v2ray-core/vendor/lucas-clemente/quic-go/server_test.go

package quic

import (
	"bytes"
	"crypto/tls"
	"errors"
	"net"
	"reflect"
	"time"

	"github.com/golang/mock/gomock"
	"github.com/lucas-clemente/quic-go/internal/handshake"
	"github.com/lucas-clemente/quic-go/internal/protocol"
	"github.com/lucas-clemente/quic-go/internal/testdata"
	"github.com/lucas-clemente/quic-go/internal/utils"
	"github.com/lucas-clemente/quic-go/internal/wire"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

type mockSession struct {
	*MockQuicSession

	connID protocol.ConnectionID
	runner sessionRunner
}

func (s *mockSession) GetPerspective() protocol.Perspective { panic("not implemented") }

var _ = Describe("Server", func() {
	var (
		conn    *mockPacketConn
		config  *Config
		udpAddr = &net.UDPAddr{IP: net.IPv4(192, 168, 100, 200), Port: 1337}
	)

	BeforeEach(func() {
		conn = newMockPacketConn()
		conn.addr = &net.UDPAddr{}
		config = &Config{Versions: protocol.SupportedVersions}
	})

	Context("quic.Config", func() {
		It("setups with the right values", func() {
			config := &Config{
				HandshakeTimeout:            1337 * time.Minute,
				IdleTimeout:                 42 * time.Hour,
				RequestConnectionIDOmission: true,
				MaxIncomingStreams:          1234,
				MaxIncomingUniStreams:       4321,
				ConnectionIDLength:          12,
				Versions:                    []protocol.VersionNumber{VersionGQUIC43},
			}
			c := populateServerConfig(config)
			Expect(c.HandshakeTimeout).To(Equal(1337 * time.Minute))
			Expect(c.IdleTimeout).To(Equal(42 * time.Hour))
			Expect(c.RequestConnectionIDOmission).To(BeFalse())
			Expect(c.MaxIncomingStreams).To(Equal(1234))
			Expect(c.MaxIncomingUniStreams).To(Equal(4321))
			Expect(c.ConnectionIDLength).To(Equal(12))
			Expect(c.Versions).To(Equal([]protocol.VersionNumber{VersionGQUIC43}))
		})

		It("uses 8 byte connection IDs if gQUIC 44 is supported", func() {
			config := &Config{
				Versions:           []protocol.VersionNumber{protocol.Version43, protocol.Version44},
				ConnectionIDLength: 13,
			}
			c := populateServerConfig(config)
			Expect(c.Versions).To(Equal([]protocol.VersionNumber{protocol.Version43, protocol.Version44}))
			Expect(c.ConnectionIDLength).To(Equal(8))
		})

		It("uses 4 byte connection IDs by default, if gQUIC 44 is not supported", func() {
			config := &Config{
				Versions: []protocol.VersionNumber{protocol.Version39},
			}
			c := populateServerConfig(config)
			Expect(c.ConnectionIDLength).To(Equal(protocol.DefaultConnectionIDLength))
		})

		It("disables bidirectional streams", func() {
			config := &Config{
				MaxIncomingStreams:    -1,
				MaxIncomingUniStreams: 4321,
			}
			c := populateServerConfig(config)
			Expect(c.MaxIncomingStreams).To(BeZero())
			Expect(c.MaxIncomingUniStreams).To(Equal(4321))
		})

		It("disables unidirectional streams", func() {
			config := &Config{
				MaxIncomingStreams:    1234,
				MaxIncomingUniStreams: -1,
			}
			c := populateServerConfig(config)
			Expect(c.MaxIncomingStreams).To(Equal(1234))
			Expect(c.MaxIncomingUniStreams).To(BeZero())
		})
	})

	Context("with mock session", func() {
		var (
			serv           *server
			firstPacket    *receivedPacket
			connID         = protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6}
			sessions       = make([]*MockQuicSession, 0)
			sessionHandler *MockPacketHandlerManager
		)

		BeforeEach(func() {
			sessionHandler = NewMockPacketHandlerManager(mockCtrl)
			newMockSession := func(
				_ connection,
				runner sessionRunner,
				_ protocol.VersionNumber,
				connID protocol.ConnectionID,
				_ protocol.ConnectionID,
				_ *handshake.ServerConfig,
				_ *tls.Config,
				_ *Config,
				_ utils.Logger,
			) (quicSession, error) {
				ExpectWithOffset(0, sessions).ToNot(BeEmpty())
				s := &mockSession{MockQuicSession: sessions[0]}
				s.connID = connID
				s.runner = runner
				sessions = sessions[1:]
				return s, nil
			}
			serv = &server{
				sessionHandler: sessionHandler,
				newSession:     newMockSession,
				conn:           conn,
				config:         config,
				sessionQueue:   make(chan Session, 5),
				errorChan:      make(chan struct{}),
				logger:         utils.DefaultLogger,
			}
			serv.setup()
			b := &bytes.Buffer{}
			utils.BigEndian.WriteUint32(b, uint32(protocol.SupportedVersions[0]))
			firstPacket = &receivedPacket{
				header: &wire.Header{
					VersionFlag:      true,
					Version:          serv.config.Versions[0],
					DestConnectionID: protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6},
					PacketNumber:     1,
				},
				data:    bytes.Repeat([]byte{0}, protocol.MinClientHelloSize),
				rcvTime: time.Now(),
			}
		})

