = append(state, p.Payload...)
		return state
	}

	p := protocols{}
	p.tcp = map[protos.Protocol]protos.TcpPlugin{
		httpProtocol: tp,
	}
	tcp, _ := NewTcp(p)

	addr := common.NewIpPortTuple(4,
		net.ParseIP(ServerIp), ServerPort,
		net.ParseIP(ClientIp), uint16(rand.Intn(65535)))

	hdr := &layers.TCP{}
	tcp.Process(nil, hdr, &protos.Packet{Ts: time.Now(), Tuple: addr, Payload: data1})
	hdr.Seq += uint32(len(data1) + 10)
	tcp.Process(nil, hdr, &protos.Packet{Ts: time.Now(), Tuple: addr, Payload: data2})

	// validate
	assert.Equal(t, 10, gap)
	assert.Equal(t, data2, state)
}
Example #7
0
func TestTCSeqPayload(t *testing.T) {
	type segment struct {
		seq     uint32
		payload []byte
	}

	tests := []struct {
		name          string
		segments      []segment
		expectedGaps  int
		expectedState []byte
	}{
		{"No overlap",
			[]segment{
				{1, []byte{1, 2, 3, 4, 5}},
				{6, []byte{6, 7, 8, 9, 10}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10},
		},
		{"Gap drop state",
			[]segment{
				{1, []byte{1, 2, 3, 4}},
				{15, []byte{5, 6, 7, 8}},
			},
			10,
			[]byte{5, 6, 7, 8},
		},
		{"ACK same sequence number",
			[]segment{
				{1, []byte{1, 2}},
				{3, nil},
				{3, []byte{3, 4}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"ACK same sequence number 2",
			[]segment{
				{1, nil},
				{2, nil},
				{2, []byte{1, 2}},
				{4, nil},
				{4, []byte{3, 4}},
				{6, []byte{5, 6}},
				{8, []byte{7, 8}},
				{10, nil},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6, 7, 8},
		},
		{"Overlap, first segment bigger",
			[]segment{
				{1, []byte{1, 2}},
				{3, []byte{3, 4}},
				{3, []byte{3}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"Overlap, second segment bigger",
			[]segment{
				{1, []byte{1, 2}},
				{3, []byte{3}},
				{3, []byte{3, 4}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"Overlap, covered",
			[]segment{
				{1, []byte{1, 2, 3, 4}},
				{2, []byte{2, 3}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
	}

	for i, test := range tests {
		t.Logf("Test (%v): %v", i, test.name)

		gap := 0
		var state []byte
		tcp, err := NewTcp(protocols{
			tcp: map[protos.Protocol]protos.TcpPlugin{
				httpProtocol: &TestProtocol{
					Ports: []int{ServerPort},
					gap:   makeCountGaps(nil, &gap),
					parse: makeCollectPayload(&state, true),
				},
			},
		})
		if err != nil {
			t.Fatal(err)
		}

		addr := common.NewIpPortTuple(4,
			net.ParseIP(ServerIp), ServerPort,
			net.ParseIP(ClientIp), uint16(rand.Intn(65535)))

		for _, segment := range test.segments {
			hdr := &layers.TCP{Seq: segment.seq}
			pkt := &protos.Packet{
				Ts:      time.Now(),
				Tuple:   addr,
				Payload: segment.payload,
			}
			tcp.Process(nil, hdr, pkt)
		}

		assert.Equal(t, test.expectedGaps, gap)
		if len(test.expectedState) != len(state) {
			assert.Equal(t, len(test.expectedState), len(state))
			continue
		}
		assert.Equal(t, test.expectedState, state)
	}
}
Example #8
0
	flags       []string
	rcode       string
	q_class     string
	q_type      string
	q_name      string
	answers     []string
	authorities []string
	additionals []string
	request     []byte
	response    []byte
}

// Request and response addresses.
var (
	forward = common.NewIpPortTuple(4,
		net.ParseIP(ServerIp), ServerPort,
		net.ParseIP(ClientIp), ClientPort)
	reverse = common.NewIpPortTuple(4,
		net.ParseIP(ClientIp), ClientPort,
		net.ParseIP(ServerIp), ServerPort)
)

func newDns(verbose bool) *Dns {
	if verbose {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
	} else {
		logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
	}

	dns := &Dns{}
	err := dns.Init(true, &publish.ChanTransactions{make(chan common.MapStr, 100)})