1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
#!/usr/bin/env bash
# This script can be run with several environment variables set dictating its
# run. You can set the following to what you like:
WOLFSSL_ROOT=${WOLFSSL_ROOT:-$(pwd)}
UDP_PROXY_BIN=${UDP_PROXY_BIN:-"udp_proxy"}
DTLS_VERSION=${DTLS_VERSION:-"-v4"}
PCAP_FILENAME=${PCAP_FILENAME:-"dtls${DTLS_VERSION}.pcap"}
# Additionally, you can add the following tests by setting it to '1':
DO_EXTENDED_SERVER_PERMUTATION_TEST=${DO_EXTENDED_SERVER_PERMUTATION_TEST:-0}
DO_DELAY_TEST=${DO_DELAY_TEST:-0}
# An example use would be: DTLS_VERSION=-v3 scripts/dtls.test
# Note the output also consists of a single PCAP file which has a set of
# three packets (1-byte, strlen()-byte, 1-byte payload) deliniating each test.
#set -x # enable debug output
# bwrap execution environment to avoid port conflicts
if [ "${AM_BWRAPPED-}" != "yes" ]; then
bwrap_path="$(command -v bwrap)"
if [ -n "$bwrap_path" ]; then
export AM_BWRAPPED=yes
exec "$bwrap_path" --cap-add ALL --unshare-net --dev-bind / / "$0" "$@"
fi
fi
kill_server() {
for i in $(jobs -pr); do
if [ "$i" != "$TCPDUMP_PID" ]; then
kill -9 $i
fi
done
# empty print to show which backgrounded processes were killed
sleep 0.2 && echo
}
cleanup () {
echo
echo "Cleaning up..."
kill_server
if [ ! -z "$TCPDUMP_PID" ];then
echo "Killing tcpdump $TCPDUMP_PID"
sleep 1
kill $TCPDUMP_PID
fi
}
trap cleanup err exit
PROXY_PORT=1234
SERVER_PORT=4321
KEY_UPDATE_SIZE=35
NUM_TESTS_FAILED=0
NUM_TESTS_RUN=0
if [ "$DTLS_VERSION" = "-v4" ]; then
UDP_PROXY_EXTRA_ARGS="-u"
fi
# $WOLFSSL_ROOT/tests/unit.test tests/test-dtls13.conf
set -o pipefail
prepend() { # Usage: cmd 2>&1 | prepend "sometext "
while read line; do echo "${1}${line}"; done
}
run_test() { # usage: run_test "<testName>" "<udp-proxy args>" "<server args>" "<client args>"
((NUM_TESTS_RUN++))
echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file
echo "$1" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file
echo "" | nc -u 127.0.0.1 $SERVER_PORT # This is a marker for the PCAP file
echo -e "\n${1}\n"
stdbuf -oL -eL $WOLFSSL_ROOT/examples/server/server -u -p$SERVER_PORT $DTLS_VERSION $3 2>&1 | prepend "[server] " &
sleep 0.2
stdbuf -oL -eL $UDP_PROXY_BIN -p $PROXY_PORT -s 127.0.0.1:$SERVER_PORT $UDP_PROXY_EXTRA_ARGS $2 2>&1 | prepend "[udp-proxy] " &
sleep 0.2
# Wrap this command in a timeout so that a deadlock won't bring down the entire test
timeout -s KILL 1m stdbuf -oL -eL $WOLFSSL_ROOT/examples/client/client -u -p$PROXY_PORT $DTLS_VERSION $4 2>&1 | prepend "[client] "
if [ $? != 0 ]; then
echo "***Test failed***"
((NUM_TESTS_FAILED++))
fi
kill_server
}
test_dropping_packets () {
for i in $(seq 0 11);do
run_test "Dropping ${i}th packet" "-f $i" "-Ta" ""
done
# dropping last ack would be client error as wolfssl_read doesn't support WANT_WRITE as returned error
for i in $(seq 0 10);do
run_test "Testing WANT_WRITE: dropping packet $i" "-f $i" "-Ta -6" "-6"
done
}
# this test is based on detecting newSessionTicket message by its size. This is rather fragile.
test_dropping_new_session_ticket() { # usage: test_dropping_new_session_ticket <size>
run_test "Dropping new session ticket packet of size $1" "-F $1" "-w" "-w --waitTicket"
}
test_permutations () {
SIDE=$1
PERMUTATIONS=$(python3 << EOF
import itertools
for p in itertools.permutations("$2"):
print(''.join(p))
EOF
)
for i in $PERMUTATIONS;do
UDP_LOGFILE=$(mktemp)
run_test "Testing $SIDE permutations order $i" "-r $i -S $SIDE -l $UDP_LOGFILE" "-Ta -w" "-w"
echo "...produced $(grep -P 'client:|server:' $UDP_LOGFILE | wc -l) messages"
rm -f $UDP_LOGFILE
done
echo "All $SIDE msg permutations succeeded"
}
test_time_delays () {
DELAYS=$(python3 << EOF
import itertools
t = [0.1, 0.5, 1.1]
tt = []
for i in itertools.product(t, t, t):
tt.append(i * 15)
for i in tt:
print(','.join(map(lambda x: str(x) , i)))
EOF
)
for DELAY in $DELAYS;do
UDP_LOGFILE=$(mktemp)
run_test "Testing delay $DELAY" "-l $UDP_LOGFILE -t $DELAY" "-Ta -w" "-w"
echo "...produced $(grep -P 'client:|server:' $UDP_LOGFILE | wc -l) messages"
rm -f $UDP_LOGFILE
done
}
echo "Starting capture"
tcpdump -i lo -n port ${SERVER_PORT} -w ${PCAP_FILENAME} -U &
TCPDUMP_PID=$!
sleep 0.5
test_dropping_packets
test_permutations client 012
if [ "$DO_EXTENDED_SERVER_PERMUTATION_TEST" = "1" ];then
test_permutations server 0123456
else
test_permutations server 012
fi
test_dropping_new_session_ticket 200
# TODO: fix udp_proxy to not re-order close alert before app data
if [ "$DO_DELAY_TEST" = "1" ];then
test_time_delays
fi
if [ $NUM_TESTS_FAILED == 0 ]; then
echo -e "\nAll $NUM_TESTS_RUN tests SUCCEEDED!!!\n"
else
echo -e "\nThere were $NUM_TESTS_FAILED failures out of $NUM_TESTS_RUN tests\n"
fi
echo "The script ran for $SECONDS seconds"
exit $NUM_TESTS_FAILED
|