		AfterEach(func() {
			Expect(sessions).To(BeEmpty())
		})

		It("returns the address", func() {
			conn.addr = &net.UDPAddr{
				IP:   net.IPv4(192, 168, 13, 37),
				Port: 1234,
			}
			Expect(serv.Addr().String()).To(Equal("192.168.13.37:1234"))
		})

		It("creates new sessions", func() {
			s := NewMockQuicSession(mockCtrl)
			s.EXPECT().handlePacket(gomock.Any())
			run := make(chan struct{})
			s.EXPECT().run().Do(func() { close(run) })
			sessions = append(sessions, s)

			sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(cid protocol.ConnectionID, _ packetHandler) {
				Expect(cid).To(Equal(connID))
			})
			Expect(serv.handlePacketImpl(firstPacket)).To(Succeed())
			Eventually(run).Should(BeClosed())
		})

		It("accepts new TLS sessions", func() {
			connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}
			sess := NewMockQuicSession(mockCtrl)
			err := serv.setupTLS()
			Expect(err).ToNot(HaveOccurred())
			added := make(chan struct{})
			sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, ph packetHandler) {
				Expect(ph.GetPerspective()).To(Equal(protocol.PerspectiveServer))
				close(added)
			})
			serv.serverTLS.sessionChan <- tlsSession{
				connID: connID,
				sess:   sess,
			}
			Eventually(added).Should(BeClosed())
		})

		It("accepts a session once the connection it is forward secure", func() {
			s := NewMockQuicSession(mockCtrl)
			s.EXPECT().handlePacket(gomock.Any())
			run := make(chan struct{})
			s.EXPECT().run().Do(func() { close(run) })
			sessions = append(sessions, s)
			done := make(chan struct{})
			go func() {
				defer GinkgoRecover()
				_, err := serv.Accept()
				Expect(err).ToNot(HaveOccurred())
				close(done)
			}()
			sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, sess packetHandler) {
				Consistently(done).ShouldNot(BeClosed())
				sess.(*serverSession).quicSession.(*mockSession).runner.onHandshakeComplete(sess.(Session))
			})
			err := serv.handlePacketImpl(firstPacket)
			Expect(err).ToNot(HaveOccurred())
			Eventually(done).Should(BeClosed())
			Eventually(run).Should(BeClosed())
		})

		It("doesn't accept sessions that error during the handshake", func() {
			run := make(chan error, 1)
			sess := NewMockQuicSession(mockCtrl)
			sess.EXPECT().handlePacket(gomock.Any())
			sess.EXPECT().run().DoAndReturn(func() error { return <-run })
			sessions = append(sessions, sess)
			done := make(chan struct{})
			go func() {
				defer GinkgoRecover()
				serv.Accept()
				close(done)
			}()
			sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(protocol.ConnectionID, packetHandler) {
				run <- errors.New("handshake error")
			})
			Expect(serv.handlePacketImpl(firstPacket)).To(Succeed())
			Consistently(done).ShouldNot(BeClosed())

			// make the go routine return
			close(serv.errorChan)
			Eventually(done).Should(BeClosed())
		})

		It("closes the sessionHandler when Close is called", func() {
			sessionHandler.EXPECT().CloseServer()
			Expect(serv.Close()).To(Succeed())
		})

		It("closes twice", func() {
			sessionHandler.EXPECT().CloseServer()
			Expect(serv.Close()).To(Succeed())
			Expect(serv.Close()).To(Succeed())
		})

		It("works if no quic.Config is given", func(done Done) {
			ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), nil)
			Expect(err).ToNot(HaveOccurred())
			Expect(ln.Close()).To(Succeed())
			close(done)
		}, 1)

		It("closes properly", func() {
			ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), config)
			Expect(err).ToNot(HaveOccurred())

			done := make(chan struct{})
			go func() {
				defer GinkgoRecover()
				ln.Accept()
				close(done)
			}()
			ln.Close()
			Eventually(done).Should(BeClosed())
		})

		It("closes the connection when it was created with ListenAddr", func() {
			addr, err := net.ResolveUDPAddr("udp", "localhost:12345")
			Expect(err).ToNot(HaveOccurred())

			serv, err := ListenAddr("localhost:0", nil, nil)
			Expect(err).ToNot(HaveOccurred())
			// test that we can write on the packet conn
			_, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr)
			Expect(err).ToNot(HaveOccurred())
			Expect(serv.Close()).To(Succeed())
			// test that we can't write any more on the packet conn
			_, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr)
			Expect(err.Error()).To(ContainSubstring("use of closed network connection"))
		})

