They've been replaced by the Python scripts.
Change-Id: I8add9c9ea0a6bdd68b2fa3841977863c0ea9a761
Reviewed-on: https://code.wireshark.org/review/27243
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert capinfos output to UTF-8 in getCaptureInfo.
Normalize our command paths, otherwise "./run/RelWithDebInfo/..." might
be interpreted as the command "." with flags "/run", "/RelWithDebInfo",
etc. on Windows.
Change-Id: Ib7336a016db3ee0805739fc44913cb9c6895aaad
Reviewed-on: https://code.wireshark.org/review/27239
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move UAT file creation to config.py.
Run the text2pcap and some of the clopts tests under our default
environment.
Use "in" instead of "has_key".
Change-Id: Ie5c70fb33c29676672bed7bf8205cff0bba77f8a
Reviewed-on: https://code.wireshark.org/review/27234
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit b4fc532372.
No longer required.
Change-Id: I0ec135d7b54f2aa1b8369fe8192fd2e725ffd5a8
Reviewed-on: https://code.wireshark.org/review/24409
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add some debug info to the failing tests by displaying
the LANG var.
Change-Id: I0a7316d06a6aca035b46c3e6211ac8e93425e295
Reviewed-on: https://code.wireshark.org/review/24407
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
It was removed from packet_info when circuit API was removed. Remove
tests that call circuit_id for testing.
Change-Id: I88e54b288d9d8f99b63e0828663b3025c57e0ec8
Reviewed-on: https://code.wireshark.org/review/24400
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Includes adding per-conversation data to store whether we are over
DTLS or UDP and registering as a heuristic sub-dissector for DTLS.
Future changes will add more use of the conversation structure.
Also included is a capture of UDT over DTLS in test/captures/udt-dtls.pcapng.gz,
the associated private key for the session in test/keys/udt-dtls.key and a
new test in the decryption suite to check this works.
Change-Id: I76826d3b35768d0b58f5335063884616968e5784
Reviewed-on: https://code.wireshark.org/review/22533
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Implements all seven AEAD_CHACHA20_POLY1305 cipher suites from RFC 7905
(for TLS 1.2) and the final missing one for TLS 1.3 (draft -20).
New test captures (created using OpenSSL_1_1_0-pre6-2528-g042597b0a)
also serve as tests for TLS 1.3 decryption support.
Change-Id: Ice6d639c9c7b7bc23a6ff5fb4832d02694abd8c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21902
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This function returns TRUE/FALSE depending whether the specified ProtoField/Dissector
needs to be dissected. By using this function in conjunction with the TreeItem.visible
attribute, Lua dissectors can be significantly sped up by making less C interop calls
which are relatively slow in terms of dissection especially when using sub-protocols
where the dissection of an entire protocol can be skipped.
Added tests for TreeItem:referenced to protofield.lua
Change-Id: I44feacb91a2a5b0e3c28c0ccd8d6b04cccd67261
Reviewed-on: https://code.wireshark.org/review/21387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add tests for abbrev and name validation.
Add tests for signed integer base values.
Change-Id: I0bd65c6633b44ae998880f528c22afc22c87529d
Reviewed-on: https://code.wireshark.org/review/20568
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only perform the protofield with a tree.
Change-Id: I93caeb505d1138a57c846ea6c295e5a44d72023c
Reviewed-on: https://code.wireshark.org/review/20564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Add ABSOLUTE_TIME_* defines to the base table in init.lua for use
in ProtoField.absolute_time.
Change-Id: I5c99eafdac97655d71fd4f3374294cd587afaf0a
Reviewed-on: https://code.wireshark.org/review/20543
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The "Microsecond pcap-ng via stdin" and "Nanosecond pcap-ng via stdin"
tests work here on macOS and Windows (likely due to g8a141fe), so
enable them.
Change-Id: I148d02f0cc23162d782457e1d8f0e7c2c0dc6932
Reviewed-on: https://code.wireshark.org/review/19877
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).
