Check for potential Unicode-related problems on Windows.
Change-Id: I147c07749c5073a9ae00f07914dd80347d17c40f
Ping-Bug: 15118
Reviewed-on: https://code.wireshark.org/review/31154
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This suite uses different output formats to check against fixed
samples.
Change-Id: I8adccfefea35a6d3cfacf3da61e8a72d830ed3a0
Reviewed-on: https://code.wireshark.org/review/31056
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This patch extends the test suite with:
* a way for tests to check if a given byte sequence dissects into an expected dissection result.
Unit tests included:
* ASTERIX I019
* ASTERIX I063
* ASTERIX I065
Change-Id: Ib168382ec15b0b610ff5913806120ba1bf1d1503
Reviewed-on: https://code.wireshark.org/review/31083
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reports the reason why tests are skipped (for example, if a certain
binary was not built).
Change-Id: I19095f43f69228116d71b52380814a61894754af
Reviewed-on: https://code.wireshark.org/review/31131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This should eventually replace the "ssl_keys" UAT which additionally
contains a useless address, port and protocol field. This prepares for
HSM support through PKCS #11.
Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582
Reviewed-on: https://code.wireshark.org/review/30977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the 'r' prefix to prevent backslashes from being interpreted.
Change-Id: I736d70c72a862086501a59b3c1acac0d77e2d6d3
Reviewed-on: https://code.wireshark.org/review/30840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GnuTLS is an optional dependency, allow tests to run without it.
Change-Id: Ib1bd7beaf1d885a157a0e1a630ccc4fbc8786af1
Reviewed-on: https://code.wireshark.org/review/30839
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The case_decrypt_tls.test_tls_rsa_pq test is unexpectedly passing when
GnuTLS is disabled. It checks for '/' in the output, but that also
matches an error message. Use assertRun here and pretty much everywhere
else to catch such issues. Remove a few redundant returncode checks.
Change-Id: I0f9d1dadc0ca73eef9cffb3e2f452aa7c8395c95
Reviewed-on: https://code.wireshark.org/review/30838
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Resolve our output encoding name to something that's hopefully the same
on all platforms so that we don't print
Warning: Output encoding is utf-8 and not UTF-8.
on Windows.
Change-Id: I9c7703eac6e12f5a95f701e8a9bea7d17a513fef
Reviewed-on: https://code.wireshark.org/review/30795
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wslua converts an invalid ethernet address to all 0's. Add a test for
this case.
Change-Id: I59bd1f9e0b94805c563fe891b22cadd32ae054d8
Reviewed-on: https://code.wireshark.org/review/30791
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace a TAB with spaces.
Change-Id: I3d5c79af4116614ef78dd8a71eb42e93875c0637
Reviewed-on: https://code.wireshark.org/review/30790
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
All request types have a corresponding test_sharkd_req_* test names
which tests the current (documented) behavior. The frame and download
tests are not very comprehensive though, but it's better than nothing.
(The original test_sharkd_hello_dhcp_pcap test is replaced by
test_sharkd_req_status and test_sharkd_req_frames, although the latter
does not literally check for the "DHCP" column anymore.)
Change-Id: Ic39b954fc50065345ac46e96a7057b7aba2a09e3
Reviewed-on: https://code.wireshark.org/review/30743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In check_dumpcap_pcapng_sections, append a copy of our check_val dict so
that we properly check our first file.
Skip IDB checks when we have multiple interfaces. Dumpcap creates a
separate thread for each interface when the interface count is > 1,
which means that we can't guarantee that we will always read and write
everything in the same order.
Change-Id: Ie458f31e0e901db2b538e9826a136dbe89167bcf
Reviewed-on: https://code.wireshark.org/review/30718
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.
API design goals of the new JSON dumper library:
- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.
Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).
The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)
A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.
Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we have a single capture source and that capture source is pcapng and
we're writing a pcapng file, do the following:
- Pass its SHB and IDBs through unmodified. Don't save or write command
line interface IDBs.
- Save the most recent SHB and IDBs so that we can write them when we're
writing multiple output files.
If we have multiple capture sources, do the following:
- Write Dumpcap's SHB.
- Keep a global list of IDBs, consisting of both command line interfaces
and IDBs read from pcapng sources.
- When reading an EPB or ISB, remap its local interface number to its
corresponding global number.
Add Dumpcap pcapng section tests. Make the application IDs in the
"many_interfaces" captures unique.