		It("returns Accept when it is closed", func() {
			done := make(chan struct{})
			go func() {
				defer GinkgoRecover()
				_, err := serv.Accept()
				Expect(err).To(MatchError("server closed"))
				close(done)
			}()
			sessionHandler.EXPECT().CloseServer()
			Expect(serv.Close()).To(Succeed())
			Eventually(done).Should(BeClosed())
		})

		It("returns Accept with the right error when closeWithError is called", func() {
			testErr := errors.New("connection error")
			done := make(chan struct{})
			go func() {
				defer GinkgoRecover()
				_, err := serv.Accept()
				Expect(err).To(MatchError(testErr))
				close(done)
			}()
			sessionHandler.EXPECT().CloseServer()
			serv.closeWithError(testErr)
			Eventually(done).Should(BeClosed())
		})

		It("doesn't try to process a packet after sending a gQUIC Version Negotiation Packet", func() {
			config.Versions = []protocol.VersionNumber{99}
			p := &receivedPacket{
				header: &wire.Header{
					VersionFlag:      true,
					DestConnectionID: connID,
					PacketNumber:     1,
					PacketNumberLen:  protocol.PacketNumberLen2,
				},
				data: make([]byte, protocol.MinClientHelloSize),
			}
			Expect(serv.handlePacketImpl(p)).To(Succeed())
			Expect(conn.dataWritten.Bytes()).ToNot(BeEmpty())
		})

		It("sends a PUBLIC_RESET for new connections that don't have the VersionFlag set", func() {
			err := serv.handlePacketImpl(&receivedPacket{
				remoteAddr: udpAddr,
				header: &wire.Header{
					IsPublicHeader: true,
					Version:        versionGQUICFrames,
				},
			})
			Expect(err).ToNot(HaveOccurred())

			Expect(conn.dataWritten.Len()).ToNot(BeZero())
			Expect(conn.dataWrittenTo).To(Equal(udpAddr))
			Expect(conn.dataWritten.Bytes()[0] & 0x02).ToNot(BeZero()) // check that the ResetFlag is set
		})

		It("sends a gQUIC Version Negotaion Packet, if the client sent a gQUIC Public Header", func() {
			connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}
			err := serv.handlePacketImpl(&receivedPacket{
				remoteAddr: udpAddr,
				header: &wire.Header{
					IsPublicHeader:   true,
					VersionFlag:      true,
					DestConnectionID: connID,
					PacketNumber:     1,
					PacketNumberLen:  protocol.PacketNumberLen2,
					Version:          protocol.Version39 - 1,
				},
			})
			Expect(err).ToNot(HaveOccurred())

			Expect(conn.dataWritten.Len()).ToNot(BeZero())
			Expect(conn.dataWrittenTo).To(Equal(udpAddr))
			r := bytes.NewReader(conn.dataWritten.Bytes())
			iHdr, err := wire.ParseInvariantHeader(r, 0)
			Expect(err).ToNot(HaveOccurred())
			Expect(iHdr.IsLongHeader).To(BeFalse())
			replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames)
			Expect(err).ToNot(HaveOccurred())
			Expect(replyHdr.IsVersionNegotiation).To(BeTrue())
			Expect(replyHdr.DestConnectionID).To(Equal(connID))
			Expect(r.Len()).To(BeZero())
		})

		It("sends an IETF draft style Version Negotaion Packet, if the client sent a IETF draft style header", func() {
			connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}
			err := serv.handlePacketImpl(&receivedPacket{
				remoteAddr: udpAddr,
				header: &wire.Header{
					Type:             protocol.PacketTypeInitial,
					IsLongHeader:     true,
					DestConnectionID: connID,
					SrcConnectionID:  connID,
					PacketNumber:     0x55,
					PacketNumberLen:  protocol.PacketNumberLen1,
					Version:          0x1234,
					PayloadLen:       protocol.MinInitialPacketSize,
				},
			})
			Expect(err).ToNot(HaveOccurred())

			Expect(conn.dataWritten.Len()).ToNot(BeZero())
			Expect(conn.dataWrittenTo).To(Equal(udpAddr))
			r := bytes.NewReader(conn.dataWritten.Bytes())
			iHdr, err := wire.ParseInvariantHeader(r, 0)
			Expect(err).ToNot(HaveOccurred())
			replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames)
			Expect(err).ToNot(HaveOccurred())
			Expect(replyHdr.IsVersionNegotiation).To(BeTrue())
			Expect(replyHdr.DestConnectionID).To(Equal(connID))
			Expect(replyHdr.SrcConnectionID).To(Equal(connID))
			Expect(r.Len()).To(BeZero())
		})
	})

	It("setups with the right values", func() {
		supportedVersions := []protocol.VersionNumber{protocol.VersionTLS, protocol.Version39}
		acceptCookie := func(_ net.Addr, _ *Cookie) bool { return true }
		config := Config{
			Versions:         supportedVersions,
			AcceptCookie:     acceptCookie,
			HandshakeTimeout: 1337 * time.Hour,
			IdleTimeout:      42 * time.Minute,
			KeepAlive:        true,
		}
		ln, err := Listen(conn, &tls.Config{}, &config)
		Expect(err).ToNot(HaveOccurred())
		server := ln.(*server)
		Expect(server.sessionHandler).ToNot(BeNil())
		Expect(server.scfg).ToNot(BeNil())
		Expect(server.config.Versions).To(Equal(supportedVersions))
		Expect(server.config.HandshakeTimeout).To(Equal(1337 * time.Hour))
		Expect(server.config.IdleTimeout).To(Equal(42 * time.Minute))
		Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(acceptCookie)))
		Expect(server.config.KeepAlive).To(BeTrue())
	})

