Check for utf8 valid line instead. Add a testcase that shows
how the former code was buggy on special characters extcap sentences.
Bug: 15668
Change-Id: Ic045c4791388af98705916e6ea84be8fc9b3c5b8
Reviewed-on: https://code.wireshark.org/review/32754
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
PTK key derivation algorithm for WPA1 uses SHA1 not MD5.
MD5 is used for MIC only.
To avoid regression also add a decrypt test for WPA1 with
GTK rekeying.
Change-Id: Iabcf40c2f74d5dbc1d72cba0718c77020d97f61f
Fixes: v3.1.0rc0-342-g9cf77ec5e1 ("ieee80211: Support decrypting WPA3-Personal / SAE captures")
Reviewed-on: https://code.wireshark.org/review/32691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
209 is LINKTYPE_IPMB_LINUX; add _LINUX/_linux to the WTAP_ENCAP_ name
and function/structure names, to clarify that it's not I2C in general,
it's I2C with a particular pseudo-header.
199 is now LINKTYPE_IPMB_KONTRON, not LINKTYPE_IPMB, as it doesn't have
raw I2C packets, it has I2C packets with a pseudo-header. Change the
WTAP_ENCAP_ name, and add a dissector for it.
Change-Id: Ie097f4317b03d2b2adfd9b81a4b11caf6268399e
Reviewed-on: https://code.wireshark.org/review/32539
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While the documentation of "editcap --inject-secrets" mentions support
for key log files only, people might misinterpret that and assume
support for RSA private keys. This is explicitly not supported due to
the sensitivity of these files. In order to be helpful, print a warning.
Change-Id: Ia7b464c17f1dfb550729dd35775290ed28e14510
Reviewed-on: https://code.wireshark.org/review/31893
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If a display filter contains a set for the set membership operator and
an error occurs, then gen_relation_in() (called via dfw_gencode() will
not take ownership of the set and a memory leak occurs.
Fix this by implementing a free callback for STTYPE_SET nodes which
frees unclaimed data. Add tests to verify the effectiveness, ASAN no
longer complains after this fix.
Bug: 15442
Change-Id: If37cf047660464b2d0304748034d0bc22111e5d6
Reviewed-on: https://code.wireshark.org/review/31758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
If the single byte within a ZeroWindowProbe triggers reassembly within a
subdissector, a new MSP will be created with just a single byte. Be sure
not to mark subsequent segments that contain the full segment data as
retransmission as this prevents the subdissector from seeing the data.
Bug: 15427
Change-Id: I36ae2622689c6606c99cdff70b6beba4b9d25ca7
Reviewed-on: https://code.wireshark.org/review/31732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jasper Bongertz <jasper@packet-foo.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When the initial segment is OoO, it was recognized as retransmitted. Fix
this by remembering which frame actually contains the initial segment.
Bug: 15420
Change-Id: If63e2ff581775ff9d396a612839f1bfab30f111f
Reviewed-on: https://code.wireshark.org/review/31720
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Fix the assertion to check for the actual requirements. Add tests for -T
combined with -e.
Bug: 15444
Change-Id: I83e7663572db0c60194f6d6128b9e1ae7396b3f6
Fixes: v2.9.1rc0-226-g30c90fa745 ("epan: use json_dumper for json outputs.")
Reviewed-on: https://code.wireshark.org/review/31724
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Instead of just reporting a mismatching error code, include the program
output. This should help tracking down unexpected errors. While at it,
check the expected error message too.
Change-Id: Ib8fe51cc06b795bb54bfe1e6eaa828c6ba1128ef
Reviewed-on: https://code.wireshark.org/review/31714
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Do not rely on strptime("%b") to parse the month, it does not correctly
recognize English month abbreviations on non-English systems. While at
it, do not try to parse milliseconds if seconds are missing.
Change-Id: Ia049bf362195eef1eba2f04ff7217049fa6a7d9d
Reviewed-on: https://code.wireshark.org/review/31707
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
For some reason the wireshark GUI tests hang on the Travis OS X builds,
but I could not reproduce it locally. It turns out than an error dialog
was present, but I could not know that without the screenshot.
Change-Id: Idf897d33b4fddf3c19c69ebcea60b629f1ca9368
Reviewed-on: https://code.wireshark.org/review/31682
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid pinging www.wireshark.org, this removes an external dependency.
Instead send small UDP datagrams to UDP port 9 (discard) every 50ms.
Enable this for all platforms (including macOS and Linux) by default.
On Windows the tests requires Npcap and will be skipped with WinPcap.
Remove the --capture-interface option since it is no longer needed.
Copy WSDG Wireshark Tests Quick Start to README.test and add a link.
Change-Id: Id4105a6b1e95407ebf69b871c785c68f9ae26368
Reviewed-on: https://code.wireshark.org/review/31677
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This will enable four tests in case_wireshark_capture on Linux, two of
them require --capture-interface to be specified.
To enable headless mode, QT_QPA_PLATFORM=minimal is set. Unfortunately
this option causes a null pointer dereference crash on macOS and it also
fails on Windows (cause not investigated). So limit it to Linux for now.
Change-Id: Id05364571b2c9da38434e611d92642a1177700df
Reviewed-on: https://code.wireshark.org/review/31664
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Building only a subset of programs is not a very common situation, it is
more likely that some feature was accidentally disabled. For that
reason, fail tests by default unless a program is explicitly permitted
to be missing.
The '-v' test is now dropped from the Travis tests, the sole reason of
adding it was to see which tests got (accidentally) skipped.
Change-Id: I725f4508541d8ed980e17d69fb7aee1ad2875d73
Reviewed-on: https://code.wireshark.org/review/31660
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The new value has been chosen to make room for sharkd packet output
as: proto.c:MAX_TREE_LEVELS * 2 + 10% of additional sharkd overhead.
A new regression test for sharkd has been added that requires more
than 15 levels.
Change-Id: Ie54955c79c50c60b95c99b1a3c472888fc4842ac
Reviewed-on: https://code.wireshark.org/review/31624
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The DTLS and TLS dissectors already share code for parsing the key log
file contents but the actual key material was stored separately. As
implementations (like GnuTLS) write the TLS and DTLS secrets to the same
file (specified by the SSLKEYLOGFILE environment variable), it seems
reasonable to combine them.
This also enables use of the pcapng Decryption Secrets Block for
decryption of DTLS traces. The dtls.keylog_file preference has become
obsolete and can no longer be used (this was not tested anyway).
A new test was added based on dtls12-aes128ccm8.pcap, the master secret
was extracted using the tls.debug_file preference.
Bug: 15252
Change-Id: Idfd52c251da966fe111dea37bc3fb143d968f744
Reviewed-on: https://code.wireshark.org/review/31577
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This function can convert non-string fields into strings. This allows the
user to apply string functions (like contains and matches) to non-string fields.
Examples:
string(frame.number) matches "[13579]$" => for odd frames
string(eth.dst) matches "aa\.bb\.cc\.dd\.ee\..." => to match a group of stations
string(snmp.name) matches "^1.2.3.4" => for all OIDs under a specific node
Change-Id: I18173f50ba5314ecdcd1e4b66c7e8ba5b44257ee
Reviewed-on: https://code.wireshark.org/review/31427
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This allows `pytest` to be executed from the top-level source or build
directory (or any other directory below).
