// Verify that decideProtocol returns UnknownProtocol when given packet for // which it does not have a plugin. func TestProcess_unknownProtocol(t *testing.T) { test := testSetup(t) tuple := common.NewIpPortTuple(4, net.ParseIP("10.0.0.1"), 34898, net.ParseIP("192.168.0.1"), PORT+1) assert.Equal(t, protos.UnknownProtocol, test.udp.decideProtocol(&tuple)) }
// Verify that decideProtocol returns the protocol assocated with the // packet's destination port. func Test_decideProtocol_byDstPort(t *testing.T) { test := testSetup(t) tuple := common.NewIpPortTuple(4, net.ParseIP("10.0.0.1"), 34898, net.ParseIP("192.168.0.1"), PORT) assert.Equal(t, PROTO, test.udp.decideProtocol(&tuple)) }
// Verify that Process ignores empty packets. func TestProcess_emptyPayload(t *testing.T) { test := testSetup(t) tuple := common.NewIpPortTuple(4, net.ParseIP("192.168.0.1"), PORT, net.ParseIP("10.0.0.1"), 34898) emptyPkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: []byte{}} test.udp.Process(nil, emptyPkt) assert.Nil(t, test.plugin.pkt) }
// Verify that Process finds the plugin associated with the packet and invokes // ProcessUdp on it. func TestProcess_nonEmptyPayload(t *testing.T) { test := testSetup(t) tuple := common.NewIpPortTuple(4, net.ParseIP("192.168.0.1"), PORT, net.ParseIP("10.0.0.1"), 34898) payload := []byte{1} pkt := &protos.Packet{Ts: time.Now(), Tuple: tuple, Payload: payload} test.udp.Process(pkt) assert.Equal(t, pkt, test.plugin.pkt) }
// Benchmark that runs with parallelism to help find concurrency related // issues. To run with parallelism, the 'go test' cpu flag must be set // greater than 1, otherwise it just runs concurrently but not in parallel. func BenchmarkParallelProcess(b *testing.B) { rand.Seed(18) p := protocols{} p.tcp = make(map[protos.Protocol]protos.TcpPlugin) p.tcp[1] = &TestProtocol{Ports: []int{ServerPort}} tcp, _ := NewTcp(p) b.ResetTimer() b.RunParallel(func(pb *testing.PB) { for pb.Next() { pkt := &protos.Packet{ Ts: time.Now(), Tuple: common.NewIpPortTuple(4, net.ParseIP(ServerIp), ServerPort, net.ParseIP(ClientIp), uint16(rand.Intn(65535))), Payload: []byte{1, 2, 3, 4}, } tcp.Process(nil, &layers.TCP{}, pkt) } }) }
func TestGapInStreamShouldDropState(t *testing.T) { gap := 0 var state []byte data1 := []byte{1, 2, 3, 4} data2 := []byte{5, 6, 7, 8} tp := &TestProtocol{Ports: []int{ServerPort}} tp.gap = func(t *common.TcpTuple, d uint8, n int, p protos.ProtocolData) (protos.ProtocolData, bool) { fmt.Printf("lost: %v\n", n) gap += n return p, true // drop state } tp.parse = func(p *protos.Packet, t *common.TcpTuple, d uint8, priv protos.ProtocolData) protos.ProtocolData { if priv == nil { state = nil } state = append(state, p.Payload...) return state } p := protocols{} p.tcp = map[protos.Protocol]protos.TcpPlugin{ httpProtocol: tp, } tcp, _ := NewTcp(p) addr := common.NewIpPortTuple(4, net.ParseIP(ServerIp), ServerPort, net.ParseIP(ClientIp), uint16(rand.Intn(65535))) hdr := &layers.TCP{} tcp.Process(nil, hdr, &protos.Packet{Ts: time.Now(), Tuple: addr, Payload: data1}) hdr.Seq += uint32(len(data1) + 10) tcp.Process(nil, hdr, &protos.Packet{Ts: time.Now(), Tuple: addr, Payload: data2}) // validate assert.Equal(t, 10, gap) assert.Equal(t, data2, state) }