The decryption suite passes these tests on:
* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
so tests that depend on RSA keys fail here (but the new tests pass).
Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Added support for 3-byte integers in :int() and :le_int()
* Added support for 5, 6, and 7-byte integers in :int64() and :le_int64()
Change-Id: If9ab4ea806191bc63effe45a081b9c65693c2367
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Implement Tvb:ipv6()
* Handle FT_IPv6 protofields during insertion in the lua tree
* Implement Address.ipv6(hostname)
Change-Id: I585c392681b3aef02ed8ee956f74051d77fb28d4
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18442
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If the "test-programs" target is not built, then it should not try to
invoke the last program (wireshark-gtk in my case).
Change-Id: Ida60a71d1dc47305ef8abe10e6c96c8a1cb8dcbb
Reviewed-on: https://code.wireshark.org/review/18346
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Current Ubuntu buildbot is failing because GTK support was removed.
Tests should not fail if GTK is not available, so make it optional.
Change-Id: I1640c8bcea5208299f6846eb366e105c39a3ebf3
Reviewed-on: https://code.wireshark.org/review/18345
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Test Kerberos decryption using files from krb-816.zip on the
SampleCaptures page.
Change-Id: Ic1360b637ca6a1f6cb86d09a6aebfd7f5ff89419
Reviewed-on: https://code.wireshark.org/review/18275
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the metatables for classes were the same for the class and
its instances. This results in issues like calling __gc on the class
table on exit.
Make it possible to declare separate class methods (functions) and
instance methods. Observe that all attributes apply to the instances
only, so make these just available on the instance.
The attribute/methods lookup method (via __index/__newindex) have been
rewritten to use upvalues, removing the technical need for the
properties __getters/__setters/__methods. The "lua globals" test still
checks for these, but it could be removed in the future.
To fix bug 12968, the __gc method is removed from the class method.
Future patches should remove the WSLUA_REGISTER_CLASS,
WSLUA_REGISTER_META and WSLUA_REGISTER_ATTRIBUTES macros completely and
create split class functions/methods (such that __call for an instance
cannot accidentally be invoked on the class).
Removed duplicate "fragmented" property from Pinfo (which triggered an
error) and replaced exit() by g_error() for debugger friendliness.
Remove lua_shiftstring since checkstring always returns non-NULL.
Bug: 12968
Change-Id: I57f8a93d08bb84c79b0e94cf2c82d8402fc16646
Reviewed-on: https://code.wireshark.org/review/18026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
- Fix test script to use wlan instead of wlan_mgt
- Remove a now useless test in the dissector
Change-Id: I9a7644947c3002c759a7ae5728a8559682cfd4fd
Reviewed-on: https://code.wireshark.org/review/18215
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
It's broken for recent GLib versions and there is no time frame for
a fix.
Ping-Bug: 12997
Change-Id: Ia687af9b0df8fc37121179ba20761c878bf57057
Reviewed-on: https://code.wireshark.org/review/18140
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add regression tests for bugs 12610 and 12620
Bug: 12610
Bug: 12620
Change-Id: I6325a3ccb3e27fd4d3be52190e8763737b99fe73
Reviewed-on: https://code.wireshark.org/review/17083
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make it find test programs under the build tree.
Change-Id: Ie7ff547417e8f248bb58f6c96896977ca4e710d1
Reviewed-on: https://code.wireshark.org/review/17048
Reviewed-by: João Valverde <j@v6e.pt>
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This behavior severely limits the usefulness of the test suite. An option
to configure it would still be nice.
Change-Id: I2bc96a043cc4ec76f334a3bfe48967703ef1be5e
Reviewed-on: https://code.wireshark.org/review/16890
Reviewed-by: João Valverde <j@v6e.pt>
I'd just copied and pasted the copyright notice from test/test.sh; Ulf
wrote test/test.sh, but didn't write test/run_and_catch_crashes - I did,
but, hey, might as well give the copyright to Gerald. Fix the date as
well.
