Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
444 lines (442 sloc) 16.7 KB
#
# QUIC-Tracker
# Copyright (C) 2017-2018 Maxime Piraux
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License version 3
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ack_ecn:
name: ACK ECN
description: This test sets the ECT(0) flag after the handshake completes and verify the host to use ECN in the IP header as well as to send <code>ACK_ECN</code> frames in response.
error_codes:
1: The handshake did not complete
2: The test suite was not able to configure ECN
3: The host is not ECN-capable
4: The host set ECN in the IP header but did not send <code>ACK_ECN</code> frames
5: The host send an <code>ACK_ECN</code> frame but did not set ECN in the IP header
error_types:
error:
- 1
- 2
failure:
- 3
- 4
- 5
tags:
- post-handshake
ack_only:
name: ACK only
description: |
This test performs a handshake, then opens stream 0 to perform an HTTP/0.9 GET request. It will ack every packet with a packet containing a single ACK frame. The test fails and the connection is closed as soon as the host sends an ACK-only packet in response of an ACK-only packet.
error_codes:
1: The handshake did not complete
2: Host sent an ACK-only packet in response of an ACK-only packet
error_types:
error:
- 1
failure:
- 2
tags:
- post-handshake
address_validation:
name: Address validation
description: |
This test verifies that the server is validating the client address using the Client Address Validation Procedure and does not send more than three times the amount of data sent by the test. The test sends an Initial packet and then intentionally does not reply to any packet received. After 3 seconds of inactivity during which no violation has been observed, the test issues ACKs to the received packets and completes the handshake.
error_codes:
1: The handshake did not complete
2: The host sent more than three UDP datagrams without address validation
3: The host sent more than three times the initial amount of data sent
error_types:
error:
- 1
failure:
- 2
- 3
tags:
- post-handshake
connection_migration:
name: Connection Migration
description: |
This test performs and handshake and then replace its UDP connection with a new one 3 seconds after the connection is established. It will change the source port used to communicate with the host. Then it will open stream 0 to perform an HTTP/0.9 GET request and check if the host respond through this new connection. The host is also checked to validate the new path using <code>PATH_CHALLENGE</code>.
error_codes:
1: The TLS handshake failed
2: Another UDP connection could not be established
3: The host did not respond through the new connection
4: The host did respond on the new path but it did not validate it using <code>PATH_CHALLENGE</code> frames
error_types:
error:
- 1
- 2
failure:
- 3
- 4
tags:
- post-handshake
flow_control:
name: Flow control
description: |
This test checks the proper behavior of the flow-control mechanisms, namely <code>MAX_STREAM_DATA</code> frames and the <code>initial_max_stream_data_bidi_local</code> transport parameters.
A handshake will be performed and <code>initial_max_stream_data_bidi_local</code> will be set to 80 bytes. Then stream 0 is opened and a HTTP/0.9 GET request is performed.
The test checks if the host complies with the given limits and sends a 80-byte chunk of data, and will proceed to set an higher limit of 160 bytes with a <code>MAX_STREAM_DATA</code> frame. The tests will check if data is sent after increasing the limit, and if the host complies with it. The connection is closed after 10s.
error_codes:
1: The handshake did not complete
2: The host sent more data than the offset advertised
3: The host did not resume sending after increasing the limit
4: No enough data was available to perform the test
5: No <code>STREAM_BLOCKED</code> or <code>BLOCKED</code> frame were received
error_types:
error:
- 1
failure:
- 2
- 3
- 4
success:
- 5 # This was erroneously marked as an error
tags:
- post-handshake
handshake:
name: Handshake
description: |
This test performs a handshake and details which step made the handshake to fail if any.
error_codes:
1: The host sent a packet type that was not expected
2: The TLS handshake failed
3: No version advertised by the host matched the versions of the test
4: The host timed out
error_types:
failure:
- 1
- 2
- 3
- 4
handshake_retransmission:
name: Handshake retransmission
description: |
This test initiates a handshake but will not ack any of the Handshake packets received. It will record the interval at which the first Handshake packet and its retransmissions where received.
error_codes:
1: The host did not retransmit any Handshake packet
2: No version advertised by the host matched the versions of the test
3: The TLS handshake failed
4: The host sent more than 3 Handshake packets but did not include a <code>PATH_CHALLENGE</code>
5: More than 3 Handshake packets were received but not all of them included a <code>PATH_CHALLENGE</code>
6: After completing the <code>PATH_CHALLENGE</code>, the server did not respond to the request
error_types:
error:
- 3
failure:
- 1
- 2
- 4
- 5
- 6
handshake_v6:
name: Handshake IPv6
description: |
This test performs the same as the Handshake test, but uses IPv6.