Change-Id: Ib7af2ea2aaf01319d6839d2dc67228fbb5a7bc34
Reviewed-on: https://code.wireshark.org/review/31370
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Avoid the need to set `pytest --program-path` in the common case.
Change-Id: I3b237e47eee741decb62a74b733110040aa26673
Reviewed-on: https://code.wireshark.org/review/31348
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fail early if these commands fail.
Change-Id: I6ba6cfa4b0b68c7282b79204b4f2bfedfefa4326
Reviewed-on: https://code.wireshark.org/review/31352
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The run method is not invoked when running in debug mode (for example,
with `pytest --pdb`) and would result in spurious errors due to "log_fd"
being None. Split the method to resolve this incompatibility.
Note that with `pytest --pdb`, the tearDown method is not called when
exceptions occur, see https://docs.pytest.org/en/latest/unittest.html
Change-Id: I4b66c03d5b050b53311ec64021fe17dc91bb48dd
Reviewed-on: https://code.wireshark.org/review/31339
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The buildbot detects random errors on Windows. Log some more details in
order to understand the problem better.
Change-Id: I903457894985273a63b8907b6784a2897cd93d93
Reviewed-on: https://code.wireshark.org/review/31340
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add support for loading RSA private key files from PKCS #11 tokens,
identified by PKCS #11 URIs. Add a new 'pkcs11_libs' UAT which can
dynamically load PKCS #11 provider libraries that are not found by
p11-kit.
The configuration GUI will need additional code to discover available
PKCS #11 tokens and will be added later.
This feature requires GnuTLS 3.4 with PKCS #11 support, so Windows,
macOS via Homebrew, Ubuntu 16.04, Debian Stretch. Not supported: RHEL7.
Currently macOS via official packages disables PKCS #11 support, so that
will also not work.
Change-Id: I20646bfd69c6bd13c8c2d27cb65c164a4b0b7a66
Reviewed-on: https://code.wireshark.org/review/30855
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Check for potential Unicode-related problems on Windows.
Change-Id: I147c07749c5073a9ae00f07914dd80347d17c40f
Ping-Bug: 15118
Reviewed-on: https://code.wireshark.org/review/31154
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This suite uses different output formats to check against fixed
samples.
Change-Id: I8adccfefea35a6d3cfacf3da61e8a72d830ed3a0
Reviewed-on: https://code.wireshark.org/review/31056
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
This patch extends the test suite with:
* a way for tests to check if a given byte sequence dissects into an expected dissection result.
Unit tests included:
* ASTERIX I019
* ASTERIX I063
* ASTERIX I065
Change-Id: Ib168382ec15b0b610ff5913806120ba1bf1d1503
Reviewed-on: https://code.wireshark.org/review/31083
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This reports the reason why tests are skipped (for example, if a certain
binary was not built).
Change-Id: I19095f43f69228116d71b52380814a61894754af
Reviewed-on: https://code.wireshark.org/review/31131
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
When generating a capture file from a text file it can be helpfull
to be able to set the capture interface name in the generated IDB.
This can be especially true if later on the generated captures are
merged and the individual IDB's have to be compared. Without a name
every IDB of the same datalink type will be equal and subject to
merge. Also it keeps the individual streams identifiable for the
end user.
Change-Id: I70224379d88f516a0a356bf0b46aebafb69665f0
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/31015
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This should eventually replace the "ssl_keys" UAT which additionally
contains a useless address, port and protocol field. This prepares for
HSM support through PKCS #11.
Change-Id: I59409c98aeedf260d19266d18e14ef7d9b40b582
Reviewed-on: https://code.wireshark.org/review/30977
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use the 'r' prefix to prevent backslashes from being interpreted.
Change-Id: I736d70c72a862086501a59b3c1acac0d77e2d6d3
Reviewed-on: https://code.wireshark.org/review/30840
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GnuTLS is an optional dependency, allow tests to run without it.
Change-Id: Ib1bd7beaf1d885a157a0e1a630ccc4fbc8786af1
Reviewed-on: https://code.wireshark.org/review/30839
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The case_decrypt_tls.test_tls_rsa_pq test is unexpectedly passing when
GnuTLS is disabled. It checks for '/' in the output, but that also
matches an error message. Use assertRun here and pretty much everywhere
else to catch such issues. Remove a few redundant returncode checks.
Change-Id: I0f9d1dadc0ca73eef9cffb3e2f452aa7c8395c95
Reviewed-on: https://code.wireshark.org/review/30838
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Resolve our output encoding name to something that's hopefully the same
on all platforms so that we don't print
Warning: Output encoding is utf-8 and not UTF-8.
on Windows.
Change-Id: I9c7703eac6e12f5a95f701e8a9bea7d17a513fef
Reviewed-on: https://code.wireshark.org/review/30795
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Wslua converts an invalid ethernet address to all 0's. Add a test for
this case.
Change-Id: I59bd1f9e0b94805c563fe891b22cadd32ae054d8
Reviewed-on: https://code.wireshark.org/review/30791
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Replace a TAB with spaces.
Change-Id: I3d5c79af4116614ef78dd8a71eb42e93875c0637
Reviewed-on: https://code.wireshark.org/review/30790
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
All request types have a corresponding test_sharkd_req_* test names
which tests the current (documented) behavior. The frame and download
tests are not very comprehensive though, but it's better than nothing.
(The original test_sharkd_hello_dhcp_pcap test is replaced by
test_sharkd_req_status and test_sharkd_req_frames, although the latter
does not literally check for the "DHCP" column anymore.)
Change-Id: Ic39b954fc50065345ac46e96a7057b7aba2a09e3
Reviewed-on: https://code.wireshark.org/review/30743
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In check_dumpcap_pcapng_sections, append a copy of our check_val dict so
that we properly check our first file.
Skip IDB checks when we have multiple interfaces. Dumpcap creates a
separate thread for each interface when the interface count is > 1,
which means that we can't guarantee that we will always read and write
everything in the same order.
Change-Id: Ie458f31e0e901db2b538e9826a136dbe89167bcf
Reviewed-on: https://code.wireshark.org/review/30718
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new secrets API to the core, one that can outlive the lifetime of
a single capture file. Expose decryption secrets from wiretap through a
callback and let the secrets API route it to a dissector.
Bug: 15252
Change-Id: Ie2f1867bdfd265bad11fc58f1e8d8e7295c0d1e7
Reviewed-on: https://code.wireshark.org/review/30705
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a new option to insert decryption secrets into a pcapng file.
Change-Id: I0e024585cac9a8a328e88d32f9eb03d37d350e2a
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30693
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Support reading and writing pcapng files with DSBs. A DSB may occur
multiple times but should appear before packets that need those
decryption secrets (so it cannot be moved to the end like NRB). The TLS
dissector will be updated in the future to make use of these secrets.
pcapng spec update: https://github.com/pcapng/pcapng/pull/54
As DSBs may be interleaved with packets, do not even try to read it in
pcapng_open (as is done for IDBs). Instead process them during the
sequential read, appending them to the 'wtap::dsbs' array.
