Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests(pcap): fix support for older tshark versions #4744

Merged
merged 6 commits into from
Sep 5, 2024
Merged

tests(pcap): fix support for older tshark versions #4744

merged 6 commits into from
Sep 5, 2024

Conversation

lrstewart
Copy link
Contributor

@lrstewart lrstewart commented Aug 30, 2024
edited
Loading

Resolved issues:

resolves #4741

Description of changes:

Fix two issues:

  • Older versions of tshark don't filter out sslv2 ClientHellos like newer versions of tshark do. s2n-tls doesn't support parsing sslv2 ClientHellos outside of TLS connections. This can lead to failures parsing ClientHellos extracted from pcaps. To solve this, I made ignoring sslv2 explicit and not dependent on version.
  • Older versions of tshark have a bug in their JA3 implementation where they don't ignore grease values. See https://gitlab.com/wireshark/wireshark/-/issues/17942. This can lead to failures in the JA3 tests. To solve this, I made ja3 an optional feature.

I also made the build script sanity check that the tshark version is compatible with the features selected.

Call-outs:

Alternatively, we could just decide that the pcap tests don't support older wiresharks / older environments like Ubuntu18 and not feature gate anything. The build could just fail if tshark is too old.

Testing:

I tested manually on my ubuntu18 instance, which has wireshark 3.6.2 and can repro all these problems. I'm not convinced that it's worth adding an ubuntu18 pcap test job to the CI, but I'm very interested in other opinions.

  • cargo test --features ja3:
   Compiling pcap v0.1.0 (/home/ubuntu/s2n-tls/tests/pcap)
error: failed to run custom build command for `pcap v0.1.0 (/home/ubuntu/s2n-tls/tests/pcap)`

Caused by:
  process didn't exit successfully: `/home/ubuntu/s2n-tls/tests/pcap/target/debug/build/pcap-2d5b93d1c101fc2d/build-script-build` (exit status: 101)
  --- stderr
  thread 'main' panicked at build.rs:118:13:
  tshark >=3.7.0 required for ja3, 3.6.2 found
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
  • cargo test --features ja4:
   Compiling pcap v0.1.0 (/home/ubuntu/s2n-tls/tests/pcap)
error: failed to run custom build command for `pcap v0.1.0 (/home/ubuntu/s2n-tls/tests/pcap)`

Caused by:
  process didn't exit successfully: `/home/ubuntu/s2n-tls/tests/pcap/target/debug/build/pcap-1dbfc72b0f0aae7e/build-script-build` (exit status: 101)
  --- stderr
  thread 'main' panicked at build.rs:126:13:
  tshark >=4.2.0 required for ja4, 3.6.2 found
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
  • cargo test
   Compiling pcap v0.1.0 (/home/ubuntu/s2n-tls/tests/pcap)
    Finished test [unoptimized + debuginfo] target(s) in 2.50s
     Running unittests src/lib.rs (target/debug/deps/pcap-3659d32f82ff35dc)

running 7 tests
test handshake_message::tests::multiple_handshakes ... ok
test client_hello::tests::multiple_hellos ... ok
test handshake_message::tests::tls_fragmentation ... ok
test tests::pcaps_source ... ok
test handshake_message::tests::tcp_fragmentation ... ok
test client_hello::tests::from_pcaps ... ok
test handshake_message::tests::from_pcaps ... ok

test result: ok. 7 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 2.01s

     Running tests/s2n_client_hellos.rs (target/debug/deps/s2n_client_hellos-a24be8f353259326)

running 1 test
test parsing ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 1.42s

   Doc-tests pcap

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Aug 30, 2024
@lrstewart lrstewart force-pushed the ja4_tests_remote_fix branch from 1277b2a to c750a30 Compare August 30, 2024 19:16
@lrstewart lrstewart force-pushed the ja4_tests_remote_fix branch from c750a30 to a31511a Compare August 30, 2024 19:31
@lrstewart lrstewart marked this pull request as ready for review August 30, 2024 19:33
jmayclin
jmayclin reviewed Aug 30, 2024
View reviewed changes
tests/pcap/Cargo.toml Outdated Show resolved Hide resolved
@lrstewart lrstewart enabled auto-merge (squash) September 4, 2024 17:19
@lrstewart lrstewart merged commit 9964ee7 into aws:main Sep 5, 2024
36 checks passed
@lrstewart lrstewart deleted the ja4_tests_remote_fix branch September 5, 2024 07:38
@BrewTestBot BrewTestBot mentioned this pull request Sep 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jouho jouho jouho approved these changes

@jmayclin jmayclin jmayclin approved these changes

@camshaft camshaft Awaiting requested review from camshaft

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New pcap tests can fail with older tshark
4 participants
@lrstewart @camshaft @jmayclin @jouho