Change-Id: Id307f354289ca72931dd83f472d879d733618e3c
Reviewed-on: https://code.wireshark.org/review/16910
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add an ESP decryption test using the capture+keys from bug 12671.
Change-Id: I5f7ce477ec74d59c1043345728a1444842912b96
Ping-Bug: 12671
Reviewed-on: https://code.wireshark.org/review/16733
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
The way you say "this interface's name is unknown" is by not giving it
an if_name option, not by giving it an if_name option that says "this
isn't known". Remove the if_name option from the interfaces in this
capture file.
Change-Id: Ie3569c81bd065e48278cfa83b82b06ea6b5258af
Reviewed-on: https://code.wireshark.org/review/16455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The whole point of using mktemp is to get a temporary directory outside
the source tree. Commit v2.1.0rc0-1027-ge01f8fb tried to fix the
invocation for *BSD (including OS X), but by adding a template it
dropped the implicit --tmpdir option for GNU mktemp on Linux..
Use the GNU mktemp invocation and if it fails (for example, because a
template is expected for BSD/OS X), provide a template.
Change-Id: I77bbc7dc2045e4fa756e102afa080860b0857713
Reviewed-on: https://code.wireshark.org/review/16178
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Revert "Test: Make capture_step_stdin more verbose." and "Test: more
suite-capture debugging." Tests on the Windows 8.1 builder have been
passing since recommended OS updates were installed on the 24th.
This reverts commits 7f710ef2b5 and
f52c3c468a.
Change-Id: I7cf10a38ba001426baea5fc76a34610c3a26ced2
Reviewed-on: https://code.wireshark.org/review/15590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In capture_step_stdin, print information about our test capture if we
fail.
Change-Id: I046f9d22b1bb2d52d96926f50379ab51e6279eb3
Reviewed-on: https://code.wireshark.org/review/15125
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add some verbosity to the stdin capture test. Hopefully this will shed
some light on the Windows 8 builder failures.
Change-Id: Ife2bbbaeed7a1e4a7ddd1c1f86322ba25d154f4c
Reviewed-on: https://code.wireshark.org/review/15122
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "http" dissector is what's used for protocols other than TCP, SCTP,
and SSL/TLS.
Change-Id: Ib5138d3a082f1017b7ef190e5128a21eb9a49e92
Reviewed-on: https://code.wireshark.org/review/14947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcap files and snoop files have different headers, so there's no
IP_OVER_IB encapsulation type, there are separate types for pcap and
snoop.
Change-Id: I00146e478d05bb11c634df0c386329db8de5635d
Reviewed-on: https://code.wireshark.org/review/14774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Error out if it can't be created.
Change-Id: I1a087f0e0cc064be7a417b9a2e66cf3c940e02fa
Reviewed-on: https://code.wireshark.org/review/14565
Reviewed-by: João Valverde <j@v6e.pt>
When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We cannot easily predict what will happen, given the configuration of
the OS, the permissions on files, the availability of extcap devices,
the version of libpcap/WinPcap/NPcap (present or future), etc., etc.,
etc.. Allow those tests to succeed (as would be the case if you have
the necessary permissions) or fail with a non-command-line-syntax error
(as would be the case if you don't have the necessary permissions), but
not to fail with a command-line syntax error.
Change-Id: I76af898d5f146fcf3507c06f101acb578085e6fa
Reviewed-on: https://code.wireshark.org/review/13957
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add a test to check decryption of management frames
Bug: 11995
Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f
Reviewed-on: https://code.wireshark.org/review/13259
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all versions of mktemp support omitting the template; in particular,
the one provided by some BSD-flavored OSes don't.
Change-Id: I657e002559dce165c677a473aa10bb17cc506037
Reviewed-on: https://code.wireshark.org/review/12592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default prefix policy on modern versions of Windows prefers IPv6.
This in combination with the fact that our ping target (www.wireshark.org)
currently has both A and AAAA records might result in ICMPv6 traffic
instead of ICMPv4. Update the capture test suite accordingly.
