Switch src ip to src mac for TLS client testing

README.md

@@ -35,7 +35,7 @@ Testrun provides the network and assistive tools for engineers when manual testi
 ## Hardware
 
 -  PC running Ubuntu LTS 20.04, 22.04, or 24.04 (laptop or desktop)
--  2x USB Ethernet adapter (one may be built-in Ethernet)
+-  2x ethernet ports (USB ethernet adapters work too)
 -  Internet connection
 
 ## Software

cmd/build_ui

@@ -30,8 +30,8 @@ docker kill tr-ui-build 2> /dev/null || true
 
 echo "Building the user interface"
 
-# Start build container and build the ui dist 
-docker run --rm -v $PWD/modules/ui:/modules/ui testrun/build-ui /bin/sh -c "npm install && npm run build"
+# Start build container and build the ui dist
+docker run --rm -v "$(pwd)"/modules/ui:/modules/ui testrun/build-ui /bin/sh -c "npm install && npm run build"
 
 # Kill the container (Should not be running anymore)
 docker kill tr-ui-build 2> /dev/null || true

cmd/package

@@ -22,6 +22,12 @@ if [[ "$EUID" == 0 ]]; then
     exit 1
 fi
 
+# Check that user is in docker group
+if ! (id -nGz "$USER" | grep -qzxF "docker"); then
+    echo User is not in docker group. Follow https://docs.docker.com/engine/install/linux-postinstall/ to finish setting up docker.
+    exit 1
+fi
+
 MAKE_SRC_DIR=make
 MAKE_CONTROL_DIR=make/DEBIAN/control
 

docs/get_started.md

@@ -21,7 +21,7 @@ We recommend that you run Testrun on a stand-alone machine that has a fresh inst
 Before you start, ensure you have the following hardware:
 
 -  PC running Ubuntu LTS (laptop or desktop)
--  2x USB Ethernet adapter (one may be a built-in Ethernet port)
+-  2x ethernet ports (USB ethernet adapters work too)
 -  Internet connection
 
 ![Required hardware for Testrun](/docs/ui/getstarted--2dn8vrzsspe.png)

modules/test/tls/bin/get_client_hello_packets.sh

@@ -15,11 +15,11 @@
 # limitations under the License.
 
 CAPTURE_FILE="$1"
-SRC_IP="$2"
+SRC_MAC="$2"
 TLS_VERSION="$3"
 
 TSHARK_OUTPUT="-T json -e ip.src -e tcp.dstport -e ip.dst"
-TSHARK_FILTER="ssl.handshake.type==1 and ip.src==$SRC_IP"
+TSHARK_FILTER="ssl.handshake.type==1 and eth.src==$SRC_MAC"
 
 if [[ $TLS_VERSION == '1.0' ]]; then
   TSHARK_FILTER="$TSHARK_FILTER and ssl.handshake.version==0x0301"

modules/test/tls/bin/get_non_tls_client_connections.sh

@@ -15,7 +15,7 @@
 # limitations under the License.
 
 CAPTURE_FILE="$1"
-SRC_IP="$2"
+SRC_MAC="$2"
 
 TSHARK_OUTPUT="-T json -e ip.src -e tcp.dstport -e ip.dst"
 # Filter out TLS, DNS and NTP, ICMP (ping), braodcast and multicast packets
@@ -24,9 +24,8 @@ TSHARK_OUTPUT="-T json -e ip.src -e tcp.dstport -e ip.dst"
 # - Multicast and braodcast protocols are not typically encrypted so we aren't expecting them to
 #   be over TLS connections
 # - ICMP (ping) requests are not encrypted so we also need to ignore these
-TSHARK_FILTER="ip.src == $SRC_IP and not tls and not dns and not ntp and not icmp and not(ip.dst == 224.0.0.0/4 or ip.dst == 255.255.255.255)"
+TSHARK_FILTER="eth.src == $SRC_MAC and not tls and not dns and not ntp and not icmp and not(ip.dst == 224.0.0.0/4 or ip.dst == 255.255.255.255)"
 
 response=$(tshark -r "$CAPTURE_FILE" $TSHARK_OUTPUT $TSHARK_FILTER)
 
 echo "$response"
-

modules/test/tls/bin/get_tls_client_connections.sh

@@ -15,11 +15,11 @@
 # limitations under the License.
 
 CAPTURE_FILE="$1"
-SRC_IP="$2"
+SRC_MAC="$2"
 PROTOCOL=$3
 
 TSHARK_OUTPUT="-T json -e ip.src -e tcp.dstport -e ip.dst"
-TSHARK_FILTER="ip.src == $SRC_IP and tls"
+TSHARK_FILTER="eth.src == $SRC_MAC and tls"
 
 # Add a protocol filter if defined	
 if [ -n "$PROTOCOL" ];then
@@ -29,4 +29,3 @@ fi
 response=$(tshark -r "$CAPTURE_FILE" $TSHARK_OUTPUT $TSHARK_FILTER)
 
 echo "$response"
-

modules/test/tls/bin/get_tls_packets.sh

@@ -16,13 +16,13 @@
 
 
 CAPTURE_FILE="$1"
-SRC_IP="$2"
+SRC_MAC="$2"
 TLS_VERSION="$3"
 
