1.9 KiB
1.9 KiB
Testing TODO (ideas)
This document collects concrete test ideas to increase safety/stability (especially under load and misbehaviour).
Stream (TCP/TLS) robustness
- Split reads: STUN header (20B) in 2 reads, body in multiple reads
- Split reads: ChannelData header (4B) and payload separated
- Mixed frames: STUN → ChannelData → STUN in a single read (and across multiple reads)
- Oversize frames:
- STUN length > max → close connection (or drop frame, depending on policy)
- ChannelData length > max → close connection (or drop frame)
- Garbage resync:
- random bytes before valid STUN (already covered)
- random bytes between valid frames
TURN flows (happy + negative)
- Negative cases per method (for UDP/TCP/TLS each):
- without allocation → 437 Allocation Mismatch
- without permission → 403 Peer Not Permitted
- ChannelData without ChannelBind → drop + optional log counter
- stale nonce → 438
- wrong MI → 401/403 depending on policy
Auth
- TURN REST:
- expired username → reject
- username too far in the future (max TTL) → reject
- wrong HMAC/base64 → reject
- priority: “user exists in store” vs. “REST fallback”
Lifecycle
- Allocation expiry:
- Refresh shortens/extends; min/max lifetime
- Expiry removes allocation and ends relay task (no task leaks)
- Permission expiry:
- peer is dropped after expiry
- Channel binding expiry:
- return path falls back to Data Indication when the binding expires
Abuse/DoS prevention (once limits are implemented)
- Rate limit: auth failures per IP/username
- Max allocations per IP
- Max permissions/channels per allocation
- Bandwidth caps (bytes/s) per allocation
- Backpressure: writer queue full → define behaviour (drop/close)
Interop (manually reproducible, but documented)
- Browser plan:
- trickle ICE / webrtc-internals: forced relay
- UDP-only block: expect TCP/TLS fallback
turns:with self-signed vs. valid cert