error_codes:
1: The host sent a packet type that was not expected
2: The TLS handshake failed
3: No version advertised by the host matched the versions of the test
4: The host timed out
error_types:
failure:
- 1
- 2
- 3
- 4
http_get_and_wait:
name: HTTP GET
description: |
This test performs an HTTP GET request, setting <code>initial_max_bidi_streams</code> and
<code>initial_max_uni_streams</code> to 0, then reads and acknowledges the answer, waits
10 more seconds, analyzing the received packets and reporting any unexpected behavior.
error_codes:
1: The TLS handshake failed
2: Received an empty stream Frame with no FIN bit
3: Received a duplicated ACK frame
4: Received data on a forbidden stream ID
5: The error could not be determined
6: The host did not close the connection after its Idle Timeout
7: Multiple errors have been detected, see the details of the test
8: The test could not be performed
9: The host didn't send the requested data on stream 0
10: The host responded on stream 0 despite advertising a smaller <code>initial_max_bidi_streams</code>
error_types:
error:
- 1
- 8
failure:
- 2
- 4
- 5
- 7
- 9
- 10
success:
- 3 # This was erroneously marked as an error
tags:
- post-handshake
http_get_on_uni_stream:
name: HTTP GET on stream 2
description: |
This test performs an HTTP GET request on stream 2 and verifies that nothing is received on this stream. It analyzes the received packets and reports any unexpected behavior.
error_codes:
1: The TLS handshake failed
2: The host advertised a too low <code>initial_max_uni_streams</code> to perform the test
3: The host sent back data on stream 2
4: The host sent back data on a stream ID greater than the announced <code>initial_max_uni_streams</code>
5: Answered to a query made on a forbidden stream, i.e. a stream with an ID higher than advertised <code>initial_max_uni_streams</code>
6: The host advertised a too low <code>initial_max_uni_streams</code>, but it did not close the connection when stream 2 was opened
error_types:
error:
- 1
- 2
failure:
- 3
- 4
- 5
- 6
tags:
- post-handshake
key_update:
name: Key update
description: |
This test performs a 1-RTT handshake and then triggers a key update upon completion. An HTTP request is send with the new keys. The server completes the test if it is able to switch to the new keys and respond to the request.
error_codes:
1: The TLS handshake failed
2: The server did not respond using the new keys
error_types:
error:
- 1
failure:
- 2
tags:
- post-handshake
multi_stream:
name: Multiple streams
description: |
This test checks the support of using multiple streams. It will open the first bidirectional stream in a separate packet, then it will open up to 4 other streams together in a separate packet, depending on the <code>initial_max_bidi_streams</code> announced by the host. An HTTP request will be performed on each streams at their opening. The test checks that all streams are closed whenever the connection times out.
error_codes:
1: The TLS handshake failed
2: No transport parameters were received
3: Not all opened streams were closed
error_types:
error:
- 1
failure:
- 2
- 3
tags:
- post-handshake
new_connection_id:
name: New Connection ID
description: |
This test checks the support of the <code>NEW_CONNECTION_ID</code> frame, if sent by the server. The test will change the connection ID used to the first alternative CID provided by the server and provide one to the server. Then it will perform an HTTP/0.9 GET request. It will record whether or not the host has responded to the request, and protected the client anonymity by changing its CID.
error_codes:
1: The handshake did not complete
2: The host did not provide new connection IDs
3: When using the first of the alternative connection IDs, the host stopped responding
4: When using the first of the alternative connection IDs, the host responded without changing the connection ID
5: The host sent a connection ID with an invalid length
error_types:
error:
- 1
- 2
failure:
- 3
- 5
success:
- 4
tags:
- post-handshake
padding:
name: Padding only
description: |
This test sends a <code>Initial</code> packet containing only <code>PADDING</code> frames. It will record any response sent by the host.
error_codes:
1: No version advertised by the host matched the versions of the test
2: The host sent one or more packets in response
error_types:
error:
- 1
success:
- 2
retire_connection_id:
name: Retire Connection ID
description: |
This test retires the first batch of connection IDs received in <code>NEW_CONNECTION_ID</code> frames. The server should send new connection IDs in response.
error_codes:
1: The TLS handshake failed
2: The host did not provide new connection IDs
3: After retiring all connection IDs received, the server did not send new ones.
