// Verify that decideProtocol returns UnknownProtocol when given packet for
// which it does not have a plugin.
func TestProcess_unknownProtocol(t *testing.T) {
test := testSetup(t)
tuple := common.NewIPPortTuple(4,
net.ParseIP("10.0.0.1"), 34898,
net.ParseIP("192.168.0.1"), PORT+1)
assert.Equal(t, protos.UnknownProtocol, test.udp.decideProtocol(&tuple))
}
// Verify that decideProtocol returns the protocol assocated with the
// packet's destination port.
func Test_decideProtocol_byDstPort(t *testing.T) {
test := testSetup(t)
tuple := common.NewIPPortTuple(4,
net.ParseIP("10.0.0.1"), 34898,
net.ParseIP("192.168.0.1"), PORT)
assert.Equal(t, PROTO, test.udp.decideProtocol(&tuple))
}
// Verify that Process ignores empty packets.
func TestProcess_emptyPayload(t *testing.T) {
test := testSetup(t)
tuple := common.NewIPPortTuple(4,
net.ParseIP("192.168.0.1"), PORT,
net.ParseIP("10.0.0.1"), 34898)
emptyPkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: []byte{}}
test.udp.Process(nil, emptyPkt)
assert.Nil(t, test.plugin.pkt)
}
// Benchmark that runs with parallelism to help find concurrency related
// issues. To run with parallelism, the 'go test' cpu flag must be set
// greater than 1, otherwise it just runs concurrently but not in parallel.
func BenchmarkParallelProcess(b *testing.B) {
rand.Seed(18)
p := protocols{}
p.tcp = make(map[protos.Protocol]protos.TCPPlugin)
p.tcp[1] = &TestProtocol{Ports: []int{ServerPort}}
tcp, _ := NewTCP(p)
b.ResetTimer()
b.RunParallel(func(pb *testing.PB) {
for pb.Next() {
pkt := &protos.Packet{
Ts: time.Now(),
Tuple: common.NewIPPortTuple(4,
net.ParseIP(ServerIP), ServerPort,
net.ParseIP(ClientIP), uint16(rand.Intn(65535))),
Payload: []byte{1, 2, 3, 4},
}
tcp.Process(nil, &layers.TCP{}, pkt)
}
})
}
rcode string
qClass string
qType string
qName string
qEtld string
answers []string
authorities []string
additionals []string
request []byte
response []byte
}
// Request and response addresses.
var (
forward = common.NewIPPortTuple(4,
net.ParseIP(serverIP), serverPort,
net.ParseIP(clientIP), clientPort)
reverse = common.NewIPPortTuple(4,
net.ParseIP(clientIP), clientPort,
net.ParseIP(serverIP), serverPort)
)
func newDNS(verbose bool) *dnsPlugin {
if verbose {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
} else {
logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
}
results := &publish.ChanTransactions{make(chan common.MapStr, 100)}
cfg, _ := common.NewConfigFrom(map[string]interface{}{
func TestTCSeqPayload(t *testing.T) {
type segment struct {
seq uint32
payload []byte
}
tests := []struct {
name string
segments []segment
expectedGaps int
expectedState []byte
}{
{"No overlap",
[]segment{
{1, []byte{1, 2, 3, 4, 5}},
{6, []byte{6, 7, 8, 9, 10}},
},
0,
[]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10},
},
{"Gap drop state",
[]segment{
{1, []byte{1, 2, 3, 4}},
{15, []byte{5, 6, 7, 8}},
},
10,
[]byte{5, 6, 7, 8},
},
{"ACK same sequence number",
[]segment{
{1, []byte{1, 2}},
{3, nil},
{3, []byte{3, 4}},
{5, []byte{5, 6}},
},
0,
[]byte{1, 2, 3, 4, 5, 6},
},
{"ACK same sequence number 2",
[]segment{
{1, nil},
{2, nil},
{2, []byte{1, 2}},
{4, nil},
{4, []byte{3, 4}},
{6, []byte{5, 6}},
{8, []byte{7, 8}},
{10, nil},
},
0,
[]byte{1, 2, 3, 4, 5, 6, 7, 8},
},
{"Overlap, first segment bigger",
[]segment{
{1, []byte{1, 2}},
{3, []byte{3, 4}},
{3, []byte{3}},
{5, []byte{5, 6}},
},
0,
[]byte{1, 2, 3, 4, 5, 6},
},
{"Overlap, second segment bigger",
[]segment{
{1, []byte{1, 2}},
{3, []byte{3}},
{3, []byte{3, 4}},
{5, []byte{5, 6}},
},
0,
[]byte{1, 2, 3, 4, 5, 6},
},
{"Overlap, covered",
[]segment{
{1, []byte{1, 2, 3, 4}},
{2, []byte{2, 3}},
{5, []byte{5, 6}},
},
0,
[]byte{1, 2, 3, 4, 5, 6},
},
}
for i, test := range tests {
t.Logf("Test (%v): %v", i, test.name)
gap := 0
var state []byte
tcp, err := NewTCP(protocols{
tcp: map[protos.Protocol]protos.TCPPlugin{
httpProtocol: &TestProtocol{
Ports: []int{ServerPort},
gap: makeCountGaps(nil, &gap),
parse: makeCollectPayload(&state, true),
},
},
})
if err != nil {
t.Fatal(err)
}
addr := common.NewIPPortTuple(4,
net.ParseIP(ServerIP), ServerPort,
net.ParseIP(ClientIP), uint16(rand.Intn(65535)))
for _, segment := range test.segments {
hdr := &layers.TCP{Seq: segment.seq}
pkt := &protos.Packet{
Ts: time.Now(),
Tuple: addr,
Payload: segment.payload,
}
tcp.Process(nil, hdr, pkt)
}
assert.Equal(t, test.expectedGaps, gap)
if len(test.expectedState) != len(state) {
assert.Equal(t, len(test.expectedState), len(state))
continue
}
assert.Equal(t, test.expectedState, state)
}
}
rcode string
q_class string
q_type string
q_name string
q_etld string
answers []string
authorities []string
additionals []string
request []byte
response []byte
}
// Request and response addresses.
var (
forward = common.NewIPPortTuple(4,
net.ParseIP(ServerIp), ServerPort,
net.ParseIP(ClientIp), ClientPort)
reverse = common.NewIPPortTuple(4,
net.ParseIP(ClientIp), ClientPort,
net.ParseIP(ServerIp), ServerPort)
)
func newDns(verbose bool) *Dns {
if verbose {
logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"})
} else {
logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"})
}
results := &publish.ChanTransactions{make(chan common.MapStr, 100)}
cfg, _ := common.NewConfigFrom(map[string]interface{}{