Change-Id: I5c88f24fb9458526ffd44c5003f09247b6999ce7
Reviewed-on: https://code.wireshark.org/review/12553
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The old global tests don't work; get rid of them. Fix the values of the
Lua globals in the new test, and get rid of IEEE_802_11_AIROPEEK.
(Yes, if you have a Lua script that depends on IEEE_802_11_AIROPEEK
being defined, or that depends on the values of the Wiretap
encapsulations not changing, it breaks. Fix it.)
Change-Id: I245c1c0c3ba1c450f7950c754624c51b5564848a
Reviewed-on: https://code.wireshark.org/review/12210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Updated AirPDcapPacketProcess function description
- Try to return better error codes
- Remove broken/useless return of keys from AirPDcapRsna4WHandshake
Change-Id: I1e4e0a76f6d1307e11c0466f17935dd7030561e1
Reviewed-on: https://code.wireshark.org/review/12033
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the pcap captures from test/captures/ and
- Get information for the input pcap file with capinfos
- Generate an ASCII hexdump with text2pcap
- Convert the ASCII hexdump back to pcap using text2pcap
- Get information for the output pcap file with capinfs
- Check that file type, encapsulation type, number of packets and data size
in the output file are the same as in the input file
Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e
Reviewed-on: https://code.wireshark.org/review/11042
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The tests only allowed a single character suite selection, which
prevented suite 10 from being run on its own.
Modified test.sh to now require a newline in addition to the input
so that a 2 digit number can be entered.
Also fixed test display to remove illusion that an individual step
could be run. Only whole suites can be run.
Change-Id: I4dee0ec6a8e1f34fa443a6a0a3f2d52a73146e54
Reviewed-on: https://code.wireshark.org/review/10676
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This change will be undone once the problem is found.
Change-Id: Ica9cfe31b4e30fad2bb9de508af61baa1c455cc1
Reviewed-on: https://code.wireshark.org/review/10136
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add a test suite for mergecap (and indirectly capinfos I guess).
This is not exhaustive, but it's a start.
Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e
Reviewed-on: https://code.wireshark.org/review/10082
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See what it prints on Windows.
Change-Id: Id35d87595543eca3e5b5d80dbe9a7639e0a85994
Reviewed-on: https://code.wireshark.org/review/9693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Too bad DEC used / as an option character and Bell Labs chose it as a
pathname separator.
Change-Id: Ie58ba79476e0f24e408fae55f6c5eaff3ffb11fa
Reviewed-on: https://code.wireshark.org/review/9680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In the decryption_step_ssl_rsa_pq - and the
decryption_step_ssl_master_secret test - duplicate the code used to
generate TEST_KEYS_DIR, so that we construct a UN*X-style path and then,
if we're running on Windows, map the UN*X-style path, which is a Cygwin
path, to the equivalent Windows-style path, and pass that to TShark on
the command line.
Bug: 11372
Change-Id: I442a30c4c954540a05942ed70ec3687941428a96
Reviewed-on: https://code.wireshark.org/review/9675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Trying to debug the problem.
Change-Id: I26f78e49556cb1d40f0c8ddbfd58f058dceb0e77
Reviewed-on: https://code.wireshark.org/review/9674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TEST_KEYS_DIR already contains a trailing slash. Windows does not like
forward slashes, so drop the additional slash to fix tests under
Windows.
Fixes: v1.99.8rc0-417-g85f8a99
Bug: 11372
Change-Id: Ief794977281b70549369c344a193f4d48bcc1776
Reviewed-on: https://code.wireshark.org/review/9668
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add Lua functions so a plugin can introspect field information, such
as the type of field, flags, tvb, etc. Also add a couple of Tvb and
ByteArray methods. And cleanup the TreeItem code a little.
Change-Id: I7b58ce589ace91cce14b8abccd01ceabb63e2653
Reviewed-on: https://code.wireshark.org/review/6500
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
It's currently crashing in the Solaris buildbot when we do "tshark -v";
hopefully this will give us something more useful than
test.sh: line 144: 21543 Abort (core dumped) $TSHARK -v
"Version information" Failed!
