Esempio n. 1
0
// Verify that decideProtocol returns UnknownProtocol when given packet for
// which it does not have a plugin.
func TestProcess_unknownProtocol(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIPPortTuple(4,
		net.ParseIP("10.0.0.1"), 34898,
		net.ParseIP("192.168.0.1"), PORT+1)
	assert.Equal(t, protos.UnknownProtocol, test.udp.decideProtocol(&tuple))
}
Esempio n. 2
0
// Verify that decideProtocol returns the protocol assocated with the
// packet's destination port.
func Test_decideProtocol_byDstPort(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIPPortTuple(4,
		net.ParseIP("10.0.0.1"), 34898,
		net.ParseIP("192.168.0.1"), PORT)
	assert.Equal(t, PROTO, test.udp.decideProtocol(&tuple))
}
Esempio n. 3
0
// Verify that Process ignores empty packets.
func TestProcess_emptyPayload(t *testing.T) {
	test := testSetup(t)
	tuple := common.NewIPPortTuple(4,
		net.ParseIP("192.168.0.1"), PORT,
		net.ParseIP("10.0.0.1"), 34898)
	emptyPkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: []byte{}}
	test.udp.Process(nil, emptyPkt)
	assert.Nil(t, test.plugin.pkt)
}
Esempio n. 4
0
// Benchmark that runs with parallelism to help find concurrency related
// issues. To run with parallelism, the 'go test' cpu flag must be set
// greater than 1, otherwise it just runs concurrently but not in parallel.
func BenchmarkParallelProcess(b *testing.B) {
	rand.Seed(18)
	p := protocols{}
	p.tcp = make(map[protos.Protocol]protos.TCPPlugin)
	p.tcp[1] = &TestProtocol{Ports: []int{ServerPort}}
	tcp, _ := NewTCP(p)

	b.ResetTimer()
	b.RunParallel(func(pb *testing.PB) {
		for pb.Next() {
			pkt := &protos.Packet{
				Ts: time.Now(),
				Tuple: common.NewIPPortTuple(4,
					net.ParseIP(ServerIP), ServerPort,
					net.ParseIP(ClientIP), uint16(rand.Intn(65535))),
				Payload: []byte{1, 2, 3, 4},
			}
			tcp.Process(nil, &layers.TCP{}, pkt)
		}
	})
}
Esempio n. 5
0
	rcode       string
	qClass      string
	qType       string
	qName       string
	qEtld       string
	answers     []string
	authorities []string
	additionals []string
	request     []byte
	response    []byte
}

// Request and response addresses.
var (
	forward = common.NewIPPortTuple(4,
		net.ParseIP(serverIP), serverPort,
		net.ParseIP(clientIP), clientPort)
	reverse = common.NewIPPortTuple(4,
		net.ParseIP(clientIP), clientPort,
		net.ParseIP(serverIP), serverPort)
)

func newDNS(verbose bool) *dnsPlugin {
	if verbose {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
	} else {
		logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
	}

	results := &publish.ChanTransactions{make(chan common.MapStr, 100)}
	cfg, _ := common.NewConfigFrom(map[string]interface{}{
Esempio n. 6
0
func TestTCSeqPayload(t *testing.T) {
	type segment struct {
		seq     uint32
		payload []byte
	}

	tests := []struct {
		name          string
		segments      []segment
		expectedGaps  int
		expectedState []byte
	}{
		{"No overlap",
			[]segment{
				{1, []byte{1, 2, 3, 4, 5}},
				{6, []byte{6, 7, 8, 9, 10}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10},
		},
		{"Gap drop state",
			[]segment{
				{1, []byte{1, 2, 3, 4}},
				{15, []byte{5, 6, 7, 8}},
			},
			10,
			[]byte{5, 6, 7, 8},
		},
		{"ACK same sequence number",
			[]segment{
				{1, []byte{1, 2}},
				{3, nil},
				{3, []byte{3, 4}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"ACK same sequence number 2",
			[]segment{
				{1, nil},
				{2, nil},
				{2, []byte{1, 2}},
				{4, nil},
				{4, []byte{3, 4}},
				{6, []byte{5, 6}},
				{8, []byte{7, 8}},
				{10, nil},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6, 7, 8},
		},
		{"Overlap, first segment bigger",
			[]segment{
				{1, []byte{1, 2}},
				{3, []byte{3, 4}},
				{3, []byte{3}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"Overlap, second segment bigger",
			[]segment{
				{1, []byte{1, 2}},
				{3, []byte{3}},
				{3, []byte{3, 4}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
		{"Overlap, covered",
			[]segment{
				{1, []byte{1, 2, 3, 4}},
				{2, []byte{2, 3}},
				{5, []byte{5, 6}},
			},
			0,
			[]byte{1, 2, 3, 4, 5, 6},
		},
	}

	for i, test := range tests {
		t.Logf("Test (%v): %v", i, test.name)

		gap := 0
		var state []byte
		tcp, err := NewTCP(protocols{
			tcp: map[protos.Protocol]protos.TCPPlugin{
				httpProtocol: &TestProtocol{
					Ports: []int{ServerPort},
					gap:   makeCountGaps(nil, &gap),
					parse: makeCollectPayload(&state, true),
				},
			},
		})
		if err != nil {
			t.Fatal(err)
		}

		addr := common.NewIPPortTuple(4,
			net.ParseIP(ServerIP), ServerPort,
			net.ParseIP(ClientIP), uint16(rand.Intn(65535)))

		for _, segment := range test.segments {
			hdr := &layers.TCP{Seq: segment.seq}
			pkt := &protos.Packet{
				Ts:      time.Now(),
				Tuple:   addr,
				Payload: segment.payload,
			}
			tcp.Process(nil, hdr, pkt)
		}

		assert.Equal(t, test.expectedGaps, gap)
		if len(test.expectedState) != len(state) {
			assert.Equal(t, len(test.expectedState), len(state))
			continue
		}
		assert.Equal(t, test.expectedState, state)
	}
}
Esempio n. 7
0
	rcode       string
	q_class     string
	q_type      string
	q_name      string
	q_etld      string
	answers     []string
	authorities []string
	additionals []string
	request     []byte
	response    []byte
}

// Request and response addresses.
var (
	forward = common.NewIPPortTuple(4,
		net.ParseIP(ServerIp), ServerPort,
		net.ParseIP(ClientIp), ClientPort)
	reverse = common.NewIPPortTuple(4,
		net.ParseIP(ClientIp), ClientPort,
		net.ParseIP(ServerIp), ServerPort)
)

func newDns(verbose bool) *Dns {
	if verbose {
		logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
	} else {
		logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
	}

	results := &publish.ChanTransactions{make(chan common.MapStr, 100)}
	cfg, _ := common.NewConfigFrom(map[string]interface{}{