func TestTCSeqPayload(t *testing.T) { type segment struct { seq uint32 payload []byte } tests := []struct { name string segments []segment expectedGaps int expectedState []byte }{ {"No overlap", []segment{ {1, []byte{1, 2, 3, 4, 5}}, {6, []byte{6, 7, 8, 9, 10}}, }, 0, []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}, }, {"Gap drop state", []segment{ {1, []byte{1, 2, 3, 4}}, {15, []byte{5, 6, 7, 8}}, }, 10, []byte{5, 6, 7, 8}, }, {"ACK same sequence number", []segment{ {1, []byte{1, 2}}, {3, nil}, {3, []byte{3, 4}}, {5, []byte{5, 6}}, }, 0, []byte{1, 2, 3, 4, 5, 6}, }, {"ACK same sequence number 2", []segment{ {1, nil}, {2, nil}, {2, []byte{1, 2}}, {4, nil}, {4, []byte{3, 4}}, {6, []byte{5, 6}}, {8, []byte{7, 8}}, {10, nil}, }, 0, []byte{1, 2, 3, 4, 5, 6, 7, 8}, }, {"Overlap, first segment bigger", []segment{ {1, []byte{1, 2}}, {3, []byte{3, 4}}, {3, []byte{3}}, {5, []byte{5, 6}}, }, 0, []byte{1, 2, 3, 4, 5, 6}, }, {"Overlap, second segment bigger", []segment{ {1, []byte{1, 2}}, {3, []byte{3}}, {3, []byte{3, 4}}, {5, []byte{5, 6}}, }, 0, []byte{1, 2, 3, 4, 5, 6}, }, {"Overlap, covered", []segment{ {1, []byte{1, 2, 3, 4}}, {2, []byte{2, 3}}, {5, []byte{5, 6}}, }, 0, []byte{1, 2, 3, 4, 5, 6}, }, } for i, test := range tests { t.Logf("Test (%v): %v", i, test.name) gap := 0 var state []byte tcp, err := NewTcp(protocols{ tcp: map[protos.Protocol]protos.TcpPlugin{ httpProtocol: &TestProtocol{ Ports: []int{ServerPort}, gap: makeCountGaps(nil, &gap), parse: makeCollectPayload(&state, true), }, }, }) if err != nil { t.Fatal(err) } addr := common.NewIpPortTuple(4, net.ParseIP(ServerIp), ServerPort, net.ParseIP(ClientIp), uint16(rand.Intn(65535))) for _, segment := range test.segments { hdr := &layers.TCP{Seq: segment.seq} pkt := &protos.Packet{ Ts: time.Now(), Tuple: addr, Payload: segment.payload, } tcp.Process(nil, hdr, pkt) } assert.Equal(t, test.expectedGaps, gap) if len(test.expectedState) != len(state) { assert.Equal(t, len(test.expectedState), len(state)) continue } assert.Equal(t, test.expectedState, state) } }
flags []string rcode string q_class string q_type string q_name string answers []string authorities []string additionals []string request []byte response []byte } // Request and response addresses. var ( forward = common.NewIpPortTuple(4, net.ParseIP(ServerIp), ServerPort, net.ParseIP(ClientIp), ClientPort) reverse = common.NewIpPortTuple(4, net.ParseIP(ClientIp), ClientPort, net.ParseIP(ServerIp), ServerPort) ) func newDns(verbose bool) *Dns { if verbose { logp.LogInit(logp.LOG_DEBUG, "", false, true, []string{"dns"}) } else { logp.LogInit(logp.LOG_EMERG, "", false, true, []string{"dns"}) } dns := &Dns{} err := dns.Init(true, &publish.ChanTransactions{make(chan common.MapStr, 100)})