Failed to print version information
Binary file ./core matches
as a diagnostic.
Change-Id: I278c8dd9f6acf5ddfa83bc0a7f3f7a3c48577ac2
Reviewed-on: https://code.wireshark.org/review/9052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buildbot printed "expr: syntax error", presumably from this, but
that oh-so-descriptive error message doesn't indicate what the problem
is, and just about any string should be valid as the left-hand operand
of the : operator.
Change-Id: I1140522357b8df07e4183bf0eb8c5fa9fbe275e4
Reviewed-on: https://code.wireshark.org/review/8827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
SSL traffic from tshark with -o ssl.keys_list.
For example, as used in a new test also added in this commit:
-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS"
Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e
Reviewed-on: https://code.wireshark.org/review/8746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That got the crash information in the WPA EAPOL Rekey test; use it for
all other tests where, otherwise, the crash information would be lost.
Change-Id: I230b7952b6d79ebf6dc003747dc05328616ef7c2
Reviewed-on: https://code.wireshark.org/review/8394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a script that takes a command as an argument and runs it in a
subshell, so that said subshell will catch any signals from it and
report it.
This would be done for commands that aren't the last command in the
pipeline, as, given that the exit status of a pipeline is the exit
status of the last command in the pipeline, there's no guarantee that
the shell will bother to pick up the exit status of earlier commands in
the pipeline.
Use that for the tshark in the WPA EAPOL Rekey test, so it at least can
report the signal (on Solaris, SIGSEGV means, among other things,
"dereferenced a pointer pointing out of the address space" and SIGBUS
means, among other things, "dereferenced a misaligned pointer on
SPARC"). Maybe we can make the script also fire up a debugger if it
finds a core dump (and a debugger) and get a stack trace.
Change-Id: I4188190a1f1a4d3afc4719d886161ee56bd89d8b
Reviewed-on: https://code.wireshark.org/review/8392
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "test-programs" target to each toolchain which builds each unit
test executable. "test-programs" must now be built before running
the unit test suite.
Change-Id: I9317a1e305d987f244c4bd8b4a7f05d11fed7090
Reviewed-on: https://code.wireshark.org/review/7673
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Process wslua/CMakeLists.txt using add_subdirectory instead of
include. Generate files in the build directory instead of the source
directory.
Copy lua scripts to DATAFILE_DIR instead of DATAFILE_DIR/lua. That's
where init.lua looks for console.lua.
Always set WIRESHARK_RUN_FROM_BUILD_DIRECTORY when testing. We
presumably want to test our source files and not files which may or
may not be in the system path.
When we're running from the build directory look for lua scripts in both
the Autotools and CMake build locations.
Change-Id: Ic15ab8c58ff1b170d000c9b3e0a329af2ec44b7b
Reviewed-on: https://code.wireshark.org/review/7590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the FPM dissector test, only check the fields produced by the
frame and FPM dissectors.
Change-Id: I212afb8a8a4a7a9aa54391b0d5971b982b819395
Reviewed-on: https://code.wireshark.org/review/7643
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We don't want to have to change the pcap-ng file against which we
compare, so we hardcode the year here to be the same as the year from
the pcap-ng capture.
Change-Id: Ibd83d06e035341f617b8285f6ba51c749c38a177
Reviewed-on: https://code.wireshark.org/review/7448
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
We should probably do the same for the other decryption tests but we're
having issues with HTTP2 right now.
Change-Id: I8e8f5da200a29a5ca1cddb39c082bb7ee12d1eaf
Reviewed-on: https://code.wireshark.org/review/6686
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The test script was running lua/nstime.lua rather than lua/pinfo.lua for
the Pinfo test, and the Pinfo test was testing the ipproto property for
a Pinfo, but that was removed.
Change-Id: Iccdccd265dd550e41640af3acd607362f1f2f02e
Reviewed-on: https://code.wireshark.org/review/6747
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix the Cygwin path added for tests so that Cygwin comes after the
existing path and that the correct link command is found for exntest.
