msquic icon indicating copy to clipboard operation
msquic copied to clipboard

Published 20 hours ago verified publisher icon microsoft

VN packet injection tests

Open anrossi opened this issue 2 years ago • 0 comments

Describe the bug

In order to exercise cases where an attacker is on-path, or when the peer misconfigures version negotiation, there needs to be a way to inject version negotiation packets or alter them in transit.

This could be accomplished using the datapath test hooks to intercept a version negotiation packet and modify it, or to inject extra version negotiation packets.

Test cases specifically to be tested by this would be (not an exhaustive list):

  • [ ] Ensure client doesn't respond to more than 1 VN packet (testing downgrade protection)
  • [ ] Inject a VN packet when the server didn't send one (also testing downgrade protection)
  • [ ] Putting a version in the VN packet the server didn't send.

Affected OS

  • [X] All

anrossi avatar Mar 16 '22 23:03 anrossi