Change-Id: I2005934c1f83d839727421960005f106d6c682dd
Reviewed-on: https://code.wireshark.org/review/30085
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert the old start_pinging routine to use pytest fixtures, rewriting
it to enable a different generator that uses (for example) UDP.
Remove the config module since it is no longer neded.
Change-Id: Ic4727157faab084b41144e8f16ea44f59c9037d8
Reviewed-on: https://code.wireshark.org/review/30659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new --capture-interface option to pytest, similar to test.py. It
will grab some Ethernet interface on Windows. An empty value overrides
this and disables capture tests. Remove the test.py --enable-capture
option since that is implied by the --capture-interface option.
Port the `test.py --program-path` option to pytest and additionally make
the pytest look in the current working directory if neither WS_BIN_PATH
nor --program-path are specified. Drop config.setProgramPath, this
allows tests to be run even if not all binaries are available.
With all capture tests converted to fixtures, it is now possible to run
tests when Wireshark is not built with libpcap as tests that depend on
cmd_dumpcap (or capture_interface) will be skipped.
Bug: 14949
Change-Id: Ie802c07904936de4cd30a4c68b6a5139e6680fbd
Reviewed-on: https://code.wireshark.org/review/30656
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stop using subprocesstest, drop the (now redundant) DFTestCase base
class and use pytest-style fixtures to inject the dependency on tshark.
This approach makes it easier to switch to pytest in the future.
Most substitutions were automated, so no typos should be present.
Change-Id: I3516029162f87423816937410ff63507ff82e96f
Reviewed-on: https://code.wireshark.org/review/30649
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Create a special custom profile just for the nameres tests, instead of
doing this for all tests. Other tests do not need it.
Change-Id: I41de0ece9dcf1ee310957beab2bbee0a99784753
Reviewed-on: https://code.wireshark.org/review/30633
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Inline all capture file names and use fixtures instead of the global
config object. This makes dependencies more explicit.
Change-Id: I37a6eda73822735b5a6957b44bce53bb5ecd1aa0
Reviewed-on: https://code.wireshark.org/review/30631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Continue the conversion from use of globals (the config module) to
fixtures. If a program (like wmem_test or tshark) is unavailable, it
will be skipped now rather than failing the test.
The general conversion pattern is:
- Decorate each class with `@fixtures.uses_fixtures` and (for tests that
run tshark) `@fixtures.mark_usefixtures('test_env')`.
- Convert all `config.cmd_*` to `cmd_*` and add an argument.
- Convert all `config.*_dir` to `dirs.*_dir` and add an argument.
- Convert users of `os.path.join(dirs.capture_file, ...)` to use a new
'capture_file' fixture to reduce boilerplate code. Inline variables if
possible (this conversion was done in an automated way using regexes).
Some other changes: tests that do not require a test environment (like
wmem_test) will use 'base_env' which avoids copying config files,
`env=config.test_env` got removed since this is the default. Some test
classes in suite_clopts were combined. Removed unused imports.
Change-Id: Id5480ffaee7d8d56cf2cb3189a38ae9afa7605a1
Reviewed-on: https://code.wireshark.org/review/30591
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently all binaries must be available or no tests will be executed.
This is inconvenient if you just want to test a single binary (e.g.
text2pcap) without having to build epan. The problem is essentially that
tests lack dependency annotations.
To solve this problem, add the required dependencies as parameters to
each test (so-called 'fixtures' in pytest). Skip a test if a binary
(such as tshark) is unavailable. As a demonstration, suite_dissection.py
is converted. Over time, tests should no longer depend on config.py due
to explicit dependencies fixtures (listed in fixtures_ws.py).
Since the unittest module does not support such dependency injections,
create a small glue for use with pytest and an (incomplete) emulation
layer for use with test.py.
Tested with pytest 3.8.2 + Python 3.7.0 and pytest 3.0.3 + Python 3.4.3.
Python 2.7 is not supported and will fail. Test commands:
~/wireshark/test/test.py -p ~/build/run
WS_BIN_PATH=~/build/run pytest ~/wireshark/test -ra
Change-Id: I6dc8c28f5c8b7bbc8f4c04838e9bf085cd22eb0b
Ping-Bug: 14949
Reviewed-on: https://code.wireshark.org/review/30220
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reduces maintenance costs and makes it possible to simplify code.
pytest supports Python 2.7 and Python 3.4 (or newer), so that is more or
less the minimum target for now.