	It("errors when the Config contains an invalid version", func() {
		version := protocol.VersionNumber(0x1234)
		_, err := Listen(conn, &tls.Config{}, &Config{Versions: []protocol.VersionNumber{version}})
		Expect(err).To(MatchError("0x1234 is not a valid QUIC version"))
	})

	It("fills in default values if options are not set in the Config", func() {
		ln, err := Listen(conn, &tls.Config{}, &Config{})
		Expect(err).ToNot(HaveOccurred())
		server := ln.(*server)
		Expect(server.config.Versions).To(Equal(protocol.SupportedVersions))
		Expect(server.config.HandshakeTimeout).To(Equal(protocol.DefaultHandshakeTimeout))
		Expect(server.config.IdleTimeout).To(Equal(protocol.DefaultIdleTimeout))
		Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(defaultAcceptCookie)))
		Expect(server.config.KeepAlive).To(BeFalse())
	})

	It("listens on a given address", func() {
		addr := "127.0.0.1:13579"
		ln, err := ListenAddr(addr, nil, config)
		Expect(err).ToNot(HaveOccurred())
		serv := ln.(*server)
		Expect(serv.Addr().String()).To(Equal(addr))
	})

	It("errors if given an invalid address", func() {
		addr := "127.0.0.1"
		_, err := ListenAddr(addr, nil, config)
		Expect(err).To(BeAssignableToTypeOf(&net.AddrError{}))
	})

	It("errors if given an invalid address", func() {
		addr := "1.1.1.1:1111"
		_, err := ListenAddr(addr, nil, config)
		Expect(err).To(BeAssignableToTypeOf(&net.OpError{}))
	})
})

var _ = Describe("default source address verification", func() {
	It("accepts a token", func() {
		remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
		cookie := &Cookie{
			RemoteAddr: "192.168.0.1",
			SentTime:   time.Now().Add(-protocol.CookieExpiryTime).Add(time.Second), // will expire in 1 second
		}
		Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeTrue())
	})

	It("requests verification if no token is provided", func() {
		remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
		Expect(defaultAcceptCookie(remoteAddr, nil)).To(BeFalse())
	})

	It("rejects a token if the address doesn't match", func() {
		remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
		cookie := &Cookie{
			RemoteAddr: "127.0.0.1",
			SentTime:   time.Now(),
		}
		Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())
	})

	It("accepts a token for a remote address is not a UDP address", func() {
		remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}
		cookie := &Cookie{
			RemoteAddr: "192.168.0.1:1337",
			SentTime:   time.Now(),
		}
		Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeTrue())
	})

	It("rejects an invalid token for a remote address is not a UDP address", func() {
		remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}
		cookie := &Cookie{
			RemoteAddr: "192.168.0.1:7331", // mismatching port
			SentTime:   time.Now(),
		}
		Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())
	})

	It("rejects an expired token", func() {
		remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}
		cookie := &Cookie{
			RemoteAddr: "192.168.0.1",
			SentTime:   time.Now().Add(-protocol.CookieExpiryTime).Add(-time.Second), // expired 1 second ago
		}
		Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())
	})
})
vendor quic 44 2018-11-20 22:51:25 +00:00			`package quic`

			`import (`
			`"bytes"`
			`"crypto/tls"`
			`"errors"`
			`"net"`
			`"reflect"`
			`"time"`

			`"github.com/golang/mock/gomock"`
			`"github.com/lucas-clemente/quic-go/internal/handshake"`
			`"github.com/lucas-clemente/quic-go/internal/protocol"`
			`"github.com/lucas-clemente/quic-go/internal/testdata"`
			`"github.com/lucas-clemente/quic-go/internal/utils"`
			`"github.com/lucas-clemente/quic-go/internal/wire"`

			`. "github.com/onsi/ginkgo"`
			`. "github.com/onsi/gomega"`
			`)`

			`type mockSession struct {`
			`*MockQuicSession`

			`connID protocol.ConnectionID`
			`runner sessionRunner`
			`}`

			`func (s *mockSession) GetPerspective() protocol.Perspective { panic("not implemented") }`

			`var _ = Describe("Server", func() {`
			`var (`
			`conn *mockPacketConn`
			`config *Config`
			`udpAddr = &net.UDPAddr{IP: net.IPv4(192, 168, 100, 200), Port: 1337}`
			`)`

			`BeforeEach(func() {`
			`conn = newMockPacketConn()`
			`conn.addr = &net.UDPAddr{}`
			`config = &Config{Versions: protocol.SupportedVersions}`
			`})`