Writing is more complicated, secrets may initially not be available when
'wtap_dumper' is created. As they may become available in 'wtap::dsbs'
as more packets are read, allow 'wtap_dumper::dsbs_growing' to reference
this array. This saves every user from checking/dumping DSBs.
If the wtap user needs to insert extra DSBs (while preserving existing
DSBs), they can set the 'wtap_dumper::dsbs_initial' field.
The test file was creating using a patched editcap (future patch) and
combined using mergecap (which required a change to preserve the DSBs).
Change-Id: I74e4ee3171bd852a89ea0f6fbae9e0f65ed6eda9
Ping-Bug: 15252
Reviewed-on: https://code.wireshark.org/review/30692
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The (optional) JSON-GLib library adds dependencies on GObject, GIO. For
statically linked oss-fuzz builds it also adds libffi and more. To avoid
these dependencies, replace JSON-GLib by some custom code. This allows
`tshark -G elastic-mapping` to be enabled by default without extra deps.
API design goals of the new JSON dumper library:
- Small interface without a lot of abstraction.
- Avoid memory allocations if possible (currently none, but maybe
json_puts_string will be replaced to improve UTF-8 support).
- Do not implement parsing, this is currently handled by jsmn.
Methods to open/close array/objects and to set members are inspired by
the JsonGlib interface. The interfaces to write values is inspired by
the sharkd code (json_puts_string is also borrowed from that).
The only observed differences in the tshark output:
- JSON-GLib ignores duplicates, json_dumper does not and may produce
duplicates and currently print two "ip.opt.sec_prot_auth_unassigned".
- JSON-GLib adds a space before a colon (unimportant formatting detail).
- (Not observed, but UTF-8 strings will be wrong like bug 14948.)
A test was added to catch changes in the tshark output. I also fuzzed
json_dumper with libFuzzer + UBSAN/ASAN and fixed an off-by-one error.
Change-Id: I0c85b18777b04d1e0f613a3d59935ec59be87ff4
Link: https://www.wireshark.org/lists/wireshark-dev/201811/msg00052.html
Reviewed-on: https://code.wireshark.org/review/30732
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we have a single capture source and that capture source is pcapng and
we're writing a pcapng file, do the following:
- Pass its SHB and IDBs through unmodified. Don't save or write command
line interface IDBs.
- Save the most recent SHB and IDBs so that we can write them when we're
writing multiple output files.
If we have multiple capture sources, do the following:
- Write Dumpcap's SHB.
- Keep a global list of IDBs, consisting of both command line interfaces
and IDBs read from pcapng sources.
- When reading an EPB or ISB, remap its local interface number to its
corresponding global number.
Add Dumpcap pcapng section tests. Make the application IDs in the
"many_interfaces" captures unique.
Change-Id: I2005934c1f83d839727421960005f106d6c682dd
Reviewed-on: https://code.wireshark.org/review/30085
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Convert the old start_pinging routine to use pytest fixtures, rewriting
it to enable a different generator that uses (for example) UDP.
Remove the config module since it is no longer neded.
Change-Id: Ic4727157faab084b41144e8f16ea44f59c9037d8
Reviewed-on: https://code.wireshark.org/review/30659
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add a new --capture-interface option to pytest, similar to test.py. It
will grab some Ethernet interface on Windows. An empty value overrides
this and disables capture tests. Remove the test.py --enable-capture
option since that is implied by the --capture-interface option.
Port the `test.py --program-path` option to pytest and additionally make
the pytest look in the current working directory if neither WS_BIN_PATH
nor --program-path are specified. Drop config.setProgramPath, this
allows tests to be run even if not all binaries are available.
With all capture tests converted to fixtures, it is now possible to run
tests when Wireshark is not built with libpcap as tests that depend on
cmd_dumpcap (or capture_interface) will be skipped.
Bug: 14949
Change-Id: Ie802c07904936de4cd30a4c68b6a5139e6680fbd
Reviewed-on: https://code.wireshark.org/review/30656
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Stop using subprocesstest, drop the (now redundant) DFTestCase base
class and use pytest-style fixtures to inject the dependency on tshark.
This approach makes it easier to switch to pytest in the future.
Most substitutions were automated, so no typos should be present.
Change-Id: I3516029162f87423816937410ff63507ff82e96f
Reviewed-on: https://code.wireshark.org/review/30649
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Create a special custom profile just for the nameres tests, instead of
doing this for all tests. Other tests do not need it.
Change-Id: I41de0ece9dcf1ee310957beab2bbee0a99784753
Reviewed-on: https://code.wireshark.org/review/30633
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Inline all capture file names and use fixtures instead of the global
config object. This makes dependencies more explicit.
Change-Id: I37a6eda73822735b5a6957b44bce53bb5ecd1aa0
Reviewed-on: https://code.wireshark.org/review/30631
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Continue the conversion from use of globals (the config module) to
fixtures. If a program (like wmem_test or tshark) is unavailable, it
will be skipped now rather than failing the test.
The general conversion pattern is:
- Decorate each class with `@fixtures.uses_fixtures` and (for tests that
run tshark) `@fixtures.mark_usefixtures('test_env')`.
- Convert all `config.cmd_*` to `cmd_*` and add an argument.
- Convert all `config.*_dir` to `dirs.*_dir` and add an argument.
- Convert users of `os.path.join(dirs.capture_file, ...)` to use a new
'capture_file' fixture to reduce boilerplate code. Inline variables if
possible (this conversion was done in an automated way using regexes).
Some other changes: tests that do not require a test environment (like
wmem_test) will use 'base_env' which avoids copying config files,
`env=config.test_env` got removed since this is the default. Some test
classes in suite_clopts were combined. Removed unused imports.
Change-Id: Id5480ffaee7d8d56cf2cb3189a38ae9afa7605a1
Reviewed-on: https://code.wireshark.org/review/30591
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously 'tshark -z expert' was failing with abort when a packet
contains a comment
- Add a new comment parameter and update the tshark's manual page
- Add a new comment_level severity and change the default lavel to it.
- Add various 'tshark -z expert' tests
Change-Id: I188317da5e00019b8f2b725f0fe84942f774520f
Reviewed-on: https://code.wireshark.org/review/30610
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A lot of file dissectors (pcapng, json, etc.) assumed that the packet
size is equal to the file size. This is not true if the file was
compressed and could result in silently truncating reads or failing to
open a file (if the compressed file is larger than the actual data).
Observe that a lot of file dissectors are simply copies of each other.
Move the fixed implementation to wtap.c and reuse the methods everywhere
else. While at it, avoid an unnecessary large allocation/read in
ruby_marshal.
Change-Id: I8e9cd0af9c4d1bd37789a3b509146ae2182a5379
Reviewed-on: https://code.wireshark.org/review/30570
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently all binaries must be available or no tests will be executed.
This is inconvenient if you just want to test a single binary (e.g.
text2pcap) without having to build epan. The problem is essentially that
tests lack dependency annotations.
