david415
commented
9 years ago i've now committed unit tests for:
- 3way handshake connect
- 3way close.
- data transfer
These tests the normal code paths of the TCP FSM that we care about for passive monitoring purposes... Keep in mind that detecting protocol anomalies is not our goal.
This issue is almost done... we need to add RST support to various parts of the TCP FSM and test it with unit test cases.
I have not yet written unit tests for the TCP FSM. We need these especially if we are going to make changes to the FSM so we don't introduce bugs. What would these tests look like? These states make sure that each state transition happens to the next appropriate state based on the appropriate event/message.
HoneyBadger implements a simplified TCP finite state machine because the project goals are different than implementing a TCP stack. We need to properly process the handshake states and detect handshake hijack... but we also need to track the transition to the "data transfer" state and the transition to the closed state.