go/dpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Switch to new test harness

Browse Source
This commit is contained in:
maze
2025-10-09 15:37:17 +02:00
parent 170a038612
commit fd55412020
8 changed files with 567 additions and 304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
protocol/detect_tls_test.go
View File

@@ -2,7 +2,6 @@ package protocol
import (
"encoding/hex"
"errors"
"strings"
"testing"
)
@@ -167,52 +166,91 @@ func TestDetectTLS(t *testing.T) {
0x00, 0x00, 0x00, 0x25, 0x00, 0x03, 0x00, 0x00,
}
tests := []*testCase{
{
Name: "SSLv3",
Direction: Client,
Data: sslV3ClientHello,
DstPort: 443,
WantProto: ProtocolSSL,
WantConfidence: .95,
},
{
Name: "TLS 1.1",
Direction: Client,
Data: tls11ClientHello,
DstPort: 443,
WantProto: ProtocolTLS,
WantConfidence: .95,
},
{
Name: "TLS 1.2",
Direction: Client,
Data: tls12ClientHello,
DstPort: 443,
WantProto: ProtocolTLS,
WantConfidence: .95,
},
{
Name: "TLS 1.3",
Direction: Client,
Data: tls13ClientHello,
DstPort: 443,
WantProto: ProtocolTLS,
WantConfidence: .95,
},
{
Name: "Invalid PostgreSQL",
Direction: Client,
Data: pgClientStartup,
DstPort: 5432,
WantError: ErrUnknown,
},
}
defer func() { Strict = false }()
for _, strict := range []bool{false, true} {
Strict = strict
name := "loose"
if strict {
name = "strict"
t.Run("strict", func(t *testing.T) {
testRunner(t, tests)
})
} else {
// Strict runner doesn't allow for partial packet matching:
t.Run("loose", func(t *testing.T) {
testRunner(t, append([]*testCase{
{
Name: "TLS 1.1 partial",
Direction: Client,
Data: tls11ClientHelloPartial,
DstPort: 443,
WantProto: ProtocolTLS,
WantConfidence: .50,
},
}, tests...))
})
}
t.Run(name, func(t *testing.T) {
/*
t.Run("SSLv3 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, sslV3ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolSSL {
t.Fatalf("expected ssl protocol, got %s", p.Name)
return
}
})
t.Run(name, func(t *testing.T) {
t.Run("TLS 1.1 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls11ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
})
t.Run("TLS 1.1 partial Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls11ClientHelloPartial, 0, 0)
if strict {
if !errors.Is(err, ErrUnknown) {
t.Fatalf("expected unknown format, got error %T: %q", err, err)
} else {
t.Logf("error %q, as expected", err)
t.Run("SSLv3 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, sslV3ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
} else {
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolSSL {
t.Fatalf("expected ssl protocol, got %s", p.Name)
return
}
})
t.Run("TLS 1.1 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls11ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
@@ -222,44 +260,65 @@ func TestDetectTLS(t *testing.T) {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
}
})
})
t.Run("TLS 1.2 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls12ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
})
t.Run("TLS 1.1 partial Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls11ClientHelloPartial, 0, 0)
if strict {
if !errors.Is(err, ErrUnknown) {
t.Fatalf("expected unknown format, got error %T: %q", err, err)
} else {
t.Logf("error %q, as expected", err)
}
} else {
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
}
})
t.Run("TLS 1.3 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls13ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
})
t.Run("TLS 1.2 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls12ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
})
t.Run("Invalid PostgreSQL", func(t *testing.T) {
_, _, err := Detect(Server, pgClientStartup, 0, 0)
if !errors.Is(err, ErrUnknown) {
t.Fatalf("expected unknown format, got error %T: %q", err, err)
} else {
t.Logf("error %q, as expected", err)
}
t.Run("TLS 1.3 Client Hello", func(t *testing.T) {
p, _, err := Detect(Client, tls13ClientHello, 0, 0)
if err != nil {
t.Fatal(err)
return
}
t.Logf("detected %s version %s", p.Name, p.Version)
if p.Name != ProtocolTLS {
t.Fatalf("expected tls protocol, got %s", p.Name)
return
}
})
t.Run("Invalid PostgreSQL", func(t *testing.T) {
_, _, err := Detect(Server, pgClientStartup, 0, 0)
if !errors.Is(err, ErrUnknown) {
t.Fatalf("expected unknown format, got error %T: %q", err, err)
} else {
t.Logf("error %q, as expected", err)
}
})
})
})
*/
}
}