To solve this problem, add the required dependencies as parameters to
each test (so-called 'fixtures' in pytest). Skip a test if a binary
(such as tshark) is unavailable. As a demonstration, suite_dissection.py
is converted. Over time, tests should no longer depend on config.py due
to explicit dependencies fixtures (listed in fixtures_ws.py).
Since the unittest module does not support such dependency injections,
create a small glue for use with pytest and an (incomplete) emulation
layer for use with test.py.
Tested with pytest 3.8.2 + Python 3.7.0 and pytest 3.0.3 + Python 3.4.3.
Python 2.7 is not supported and will fail. Test commands:
~/wireshark/test/test.py -p ~/build/run
WS_BIN_PATH=~/build/run pytest ~/wireshark/test -ra
Change-Id: I6dc8c28f5c8b7bbc8f4c04838e9bf085cd22eb0b
Ping-Bug: 14949
Reviewed-on: https://code.wireshark.org/review/30220
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reduces maintenance costs and makes it possible to simplify code.
pytest supports Python 2.7 and Python 3.4 (or newer), so that is more or
less the minimum target for now.
Change-Id: I0347b6c334bf2fc6c9480ff56e9ccfcd48886dde
Reviewed-on: https://code.wireshark.org/review/30193
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the length field in the IPv6 pseudo header struct and refactor the
pseudo headers initialization
Change-Id: Ie0490dfba051a1112e465aaa6d03909417b2977e
Reviewed-on: https://code.wireshark.org/review/30407
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
When the -i <proto> option is specified the hdr_ip was always set to
TRUE which resulted in a wrong header length when the IPv6 (-6) option
is specified as well. To resolve this set hdr_ip only when -i is specified
without -4 or -6 options.
Change-Id: I21898f27ceaad603b9275ab6878ff4bd8f9586cd
Reviewed-on: https://code.wireshark.org/review/30411
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
According to RFC 8200 the payload length must contain the length of the payload
without the IPv6 header's length
Change-Id: Ibeb18c243edc396eaac6d2ffde73d6c4a6fe75a0
Reviewed-on: https://code.wireshark.org/review/30406
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
'double' tests have been disabled in aa03833 due to format change
in ntp fields.
Change-Id: Id3ab0a736c164bb7fdfed7b5da8856b512308978
Reviewed-on: https://code.wireshark.org/review/30366
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dfilter/group_double tests have been removed and need to be replaced by leveraging
another protocol.
Bug: 15049
Change-Id: I354a27a5217336ee5c9b1d021a2d3226e3532eec
Reviewed-on: https://code.wireshark.org/review/29035
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
The code for the Address class already contains commented-out code for a
number of additional address types.
Activate the draft constructor for ethernet addresses and complete it.
Use the newly-added function to parse a string that contains an ethernet
address.
Add a basic test tvb.lua. Read an ethernet address from a tvb and
compare it to a constant Address.ether object.
Change-Id: I9771dd6e7ade4b572a8b864b8986d641b4eba3e5
Reviewed-on: https://code.wireshark.org/review/30163
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A range string is passed as a table of tables, eg:
range_string = {
{ 0, 24, "Some string for values 0 to 24" },
{ 25, 25, "The string for value 25" },
{ 26, 255, "The string for the remainder" }
}
Included is a minimal Lua test for range strings and value strings
(which did not have one previously.) It will take more time than I
currently have to figure out how to do a more exhaustive test.
Also fixed some grammar issues in error messages along the way.
Change-Id: Ia9d1efc8adabb6528c4bdcf1624c9ede49e2fdc6
Reviewed-on: https://code.wireshark.org/review/30211
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
The new KNXnet/IP dissector replaces the old KNXnet/IP dissector.
The new KNXnet/IP dissector supports the new KNX features
- A_MemoryExtended services
- A_PropertyExt services
- KNX Data Security
- KNXnet/IP Core V2
- KNXnet/IP Device Management V2
- KNXnet/IP Tunneling V2
- KNXnet/IP Routing V2
- KNXnet/IP Security
Change-Id: I3d1d716ef03d16d2720e6a1fcb23c2243d1cd956
Reviewed-on: https://code.wireshark.org/review/29155
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Roland Knall <rknall@gmail.com>
When copying hexdumps, the newline might be missing which would result
in a capture file missing one byte in its packet. Adjust the grammar to
recognize the two trailing hexadecimal characters as a "byte".
This is safe because Flex picks the rule that matches the longest input
string. So given "01 ", it will always match all three characters. If
something like "01x" is given, then the "text" rule will be matched (as
before). Only if no more characters are available (such as at the end of
a file), then the rule will match two hexdigits.
Remove the unnecessary hexdigit rule while at it.
Change-Id: I21dc37d684d1c410ce720cb27706a6e54f87f94d
Reviewed-on: https://code.wireshark.org/review/30190
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The manual documents several cases, be sure to check for them to avoid
further grammar changes from breaking expectations.
Change-Id: Ie38ecf624120a3a9297d02b4fd9b05511acf5ac9
Reviewed-on: https://code.wireshark.org/review/30189
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix an unfortunate typo that disabled all of the pcap tests. Patch the
correct capinfos output with the expected packets/datasize values and
fix the dns+icmp datasize case to match the original test.sh value.
Change-Id: I25aac4c8040c2000602753269f69f4bdc4a8a59b
Reviewed-on: https://code.wireshark.org/review/30167
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Some tests used the default home directory which can have side-effects
(such as loading plugins, loading deprecated preferences). These could
cause tests to fail. Always use a sane environment to fix this.
Change getTsharkInfo to use this clean environment as well
(WIRESHARK_CONFIG_DIR does not exist with master-2.6 and would also not
propagate things like ASAN_OPTIONS=detect_leaks=0).
Change-Id: I1674f71972d35de91d191e0c29fdb59b8a0a56ce
Reviewed-on: https://code.wireshark.org/review/30165
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When the IPv6 (-6) option was specified together with either TCP (-T),
UDP (-u) or SCTP (-s/-S) option the generated packet was invalid because
an IPv4 option was implied an a wrong header was added.
Bug: 15194
Change-Id: I5a7b83d8aa3f3ad56f0c8110e598090945e60225
Reviewed-on: https://code.wireshark.org/review/30107
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add 'v' option for VLAN ID resolving and get rid of
deprecated 'C' option.
Bug: 14826
Change-Id: I63104f4a465d251048693ad02882ea7eb2c4d926
Reviewed-on: https://code.wireshark.org/review/30029
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename the "ssl" protocol to "tls" and add an "ssl" alias. Prefer "TLS"
over "SSL" in user interface text and in the documentation.
Fix the test_tls_master_secret test while we're here.
Bug: 14922
Change-Id: Iab6ba2c7c4c0f8f6dd0f6d5d90fac5e9486612f8
Reviewed-on: https://code.wireshark.org/review/29649
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "debug" logging function overwrites the "debug" package which breaks
luacov: https://github.com/keplerproject/luacov/issues/55
Change-Id: I9b6025c060733198bfff8ea959444c09d6e08709
Reviewed-on: https://code.wireshark.org/review/29449
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for aliasing one protocol name to another and for filtering
using aliased fields. Mark aliased fields as deprecated.
