Documentation/guides/testingtcpip.rst - nuttx - Git at Google

 =============================
 Testing TCP/IP Network Stacks
 =============================

 When working on the network stack there is a need to test and verify the changes
 made. While problems may be discovered by chance, it is hard to reproduce such
 situations. The following sections show some methods to stress the target or
 generate some specific traffic.

 In the examples the target has the IP address 192.168.2.135

 SYN Flood Attack
 ================

 Flood the target with SYN packets to exhaust its resources.
 It's a good way to test the network driver's buffer management.

 .. code-block:: bash

    sudo hping3 --flood -S -p 80 192.168.2.135

 Building Packets with Scapy
 ===========================

 A wonderful network testing tool is the Scapy lib.
 It enables you to build pretty much any packet constellation you need for testing.

 You have to add an iptables rule to prevent outgoing RST packets from the OS's
 networking stack which does nothing know about our test connection.

 To disable outgoing RST packets:

 .. code-block:: bash

    sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -d 192.168.2.135 -j DROP

 For removing the rule:

 .. code-block:: bash

    sudo iptables -D OUTPUT -p tcp --tcp-flags RST RST -d 192.168.2.135 -j DROP

 **Testing Re-transmission behavior**

 When sending a 3-way handshake only, the target should time out and reset the
 connection.

 The following Python Scapy script starts a HTTP request without further responding.
 The stack should start re-transmit the packets and finally time out.

 .. code-block:: python

    #!/usr/bin/env python

    import logging
    logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
    from scapy.all import *

    get = 'GET / HTTP/1.1\r\n\r\n'

    ip = IP(dst="192.168.2.135")
    port = RandNum(1024, 65535)

    # Create SYN packet
    SYN = ip/TCP(sport=port, dport=80, flags="S", seq=42)

    # Send SYN and receive SYN,ACK
    SYNACK = sr1(SYN)

    # Create ACK with GET request
    ACK = ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1)

    # SEND our ACK
    send(ACK)

    reply, err = sr(ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1) / get)

 Simulating Packet Loss
 ======================

 With simulating packet loss one can test the re-transmission behavior of the
 target stack.

 To start packet loss:

 .. code-block:: bash

    # for randomly dropping 10% of incoming packets:
    sudo iptables -A INPUT -m statistic --mode random --probability 0.1 -j DROP

    # and for dropping 10% of outgoing packets:
    sudo iptables -A OUTPUT -m statistic --mode random --probability 0.1 -j DROP

 To remove the rules:

 .. code-block:: bash

    # for the incoming packets:
    sudo iptables -D INPUT -m statistic --mode random --probability 0.1 -j DROP

    # and for the outgoing packets
    sudo iptables -D OUTPUT -m statistic --mode random --probability 0.1 -j DROP

 Fuzz-Testing
 ============

 For fuzz testing network applications the excellent
 `SPIKE <https://www.immunitysec.com/resources-freesoftware.shtml>`_ tool can be
 used. To make it compile under Ubuntu 14.04 LTS you have to add
 ``-fno-stack-protector`` to CFLAGS.

 SPIKE complained about missing SSL libs. I simply linked the existing to the needed
 filenames::

   /lib/i386-linux-gnu$ sudo ln -s ./libssl.so.1.0.0 ./libssl.so.0
   /lib/i386-linux-gnu$ sudo ln -s ./libcrypto.so.1.0.0 ./libcrypto.so.0

 Maybe those lib versions aren't the expected by SPIKE but if you don't use SSL
 it works fine.

 SPIKE provides a proxy server to record requests to your web application. Based
 on these requests a application specific fuzz test can be generated.

 .. code-block:: bash

    ~/SPIKE/src$ mkdir requests && cd requests
    # Record requests to the target at 192.168.2.135 on port 80
    ~/SPIKE/src/requests$ ../webmitm -t 192.168.2.135 -p 80

 Now use your web application through localhost to record some requests. Then you
 can generate your application-specific fuzz test from the recorded requests.

 .. code-block:: bash

    ~/SPIKE/src$ ./makewebfuzz.pl ./requests/http_request-1.0 > myfuzz.c
    ~/SPIKE/src$ gcc ./myfuzz.c -I../include -o myfuzz -L. -ldlrpc -ldl

 Now you can fuzz your target:

 .. code-block:: bash

    ~/SPIKE/src$ LD_LIBRARY_PATH=. ./myfuzz 192.168.2.135 80
	=============================
	Testing TCP/IP Network Stacks
	=============================

	When working on the network stack there is a need to test and verify the changes
	made. While problems may be discovered by chance, it is hard to reproduce such
	situations. The following sections show some methods to stress the target or
	generate some specific traffic.