Change-Id: I0347b6c334bf2fc6c9480ff56e9ccfcd48886dde
Reviewed-on: https://code.wireshark.org/review/30193
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the length field in the IPv6 pseudo header struct and refactor the
pseudo headers initialization
Change-Id: Ie0490dfba051a1112e465aaa6d03909417b2977e
Reviewed-on: https://code.wireshark.org/review/30407
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When the -i <proto> option is specified the hdr_ip was always set to
TRUE which resulted in a wrong header length when the IPv6 (-6) option
is specified as well. To resolve this set hdr_ip only when -i is specified
without -4 or -6 options.
Change-Id: I21898f27ceaad603b9275ab6878ff4bd8f9586cd
Reviewed-on: https://code.wireshark.org/review/30411
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to RFC 8200 the payload length must contain the length of the payload
without the IPv6 header's length
Change-Id: Ibeb18c243edc396eaac6d2ffde73d6c4a6fe75a0
Reviewed-on: https://code.wireshark.org/review/30406
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'double' tests have been disabled in aa03833 due to format change
in ntp fields.
Change-Id: Id3ab0a736c164bb7fdfed7b5da8856b512308978
Reviewed-on: https://code.wireshark.org/review/30366
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dfilter/group_double tests have been removed and need to be replaced by leveraging
another protocol.
Bug: 15049
Change-Id: I354a27a5217336ee5c9b1d021a2d3226e3532eec
Reviewed-on: https://code.wireshark.org/review/29035
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The code for the Address class already contains commented-out code for a
number of additional address types.
Activate the draft constructor for ethernet addresses and complete it.
Use the newly-added function to parse a string that contains an ethernet
address.
Add a basic test tvb.lua. Read an ethernet address from a tvb and
compare it to a constant Address.ether object.
Change-Id: I9771dd6e7ade4b572a8b864b8986d641b4eba3e5
Reviewed-on: https://code.wireshark.org/review/30163
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
The new KNXnet/IP dissector replaces the old KNXnet/IP dissector.
The new KNXnet/IP dissector supports the new KNX features
- A_MemoryExtended services
- A_PropertyExt services
- KNX Data Security
- KNXnet/IP Core V2
- KNXnet/IP Device Management V2
- KNXnet/IP Tunneling V2
- KNXnet/IP Routing V2
- KNXnet/IP Security
Change-Id: I3d1d716ef03d16d2720e6a1fcb23c2243d1cd956
Reviewed-on: https://code.wireshark.org/review/29155
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
When copying hexdumps, the newline might be missing which would result
in a capture file missing one byte in its packet. Adjust the grammar to
recognize the two trailing hexadecimal characters as a "byte".
This is safe because Flex picks the rule that matches the longest input
string. So given "01 ", it will always match all three characters. If
something like "01x" is given, then the "text" rule will be matched (as
before). Only if no more characters are available (such as at the end of
a file), then the rule will match two hexdigits.
Remove the unnecessary hexdigit rule while at it.
Change-Id: I21dc37d684d1c410ce720cb27706a6e54f87f94d
Reviewed-on: https://code.wireshark.org/review/30190
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manual documents several cases, be sure to check for them to avoid
further grammar changes from breaking expectations.
Change-Id: Ie38ecf624120a3a9297d02b4fd9b05511acf5ac9
Reviewed-on: https://code.wireshark.org/review/30189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix an unfortunate typo that disabled all of the pcap tests. Patch the
correct capinfos output with the expected packets/datasize values and
fix the dns+icmp datasize case to match the original test.sh value.
Change-Id: I25aac4c8040c2000602753269f69f4bdc4a8a59b
Reviewed-on: https://code.wireshark.org/review/30167
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some tests used the default home directory which can have side-effects
(such as loading plugins, loading deprecated preferences). These could
cause tests to fail. Always use a sane environment to fix this.
Change getTsharkInfo to use this clean environment as well
(WIRESHARK_CONFIG_DIR does not exist with master-2.6 and would also not
propagate things like ASAN_OPTIONS=detect_leaks=0).
Change-Id: I1674f71972d35de91d191e0c29fdb59b8a0a56ce
Reviewed-on: https://code.wireshark.org/review/30165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the IPv6 (-6) option was specified together with either TCP (-T),
UDP (-u) or SCTP (-s/-S) option the generated packet was invalid because
an IPv4 option was implied an a wrong header was added.
Bug: 15194
Change-Id: I5a7b83d8aa3f3ad56f0c8110e598090945e60225
Reviewed-on: https://code.wireshark.org/review/30107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add 'v' option for VLAN ID resolving and get rid of
deprecated 'C' option.