			`Context("quic.Config", func() {`
			`It("setups with the right values", func() {`
			`config := &Config{`
			`HandshakeTimeout: 1337 * time.Minute,`
			`IdleTimeout: 42 * time.Hour,`
			`RequestConnectionIDOmission: true,`
			`MaxIncomingStreams: 1234,`
			`MaxIncomingUniStreams: 4321,`
			`ConnectionIDLength: 12,`
			`Versions: []protocol.VersionNumber{VersionGQUIC43},`
			`}`
			`c := populateServerConfig(config)`
			`Expect(c.HandshakeTimeout).To(Equal(1337 * time.Minute))`
			`Expect(c.IdleTimeout).To(Equal(42 * time.Hour))`
			`Expect(c.RequestConnectionIDOmission).To(BeFalse())`
			`Expect(c.MaxIncomingStreams).To(Equal(1234))`
			`Expect(c.MaxIncomingUniStreams).To(Equal(4321))`
			`Expect(c.ConnectionIDLength).To(Equal(12))`
			`Expect(c.Versions).To(Equal([]protocol.VersionNumber{VersionGQUIC43}))`
			`})`

			`It("uses 8 byte connection IDs if gQUIC 44 is supported", func() {`
			`config := &Config{`
			`Versions: []protocol.VersionNumber{protocol.Version43, protocol.Version44},`
			`ConnectionIDLength: 13,`
			`}`
			`c := populateServerConfig(config)`
			`Expect(c.Versions).To(Equal([]protocol.VersionNumber{protocol.Version43, protocol.Version44}))`
			`Expect(c.ConnectionIDLength).To(Equal(8))`
			`})`

			`It("uses 4 byte connection IDs by default, if gQUIC 44 is not supported", func() {`
			`config := &Config{`
			`Versions: []protocol.VersionNumber{protocol.Version39},`
			`}`
			`c := populateServerConfig(config)`
			`Expect(c.ConnectionIDLength).To(Equal(protocol.DefaultConnectionIDLength))`
			`})`

			`It("disables bidirectional streams", func() {`
			`config := &Config{`
			`MaxIncomingStreams: -1,`
			`MaxIncomingUniStreams: 4321,`
			`}`
			`c := populateServerConfig(config)`
			`Expect(c.MaxIncomingStreams).To(BeZero())`
			`Expect(c.MaxIncomingUniStreams).To(Equal(4321))`
			`})`

			`It("disables unidirectional streams", func() {`
			`config := &Config{`
			`MaxIncomingStreams: 1234,`
			`MaxIncomingUniStreams: -1,`
			`}`
			`c := populateServerConfig(config)`
			`Expect(c.MaxIncomingStreams).To(Equal(1234))`
			`Expect(c.MaxIncomingUniStreams).To(BeZero())`
			`})`
			`})`

			`Context("with mock session", func() {`
			`var (`
			`serv *server`
			`firstPacket *receivedPacket`
			`connID = protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6}`
			`sessions = make([]*MockQuicSession, 0)`
			`sessionHandler *MockPacketHandlerManager`
			`)`

			`BeforeEach(func() {`
			`sessionHandler = NewMockPacketHandlerManager(mockCtrl)`
			`newMockSession := func(`
			`_ connection,`
			`runner sessionRunner,`
			`_ protocol.VersionNumber,`
			`connID protocol.ConnectionID,`
			`_ protocol.ConnectionID,`
			`_ *handshake.ServerConfig,`
			`_ *tls.Config,`
			`_ *Config,`
			`_ utils.Logger,`
			`) (quicSession, error) {`
			`ExpectWithOffset(0, sessions).ToNot(BeEmpty())`
			`s := &mockSession{MockQuicSession: sessions[0]}`
			`s.connID = connID`
			`s.runner = runner`
			`sessions = sessions[1:]`
			`return s, nil`
			`}`
			`serv = &server{`
			`sessionHandler: sessionHandler,`
			`newSession: newMockSession,`
			`conn: conn,`
			`config: config,`
			`sessionQueue: make(chan Session, 5),`
			`errorChan: make(chan struct{}),`
			`logger: utils.DefaultLogger,`
			`}`
			`serv.setup()`
			`b := &bytes.Buffer{}`
			`utils.BigEndian.WriteUint32(b, uint32(protocol.SupportedVersions[0]))`
			`firstPacket = &receivedPacket{`
			`header: &wire.Header{`
			`VersionFlag: true,`
			`Version: serv.config.Versions[0],`
			`DestConnectionID: protocol.ConnectionID{0x4c, 0xfa, 0x9f, 0x9b, 0x66, 0x86, 0x19, 0xf6},`
			`PacketNumber: 1,`
			`},`
			`data: bytes.Repeat([]byte{0}, protocol.MinClientHelloSize),`
			`rcvTime: time.Now(),`
			`}`
			`})`

			`AfterEach(func() {`
			`Expect(sessions).To(BeEmpty())`
			`})`

			`It("returns the address", func() {`
			`conn.addr = &net.UDPAddr{`
			`IP: net.IPv4(192, 168, 13, 37),`
			`Port: 1234,`
			`}`
			`Expect(serv.Addr().String()).To(Equal("192.168.13.37:1234"))`
			`})`