	In the examples the target has the IP address 192.168.2.135

	SYN Flood Attack
	================

	Flood the target with SYN packets to exhaust its resources.
	It's a good way to test the network driver's buffer management.

	.. code-block:: bash

	sudo hping3 --flood -S -p 80 192.168.2.135

	Building Packets with Scapy
	===========================

	A wonderful network testing tool is the Scapy lib.
	It enables you to build pretty much any packet constellation you need for testing.

	You have to add an iptables rule to prevent outgoing RST packets from the OS's
	networking stack which does nothing know about our test connection.

	To disable outgoing RST packets:

	.. code-block:: bash

	sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -d 192.168.2.135 -j DROP

	For removing the rule:

	.. code-block:: bash

	sudo iptables -D OUTPUT -p tcp --tcp-flags RST RST -d 192.168.2.135 -j DROP

	Testing Re-transmission behavior

	When sending a 3-way handshake only, the target should time out and reset the
	connection.

	The following Python Scapy script starts a HTTP request without further responding.
	The stack should start re-transmit the packets and finally time out.

	.. code-block:: python

	#!/usr/bin/env python

	import logging
	logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
	from scapy.all import *

	get = 'GET / HTTP/1.1\r\n\r\n'

	ip = IP(dst="192.168.2.135")
	port = RandNum(1024, 65535)

	# Create SYN packet
	SYN = ip/TCP(sport=port, dport=80, flags="S", seq=42)

	# Send SYN and receive SYN,ACK
	SYNACK = sr1(SYN)

	# Create ACK with GET request
	ACK = ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1)

	# SEND our ACK
	send(ACK)

	reply, err = sr(ip/TCP(sport=SYNACK.dport, dport=80, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1) / get)

	Simulating Packet Loss
	======================

	With simulating packet loss one can test the re-transmission behavior of the
	target stack.

	To start packet loss:

	.. code-block:: bash

	# for randomly dropping 10% of incoming packets:
	sudo iptables -A INPUT -m statistic --mode random --probability 0.1 -j DROP

	# and for dropping 10% of outgoing packets:
	sudo iptables -A OUTPUT -m statistic --mode random --probability 0.1 -j DROP

	To remove the rules:

	.. code-block:: bash

	# for the incoming packets:
	sudo iptables -D INPUT -m statistic --mode random --probability 0.1 -j DROP

	# and for the outgoing packets
	sudo iptables -D OUTPUT -m statistic --mode random --probability 0.1 -j DROP

	Fuzz-Testing
	============

	For fuzz testing network applications the excellent
	`SPIKE <https://www.immunitysec.com/resources-freesoftware.shtml>`_ tool can be
	used. To make it compile under Ubuntu 14.04 LTS you have to add
	``-fno-stack-protector`` to CFLAGS.

	SPIKE complained about missing SSL libs. I simply linked the existing to the needed
	filenames::

	/lib/i386-linux-gnu$ sudo ln -s ./libssl.so.1.0.0 ./libssl.so.0
	/lib/i386-linux-gnu$ sudo ln -s ./libcrypto.so.1.0.0 ./libcrypto.so.0

	Maybe those lib versions aren't the expected by SPIKE but if you don't use SSL
	it works fine.

	SPIKE provides a proxy server to record requests to your web application. Based
	on these requests a application specific fuzz test can be generated.

	.. code-block:: bash

	~/SPIKE/src$ mkdir requests && cd requests
	# Record requests to the target at 192.168.2.135 on port 80
	~/SPIKE/src/requests$ ../webmitm -t 192.168.2.135 -p 80

	Now use your web application through localhost to record some requests. Then you
	can generate your application-specific fuzz test from the recorded requests.

	.. code-block:: bash

	~/SPIKE/src$ ./makewebfuzz.pl ./requests/http_request-1.0 > myfuzz.c
	~/SPIKE/src$ gcc ./myfuzz.c -I../include -o myfuzz -L. -ldlrpc -ldl

	Now you can fuzz your target:

	.. code-block:: bash

	~/SPIKE/src$ LD_LIBRARY_PATH=. ./myfuzz 192.168.2.135 80