Exhaustive DTLS handshake test

Sean Buckheister s_buckhe at cs.uni-kl.de
Sat Feb 11 17:21:24 CET 2012


Hello,

as promised, I built a (more or less) exhaustive test for the DTLS
handshake procedure. The test program will try all sensible permutations
and drop varieties that could affect handshake flight. The rules are simple:

* never touch ClientHello packets
* permute the other flight atomically in some manner, don't span flights
* drop packets as needed

This gives us 6*2*6*256 = a boatload of longrunning tests. I let the
program run over night, and the blocking DTLS handshake is indeed very
stable: it always works, unless ServerHello flights are not permuted,
but lost completely. [1]

Not so for the nonblocking handshake: timeouts occur much more often,
and with no distinguishable pattern. My guess is that the test code is
still incorrect there.

The test program is attached in a working, i.e. not optimized, state.
Next thing I'll do is group all the permutation runs for one drop
variety and run them in batch with parallel processes. That should speed
the tests up quite a lot.




[1] The test is not yet through, but this pattern emerged and is stable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dtls-handshake.c
Type: text/x-csrc
Size: 14943 bytes
Desc: not available
URL: </pipermail/attachments/20120211/8f215631/attachment.c>


More information about the Gnutls-devel mailing list