From 4a2b18a9c04997183b2ff1b6e50843e6970b74f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Valverde?= Date: Thu, 7 Oct 2021 12:09:20 +0100 Subject: [PATCH] dfilter: Skip equality test and add explanation Also fix a byte typo in the 'eth' filter expression. --- test/suite_dfilter/group_tvb.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/test/suite_dfilter/group_tvb.py b/test/suite_dfilter/group_tvb.py index bf47b5faa9..57fcfdb5a7 100644 --- a/test/suite_dfilter/group_tvb.py +++ b/test/suite_dfilter/group_tvb.py @@ -11,12 +11,18 @@ from suite_dfilter.dfiltertest import * class case_tvb(unittest.TestCase): trace_file = "http.pcap" + @unittest.skip("Protocol equality doesn't work yet in Wireshark") def test_eq_1(self, checkDFilterCount): - # We expect 0 because even though this byte - # string matches the 'eth' protocol, protocols cannot - # work in an '==' comparison yet. - dfilter = "eth == 00:e0:81:00:b0:28:00:09:6b:88:f6:c9:08:00" - checkDFilterCount(dfilter, 0) + # Protocols cannot work in an '==' comparison yet. The protocol + # fvalue length runs to the end of the TVBuff. This needs to be fixed. + dfilter = "eth == 00:e0:81:00:b0:28:00:09:6b:88:f5:c9:08:00" + checkDFilterCount(dfilter, 1) + + @unittest.skip("Protocol equality doesn't work yet in Wireshark") + def test_eq_2(self, checkDFilterCount): + # This is a more stringent test than 'eth' above because TCP has variable length. + dfilter = "tcp == 0c:c3:00:50:a8:00:76:87:7d:e0:14:02:50:18:fa:f0:ad:62:00:00" + checkDFilterCount(dfilter, 1) def test_slice_1(self, checkDFilterCount): dfilter = "ip[0:2] == 45:00" @@ -30,14 +36,11 @@ class case_tvb(unittest.TestCase): dfilter = "ip[2:2] == 00:c1" checkDFilterCount(dfilter, 1) - @unittest.skip("This doesn't work yet in Wireshark") + @unittest.skip("Negative offsets don't work yet in Wireshark") def test_slice_4(self, checkDFilterCount): - dfilter = "ip[-5] == 0x86" - checkDFilterCount(dfilter, 0) - - @unittest.skip("This doesn't work yet in Wireshark") - def test_slice_5(self, checkDFilterCount): - dfilter = "ip[-1] == 0x86" + # Fixing protocol equality would also fix this. Wireshark's understanding + # of protocol length is wrong so the "offset from the end" is also wrong. + dfilter = "ip[-1] == 0x5e" checkDFilterCount(dfilter, 1) def test_contains_1(self, checkDFilterCount):