1 \subsection{Preflight checklist
}
2 Before actual certification is commenced we perform a manual test using a
4 If any of the checks fail we immediately reject the product.
5 The checklist is given in the table below. All commands in
\texttt{monospace
}
6 are to be run in a terminal. Commands prefixed with a
\texttt{\#
} should be run
7 with root permissions. Commands prefixed with a
\texttt{\$
} should be run with
10 \begin{longtable
}{|l|rp
{.8\linewidth}|
}
12 Check
1 &
\multicolumn{2}{l|
}{Get the SUT in a workable state.
}\\
14 \multirow{3}{*
}{Course of action
}
15 &
1. & Import the VirtualBox image into VirtualBox.\\
17 &
3. & Verify the SUT booted successfully and the network modules are
20 Passed &
\multicolumn{2}{l|
}{\textit{Yes/No
}}\\
22 Check
2 &
\multicolumn{2}{l|
}{Verify the SUT is complete.
}\\
24 \multirow{5}{*
}{Course of action
}
25 &
1. & Boot the SUT as in
\emph{Check
1}.\\
26 &
2. & Verify the loopback device exists by running
27 \texttt{\$ ifconfig
}.\\
28 &
3. & Verify the
\emph{echo-server
} is present on the system by running
29 \texttt{\$ file code/server/Main.java
}\\
30 &
4. & Verify
\emph{Scapy
} is present on the system by running
32 &
5. & Verify all scripts used for testing are present on the system.\\
34 Passed &
\multicolumn{2}{l|
}{\textit{Yes/No
}}\\
36 Check
3 &
\multicolumn{2}{l|
}{Initialize the testing environment..
}\\
38 \multirow{6}{*
}{Course of action
}
39 &
1. & Boot the SUT as in
\emph{Check
1}.\\
40 &
2. & Setup iptables by executing
41 \texttt{\# code/iptables.sh
}~
\footnote{The IPTables script ensures
42 that the OS does not drop packets due to an the unknown source.
}\\
43 &
3. & Navigate to the working directory by running
44 \texttt{\$ cd /home/student/tt2015
}\\
45 &
4. & Compile the echo server by running
46 \texttt{\# cd code/server \&\& make
}\\
47 &
5. & Start the echo server by running
48 \texttt{\# cd code/server \&\& java Main
}\\
49 &
6. & Generate all test cases by running
50 \texttt{\$ python code/client/gen.py
}\\
52 Passed &
\multicolumn{2}{l|
}{\textit{Yes/No
}}\\
54 Check
4 &
\multicolumn{2}{l|
}{Test the tool environment.
}\\
56 \multirow{3}{*
}{Course of action
}
57 &
1. & Initialize the SUT as in
\emph{Check
3}\\
58 &
2. & Execute the test script by running
59 \texttt{\# code/client/helloworld.py
}\\
60 &
3. & Verify the console displays a success message.\\
62 Passed &
\multicolumn{2}{l|
}{\textit{Yes/No
}}\\
64 Check
5 &
\multicolumn{2}{l|
}{All test inputs and scripts are present.
}\\
66 \multirow{2}{*
}{Course of action
}
67 &
1. & Boot the SUT as in
\emph{Check
1}.\\
68 &
2. & Verify that the test generation script is present by running
69 \texttt{\$ file code/client/test.py
}\\
71 Passed &
\multicolumn{2}{l|
}{\textit{Yes/No
}}\\
73 \caption{Preflight checklist
\label{tbl:preflight
}}
76 \subsection{Testing of SUT
}
77 The SUT is a series of services for other computer programs with no end-user
78 facing interface. Therefore the SUT will be tested solely by calling it's
79 services through various automated scripts. An automated test suite will be
80 available which executes all these automated scripts and aggregates their
81 results to asses whether or not the SUT has passed the test.
83 The implementation of the SUT is tested using black box testing techniques. A
84 series of tests asses the correctness of the implementation with regards to the
85 TCP specification. These tests are specified in Table~
\ref{tbl:testpairs
}. The test cases aim to cover the most interesting parts of the TCP
88 To cover the TCP specification as complete as possible while still maintaining
89 a feasible test suite the tests are divided into equivalence partitions. Below
90 these partitions are given.
