add tests

test/Inspection_test.cpp

@@ -0,0 +1,231 @@
+#include "Inspection.hpp"
+
+#include "ConfigurationManagement/Configurator.hpp"
+#include "PacketDissection/PacketContainer.hpp"
+#include "PacketDissection/PacketInfo.hpp"
+#include "PacketDissection/PacketInfoCreator.hpp"
+#include "PacketDissection/PacketInfoIpv4Icmp.hpp"
+#include "PacketDissection/PacketInfoIpv4Tcp.hpp"
+#include "PacketDissection/PacketInfoIpv4Udp.hpp"
+#include "Threads/AttackThread.h"
+
+#include <catch2/catch.hpp>
+#include <iostream>
+
+TEST_CASE("init Inspection", "[]") {
+    Inspection testInspection;
+    REQUIRE_NOTHROW(testInspection.update_stats(0, 0, 0, 0, 0, 0, 0, 0, 0));
+}
+
+// Für folgende wird eine funktionierende Packet Dissection benötigt
+TEST_CASE("check attack detection", "[]") {
+    // setup config
+    Configurator::instance()->read_config("../test/Inspection_config.json");
+    // create packet container
+    uint16_t inside_port = 0;
+    uint16_t outside_port = 1;
+    struct rte_mempool mbuf_pool_struct;
+    struct rte_mempool* mbuf_pool = &mbuf_pool_struct;
+    CHECK(mbuf_pool != nullptr);
+
+    NetworkPacketHandler* pkt_handler = new NetworkPacketHandler(0, 0);
+    CHECK(pkt_handler != nullptr);
+
+    PacketContainer* pkt_container =
+        new PacketContainer(pkt_handler, mbuf_pool, inside_port, outside_port);
+    CHECK(pkt_container != nullptr);
+    // inspection class
+    Inspection testInspection;
+
+    /// test SYN-FIN attack
+    SECTION("SYN-FIN Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        for (int i = 0; i < 5; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4TCP);
+            PacketInfoIpv4Tcp* pkt_info =
+                static_cast<PacketInfoIpv4Tcp*>(pkt_info);
+            // create packet with SYN-FIN Flag into packet container
+            pkt_info->fill_payloadless_tcp_packet(
+                {00, 00, 00, 00, 00, 00}, {00, 00, 00, 00, 00, 00}, 0, 0, 0, 0,
+                0, 0, 0b00000011, 100);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer empty
+        CHECK(pkt_container->get_total_number_of_packets() == 0);
+    }
+
+    /// test SYN-FIN-ACK attack
+    SECTION("SYN-FIN-ACK Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        for (int i = 0; i < 5; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4TCP);
+            PacketInfoIpv4Tcp* pkt_info =
+                static_cast<PacketInfoIpv4Tcp*>(pkt_info);
+            // create packet with SYN-FIN-ACK Flag into packet container
+            pkt_info->fill_payloadless_tcp_packet(
+                {00, 00, 00, 00, 00, 00}, {00, 00, 00, 00, 00, 00}, 0, 0, 0, 0,
+                0, 0, 0b00010011, 100);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer empty
+        CHECK(pkt_container->get_total_number_of_packets() == 0);
+    }
+
+    /// test Zero Window attack
+    SECTION("Zero Window Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        for (int i = 0; i < 5; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4TCP);
+            PacketInfoIpv4Tcp* pkt_info =
+                static_cast<PacketInfoIpv4Tcp*>(pkt_info);
+            // create packet with 0 window into packet container
+            pkt_info->fill_payloadless_tcp_packet({00, 00, 00, 00, 00, 00},
+                                                  {00, 00, 00, 00, 00, 00}, 0,
+                                                  0, 0, 0, 0, 0, 0, 0);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer empty
+        CHECK(pkt_container->get_total_number_of_packets() == 0);
+    }
+
+    ///  test Small Window attack
+    SECTION("Small Window Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        for (int i = 0; i < 5; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4TCP);
+            PacketInfoIpv4Tcp* pkt_info =
+                static_cast<PacketInfoIpv4Tcp*>(pkt_info);
+            // create packet with small Windows into packet container
+            pkt_info->fill_payloadless_tcp_packet({00, 00, 00, 00, 00, 00},
+                                                  {00, 00, 00, 00, 00, 00}, 0,
+                                                  0, 0, 0, 0, 0, 0, i);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer empty
+        CHECK(pkt_container->get_total_number_of_packets() == 0);
+    }
+
+    /// test UDP Flood attack
+    SECTION("UDP Flood Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        // create udp packets into packet container
+        for (int i = 0; i < 25; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4UDP);
+            PacketInfoIpv4Udp* pkt_info =