Rename the BOOTP dissector to DHCP and alias "bootp" to "dhcp". This
lets you use both "dhcp.type" and "bootp.type" as display filter fields
without having to duplicate all 500+ DHCP/BOOTP fields.
To do:
- Add checks to proto.c:check_valid_filter_name_or_fail?
- Transition SSL to TLS.
- Rename packet-bootp.c to packet-dhcp.c?
Change-Id: I29977859995e8347d80b8e83f1618db441b10279
Ping-Bug: 14922
Reviewed-on: https://code.wireshark.org/review/29327
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
OoO reassembly assumed that the stream starts with the first data
segment, but this can already be OoO. Use the hint from SYN instead.
The test capture is based on a local capture, post-processed with scapy
to introduce an OoO condition and fixup the frame time.
Bug: 15078
Change-Id: Id0e312bb3d0e7c7f8f1b243a2be9f15c9851c501
Fixes: v2.9.0rc0-1097-gca42331437 ("tcp: add support for reassembling out-of-order segments")
Reviewed-on: https://code.wireshark.org/review/29305
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add TLS 1.3 tests that verify decryption of handshake, application and
early data. Add another test that shows that early data is properly
skipped. This completes TLS 1.3 (RFC 8446) decryption support.
The trace was created using boringssl c4131a4a23a1.
Bug: 12779
Change-Id: Iddd266ecd3f428c95aa3f69616ce55e75d4ccca0
Reviewed-on: https://code.wireshark.org/review/29170
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This imposes an additional requirement on the key log file, PSKs are
only linked to the most recently seen ephemeral key. This means that the
key log might contain duplicate PSK lines, but at least the dissector
won't have to try all keys and thereby save CPU time.
Bug: 15011
Change-Id: I368fa16269c96c4a1ff3bcb4e376c21f38fa2689
Reviewed-on: https://code.wireshark.org/review/28993
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Invoke IP or data dissector for decrypted transport data.
Bug: 15011
Change-Id: I8fa149c429ae774c16fe7e712d4bfb6b3478ed11
Reviewed-on: https://code.wireshark.org/review/28992
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Transport data decryption will follow later.
Bug: 15011
Change-Id: Ib755e43ff54601405b21aeb0045b15d158bc283b
Reviewed-on: https://code.wireshark.org/review/28991
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As UATs are currently unable to receive keys dynamically without manual
user interaction followed by rescanning of the pcap, add a mechanism
like ssl.keylog_file. Such keys can be extracted using the tools from
contrib/examples/extract-handshakes/ in the WireGuard source tree.
Now decryption of Initiation messages is also possible when keys
(Epriv_i) are captured from the initiator side.
Bug: 15011
Change-Id: If998bf26e818487187cc618d2eb6d4d8f5b2cc0a
Reviewed-on: https://code.wireshark.org/review/28990
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable decryption of the static and timestamp fields when the private
static key of the responder is known. Decryption of the initiation and
response messages using private ephemeral keys will be done later.
Bug: 15011
Change-Id: Ifc9729059694700333b6677374ab467c8cb64263
Reviewed-on: https://code.wireshark.org/review/28989
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Using long-term static public keys, it is possible to identify the
recipient of a handshake message. Add a new UAT where such keys can be
configured. Allow private keys to be configured as well since this
enables decryption of the Initiation handshake message.
Bug: 15011
Change-Id: I0d4df046824eac6c333e0df75f69f73d10ed8e5e
Reviewed-on: https://code.wireshark.org/review/28988
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When ASAN memleak detection is enabled, any memory leak would result in
an exception and subsequently all features are marked as missing.
With the default profile, any Lua plugin or certain configurations could
cause a memory leak. To avoid such interference, set the configuration
path to a dummy location and warn whenever an error happens nonetheless.
Do not call setProgramPath() immediately, there is no "tshark" binary in
the current working directory anymore. Rely on test.py to set the path.
Change-Id: Idccc3d68eb6f6bb64d3a0b32897acecc65e0dfb6
Reviewed-on: https://code.wireshark.org/review/28867
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Deprecate "disable_lua" in favor of "enable_lua". Configuration options
typically use "true" or a similar value to enable features. Using
"disable_lua = false" to enable Lua seems odd.
Change-Id: I224acad0559d409ea0a28b5555d1eb898564328c
Reviewed-on: https://code.wireshark.org/review/28773
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
pytest is a powerful test framework. The initial motivation is to have
much better detailed reporting when a test fails, see for example
https://docs.pytest.org/en/latest/
Additionally, it has full parallelization support at the test level (via
the pytest-xdist plugin) instead of being limited to the suite level
(which currently has to be hard-coded via CMakeLists.txt).
Usage with the build dir in /tmp/wsbuild and src dir in /tmp/wireshark:
export WS_BIN_PATH=/tmp/wsbuild/run
pytest /tmp/wireshark/tests
For parallelization support and verbose printing:
pip install pytest-xdist
pytest -nauto -v /tmp/wireshark/tests
To limit yourself to a case based on a pattern:
pytest -nauto -v /tmp/wireshark/tests -k test_unit_ctest_coverage
Tested on Arch Linux with Python 3.6.5, pytest-3.6.2, xdist-1.22.2.
pytest -n8 finished in 82 seconds while ctest -j8 required 87 seconds.
Change-Id: I832f4dd9f988d6656df795327e81610accf54b9f
Reviewed-on: https://code.wireshark.org/review/28651
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Verified that the tests failed without the fixes for the linked bugs.
The tests have full statement coverage(*1) for check_follow_fragments
and follow_tcp_tap_listener. For details and Scapy script, see:
https://git.lekensteyn.nl/peter/wireshark-notes/commit/crafted-pkt/badsegments.py?id=4ecf9d858b49e76d8a9c29df01ce1bd523ae6704
(*1) except for `if (data_length <= data_offset) { data_length = 0; }`
Change-Id: I625536df375272cf6c9116231194c39df1217fae
Ping-Bug: 13700
Ping-Bug: 14944
Reviewed-on: https://code.wireshark.org/review/28618
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Currently out-of-order segments will result in cutting a stream into
two pieces while the out-of-order segment itself is ignored. For
example, a stream of segments "ABDCE" is interpreted as "AB", "DE" with
"C" ignored. This behavior breaks TLS decryption or prevent application
layer PDUs (such as HTTP requests/responses) from being reconstructed.
To fix this, buffer segments when a gap is detected.
The proposed approach extends the "multi-segment PDU" (MSP) mechanism
which is normally used for linking multiple, sequential TCP segments
into a single PDU. When a gap is detected between segments, it is
assumed that the segments within this gap are out-of-order and will be
received (or retransmitted) later.
The current implementation has a limitation though, if multiple gaps
exist, then the subdissector will only be called when all gaps are
filled (the subdissector will receive segments later than necessary).
For example with "ACEBD", "ABC" can already be processed after "B" is
received (with "E" still buffered), but due to how MSP are extended, it
must receive "D" too before it reassembles "ABCDE". In practice this
could mean that the request/response times between HTTP requests and
responses are slightly off, but at least the stream is correct now.
(These limitations are documented in the User's Guide.)