Bug: 14826
Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926
Reviewed-on: https://code.wireshark.org/review/30029
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "debug" logging function overwrites the "debug" package which breaks
luacov: https://github.com/keplerproject/luacov/issues/55
Change-Id: I9b6025c060733198bfff8ea959444c09d6e08709
Reviewed-on: https://code.wireshark.org/review/29449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
OoO reassembly assumed that the stream starts with the first data
segment, but this can already be OoO. Use the hint from SYN instead.
The test capture is based on a local capture, post-processed with scapy
to introduce an OoO condition and fixup the frame time.
Bug: 15078
Change-Id: Id0e312bb3d0e7c7f8f1b243a2be9f15c9851c501
Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments")
Reviewed-on: https://code.wireshark.org/review/29305
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add TLS 1.3 tests that verify decryption of handshake, application and
early data. Add another test that shows that early data is properly
skipped. This completes TLS 1.3 (RFC 8446) decryption support.
The trace was created using boringssl c4131a4a23a1.
Bug: 12779
Change-Id: Iddd266ecd3f428c95aa3f69616ce55e75d4ccca0
Reviewed-on: https://code.wireshark.org/review/29170
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This imposes an additional requirement on the key log file, PSKs are
only linked to the most recently seen ephemeral key. This means that the
key log might contain duplicate PSK lines, but at least the dissector
won't have to try all keys and thereby save CPU time.
Bug: 15011
Change-Id: I368fa16269c96c4a1ff3bcb4e376c21f38fa2689
Reviewed-on: https://code.wireshark.org/review/28993
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Invoke IP or data dissector for decrypted transport data.
Bug: 15011
Change-Id: I8fa149c429ae774c16fe7e712d4bfb6b3478ed11
Reviewed-on: https://code.wireshark.org/review/28992
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Transport data decryption will follow later.
Bug: 15011
Change-Id: Ib755e43ff54601405b21aeb0045b15d158bc283b
Reviewed-on: https://code.wireshark.org/review/28991
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As UATs are currently unable to receive keys dynamically without manual
user interaction followed by rescanning of the pcap, add a mechanism
like ssl.keylog_file. Such keys can be extracted using the tools from
contrib/examples/extract-handshakes/ in the WireGuard source tree.
Now decryption of Initiation messages is also possible when keys
(Epriv_i) are captured from the initiator side.
Bug: 15011
Change-Id: If998bf26e818487187cc618d2eb6d4d8f5b2cc0a
Reviewed-on: https://code.wireshark.org/review/28990
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable decryption of the static and timestamp fields when the private
static key of the responder is known. Decryption of the initiation and
response messages using private ephemeral keys will be done later.
Bug: 15011
Change-Id: Ifc9729059694700333b6677374ab467c8cb64263
Reviewed-on: https://code.wireshark.org/review/28989
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using long-term static public keys, it is possible to identify the
recipient of a handshake message. Add a new UAT where such keys can be
configured. Allow private keys to be configured as well since this
enables decryption of the Initiation handshake message.
Bug: 15011
Change-Id: I0d4df046824eac6c333e0df75f69f73d10ed8e5e
Reviewed-on: https://code.wireshark.org/review/28988
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When ASAN memleak detection is enabled, any memory leak would result in
an exception and subsequently all features are marked as missing.
With the default profile, any Lua plugin or certain configurations could
cause a memory leak. To avoid such interference, set the configuration
path to a dummy location and warn whenever an error happens nonetheless.
Do not call setProgramPath() immediately, there is no "tshark" binary in
the current working directory anymore. Rely on test.py to set the path.
Change-Id: Idccc3d68eb6f6bb64d3a0b32897acecc65e0dfb6
Reviewed-on: https://code.wireshark.org/review/28867
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Deprecate "disable_lua" in favor of "enable_lua". Configuration options
typically use "true" or a similar value to enable features. Using
"disable_lua = false" to enable Lua seems odd.
Change-Id: I224acad0559d409ea0a28b5555d1eb898564328c
Reviewed-on: https://code.wireshark.org/review/28773
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pytest is a powerful test framework. The initial motivation is to have
much better detailed reporting when a test fails, see for example
https://docs.pytest.org/en/latest/
Additionally, it has full parallelization support at the test level (via
the pytest-xdist plugin) instead of being limited to the suite level
(which currently has to be hard-coded via CMakeLists.txt).