			`It("creates new sessions", func() {`
			`s := NewMockQuicSession(mockCtrl)`
			`s.EXPECT().handlePacket(gomock.Any())`
			`run := make(chan struct{})`
			`s.EXPECT().run().Do(func() { close(run) })`
			`sessions = append(sessions, s)`

			`sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(cid protocol.ConnectionID, _ packetHandler) {`
			`Expect(cid).To(Equal(connID))`
			`})`
			`Expect(serv.handlePacketImpl(firstPacket)).To(Succeed())`
			`Eventually(run).Should(BeClosed())`
			`})`

			`It("accepts new TLS sessions", func() {`
			`connID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}`
			`sess := NewMockQuicSession(mockCtrl)`
			`err := serv.setupTLS()`
			`Expect(err).ToNot(HaveOccurred())`
			`added := make(chan struct{})`
			`sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, ph packetHandler) {`
			`Expect(ph.GetPerspective()).To(Equal(protocol.PerspectiveServer))`
			`close(added)`
			`})`
			`serv.serverTLS.sessionChan <- tlsSession{`
			`connID: connID,`
			`sess: sess,`
			`}`
			`Eventually(added).Should(BeClosed())`
			`})`

			`It("accepts a session once the connection it is forward secure", func() {`
			`s := NewMockQuicSession(mockCtrl)`
			`s.EXPECT().handlePacket(gomock.Any())`
			`run := make(chan struct{})`
			`s.EXPECT().run().Do(func() { close(run) })`
			`sessions = append(sessions, s)`
			`done := make(chan struct{})`
			`go func() {`
			`defer GinkgoRecover()`
			`_, err := serv.Accept()`
			`Expect(err).ToNot(HaveOccurred())`
			`close(done)`
			`}()`
			`sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(_ protocol.ConnectionID, sess packetHandler) {`
			`Consistently(done).ShouldNot(BeClosed())`
			`sess.(serverSession).quicSession.(mockSession).runner.onHandshakeComplete(sess.(Session))`
			`})`
			`err := serv.handlePacketImpl(firstPacket)`
			`Expect(err).ToNot(HaveOccurred())`
			`Eventually(done).Should(BeClosed())`
			`Eventually(run).Should(BeClosed())`
			`})`

			`It("doesn't accept sessions that error during the handshake", func() {`
			`run := make(chan error, 1)`
			`sess := NewMockQuicSession(mockCtrl)`
			`sess.EXPECT().handlePacket(gomock.Any())`
			`sess.EXPECT().run().DoAndReturn(func() error { return <-run })`
			`sessions = append(sessions, sess)`
			`done := make(chan struct{})`
			`go func() {`
			`defer GinkgoRecover()`
			`serv.Accept()`
			`close(done)`
			`}()`
			`sessionHandler.EXPECT().Add(connID, gomock.Any()).Do(func(protocol.ConnectionID, packetHandler) {`
			`run <- errors.New("handshake error")`
			`})`
			`Expect(serv.handlePacketImpl(firstPacket)).To(Succeed())`
			`Consistently(done).ShouldNot(BeClosed())`

			`// make the go routine return`
			`close(serv.errorChan)`
			`Eventually(done).Should(BeClosed())`
			`})`

			`It("closes the sessionHandler when Close is called", func() {`
			`sessionHandler.EXPECT().CloseServer()`
			`Expect(serv.Close()).To(Succeed())`
			`})`

			`It("closes twice", func() {`
			`sessionHandler.EXPECT().CloseServer()`
			`Expect(serv.Close()).To(Succeed())`
			`Expect(serv.Close()).To(Succeed())`
			`})`

			`It("works if no quic.Config is given", func(done Done) {`
			`ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), nil)`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(ln.Close()).To(Succeed())`
			`close(done)`
			`}, 1)`

			`It("closes properly", func() {`
			`ln, err := ListenAddr("127.0.0.1:0", testdata.GetTLSConfig(), config)`
			`Expect(err).ToNot(HaveOccurred())`

			`done := make(chan struct{})`
			`go func() {`
			`defer GinkgoRecover()`
			`ln.Accept()`
			`close(done)`
			`}()`
			`ln.Close()`
			`Eventually(done).Should(BeClosed())`
			`})`

			`It("closes the connection when it was created with ListenAddr", func() {`
			`addr, err := net.ResolveUDPAddr("udp", "localhost:12345")`
			`Expect(err).ToNot(HaveOccurred())`

			`serv, err := ListenAddr("localhost:0", nil, nil)`
			`Expect(err).ToNot(HaveOccurred())`
			`// test that we can write on the packet conn`
			`_, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr)`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(serv.Close()).To(Succeed())`
			`// test that we can't write any more on the packet conn`
			`_, err = serv.(*server).conn.WriteTo([]byte("foobar"), addr)`
			`Expect(err.Error()).To(ContainSubstring("use of closed network connection"))`
			`})`