+                static_cast<PacketInfoIpv4Udp*>(pkt_info);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer only has threshold packets left
+        CHECK(pkt_container->get_total_number_of_packets() == 5);
+    }
+
+    /// test TCP Flood attack
+    SECTION("TCP Flood Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        // create tcp packets into packet container
+        for (int i = 0; i < 25; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4TCP);
+            PacketInfoIpv4Tcp* pkt_info =
+                static_cast<PacketInfoIpv4Tcp*>(pkt_info);
+            pkt_info->fill_payloadless_tcp_packet({00, 00, 00, 00, 00, 00},
+                                                  {00, 00, 00, 00, 00, 00}, 0,
+                                                  0, 0, 0, i, 0, 0, 100);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer only has threshold packets left
+        CHECK(pkt_container->get_total_number_of_packets() == 5);
+    }
+
+    /// \todo test ICMP Flood attack
+    SECTION("ICMP Flood Attack", "[]") {
+        PacketInfo* pkt_info = nullptr;
+        // create icmp packets into packet container
+        for (int i = 0; i < 25; ++i) {
+            pkt_info = pkt_container->get_empty_packet(IPv4ICMP);
+            PacketInfoIpv4Icmp* pkt_info =
+                static_cast<PacketInfoIpv4Icmp*>(pkt_info);
+        }
+        // packet container to inspection
+        testInspection.analyze_container(pkt_container);
+        // Check if packetcontainer only has threshold packets left
+        CHECK(pkt_container->get_total_number_of_packets() == 5);
+    }
+}
+
+TEST_CASE("check update function", "[]") {
+    Inspection testInspection;
+
+    SECTION("Null", "[]") {
+        // update statistic with given numbers
+        REQUIRE_NOTHROW(testInspection.update_stats(0, 0, 0, 0, 0, 0, 0, 0, 0));
+        // check correct formulas
+        CHECK(testInspection.get_UDP_packet_rate() == 0);  //< udp_pkt/duration
+        CHECK(testInspection.get_TCP_packet_rate() == 0);  //< tcp_pkt/duration
+        CHECK(testInspection.get_ICMP_packet_rate() == 0); //< icmp_pkt/duration
+        CHECK(testInspection.get_attack_level() == 0);     //< no attacks
+        CHECK(testInspection.get_UDP_threshold() == 5);    //< _threshold_UDP
+        CHECK(testInspection.get_TCP_threshold() == 5);    //< _threshold_TCP
+        CHECK(testInspection.get_ICMP_threshold() == 5);   //< _threshold_ICMP
+    }
+
+    SECTION("UDP rate", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(10, 0, 0, 0, 0, 0, 0, 0, 1));
+        CHECK(testInspection.get_UDP_packet_rate() == 10);
+    }
+    SECTION("TCP rate", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 10, 0, 0, 0, 0, 0, 0, 1));
+        CHECK(testInspection.get_TCP_packet_rate() == 10);
+    }
+    SECTION("ICMP rate", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 0, 0, 10, 0, 0, 0, 0, 1));
+        CHECK(testInspection.get_ICMP_packet_rate() == 10);
+    }
+    SECTION("UDP Flood", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(10, 0, 0, 5, 0, 0, 0, 0, 1));
+        CHECK(testInspection.get_UDP_packet_rate() == 10);
+        CHECK(testInspection.get_attack_level() ==
+              5); //< UDP_Floods * _UDP_flood_weight
+        CHECK(testInspection.get_UDP_threshold() == 0); //< 5-1/5*5*5
+    }
+    SECTION("TCP Flood", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 10, 0, 0, 5, 0, 0, 0, 1));
+        CHECK(testInspection.get_TCP_packet_rate() == 10);
+        CHECK(testInspection.get_attack_level() == 5);
+        CHECK(testInspection.get_TCP_threshold() == 0);
+    }
+    SECTION("ICMP Flood", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 0, 10, 0, 0, 5, 0, 0, 1));
+        CHECK(testInspection.get_ICMP_packet_rate() == 10);
+        CHECK(testInspection.get_attack_level() == 5);
+        CHECK(testInspection.get_ICMP_threshold() == 0);
+    }
+    SECTION("SYN-FIN Attack", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 10, 0, 0, 0, 0, 5, 0, 1));
+        CHECK(testInspection.get_TCP_packet_rate() == 10);
+        CHECK(testInspection.get_attack_level() == 5);
+        CHECK(testInspection.get_TCP_threshold() == 0);
+    }
+    SECTION("SmallWindow Attack", "[]") {
+        REQUIRE_NOTHROW(
+            testInspection.update_stats(0, 10, 0, 0, 0, 0, 0, 5, 1));
+        CHECK(testInspection.get_TCP_packet_rate() == 10);
+        CHECK(testInspection.get_attack_level() == 5);
+        CHECK(testInspection.get_TCP_threshold() == 0);
+    }
+    SECTION("send to global Statisic", "[]") {
+        // sending to global statistic not implemented yet in main
+    }
+}