93 \item \emph{Number of segments
} in request~
\footnote{A request is
94 considered establishing a connection (handshake) and a number of
97 \item 0 payload segments
98 \item 1 payload segments
99 \item n=small payload segments (
1 byte)
100 \item n=big payload segments (
65495 bytes)
102 \item \emph{source port
}
107 \item \emph{destination port
}
112 \item Bit errors in
\emph{payload
}
114 \item Correct payload
115 \item Payload with bit flips that do not show in checksum
116 \item Payload with bit flips that do show in checksum
118 \item \emph{checksum
}
123 \item \emph{Segment order
}
127 \item Missing Segments
131 These partitions were chosen since they correspond to key parts of the TCP
134 TCP segments are send over a TCP connection from a
\emph{source
} to a
\emph{destination port
}. Therefore segments which are received that have a
135 source or destination port set to an incorrect value should not be regarded
136 as segments belonging to the connection by the SUT.
138 TCP uses a
\emph{checksum
} to catch any error introduced in headers, when this
139 checksum does not match the actual computed checksum the SUT should
140 disregard the received segment.
142 The TCP checksum is also an inherently weak one, as it is simply the
143 bitwise negation of the addition, in ones complement arithmetic,
144 of all
16 bit words in the header and data of the segment (excluding the
145 checksum itself). Therefore any
\emph{bit error
} where the ones complement value
147 increases by one, and the value of another decreases by one, is undetected.
148 The SUT should exhibit the same behavior and accept packets where these type
151 TCP guarantees that segments are delivered
\emph{in order
}
152 ,even when they are received
153 out of order and that missing segments are resend. The SUT should
154 exhibit the same behavior. If segments are received out of order it should
155 either reassemble them when the missing packet has arrived or request them to
156 be resend when the Missing segments should be re-requested (by ACK-ing
157 the correct sequence number).
161 Partitions
2 to
6 are tested using pairwise testing to keep the number of test
162 cases feasible. The pairs are then all *except some where it does not make sense
163 to do so) tested with the different request sizes of partition
1.
165 This is expressed in Table~
\ref{tbl:testpairs
}. In this table the first five
166 columns represent the different options for the partitions
2 to
6 of the above
167 enumeration. The last four columns are the different number segments as
168 described in the partition
1 of the above enumeration. These cells identify
169 individual test cases by a number. An
\xmark in the cell indicates that this
170 test case can not be created as it is not possible with that number of segments
171 (eg. sending segments out of order when the number of segments is
1).
176 \begin{tabular
}{|l|l|l|l|l|l||l|l|l|l|
}
178 &
\multicolumn{9}{c|
}{\textbf{Partition
}}\\
180 &
4 &
5 &
3 &
6 &
2 &
1a &
1b &
1c &
1d\\
182 \multirow{9}{*
}{Instance
}
183 & a & a & a & a & a &
\doTCC &
\doTCC &
\doTCC &
\doTCC\\
184 & a & b & b & c & b &
\xmark &
\xmark &
\doTCC &
\doTCC\\
185 & c & a & b & a & b &
\xmark &
\xmark &
\doTCC &
\doTCC\\
186 & c & b & a & c & a &
\xmark &
\xmark &
\doTCC &
\doTCC\\
187 & b & a & b & c & a &
\xmark &
\xmark &
\doTCC &
\doTCC\\
188 & b & b & a & b & b &
\xmark &
\xmark &
\doTCC &
\doTCC\\
189 & c & b & b & a & b &
\xmark &
\doTCC &
\doTCC &
\doTCC\\
190 & b & b & b & a & b &
\xmark &
\doTCC &
\doTCC &
\doTCC\\
191 & a & b & b & b & a &
\xmark &
\xmark &
\doTCC &
\doTCC\\
194 \caption{Combinations of test cases
}
195 \label{tbl:testpairs
}
198 \subsection{Quality, completeness and coverage of tests
}
200 The network packets used in testing are constructed from prerecorded, known to
201 be correct, network traffic. These packets are then modified with well used and
202 field tested tools. Due to this the chance of errors in the test cases is quite
203 low. However, no formal proof of correctness of the test cases is present, this
204 means that any defects found might not be the result of a fault in the SUT.
205 Therefore detected defects should only indicate there is a high chance that
206 there is a fault in the SUT and can not result directly in the conclusion that
207 there actually is one.
211 Due to the nature of black-box testing coverage of the code in the
212 implementation of the SUT is unknown. However completeness of the tests over
213 the specification of the SUT can be assessed.
217 Due to the clear and exhaustive specification of TCP the completeness of the
218 test suite can be clearly assessed.