Usage with the build dir in /tmp/wsbuild and src dir in /tmp/wireshark:
export WS_BIN_PATH=/tmp/wsbuild/run
pytest /tmp/wireshark/tests
For parallelization support and verbose printing:
pip install pytest-xdist
pytest -nauto -v /tmp/wireshark/tests
To limit yourself to a case based on a pattern:
pytest -nauto -v /tmp/wireshark/tests -k test_unit_ctest_coverage
Tested on Arch Linux with Python 3.6.5, pytest-3.6.2, xdist-1.22.2.
pytest -n8 finished in 82 seconds while ctest -j8 required 87 seconds.
Change-Id: I832f4dd9f988d6656df795327e81610accf54b9f
Reviewed-on: https://code.wireshark.org/review/28651
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Verified that the tests failed without the fixes for the linked bugs.
The tests have full statement coverage(*1) for check_follow_fragments
and follow_tcp_tap_listener. For details and Scapy script, see:
https://git.lekensteyn.nl/peter/wireshark-notes/commit/crafted-pkt/badsegments.py?id=4ecf9d858b49e76d8a9c29df01ce1bd523ae6704
(*1) except for `if (data_length <= data_offset) { data_length = 0; }`
Change-Id: I625536df375272cf6c9116231194c39df1217fae
Ping-Bug: 13700
Ping-Bug: 14944
Reviewed-on: https://code.wireshark.org/review/28618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.
The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.
The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)
As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.
Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.
This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.
Bug: 3389 # capture 2907 (HTTP) ok
Bug: 4727 # capture 4590 (HTTP) ok
Bug: 9461 # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006 # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517 # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754 # capture 15593 (MySQL) ok2
Bug: 14649 # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Split our tests by suite_*.group_* instead of suite_*. There are quite a
few dfilter tests and this should make them more parallelizable.
Change-Id: I52371409618cda70dc99811e8de1fb1ad9d9a3b6
Reviewed-on: https://code.wireshark.org/review/28329
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"nstime_t{A, B}" is defined as "A + B * 10^9" rather than an integer
part A and fractional part B.
Bug: 14720
Change-Id: I5321db7d5ecea8f976291d2a22667b02162194e2
Reviewed-on: https://code.wireshark.org/review/27775
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move WIRESHARK_QUIT_AFTER_CAPTURE to the default environment instead of
running the capture tests in a separate environment.
Change-Id: I5198df35f512ffe8c0d7f091a7b50d5fdb9c4ff6
Reviewed-on: https://code.wireshark.org/review/27711
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Run our CTest tests with PYTHONIOENCODING=UTF-8.
If someone runs our tests manually and their output encoding isn't
UTF-8, print replacement characters instead of failing with an error.
Open our log files with "errors='backslashreplace'" in case their
contents aren't UTF-8.
Change-Id: Ifa4d12c2b5e272cf3903f3e0c6102e4d961562f1
Reviewed-on: https://code.wireshark.org/review/27686
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dot11DecryptTDLSDeriveKey in epan/crypt/dot11decrypt.c requires Libcrypt
1.6 for MIC verification. Skip the test if unavailable.
Change-Id: I0b859c0ecf135182a6249a67b9b5ea9e34ad92b6
Reviewed-on: https://code.wireshark.org/review/27614
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tests that the documented "-z hosts,ipv4" filter actually works and that
the resolved addresses table is correct (it implicitly tests that the
definition of WS_INET_ADDRSTRLEN in wsutil/inet_addr.h is sane).
Change-Id: If7babe665ea5ecb37e38078a9809c88873cb323c
Ping-Bug: 14667
Reviewed-on: https://code.wireshark.org/review/27454
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change the test suite list in CMakeLists.txt to a static list. Add a
CTest coverage unit test.
Change-Id: I8459f320a2d0707618d6d56abdfce80274fddd2d
Reviewed-on: https://code.wireshark.org/review/27377
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They've been replaced by the Python scripts.
Change-Id: I8add9c9ea0a6bdd68b2fa3841977863c0ea9a761
Reviewed-on: https://code.wireshark.org/review/27243
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert capinfos output to UTF-8 in getCaptureInfo.
Normalize our command paths, otherwise "./run/RelWithDebInfo/..." might
be interpreted as the command "." with flags "/run", "/RelWithDebInfo",
etc. on Windows.
Change-Id: Ib7336a016db3ee0805739fc44913cb9c6895aaad
Reviewed-on: https://code.wireshark.org/review/27239
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move UAT file creation to config.py.
Run the text2pcap and some of the clopts tests under our default
environment.
Use "in" instead of "has_key".
Change-Id: Ie5c70fb33c29676672bed7bf8205cff0bba77f8a
Reviewed-on: https://code.wireshark.org/review/27234
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Peter Wu