			`It("returns Accept when it is closed", func() {`
			`done := make(chan struct{})`
			`go func() {`
			`defer GinkgoRecover()`
			`_, err := serv.Accept()`
			`Expect(err).To(MatchError("server closed"))`
			`close(done)`
			`}()`
			`sessionHandler.EXPECT().CloseServer()`
			`Expect(serv.Close()).To(Succeed())`
			`Eventually(done).Should(BeClosed())`
			`})`

			`It("returns Accept with the right error when closeWithError is called", func() {`
			`testErr := errors.New("connection error")`
			`done := make(chan struct{})`
			`go func() {`
			`defer GinkgoRecover()`
			`_, err := serv.Accept()`
			`Expect(err).To(MatchError(testErr))`
			`close(done)`
			`}()`
			`sessionHandler.EXPECT().CloseServer()`
			`serv.closeWithError(testErr)`
			`Eventually(done).Should(BeClosed())`
			`})`

			`It("doesn't try to process a packet after sending a gQUIC Version Negotiation Packet", func() {`
			`config.Versions = []protocol.VersionNumber{99}`
			`p := &receivedPacket{`
			`header: &wire.Header{`
			`VersionFlag: true,`
			`DestConnectionID: connID,`
			`PacketNumber: 1,`
			`PacketNumberLen: protocol.PacketNumberLen2,`
			`},`
			`data: make([]byte, protocol.MinClientHelloSize),`
			`}`
			`Expect(serv.handlePacketImpl(p)).To(Succeed())`
			`Expect(conn.dataWritten.Bytes()).ToNot(BeEmpty())`
			`})`

			`It("sends a PUBLIC_RESET for new connections that don't have the VersionFlag set", func() {`
			`err := serv.handlePacketImpl(&receivedPacket{`
			`remoteAddr: udpAddr,`
			`header: &wire.Header{`
			`IsPublicHeader: true,`
			`Version: versionGQUICFrames,`
			`},`
			`})`
			`Expect(err).ToNot(HaveOccurred())`

			`Expect(conn.dataWritten.Len()).ToNot(BeZero())`
			`Expect(conn.dataWrittenTo).To(Equal(udpAddr))`
			`Expect(conn.dataWritten.Bytes()[0] & 0x02).ToNot(BeZero()) // check that the ResetFlag is set`
			`})`

			`It("sends a gQUIC Version Negotaion Packet, if the client sent a gQUIC Public Header", func() {`
			`connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}`
			`err := serv.handlePacketImpl(&receivedPacket{`
			`remoteAddr: udpAddr,`
			`header: &wire.Header{`
			`IsPublicHeader: true,`
			`VersionFlag: true,`
			`DestConnectionID: connID,`
			`PacketNumber: 1,`
			`PacketNumberLen: protocol.PacketNumberLen2,`
			`Version: protocol.Version39 - 1,`
			`},`
			`})`
			`Expect(err).ToNot(HaveOccurred())`

			`Expect(conn.dataWritten.Len()).ToNot(BeZero())`
			`Expect(conn.dataWrittenTo).To(Equal(udpAddr))`
			`r := bytes.NewReader(conn.dataWritten.Bytes())`
			`iHdr, err := wire.ParseInvariantHeader(r, 0)`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(iHdr.IsLongHeader).To(BeFalse())`
			`replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames)`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(replyHdr.IsVersionNegotiation).To(BeTrue())`
			`Expect(replyHdr.DestConnectionID).To(Equal(connID))`
			`Expect(r.Len()).To(BeZero())`
			`})`

			`It("sends an IETF draft style Version Negotaion Packet, if the client sent a IETF draft style header", func() {`
			`connID := protocol.ConnectionID{8, 7, 6, 5, 4, 3, 2, 1}`
			`err := serv.handlePacketImpl(&receivedPacket{`
			`remoteAddr: udpAddr,`
			`header: &wire.Header{`
			`Type: protocol.PacketTypeInitial,`
			`IsLongHeader: true,`
			`DestConnectionID: connID,`
			`SrcConnectionID: connID,`
			`PacketNumber: 0x55,`
			`PacketNumberLen: protocol.PacketNumberLen1,`
			`Version: 0x1234,`
			`PayloadLen: protocol.MinInitialPacketSize,`
			`},`
			`})`
			`Expect(err).ToNot(HaveOccurred())`

			`Expect(conn.dataWritten.Len()).ToNot(BeZero())`
			`Expect(conn.dataWrittenTo).To(Equal(udpAddr))`
			`r := bytes.NewReader(conn.dataWritten.Bytes())`
			`iHdr, err := wire.ParseInvariantHeader(r, 0)`
			`Expect(err).ToNot(HaveOccurred())`
			`replyHdr, err := iHdr.Parse(r, protocol.PerspectiveServer, versionIETFFrames)`
			`Expect(err).ToNot(HaveOccurred())`
			`Expect(replyHdr.IsVersionNegotiation).To(BeTrue())`
			`Expect(replyHdr.DestConnectionID).To(Equal(connID))`
			`Expect(replyHdr.SrcConnectionID).To(Equal(connID))`
			`Expect(r.Len()).To(BeZero())`
			`})`
			`})`

