From 8201711e8037a7e5d411cacfddae5e1e9cb676a3 Mon Sep 17 00:00:00 2001 From: Vasil Velichckov Date: Thu, 1 Oct 2015 06:43:39 +0300 Subject: text2pcap: Add test suite Use the pcap captures from test/captures/ and - Get information for the input pcap file with capinfos - Generate an ASCII hexdump with text2pcap - Convert the ASCII hexdump back to pcap using text2pcap - Get information for the output pcap file with capinfs - Check that file type, encapsulation type, number of packets and data size in the output file are the same as in the input file Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e Reviewed-on: https://code.wireshark.org/review/11042 Reviewed-by: Alexis La Goutte Reviewed-by: Michael Mann --- test/suite-text2pcap.sh | 331 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 331 insertions(+) create mode 100755 test/suite-text2pcap.sh (limited to 'test/suite-text2pcap.sh') diff --git a/test/suite-text2pcap.sh b/test/suite-text2pcap.sh new file mode 100755 index 0000000000..63e0d93730 --- /dev/null +++ b/test/suite-text2pcap.sh @@ -0,0 +1,331 @@ +#!/bin/bash +# +# Run the text2pcap unit tests +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# + +# Regex used to prase capinfos output +text2pcap_capinfos_regex="File type:.* - (.*) +File encapsulation:[[:blank:]]+(.*) +Number of packets:[[:blank:]]+(.*) +Data size:[[:blank:]]+([[:digit:]]+) bytes" + +# Return information for the given pcap file +# arg1 = file name +# +# Set the following global variables +# $text2pcap_capinfos_filetype File type +# $text2pcap_capinfos_encap File encapsulation +# $text2pcap_capinfos_packets Number of packets +# $text2pcap_capinfos_datasize Data size +text2pcap_capinfos() { + #Initialize return variables + text2pcap_capinfos_filetype="" + text2pcap_capinfos_encap="" + text2pcap_capinfos_packets="" + text2pcap_capinfos_datasize="" + + output=$($CAPINFOS -tEcdM $1) + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "exit status of capinfos: $RETURNVALUE" + return 1 + fi + + if [[ "$output" =~ $text2pcap_capinfos_regex ]] + then + #Array length ${#BASH_REMATCH[@]} + text2pcap_capinfos_filetype=${BASH_REMATCH[1]} + text2pcap_capinfos_encap=${BASH_REMATCH[2]} + text2pcap_capinfos_packets=${BASH_REMATCH[3]} + text2pcap_capinfos_datasize=${BASH_REMATCH[4]} + return 0 + fi + + echo "$output" > testout.txt + test_step_failed "Cannot parse capinfos ouput" + return 1 +} + +# common checking code: +# arg 1 = return value from text2pcap command +# arg 2 = file type string +# arg 3 = file encap +# arg 4 = number of file packets generated +text2pcap_common_check() { + if [ ! $1 -eq $EXIT_OK ]; then + echo + cat ./testout.txt + test_step_failed "exit status of text2pcap: $1" + return + fi + + grep -q "potential packet" testout.txt + if [ ! $? -eq 0 ]; then + cat ./testout.txt + test_step_failed "text2pcap didn't complete" + fi + + text2pcap_capinfos "./testout.pcap" + if [ ! $? -eq $EXIT_OK ]; then + test_step_failed "text2pcap_capinfos return error" + return 1 + fi + + if [ "$2" != "$text2pcap_capinfos_filetype" ]; then + test_step_failed "text2pcap output file type is not '$2'" + return 1 + fi + + if [ "$3" != "$text2pcap_capinfos_encap" ]; then + test_step_failed "text2pcap output encapsulation type is not '$3'" + return 1 + fi + + if [ "$4" != "$text2pcap_capinfos_packets" ]; then + test_step_failed "text2pcap did not generate $4 packets" + return 1 + fi + + if [ "$5" != "$text2pcap_capinfos_datasize" ]; then + test_step_failed "text2pcap output Data size: is not $5 bytes" + return 1 + fi +} + +# common checking code for legacy PCAP output +# arg1=returnvalue, arg2=encap type, arg3=# of file pkts arg4=data