TCP/IP Regression Test Suite

Author: Nanjun Li

Update: 2008-08-26

1. Introduction

TCP/IP Regression Test Suite is a set of programs testing the perform-ability of a host in a TCP/IP network (i.e. Internet). It is implemented on a FreeBSD machine by employing libpcap, a library for BSD Packet Filter [1], to capture frames on Link Layer, decode them into human-readable format, and send crafted packets to check if the host meets RFC793's requirements [2]. It includes:

1) State Machine Test: covering connection establishment / abort /disconnect by sending TCP segment with control flags (SYN, FIN etc), timing the response and checking the validity of returned packets;

2) Transmission Reliability Test: covering target host’s reliability in handling segments with out-of-order sequence numbers.

2. Problems to Solve

1) Dynamic decoding, as TCP options vary the header's length;

2) Valid TCP checksum, which is strict and tricky;

3) Automatic testing, i.e., if an ACK is not sent on time after SYN_ACK arrival, the target host may drop the half-open connection;

4) Emulation. We have to silence the source’s TCP module by installing firewall and recompile the kernel to ban outgoing packets, or employ other means to have the target believe that all packets are from the same source (I choose the latter approach for user’s convenience).

3. Design

Figure 1 Design of TCP Regression Test Suite

The suite is currently a C program downloadable from [3]. Its architecture is presented in Figure 1, comprising of three functions: main, packet sniffer and decoder (callback function to decode packets from binary to human readable format). TIRTS tests a target machine following these steps:

1) main forks a sniffer after start-up

2) sniffer captures packets on a given device and triggers decoder_cb on packet arrival and departure

3) main initiates a TCP socket to establish a normal TCP connection with target machine

4) main gets TCP connection's context (seq and ack numbers) from sniffer via pipes

5) main sends in-order data via TCP socket and out-of-data in crafted packets, exams the acknowledgments

6) main closes the connection and kills the sniffer

All packets in the test are saved in output file “dump”.

4. Output Sample

1: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

2: 0-18-8b-c-aa-9c > 0-c-db-dd-ba-0 type=0x800

3: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

4: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

5: 0-18-8b-c-aa-9c > 0-c-db-dd-ba-0 type=0x800

6: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

7: 0-18-8b-c-aa-9c > 0-c-db-dd-ba-0 type=0x800

8: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

9: 0-18-8b-c-aa-9c > 0-c-db-dd-ba-0 type=0x800

10: 0-c-db-dd-ba-0 > 0-18-8b-c-aa-9c type=0x800

Packet 1, 2 and 3 were sent in connection establishment (SYN, SYN ACK and ACK)

Packet 4 carries 51 bytes in-order data (seq=1132804159 ), to which the target machine responds with Packet 5 and advances its ack 51 bytes to right (ack=1132804210)

Packet 6 carries out-of-order data (seq=1132804228) by artificially right-shifting seq 18 bytes, to which the target machine responds with duplicate ACK 1132804210

Packet 8-10 present the disconnect process (FIN, FIN ACK and ACK)


The target machine ( meets the basic TCP as RFC793 required.

5. References

[1] Steven McCanne and Van Jacobson, "The BSD Packet Filter:. A New Architecture for User-level Packet Capture", Proceedings of the 1993 Winter USENIX Conference

[2] Jon Postel, “Transmission Control Protocol. Internet”, RFC 793


NanjunLi (last edited 2018-06-09T03:36:44+0000 by MarkLinimon)