4: The host sent a connection ID with an invalid length
error_types:
error:
- 1
- 2
failure:
- 3
- 4
stop_sending_frame_on_receive_stream:
name: STOP_SENDING frame on a receive stream
description: |
This test sends a <code>STOP_SENDING</code> frame after an HTTP request on stream on the receive stream of the host and verifies if it handles it correctly, i.e. closing the connection with a <code>PROTOCOL_VIOLATION (0xa)</code> error.
error_codes:
1: The TLS handshake failed
2: The host did not close the connection
3: The host closed the connection with the wrong error code
4: The host advertised a too low <code>initial_max_uni_streams</code> to perform the test
error_types:
error:
- 1
- 4
failure:
- 2
- 3
tags:
- post-handshake
transport_parameters:
name: Transport Parameters
description: |
This test records the transport parameters sent by the host during a successful handshake. It also sends 16 transport parameters reserved for <i>Private Use</i>. It will perform version negotation if needed and will check if transport parameters are resent after its success.
error_codes:
1: No transport parameters were received
2: No transport parameters were received after version negation
3: The handshake did not complete
4: The host did not include some mandatory transport parameters
error_types:
error:
- 3
failure:
- 1
- 2
- 4
unsupported_tls_version:
name: Unsupported TLS version
description: |
This tests asserts the correct behavior of the host when encountering an unsupported TLS version, i.e. closing the connection with error code TLS alert <code>protocol_version (0x146)</code>.
error_codes:
1: The host did not close the connection
2: The host closed the connection with an incorrect error code
3: No version advertised by the host matched the versions of the test
4: The host sent a type of packet that was not expected
error_types:
failure:
- 1
- 2
- 3
- 4
version_negotiation: &vneg
name: Version Negotiation
description: |
This test will explicitly initiate the version negotiation process by setting the Initial packet version to <code>0x1a2a3a4a</code>. It will record the version negotiation advertised by the host if any. If a Version Negotiation packet is received, other Initial will be sent to check the Unused fields received to be random.
error_codes:
1: The host sent a packet type that was not expected
2: VN_DidNotEchoVersion # Not used anymore
3: VN_LastTwoVersionsAreActuallySeal # Not used anymore
4: The host timed out before responding to version negotiation
5: The host sent Version Negotiation packets with identical Unused field.
error_types:
failure:
- 1
- 2
- 3
- 4
- 5
version_negotation:
*vneg
zero_rtt:
name: 0-RTT
description: This test performs a regular 1-RTT connection then close it and uses the resumption secret to establish a 0-RTT connection. A HTTP GET request is performed during 0-RTT connection establishment and the host is checked to answer the request.
error_codes:
1: The 1-RTT TLS handshake failed
2: No resumption secret was provided by the host
3: The 0-RTT TLS handshake failed
4: The host didn't send the requested data on stream 4
error_types:
error:
- 1
failure:
- 2
- 3
- 4
tags:
- post-handshake
stream_opening_reordering:
name: Stream opening reordering
description: |
This test opens a stream, performs an HTTP request and then close the stream through the sending of a separate STREAM frame with the FIN bit set. The test specifically tests for support of reordering by sending first the packet containing the FIN bit and then the packet containing the STREAM frame. The first packet sent will have a higher packet number than the second.
error_codes:
1: The TLS handshake failed
2: The host did not answer to the <code>GET</code> request
error_types:
error:
- 1
failure:
- 2
tags:
- post-handshake
http3_get:
name: HTTP/3 GET
description: This test performs an HTTP/3 request after establishing a 1-RTT connection. The test completes if a complete response is received.
error_codes:
1: The TLS handshake failed
2: The HTTP/3 request timed out
3: Not enough unidirectional streams available
error_types:
error:
- 1
- 3
failure:
- 2
tags:
- post-handshake
- http3
http3_encoder_stream:
name: HTTP/3 Encoder stream
description: This test ensures that the server is able to process the client encoder stream by encoding the request headers such that a table update is issued.
error_codes:
1: The TLS handshake failed
2: The HTTP/3 request timed out
3: Not enough unidirectional streams available
4: No <code>SETTINGS</code> were received
error_types:
error:
- 1
- 3
- 4
failure:
- 2
tags:
- post-handshake
- http3
http3_uni_streams_limits:
name: HTTP/3 Unidirectional streams limits
description: This test verifies that the server is able to comply with only a single unidirectional stream available when performing HTTP/3, and thus is able to use the static QPACK table only.
error_codes:
1: The TLS handshake failed
2: The HTTP/3 request timed out
3: Not enough unidirectional streams available
4: The server opened more streams than allowed
error_types:
error:
- 1
- 3
- 4
failure:
- 2
tags:
- post-handshake
- http3
http_get:
name: CLI HTTP GET
description: ~