Same change to runa2x.sh to be consistent.
Change-Id: I177a5e7d17a0077b0e8ca7d264d7e725a5312e24
Reviewed-on: https://code.wireshark.org/review/6503
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
1. Set the igncr option a little differently, this is the preferred
way according to the latest Cygwin bash update announcement
(See https://sourceware.org/ml/cygwin-announce/2014-10/msg00015.html, Sect 4a)
The previous way didn't work for me.
2. Ensure /usr/bin is on the path if running under Cygwin.
I really don't want Cygwin on my normal paths, the build process
adds if required, so this change makes the test scripts do the same.
Change-Id: I0f4da1fa87802bf0a4039bb5a91e577fae506d79
Reviewed-on: https://code.wireshark.org/review/6243
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Convert TEST_DIR path to a Windows path, this is used in all the lua tests.
Fix a typo
Change-Id: I38808822c998ed1df007732b3701b6b13d6c886b
Reviewed-on: https://code.wireshark.org/review/6235
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Rather than running `cd` and letting it potentially fail, just use the `-d` flag
to test that `run` exists and is a directory. Avoids useless stderr output.
Change-Id: Iab8b63681db6256aa1a6fc389d2536acbd491aba
Reviewed-on: https://code.wireshark.org/review/6239
Reviewed-by: Evan Huus <eapache@gmail.com>
it used to be SOURCE_DIR, which is still the fallback for WS_BIN_PATH, but this
way if you specify a custom WS_BIN_PATH it gets picked up for both
Change-Id: If9198565fc7b7b3911550fd200adb0f918622540
Reviewed-on: https://code.wireshark.org/review/6238
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I4ed10339d3c543d9d199e5262b6e7bb8247544ac
Reviewed-on: https://code.wireshark.org/review/5148
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Due to the change in change-id Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b, the setlocale() call has been moved earlier in tshark's processing, such that Lua plugins load with the environment locale instead of C-locale. Since that matches Wireshark's behavior, it's good, but it causes the Lua regex test suite to fail. So the test suite needs to be fixed.
Bug: 10824
Change-Id: I3dcad15a9e247a1e42d2f708ccfb7272de2fe960
Reviewed-on: https://code.wireshark.org/review/6226
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Feed the output of `tshark -G <glossary>` to `iconv -f UTF-8`. Adjust a
couple of the Bluetooth dissectors and X11 keysyms accordingly.
Change-Id: I5b04dc3fa4734c8f0a795daf44bd398fe5ebc1bd
Reviewed-on: https://code.wireshark.org/review/6146
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Because call_heur_dissector_direct() didn't set the pinfo->heur_list_name
before calling the heuristic dissector, heur_dissect_lua() would invoke
report_failure(). Unfortunately, calling report_failure() within a dissector
can cause problems because GTK continues invoking timed callbacks while
it displays the modal dialog created by report_failure()... without yet
returning from report_failure(). In such a case, it's possible for
epan_dissect_run() to be called while still within the execution of a
previous call to epan_dissect_run(), which casues an assert since
epan_dissect_run() is not reentrant.
So this commit both fixes the call_heur_dissector_direct() bug as well
as avoids using report_failure() within heur_dissect_lua(). It also
upadtes the dissector.lua script used in the testsuite to match the one
pubshied on the wiki, since that script's heuristic dissector triggered
the bug.
Bug: 10233
Change-Id: If022604347745fadac01c02d370ca1a5d3f88b5b
Reviewed-on: https://code.wireshark.org/review/6040
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping four times a second for ~60 seconds. Save the subprocess PID so that
we can kill it when we're done with each test instead of waiting for it
to finish.
Change-Id: I64f889c700e8a6fa1bc1c3916ef045341ef59cc6
Reviewed-on: https://code.wireshark.org/review/4557
Reviewed-by: Gerald Combs <gerald@wireshark.org>