220 As always, $
100\%$ completeness is not feasible, therefore test cases are
221 carefully selected to cover the most interesting parts of the TCP specification
222 to ensure a complete but feasible test suite.
224 To further increase the coverage of the test suites tests are randomized. The
225 tests which test the handling of
\emph{bit errors
}, changes in the
\emph{packet
226 order
} and
\emph{dropped packets
} randomize where they introduce an error. The
227 test suite runs these tests multiple times to increase the likelihood that they
228 discover a fault which is only present when an error occurs in a certain
231 To further decrease the number of tests needed test cases are divided into
232 equivalence partitions and the combination of cases as described in
233 Table~
\ref{tbl:testpairs
} ensures that all partitions are
234 covered and the number of individual tests is still feasible.
238 % wat ik ook probeer ik krijg de eerste collum
239 % zijn tekst niet verticaal gecentered
243 \subsection{Test suite
}
245 Before executing the test suite the test environment has to be initialized.
248 \item Boot the vm using VirtualBox.
249 \item Setup iptables by executing
\texttt{\# code/iptables.sh
}
250 \item Navigate to the working directory by running
251 \texttt{\$ cd /home/student/tt2015
}
252 \item Start the echo server by running
253 \texttt{\# cd code/server \&\& Java Main
}
256 \subsubsection{Preflight checks
}
257 The we do the preflight checks as defined in Table~
\ref{tbl:preflight
}.
259 \subsubsection{Test Cases
}
260 If the SUT passes the preflight checks the actual test cases can be executed.
261 Table~
\ref{tbl:testcases
} shows the expected results of each of the test cases
262 described in Table~
\ref{tbl:testpairs
}.
267 \begin{tabular
}{|l|p
{.7\linewidth}|
}
269 Test number & Expected results\\
271 \doTCC & An ACK\# of the send sequence number +
1.\\
\hline
272 \doTCC & An ACK\# of the sequence number of the last send segment + the
273 size of the payload of that segment.\\
\hline
274 \doTCC & An ACK\# of the sequence number of the last send segment + the
275 size of the payload of that segment.\\
\hline
276 \doTCC & An ACK\# of the sequence number of the last send segment + the
277 size of the payload of that segment.\\
\hline
278 \doTCC & The ACK\# for the SEQ\# of the first segments which is
279 corrupted is received for each consecutive segment send.\\
282 \doTCC & The ACK\# for the SEQ\# of the first segments which is
283 corrupted is received for each consecutive segment send.\\
\hline
284 \doTCC & The segment is not attributed to the current connection
285 and therefore no ACK\# is received. \\
\hline
286 \doTCC & The ACK\# for the SEQ\# of the first segments which is
287 corrupted is received for each consecutive segment send.\\
\hline
288 \doTCC & The ACK\# for the SEQ\# of the first segments which is
289 corrupted is received for each consecutive segment send.\\
\hline
290 \doTCC & The segment is not attributed to the current connection
291 and therefore no ACK\# is received. \\
\hline
292 \doTCC & The ACK\# for the SEQ\# of the first segments which is
293 corrupted is received for each consecutive segment send.\\
\hline
294 \doTCC & The ACK\# for the SEQ\# of the first segments which is
295 corrupted is received for each consecutive segment send.\\
\hline
296 \doTCC & The ACK\# for the SEQ\# of the first segments which is
297 corrupted is received for each consecutive segment send.\\
\hline
298 \doTCC & The ACK\# for the SEQ\# of the first segments which is
299 corrupted is received for each consecutive segment send.\\
\hline
301 \caption{Expected results of test cases
}
302 \label{tbl:testcases
}
305 % Bij Ramons afwezigheid
306 % Paul Vitero (linkerkant lange gang)
307 % verdieping Mercator
310 %\begin{longtable}{|p{.2\linewidth}|p{.8\linewidth}|}
313 %Title & Single valid request with 1byte payload. \\\hline
314 %Input & Generated packets. \\\hline
315 %Expected output & Packets echoed back by Echo-Server. \\\hline
316 %\multirow{2}{*}{Course of action}
317 %& 1. Use the steps listed above in order to start the SUT. \\
318 %& 2. Execute the script by running \texttt{\# code/client/tests/1.py} \\\hline
319 %Valid trace & Verify that the script prints 'Success'. \\\hline