As the feature fails at least the 802.11 decryption test where packets
are missing (instead of OoO), hide this feature behind a preference.
Tested with captures containing out-of-order TCP segments from the
linked bug reports, comparing the effect of toggling the preference on
the summary output of tshark, the verbose output (-V) and the two-pass
output (-2 or -2V). Captures marked with "ok" just needed "simple"
out-of-order handling. Captures marked with "ok2" additionally required
the reassembly API change to set the correct reassembled length.
This change does "regress" on bug 10289 though when the preference is
enabled as retransmitted single-segment PDUs are now passed to
subdissectors. I added a TODO comment for this unrelated cosmetic issue.
Bug: 3389 # capture 2907 (HTTP) ok
Bug: 4727 # capture 4590 (HTTP) ok
Bug: 9461 # capture 12130 (TLS/HTTP/RPC-over-HTTP +key 12131) ok
Bug: 12006 # capture 14236 (HTTP) ok2; capture 15261 (HTTP) ok
Bug: 13517 # capture 15370 (HTTP) ok; capture 16059 (MQ) ok
Bug: 13754 # capture 15593 (MySQL) ok2
Bug: 14649 # capture 16305 (WebSocket) ok
Change-Id: If3938c5c1c96db8f7f50e39ea779f623ce657d56
Reviewed-on: https://code.wireshark.org/review/27943
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Split our tests by suite_*.group_* instead of suite_*. There are quite a
few dfilter tests and this should make them more parallelizable.
Change-Id: I52371409618cda70dc99811e8de1fb1ad9d9a3b6
Reviewed-on: https://code.wireshark.org/review/28329
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
"nstime_t{A, B}" is defined as "A + B * 10^9" rather than an integer
part A and fractional part B.
Bug: 14720
Change-Id: I5321db7d5ecea8f976291d2a22667b02162194e2
Reviewed-on: https://code.wireshark.org/review/27775
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Move WIRESHARK_QUIT_AFTER_CAPTURE to the default environment instead of
running the capture tests in a separate environment.
Change-Id: I5198df35f512ffe8c0d7f091a7b50d5fdb9c4ff6
Reviewed-on: https://code.wireshark.org/review/27711
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Run our CTest tests with PYTHONIOENCODING=UTF-8.
If someone runs our tests manually and their output encoding isn't
UTF-8, print replacement characters instead of failing with an error.
Open our log files with "errors='backslashreplace'" in case their
contents aren't UTF-8.
Change-Id: Ifa4d12c2b5e272cf3903f3e0c6102e4d961562f1
Reviewed-on: https://code.wireshark.org/review/27686
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Dot11DecryptTDLSDeriveKey in epan/crypt/dot11decrypt.c requires Libcrypt
1.6 for MIC verification. Skip the test if unavailable.
Change-Id: I0b859c0ecf135182a6249a67b9b5ea9e34ad92b6
Reviewed-on: https://code.wireshark.org/review/27614
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tests that the documented "-z hosts,ipv4" filter actually works and that
the resolved addresses table is correct (it implicitly tests that the
definition of WS_INET_ADDRSTRLEN in wsutil/inet_addr.h is sane).
Change-Id: If7babe665ea5ecb37e38078a9809c88873cb323c
Ping-Bug: 14667
Reviewed-on: https://code.wireshark.org/review/27454
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change the test suite list in CMakeLists.txt to a static list. Add a
CTest coverage unit test.
Change-Id: I8459f320a2d0707618d6d56abdfce80274fddd2d
Reviewed-on: https://code.wireshark.org/review/27377
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
They've been replaced by the Python scripts.
Change-Id: I8add9c9ea0a6bdd68b2fa3841977863c0ea9a761
Reviewed-on: https://code.wireshark.org/review/27243
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Convert capinfos output to UTF-8 in getCaptureInfo.
Normalize our command paths, otherwise "./run/RelWithDebInfo/..." might
be interpreted as the command "." with flags "/run", "/RelWithDebInfo",
etc. on Windows.
Change-Id: Ib7336a016db3ee0805739fc44913cb9c6895aaad
Reviewed-on: https://code.wireshark.org/review/27239
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Move UAT file creation to config.py.
Run the text2pcap and some of the clopts tests under our default
environment.
Use "in" instead of "has_key".
Change-Id: Ie5c70fb33c29676672bed7bf8205cff0bba77f8a
Reviewed-on: https://code.wireshark.org/review/27234
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
These directories have had trailing slashes for years and users seem to
rely on it, so restore this assumption for backwards compatibility. The
underlying API function (Dir.persconffile_path()) is not changed because
trailing slashes were not documented for that function.
For consistency, ensure that all Lua Dir functions return paths without
trailing slashes.
Bug: 14619
Change-Id: Ia299864999578884b1ad1cd48f1bd883bce6879d
Fixes: v2.5.0rc0-579-gfb052a637f ("Use g_build_filename() instead, fix indentation")
Reviewed-on: https://code.wireshark.org/review/27166
Reviewed-by: João Valverde <j@v6e.pt>
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Add the fileformats and I/O suites. Move some more common code to
subprocesstest.py and add a diffOutput method.
Change-Id: I2ec34e46539022bdce78520645fdca6dfc1a8c1a
Reviewed-on: https://code.wireshark.org/review/27183
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In util_slow_dhcp.py, open stdout as O_BINARY on Windows.
Have ctest pass --verbose to test.py.
Call config.canCapture at test time so that we don't inadvertently skip
some tests.
Stringify our dumpcap config check.
Fix our Gcrypt variable.
Change-Id: I884ec23ddfc7c28b79d4a860c6c43c308598e6db
Reviewed-on: https://code.wireshark.org/review/27182
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Create Python versions of our various test shell scripts. Add CMake
tests for each suite. Tests can now be run directly via test.py, via the
"test" target, or via ctest, e.g.
ctest --verbose --jobs 3
Add a testing chapter to the Developer's Guide.
Add a way to disable ctest in dpkg-buildpackage.
Suites completed:
- capture
- clopts
- decryption
- dissection
Remaining suites:
- fileformats
- io
- mergecap
- nameres
- text2pcap
- unittests
- wslua
Change-Id: I8936e05edefc76a86b6a7a5da302e7461bbdda0f
Reviewed-on: https://code.wireshark.org/review/27134
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Again, no more autotools/libtool, so no more .libs, as that's a
libtoolism.
Change-Id: I909c18b969ca8e04a252ff45f7f3e6bc9d0c8476
Reviewed-on: https://code.wireshark.org/review/27138
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit b4fc532372.
No longer required.
Change-Id: I0ec135d7b54f2aa1b8369fe8192fd2e725ffd5a8
Reviewed-on: https://code.wireshark.org/review/24409
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Add some debug info to the failing tests by displaying
the LANG var.
Change-Id: I0a7316d06a6aca035b46c3e6211ac8e93425e295
Reviewed-on: https://code.wireshark.org/review/24407
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
It was removed from packet_info when circuit API was removed. Remove
tests that call circuit_id for testing.
Change-Id: I88e54b288d9d8f99b63e0828663b3025c57e0ec8
Reviewed-on: https://code.wireshark.org/review/24400
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Includes adding per-conversation data to store whether we are over
DTLS or UDP and registering as a heuristic sub-dissector for DTLS.