			`It("setups with the right values", func() {`
			`supportedVersions := []protocol.VersionNumber{protocol.VersionTLS, protocol.Version39}`
			`acceptCookie := func(_ net.Addr, _ *Cookie) bool { return true }`
			`config := Config{`
			`Versions: supportedVersions,`
			`AcceptCookie: acceptCookie,`
			`HandshakeTimeout: 1337 * time.Hour,`
			`IdleTimeout: 42 * time.Minute,`
			`KeepAlive: true,`
			`}`
			`ln, err := Listen(conn, &tls.Config{}, &config)`
			`Expect(err).ToNot(HaveOccurred())`
			`server := ln.(*server)`
			`Expect(server.sessionHandler).ToNot(BeNil())`
			`Expect(server.scfg).ToNot(BeNil())`
			`Expect(server.config.Versions).To(Equal(supportedVersions))`
			`Expect(server.config.HandshakeTimeout).To(Equal(1337 * time.Hour))`
			`Expect(server.config.IdleTimeout).To(Equal(42 * time.Minute))`
			`Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(acceptCookie)))`
			`Expect(server.config.KeepAlive).To(BeTrue())`
			`})`

			`It("errors when the Config contains an invalid version", func() {`
			`version := protocol.VersionNumber(0x1234)`
			`_, err := Listen(conn, &tls.Config{}, &Config{Versions: []protocol.VersionNumber{version}})`
			`Expect(err).To(MatchError("0x1234 is not a valid QUIC version"))`
			`})`

			`It("fills in default values if options are not set in the Config", func() {`
			`ln, err := Listen(conn, &tls.Config{}, &Config{})`
			`Expect(err).ToNot(HaveOccurred())`
			`server := ln.(*server)`
			`Expect(server.config.Versions).To(Equal(protocol.SupportedVersions))`
			`Expect(server.config.HandshakeTimeout).To(Equal(protocol.DefaultHandshakeTimeout))`
			`Expect(server.config.IdleTimeout).To(Equal(protocol.DefaultIdleTimeout))`
			`Expect(reflect.ValueOf(server.config.AcceptCookie)).To(Equal(reflect.ValueOf(defaultAcceptCookie)))`
			`Expect(server.config.KeepAlive).To(BeFalse())`
			`})`

			`It("listens on a given address", func() {`
			`addr := "127.0.0.1:13579"`
			`ln, err := ListenAddr(addr, nil, config)`
			`Expect(err).ToNot(HaveOccurred())`
			`serv := ln.(*server)`
			`Expect(serv.Addr().String()).To(Equal(addr))`
			`})`

			`It("errors if given an invalid address", func() {`
			`addr := "127.0.0.1"`
			`_, err := ListenAddr(addr, nil, config)`
			`Expect(err).To(BeAssignableToTypeOf(&net.AddrError{}))`
			`})`

			`It("errors if given an invalid address", func() {`
			`addr := "1.1.1.1:1111"`
			`_, err := ListenAddr(addr, nil, config)`
			`Expect(err).To(BeAssignableToTypeOf(&net.OpError{}))`
			`})`
			`})`

			`var _ = Describe("default source address verification", func() {`
			`It("accepts a token", func() {`
			`remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}`
			`cookie := &Cookie{`
			`RemoteAddr: "192.168.0.1",`
			`SentTime: time.Now().Add(-protocol.CookieExpiryTime).Add(time.Second), // will expire in 1 second`
			`}`
			`Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeTrue())`
			`})`

			`It("requests verification if no token is provided", func() {`
			`remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}`
			`Expect(defaultAcceptCookie(remoteAddr, nil)).To(BeFalse())`
			`})`

			`It("rejects a token if the address doesn't match", func() {`
			`remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}`
			`cookie := &Cookie{`
			`RemoteAddr: "127.0.0.1",`
			`SentTime: time.Now(),`
			`}`
			`Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())`
			`})`

			`It("accepts a token for a remote address is not a UDP address", func() {`
			`remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}`
			`cookie := &Cookie{`
			`RemoteAddr: "192.168.0.1:1337",`
			`SentTime: time.Now(),`
			`}`
			`Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeTrue())`
			`})`

			`It("rejects an invalid token for a remote address is not a UDP address", func() {`
			`remoteAddr := &net.TCPAddr{IP: net.IPv4(192, 168, 0, 1), Port: 1337}`
			`cookie := &Cookie{`
			`RemoteAddr: "192.168.0.1:7331", // mismatching port`
			`SentTime: time.Now(),`
			`}`
			`Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())`
			`})`

			`It("rejects an expired token", func() {`
			`remoteAddr := &net.UDPAddr{IP: net.IPv4(192, 168, 0, 1)}`
			`cookie := &Cookie{`
			`RemoteAddr: "192.168.0.1",`
			`SentTime: time.Now().Add(-protocol.CookieExpiryTime).Add(-time.Second), // expired 1 second ago`
			`}`
			`Expect(defaultAcceptCookie(remoteAddr, cookie)).To(BeFalse())`
			`})`
			`})`