323 %Title & Single valid request with 65495bytes payload. \\\hline
324 %Input & Generated packets. \\\hline
325 %Expected output & Packets echoed back by Echo-Server. \\\hline
326 %\multirow{2}{*}{Course of action}
327 %& 1. Use the steps listed above in order to start the SUT. \\
328 %& 2. Execute the script by running \texttt{\# code/client/tests/2.py} \\\hline
329 %Valid trace & Verify that the script prints 'Success'. \\\hline
333 %Title & 5 valid requests with 1byte payload. \\\hline
334 %Input & Generated packets. \\\hline
335 %Expected output & Packets echoed back by Echo-Server, in the same order as the client sent them. \\\hline
336 %\multirow{2}{*}{Course of action}
337 %& 1. Use the steps listed above in order to start the SUT. \\
338 %& 2. Execute the script by running \texttt{\# code/client/tests/3.py} \\\hline
339 %Valid trace & Verify that the script prints 'Success'. \\\hline
343 %Title & 5 valid requests with 65495bytes payload. \\\hline
344 %Input & Generated packets with 65495bytes payload. \\\hline
345 %Expected output & Packets echoed back by Echo-Server, in the same order as the client sent them. \\\hline
346 %\multirow{2}{*}{Course of action}
347 %& 1. Use the steps listed above in order to start the SUT. \\
348 %& 2. Execute the script by running \texttt{\# code/client/tests/4.py} \\\hline
349 %Valid trace & Verify that the script prints 'Success'. \\\hline
353 %Title & 5 valid requests with 1byte payload sent out of order. \\\hline
354 %Input & Generated packets with 1byte payload, two packets are swapped in position. \\\hline
355 %Expected output & All requests sent up to and including
356 %the swapped packet with the lowest sequence number, the remaining packets are dropped. \\\hline
357 %\multirow{2}{*}{Course of action}
358 %& 1. Use the steps listed above in order to start the SUT. \\
359 %& 2. Execute the script by running \texttt{\# code/client/tests/5.py} \\\hline
360 %Valid trace & Verify that the script prints 'Success'. \\\hline
364 %Title & Request with corrupted source port. \\\hline
365 %Input & Generated packets with 1byte payload, in these packets the source port number is increased by one. \\\hline
366 %Expected output & - \\\hline
367 %\multirow{2}{*}{Course of action}
368 %& 1. Use the steps listed above in order to start the SUT. \\
369 %& 2. Execute the script by running \texttt{\# code/client/tests/6.py} \\\hline
370 %Valid trace & Verify that the script prints 'Success'. \\\hline
375 %Title & Request with corrupted destination port. \\\hline
376 %Input & Generated packets with 1byte payload, in these packets the destination port number is increased by one. \\\hline
377 %Expected output & - \\\hline
378 %\multirow{2}{*}{Course of action}
379 %& 1. Use the steps listed above in order to start the SUT. \\
380 %& 2. Execute the script by running \texttt{\# code/client/tests/6.py} \\\hline
381 %Valid trace & Verify that the script prints 'Success'. \\\hline
386 %\begin{tabularx}{\linewidth}{| l | X|}
389 %Title & Single valid request. \\\hline
390 %Input & Pcap file with prerecorded valid packets. \\\hline
391 %Expected output & Pcap file with valid response to request. \\\hline
392 %Course of action & \begin{enumerate}
393 % \item Execute \emph{./scripts/tests/case1-single-valid.sh}
394 % \item Load \emph{output/case1.pcap} with ...
395 %\end{enumerate} \\\hline
396 %Valid trace & \begin{enumerate}
397 % \item \textbf{Hier packets benoemen?}
398 %\end{enumerate} \\\hline
401 %\begin{tabularx}{\linewidth}{| l | X|}
404 %Title & Single request with corrupted checksum. \\\hline
405 % Input & Pcap file used as \emph{test-case 1} input. \\\hline
406 % Expected output & No response from SUT, logs with rejected packets. \\\hline
407 % Course of action & \begin{enumerate}
408 % \item Load input pcap file into ....
409 % \item Corrupt checksum of loaded packets.
410 % \item Save resulting packets as pcap file.
411 % \item Load new pcap file into ...
412 % \item Replay new pcap file.
413 % \item Record SUT response using...
414 % \item Extract log with rejected packets.
415 % \item Save recorded packets as a pcap file.
416 % \item Analyze packets in resulting file.
417 % \end{enumerate} \\\hline
418 % Valid trace & \begin{enumerate}
419 % \item \textbf{Aangeven welke packets corrupted zijn?}
420 % \end{enumerate} \\\hline