size +text2pcap_common_pcap_check() { + text2pcap_common_check "$1" 'pcap' "$2" "$3" "$4" +} + +# common checking code for PCAPNG output +# arg1=returnvalue, arg2=encap type, arg3=# of file pkts arg4=data size +text2pcap_common_pcapng_check() { + text2pcap_common_check "$1" 'pcapng' "$2" "$3" "$4" +} + +# convert pcap file to text format suitable for text2pcap +text2pcap_generate_input() { + $TSHARK -o 'gui.column.format:"Time","%t"' -tad -P -x -r $1 > testin.txt + #$TSHARK -P -tad -u hms -x -r $1 > testin.txt +} + +# Perfom the following actions +# - Get information for the input pcap file with capinfos +# - Generate an ASCII hexdump with text2pcap +# - Convert the ASCII hexdump back to pcap using text2pcap +# - Get information for the output pcap file with capinfs +# - Check that file type, encapsulation type, number of packets and data size +# in the output file are the same as in the input file +# +# arg1=input file name arg2=# of file pkts arg3=data size +text2pcap_basic_test() { + filename="${CAPTURE_DIR}$1" + text2pcap_capinfos "$filename" + if [ ! $? -eq $EXIT_OK ]; then + test_step_failed "text2pcap_capinfos return error" + return 1 + fi + + text2pcap_generate_input "$filename" + #echo $text2pcap_capinfos_filetype + #echo $text2pcap_capinfos_encap + #echo $text2pcap_capinfos_packets + #echo $text2pcap_capinfos_datasize + + #Overwrite number of packets or data size if optional parameters are present + if [ "x$2" != "x" ]; then + text2pcap_capinfos_packets=$2 + fi + if [ "x$3" != "x" ]; then + text2pcap_capinfos_datasize=$3 + fi + + # link_type values are defined in pcap/bpf.h and wiretap/pcap-common.c + case "$text2pcap_capinfos_encap" in + Ethernet) + link_type="1" + ;; + Raw\ IP) + link_type="14" + ;; + Linux\ cooked-mode\ capture) + link_type="113" + ;; + IEEE\ 802.11\ plus\ radiotap\ radio\ header) + link_type="127" + ;; + DVB-CI*) + link_type="235" + ;; + Per\ packet*) + printf " Per packet encapsulation is not yet supported" + test_step_skipped + return + ;; + *) + printf " Unsupported link_type $text2pcap_capinfos_encap" + test_step_skipped + return + ;; + esac + case "$text2pcap_capinfos_filetype" in + "pcap"|"pcap (gzip compressed)") + $TEXT2PCAP -d -l $link_type -t "%Y-%m-%d %H:%M:%S."\ + testin.txt testout.pcap >testout.txt 2>&1 + text2pcap_common_pcap_check "$RETURNVALUE"\ + "$text2pcap_capinfos_encap"\ + "$text2pcap_capinfos_packets"\ + "$text2pcap_capinfos_datasize" + test_step_ok + ;; + "nanosecond libpcap"|"pcapng"|"pcapng (gzip compressed)") + $TEXT2PCAP -n -d -l $link_type -t "%Y-%m-%d %H:%M:%S."\ + testin.txt testout.pcap >testout.txt 2>&1 + text2pcap_common_pcapng_check "$RETURNVALUE"\ + "$text2pcap_capinfos_encap"\ + "$text2pcap_capinfos_packets"\ + "$text2pcap_capinfos_datasize" + test_step_ok + ;; + *) + printf " Unsupported filetype $text2pcap_capinfos_filetype" + test_step_skipped + esac +} + +text2pcap_dhcp_pcap_test() { + text2pcap_basic_test "dhcp.pcap" +} +text2pcap_dhcp_pcapng_test() { + text2pcap_basic_test "dhcp.pcapng" +} +text2pcap_segmented_fpm_pcap_test() { + text2pcap_basic_test "segmented_fpm.pcap" +} +text2pcap_c1222_std_example8_pcap_test() { + text2pcap_basic_test "c1222_std_example8.pcap" +} +text2pcap_dhcp_nanosecond_pcap_test() { + text2pcap_basic_test "dhcp-nanosecond.pcap" +} +text2pcap_dns_port_pcap_test() { + text2pcap_basic_test "dns_port.pcap" +} +text2pcap_dvb_ci_UV1_0000_pcap_test() { + text2pcap_basic_test "dvb-ci_UV1_0000.pcap" +} +text2pcap_empty_pcap_test() { + text2pcap_basic_test "empty.pcap" +} +text2pcap_ikev1_certs_pcap() { + text2pcap_basic_test "ikev1-certs.pcap" +} +text2pcap_rsa_p_lt_q_pcap() { + text2pcap_basic_test "rsa-p-lt-q.pcap" +} +text2pcap_rsasnakeoil2_pcap() { + text2pcap_basic_test "rsasnakeoil2.pcap" +} +text2pcap_sample_control4_2012_03_24_pcap_test() { + # tshark currently output decrypted ZigBee packets and + # as a result the number of packets and data size are different + text2pcap_basic_test "sample_control4_2012-03-24.pcap" 239 10103 +} +text2pcap_snakeoil_dtls_test() { + text2pcap_basic_test "snakeoil-dtls.pcap" +} +text2pcap_wpa_eap_tls_pcap_gz_test() { + # tshark reassemble some packets and because of this + # the number of packets and data size are different + text2pcap_basic_test "wpa-eap-tls.pcap.gz" 88 38872 +} +text2pcap_wpa_induction_pcap_gz_test() { + text2pcap_basic_test "wpa-Induction.pcap.gz" +} +text2pcap_dhcp_nanosecond_pcapng_test() { + text2pcap_basic_test "dhcp-nanosecond.pcapng" +} +text2pcap_dhe1_pcapng_gz_test() { + text2pcap_basic_test "dhe1.pcapng.gz" +} +text2pcap_dmgr_pcapng_test() { + # linux cooked mode capture + text2pcap_basic_test "dmgr.pcapng" +} +text2pcap_dns_icmp_pcapng_gz_test() { + # Different data size + # Most probably the problem is that input file timestamp precision is in microseconds + # File timestamp precision: microseconds (6) + text2pcap_basic_test "dns+icmp.pcapng.gz" "" 3202 +} +text2pcap_packet_h2_14_headers_pcapng_test() { + text2pcap_basic_test "packet-h2-14_headers.pcapng" +} +text2pcap_sip_pcapng_test() { + # Raw IP encap + text2pcap_basic_test "sip.pcapng" +} + +text2pcap_cleanup_step() { + rm -f ./testin.txt + rm -f ./testout.txt + rm -f ./capinfo_testout.txt + rm -f ./testout.pcap +} + +text2pcap_suite() { + test_step_set_pre text2pcap_cleanup_step + test_step_set_post text2pcap_cleanup_step + test_step_add "testing with empty.pcap" text2pcap_empty_pcap_test + test_step_add "testing with dhcp.pcap" text2pcap_dhcp_pcap_test + test_step_add "testing with dhcp.pcapng" text2pcap_dhcp_pcapng_test + test_step_add "testing with dhcp-nanosecond.pcap" text2pcap_dhcp_nanosecond_pcap_test + test_step_add "testing with dhcp-nanosecond.pcapng" text2pcap_dhcp_nanosecond_pcapng_test + test_step_add "testing with segmented_fpm.pcap" text2pcap_segmented_fpm_pcap_test + test_step_add "testing with c1222_std_example8.pcap" text2pcap_c1222_std_example8_pcap_test + test_step_add "testing with dns_port.pcap" text2pcap_dns_port_pcap_test + test_step_add "testing with dvb-ci_UV1_0000.pcap" text2pcap_dvb_ci_UV1_0000_pcap_test + test_step_add "testing with ikev1-certs.pcap" text2pcap_ikev1_certs_pcap + test_step_add "testing with rsa-p-lt-q.pcap" text2pcap_rsa_p_lt_q_pcap + test_step_add "testing with rsasnakeoil2.pcap" text2pcap_rsasnakeoil2_pcap + test_step_add "testing with sample_control4_2012-03-24.pcap" text2pcap_sample_control4_2012_03_24_pcap_test + test_step_add "testing with snakeoil-dtls.pcap" text2pcap_snakeoil_dtls_test + test_step_add "testing with wpa-eap-tls.pcap.gz" text2pcap_wpa_eap_tls_pcap_gz_test + test_step_add "testing with wpa-Induction.pcap.gz" text2pcap_wpa_induction_pcap_gz_test + test_step_add "testing with dhe1.pcapng.gz" text2pcap_dhe1_pcapng_gz_test + test_step_add "testing with dmgr.pcapng" text2pcap_dmgr_pcapng_test + test_step_add "testing with dns+icmp.pcapng.gz" text2pcap_dns_icmp_pcapng_gz_test + test_step_add "testing with packet-h2-14_headers.pcapng" text2pcap_packet_h2_14_headers_pcapng_test + test_step_add "testing with sip.pcapng" text2pcap_sip_pcapng_test +} + +# +# Editor modelines - https://www.wireshark.org/tools/modelines.html +# +# Local variables: +# c-basic-offset: 8 +# tab-width: 8 +# indent-tabs-mode: t +# End: +# +# vi: set shiftwidth=8 tabstop=8 noexpandtab: +# :indentSize=8:tabSize=8:noTabs=false: +# -- cgit v1.2.1