The "http" dissector is what's used for protocols other than TCP, SCTP,
and SSL/TLS.
Change-Id: Ib5138d3a082f1017b7ef190e5128a21eb9a49e92
Reviewed-on: https://code.wireshark.org/review/14947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add a test to check decryption of management frames
Bug: 11995
Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f
Reviewed-on: https://code.wireshark.org/review/13259
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Updated AirPDcapPacketProcess function description
- Try to return better error codes
- Remove broken/useless return of keys from AirPDcapRsna4WHandshake
Change-Id: I1e4e0a76f6d1307e11c0466f17935dd7030561e1
Reviewed-on: https://code.wireshark.org/review/12033
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
See what it prints on Windows.
Change-Id: Id35d87595543eca3e5b5d80dbe9a7639e0a85994
Reviewed-on: https://code.wireshark.org/review/9693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Too bad DEC used / as an option character and Bell Labs chose it as a
pathname separator.
Change-Id: Ie58ba79476e0f24e408fae55f6c5eaff3ffb11fa
Reviewed-on: https://code.wireshark.org/review/9680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In the decryption_step_ssl_rsa_pq - and the
decryption_step_ssl_master_secret test - duplicate the code used to
generate TEST_KEYS_DIR, so that we construct a UN*X-style path and then,
if we're running on Windows, map the UN*X-style path, which is a Cygwin
path, to the equivalent Windows-style path, and pass that to TShark on
the command line.
Bug: 11372
Change-Id: I442a30c4c954540a05942ed70ec3687941428a96
Reviewed-on: https://code.wireshark.org/review/9675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Trying to debug the problem.
Change-Id: I26f78e49556cb1d40f0c8ddbfd58f058dceb0e77
Reviewed-on: https://code.wireshark.org/review/9674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TEST_KEYS_DIR already contains a trailing slash. Windows does not like
forward slashes, so drop the additional slash to fix tests under
Windows.
Fixes: v1.99.8rc0-417-g85f8a99
Bug: 11372
Change-Id: Ief794977281b70549369c344a193f4d48bcc1776
Reviewed-on: https://code.wireshark.org/review/9668
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
SSL traffic from tshark with -o ssl.keys_list.
For example, as used in a new test also added in this commit:
-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS"
Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e
Reviewed-on: https://code.wireshark.org/review/8746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That got the crash information in the WPA EAPOL Rekey test; use it for
all other tests where, otherwise, the crash information would be lost.
Change-Id: I230b7952b6d79ebf6dc003747dc05328616ef7c2
Reviewed-on: https://code.wireshark.org/review/8394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a script that takes a command as an argument and runs it in a
subshell, so that said subshell will catch any signals from it and
report it.
This would be done for commands that aren't the last command in the
pipeline, as, given that the exit status of a pipeline is the exit
status of the last command in the pipeline, there's no guarantee that
the shell will bother to pick up the exit status of earlier commands in
the pipeline.
Use that for the tshark in the WPA EAPOL Rekey test, so it at least can
report the signal (on Solaris, SIGSEGV means, among other things,
"dereferenced a pointer pointing out of the address space" and SIGBUS
means, among other things, "dereferenced a misaligned pointer on
SPARC"). Maybe we can make the script also fire up a debugger if it
finds a core dump (and a debugger) and get a stack trace.
Change-Id: I4188190a1f1a4d3afc4719d886161ee56bd89d8b
Reviewed-on: https://code.wireshark.org/review/8392
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We should probably do the same for the other decryption tests but we're
having issues with HTTP2 right now.
Change-Id: I8e8f5da200a29a5ca1cddb39c082bb7ee12d1eaf
Reviewed-on: https://code.wireshark.org/review/6686
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This was suggested in review 2297. Capture and key are from bug 7951.
Bug: 7951
Change-Id: I820c5e839b20ec464cc1be438633d5311f657fb2
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Reviewed-on: https://code.wireshark.org/review/4143
Reviewed-by: Evan Huus <eapache@gmail.com>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rename the existing SSL test to clarify that it uses the server's
private key for decryption
Change-Id: I13598fc4cf724b144a8f27bfa7a3316acfc78728
Reviewed-on: https://code.wireshark.org/review/640
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Support running most tests out-of-tree. Use case is to have a source tree and
use a semi-unprivileged user to perform tests (to rule out interference).
From me:
- fix unit-test suite, it has to build the binaries it runs so it must
more-or-less ignore the out-of-tree stuff
- fix name-res suite, just missing a path qualifier
svn path=/trunk/; revision=52397
Guy Harris