[Oisf-users] Our team added application layer protocol detection & parser for several protocols, such FTP, TELNT, IMAP, POP3 & SMB. How to test them effectively? Thanks.

Ma Allen mazhh at outlook.com
Tue Jun 11 14:25:01 UTC 2019 

Hi everybody,

Our team added application layer protocol detection & parser for several protocols, such FTP, TELNT, IMAP, POP3 & SMB. How to test them effectively? Thanks.

We've already tried cppcheck, valgrind and traffic replay testing (multi-gigabit). Meanwhile, I also enable debug-validation in configuration as follows:
./configure --prefix=/home/mazh/projects/test_performance --localstatedir=/home/mazh/projects/test_performance --enable-unix-socket --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3 --with-libnspr-libraries=/usr/lib64 --with-libnspr-includes=/usr/include/nspr4  --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include/htp --with-libhtp-libraries=/usr/local/lib --enable-debug --enable-debug-validation --enable-netmap

What are the recommended ways to test the newly added features? Any suggestion will be appreciated. Thanks in advance.

Besides, I refer to Suricata's QA steps as mentioned in README but there's no detailed instructions.

Overview of Suricata's QA steps
Trusted devs and core team members are able to submit builds to our (semi) public Buildbot instance. It will run a series of build tests and a regression suite to confirm no existing features break.​
​
The final QA run takes a few hours minimally, and is started by Victor. It currently runs:​
​
extensive build tests on different OS', compilers, optimization levels, configure features​
static code analysis using cppcheck, scan-build​
runtime code analysis using valgrind, DrMemory, AddressSanitizer, LeakSanitizer​
regression tests for past bugs​
output validation of logging​
unix socket testing​
pcap based fuzz testing using ASAN and LSAN​
Next to these tests, based on the type of code change further tests can be run manually:​
​
traffic replay testing (multi-gigabit)​
large pcap collection processing (multi-terabytes)​
AFL based fuzz testing (might take multiple days or even weeks)​
pcap based performance testing​
live performance testing​
various other manual tests based on evaluation of the proposed changes​

Best Regards,
Allen Ma

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20190611/2db1593a/attachment.html>

More information about the Oisf-users mailing list