Future changes will add more use of the conversation structure.
Also included is a capture of UDT over DTLS in test/captures/udt-dtls.pcapng.gz,
the associated private key for the session in test/keys/udt-dtls.key and a
new test in the decryption suite to check this works.
Change-Id: I76826d3b35768d0b58f5335063884616968e5784
Reviewed-on: https://code.wireshark.org/review/22533
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit reassembles data frames to build up the full entity body. It does
this for both client/server request and responses. Additionally, it also
decompresses bodies if they have the correct content-encoding header provided
and are not partial bodies.
Bug: 13543
Change-Id: I1661c9ddd09c1f6cf5a08b2b1921f95103aebb52
Reviewed-on: https://code.wireshark.org/review/20737
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Absolute and Relative time fields could not be converted to seconds
without converting to string and parsing to number.
Fixed conversion in generated code that was subject to precision loss
Usage:
f=Field.new("frame.delta_time")
delta=f().value:tonumber()
Change-Id: I6ef91c6238a6c2ed9adf6cae03f8913f0a09332e
Reviewed-on: https://code.wireshark.org/review/22316
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Implements all seven AEAD_CHACHA20_POLY1305 cipher suites from RFC 7905
(for TLS 1.2) and the final missing one for TLS 1.3 (draft -20).
New test captures (created using OpenSSL_1_1_0-pre6-2528-g042597b0a)
also serve as tests for TLS 1.3 decryption support.
Change-Id: Ice6d639c9c7b7bc23a6ff5fb4832d02694abd8c4
Ping-Bug: 12779
Reviewed-on: https://code.wireshark.org/review/21902
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This function returns TRUE/FALSE depending whether the specified ProtoField/Dissector
needs to be dissected. By using this function in conjunction with the TreeItem.visible
attribute, Lua dissectors can be significantly sped up by making less C interop calls
which are relatively slow in terms of dissection especially when using sub-protocols
where the dissection of an entire protocol can be skipped.
Added tests for TreeItem:referenced to protofield.lua
Change-Id: I44feacb91a2a5b0e3c28c0ccd8d6b04cccd67261
Reviewed-on: https://code.wireshark.org/review/21387
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add tests for abbrev and name validation.
Add tests for signed integer base values.
Change-Id: I0bd65c6633b44ae998880f528c22afc22c87529d
Reviewed-on: https://code.wireshark.org/review/20568
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Only perform the protofield with a tree.
Change-Id: I93caeb505d1138a57c846ea6c295e5a44d72023c
Reviewed-on: https://code.wireshark.org/review/20564
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Add ABSOLUTE_TIME_* defines to the base table in init.lua for use
in ProtoField.absolute_time.
Change-Id: I5c99eafdac97655d71fd4f3374294cd587afaf0a
Reviewed-on: https://code.wireshark.org/review/20543
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The "Microsecond pcap-ng via stdin" and "Nanosecond pcap-ng via stdin"
tests work here on macOS and Windows (likely due to g8a141fe), so
enable them.
Change-Id: I148d02f0cc23162d782457e1d8f0e7c2c0dc6932
Reviewed-on: https://code.wireshark.org/review/19877
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
TLS and DTLS share the same code for decryption of AEAD ciphers.
Add tests for all possible AEAD cipher modes (GCM, CCM, CCM_8).
PSK is used to reduce the handshake size (removing certificates).
The decryption suite passes these tests on:
* Libgcrypt 1.6.5 (Ubuntu 14.04)
* Libgcrypt 1.7.6 (Arch Linux)
* Libgcrypt 1.4.5 (CentOS 6). Note that the GnuTLS packages are too old,
so tests that depend on RSA keys fail here (but the new tests pass).
Change-Id: If0dc5b94223fb247062e23960ff66dfdd4f7a902
Reviewed-on: https://code.wireshark.org/review/19850
Reviewed-by: Anders Broman <a.broman58@gmail.com>
* Added support for 3-byte integers in :int() and :le_int()
* Added support for 5, 6, and 7-byte integers in :int64() and :le_int64()
Change-Id: If9ab4ea806191bc63effe45a081b9c65693c2367
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18672
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
* Implement Tvb:ipv6()
* Handle FT_IPv6 protofields during insertion in the lua tree
* Implement Address.ipv6(hostname)
Change-Id: I585c392681b3aef02ed8ee956f74051d77fb28d4
Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io>
Reviewed-on: https://code.wireshark.org/review/18442
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If the "test-programs" target is not built, then it should not try to
invoke the last program (wireshark-gtk in my case).
Change-Id: Ida60a71d1dc47305ef8abe10e6c96c8a1cb8dcbb
Reviewed-on: https://code.wireshark.org/review/18346
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Current Ubuntu buildbot is failing because GTK support was removed.
Tests should not fail if GTK is not available, so make it optional.
Change-Id: I1640c8bcea5208299f6846eb366e105c39a3ebf3
Reviewed-on: https://code.wireshark.org/review/18345
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Test Kerberos decryption using files from krb-816.zip on the
SampleCaptures page.
Change-Id: Ic1360b637ca6a1f6cb86d09a6aebfd7f5ff89419
Reviewed-on: https://code.wireshark.org/review/18275
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Previously the metatables for classes were the same for the class and
its instances. This results in issues like calling __gc on the class
table on exit.
Make it possible to declare separate class methods (functions) and
instance methods. Observe that all attributes apply to the instances
only, so make these just available on the instance.
The attribute/methods lookup method (via __index/__newindex) have been
rewritten to use upvalues, removing the technical need for the
properties __getters/__setters/__methods. The "lua globals" test still
checks for these, but it could be removed in the future.
To fix bug 12968, the __gc method is removed from the class method.
Future patches should remove the WSLUA_REGISTER_CLASS,
WSLUA_REGISTER_META and WSLUA_REGISTER_ATTRIBUTES macros completely and
create split class functions/methods (such that __call for an instance
cannot accidentally be invoked on the class).
Removed duplicate "fragmented" property from Pinfo (which triggered an
error) and replaced exit() by g_error() for debugger friendliness.
Remove lua_shiftstring since checkstring always returns non-NULL.
Bug: 12968
Change-Id: I57f8a93d08bb84c79b0e94cf2c82d8402fc16646
Reviewed-on: https://code.wireshark.org/review/18026
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
- Fix test script to use wlan instead of wlan_mgt
- Remove a now useless test in the dissector
Change-Id: I9a7644947c3002c759a7ae5728a8559682cfd4fd
Reviewed-on: https://code.wireshark.org/review/18215
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
It's broken for recent GLib versions and there is no time frame for
a fix.
Ping-Bug: 12997
Change-Id: Ia687af9b0df8fc37121179ba20761c878bf57057
Reviewed-on: https://code.wireshark.org/review/18140
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
A handshake starts a new session, be sure to clear the previous state to
avoid creating a decoder with wrong secrets.
Renegotiations are also kind of transparant to the application layer, so
be sure to re-use an existing SslFlow. This fixes the Follow SSL stream
functionality which would previously ignore everything except for the
first session.