-TSHARK_OUTPUT="-T json -e ip.src -e tcp.dstport -e ip.dst"
+TSHARK_OUTPUT="-T json -e eth.src -e tcp.dstport -e ip.dst"
 # Handshakes will still report TLS version 1 even for TLS 1.2 connections
 # so we need to filter thes out
-TSHARK_FILTER="ip.src==$SRC_IP and ssl.handshake.type!=1"
+TSHARK_FILTER="eth.src==$SRC_MAC and ssl.handshake.type!=1"
 
 if [ $TLS_VERSION == '1.0' ];then
 	TSHARK_FILTER="$TSHARK_FILTER and ssl.record.version==0x0301"
@@ -37,4 +37,3 @@ fi
 response=$(tshark -r "$CAPTURE_FILE" $TSHARK_OUTPUT $TSHARK_FILTER)
 
 echo "$response"
-

modules/test/tls/python/src/tls_module.py

@@ -440,71 +440,53 @@ def _security_tls_v1_3_server(self):
 
   def _security_tls_v1_0_client(self):
     LOGGER.info('Running security.tls.v1_0_client')
-    self._resolve_device_ip()
-    # If the ipv4 address wasn't resolved yet, try again
-    if self._device_ipv4_addr is not None:
-      tls_1_0_valid = self._validate_tls_client(self._device_ipv4_addr, '1.0')
-      tls_1_1_valid = self._validate_tls_client(self._device_ipv4_addr, '1.1')
-      tls_1_2_valid = self._validate_tls_client(self._device_ipv4_addr, '1.2')
-      tls_1_3_valid = self._validate_tls_client(self._device_ipv4_addr, '1.3')
-      states = [
-          tls_1_0_valid[0], tls_1_1_valid[0], tls_1_2_valid[0], tls_1_3_valid[0]
-      ]
-      if any(state is True for state in states):
-        # If any state is True, return True
-        result_state = True
-        result_message = 'TLS 1.0 or higher detected'
-      elif all(state == 'Feature Not Detected' for state in states):
-        # If all states are "Feature not Detected"
-        result_state = 'Feature Not Detected'
-        result_message = tls_1_0_valid[1]
-      elif all(state == 'Error' for state in states):
-        # If all states are "Error"
-        result_state = 'Error'
-        result_message = ''
-      else:
-        result_state = False
-        result_message = 'TLS 1.0 or higher was not detected'
-      result_details = tls_1_0_valid[2] + tls_1_1_valid[2] + tls_1_2_valid[
-          2] + tls_1_3_valid[2]
-      result_tags = list(
-          set(tls_1_0_valid[3] + tls_1_1_valid[3] + tls_1_2_valid[3] +
-              tls_1_3_valid[3]))
-      return result_state, result_message, result_details, result_tags
+    tls_1_0_valid = self._validate_tls_client(self._device_mac, '1.0')
+    tls_1_1_valid = self._validate_tls_client(self._device_mac, '1.1')
+    tls_1_2_valid = self._validate_tls_client(self._device_mac, '1.2')
+    tls_1_3_valid = self._validate_tls_client(self._device_mac, '1.3')
+    states = [
+        tls_1_0_valid[0], tls_1_1_valid[0], tls_1_2_valid[0], tls_1_3_valid[0]
+    ]
+    if any(state is True for state in states):
+      # If any state is True, return True
+      result_state = True
+      result_message = 'TLS 1.0 or higher detected'
+    elif all(state == 'Feature Not Detected' for state in states):
+      # If all states are "Feature not Detected"
+      result_state = 'Feature Not Detected'
+      result_message = tls_1_0_valid[1]
+    elif all(state == 'Error' for state in states):
+      # If all states are "Error"
+      result_state = 'Error'
+      result_message = ''
     else:
-      LOGGER.error('Could not resolve device IP address. Skipping')
-      return 'Error', 'Could not resolve device IP address'
+      result_state = False
+      result_message = 'TLS 1.0 or higher was not detected'
+    result_details = tls_1_0_valid[2] + tls_1_1_valid[2] + tls_1_2_valid[
+        2] + tls_1_3_valid[2]
+    result_tags = list(
+        set(tls_1_0_valid[3] + tls_1_1_valid[3] + tls_1_2_valid[3] +
+            tls_1_3_valid[3]))
+    return result_state, result_message, result_details, result_tags
 
   def _security_tls_v1_2_client(self):
     LOGGER.info('Running security.tls.v1_2_client')
-    self._resolve_device_ip()
-    # If the ipv4 address wasn't resolved yet, try again
-    if self._device_ipv4_addr is not None:
-      return self._validate_tls_client(self._device_ipv4_addr,
-                                       '1.2',
-                                       unsupported_versions=['1.0', '1.1'])
-    else:
-      LOGGER.error('Could not resolve device IP address. Skipping')
-      return 'Error', 'Could not resolve device IP address'
+    return self._validate_tls_client(self._device_mac,
+                                      '1.2',
+                                      unsupported_versions=['1.0', '1.1'])
 
   def _security_tls_v1_3_client(self):
     LOGGER.info('Running security.tls.v1_3_client')
-    self._resolve_device_ip()
-    # If the ipv4 address wasn't resolved yet, try again
-    if self._device_ipv4_addr is not None:
-      return self._validate_tls_client(self._device_ipv4_addr,
-                                       '1.3',
-                                       unsupported_versions=['1.0', '1.1'])
-    else:
-      LOGGER.error('Could not resolve device IP address. Skipping')
-      return 'Error', 'Could not resolve device IP address'
+    return self._validate_tls_client(self._device_mac,
+                                      '1.3',
+                                      unsupported_versions=['1.0', '1.1'])
 
   def _validate_tls_client(self,
-                           client_ip,
+                           client_mac,
                            tls_version,
                            unsupported_versions=None):
     client_results = self._tls_util.validate_tls_client(
-        client_ip=client_ip,
+        client_mac=client_mac,
         tls_version=tls_version,
         capture_files=[
             MONITOR_CAPTURE_FILE, STARTUP_CAPTURE_FILE, TLS_CAPTURE_FILE