The capture file contains a crafted HTTP request/response over TLS 1.2,
interleaved with renegotiations. The HTTP response contains the Python
script used to generate the traffic. Surprise!
Change-Id: I0110ce76893d4a79330845e53e47e10f1c79e47e
Reviewed-on: https://code.wireshark.org/review/17480
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This name is displayed in the SSL prototcol tree (Application Data
Protocol: http-over-tls), rename to avoid possible user confusion.
Modify the SSL dissector such that both "http" and "http-over-tls"
invoke the same dissector function.
Change-Id: I2d52890a8ec8fa88b6390b133a11df607a5ec3dc
Reviewed-on: https://code.wireshark.org/review/17481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Libpcap just backed out the "host-endian" SocketCAN LINKTYPE_ value; we
don't need it any more.
Change-Id: I33a7dc21207a0009e20b4abaefe1119eb649c39a
Reviewed-on: https://code.wireshark.org/review/17327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
IKEv2:
Fixed bug with AEAD ciphers with 8- and 12-byte length ICVs and
libgcrypt 1.6.x - gcry_cipher_checktag() returned INVALID_LENGTH.
Fixed for merged changeset https://code.wireshark.org/review/17078
Added support for verification of encrypted data with HMAC_MD5_128
[RFC4595] and HMAC_SHA1_160 [RFC4595] integrity algorithms
Added IKEv2 decryption suite for few combinations of encryption and
integrity algorithms: 3DES-CBC/SHA1_160, AES-128-CCM-12, AES-128-CCM-12
(using CTR mode), AES-192-CTR/SHA2-512, AES-256-CBC/SHA2-256,
AES-256-CCM-16, AES-256-GCM-16, AES-256-GCM-8
Change-Id: Ic564b25f1fd41e913c605322b7b8aa030cf90ddf
Reviewed-on: https://code.wireshark.org/review/17213
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Add regression tests for bugs 12610 and 12620
Bug: 12610
Bug: 12620
Change-Id: I6325a3ccb3e27fd4d3be52190e8763737b99fe73
Reviewed-on: https://code.wireshark.org/review/17083
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Make it find test programs under the build tree.
Change-Id: Ie7ff547417e8f248bb58f6c96896977ca4e710d1
Reviewed-on: https://code.wireshark.org/review/17048
Reviewed-by: João Valverde <j@v6e.pt>
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This behavior severely limits the usefulness of the test suite. An option
to configure it would still be nice.
Change-Id: I2bc96a043cc4ec76f334a3bfe48967703ef1be5e
Reviewed-on: https://code.wireshark.org/review/16890
Reviewed-by: João Valverde <j@v6e.pt>
I'd just copied and pasted the copyright notice from test/test.sh; Ulf
wrote test/test.sh, but didn't write test/run_and_catch_crashes - I did,
but, hey, might as well give the copyright to Gerald. Fix the date as
well.
Change-Id: Id307f354289ca72931dd83f472d879d733618e3c
Reviewed-on: https://code.wireshark.org/review/16910
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add an ESP decryption test using the capture+keys from bug 12671.
Change-Id: I5f7ce477ec74d59c1043345728a1444842912b96
Ping-Bug: 12671
Reviewed-on: https://code.wireshark.org/review/16733
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Tested-by: Gerald Combs <gerald@wireshark.org>
The way you say "this interface's name is unknown" is by not giving it
an if_name option, not by giving it an if_name option that says "this
isn't known". Remove the if_name option from the interfaces in this
capture file.
Change-Id: Ie3569c81bd065e48278cfa83b82b06ea6b5258af
Reviewed-on: https://code.wireshark.org/review/16455
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The whole point of using mktemp is to get a temporary directory outside
the source tree. Commit v2.1.0rc0-1027-ge01f8fb tried to fix the
invocation for *BSD (including OS X), but by adding a template it
dropped the implicit --tmpdir option for GNU mktemp on Linux..
Use the GNU mktemp invocation and if it fails (for example, because a
template is expected for BSD/OS X), provide a template.
Change-Id: I77bbc7dc2045e4fa756e102afa080860b0857713
Reviewed-on: https://code.wireshark.org/review/16178
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Revert "Test: Make capture_step_stdin more verbose." and "Test: more
suite-capture debugging." Tests on the Windows 8.1 builder have been
passing since recommended OS updates were installed on the 24th.
This reverts commits 7f710ef2b5 and
f52c3c468a.
Change-Id: I7cf10a38ba001426baea5fc76a34610c3a26ced2
Reviewed-on: https://code.wireshark.org/review/15590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
In capture_step_stdin, print information about our test capture if we
fail.
Change-Id: I046f9d22b1bb2d52d96926f50379ab51e6279eb3
Reviewed-on: https://code.wireshark.org/review/15125
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Add some verbosity to the stdin capture test. Hopefully this will shed
some light on the Windows 8 builder failures.
Change-Id: Ife2bbbaeed7a1e4a7ddd1c1f86322ba25d154f4c
Reviewed-on: https://code.wireshark.org/review/15122
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The "http" dissector is what's used for protocols other than TCP, SCTP,
and SSL/TLS.
Change-Id: Ib5138d3a082f1017b7ef190e5128a21eb9a49e92
Reviewed-on: https://code.wireshark.org/review/14947
Reviewed-by: Guy Harris <guy@alum.mit.edu>
pcap files and snoop files have different headers, so there's no
IP_OVER_IB encapsulation type, there are separate types for pcap and
snoop.
Change-Id: I00146e478d05bb11c634df0c386329db8de5635d
Reviewed-on: https://code.wireshark.org/review/14774
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Error out if it can't be created.
Change-Id: I1a087f0e0cc064be7a417b9a2e66cf3c940e02fa
Reviewed-on: https://code.wireshark.org/review/14565
Reviewed-by: João Valverde <j@v6e.pt>
When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We cannot easily predict what will happen, given the configuration of
the OS, the permissions on files, the availability of extcap devices,
the version of libpcap/WinPcap/NPcap (present or future), etc., etc.,
etc.. Allow those tests to succeed (as would be the case if you have
the necessary permissions) or fail with a non-command-line-syntax error
(as would be the case if you don't have the necessary permissions), but
not to fail with a command-line syntax error.
Change-Id: I76af898d5f146fcf3507c06f101acb578085e6fa
Reviewed-on: https://code.wireshark.org/review/13957
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add a test to check decryption of management frames
Bug: 11995
Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f
Reviewed-on: https://code.wireshark.org/review/13259
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all versions of mktemp support omitting the template; in particular,
the one provided by some BSD-flavored OSes don't.
Change-Id: I657e002559dce165c677a473aa10bb17cc506037
Reviewed-on: https://code.wireshark.org/review/12592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default prefix policy on modern versions of Windows prefers IPv6.
This in combination with the fact that our ping target (www.wireshark.org)
currently has both A and AAAA records might result in ICMPv6 traffic
instead of ICMPv4. Update the capture test suite accordingly.
Change-Id: I5c88f24fb9458526ffd44c5003f09247b6999ce7
Reviewed-on: https://code.wireshark.org/review/12553
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The old global tests don't work; get rid of them. Fix the values of the
Lua globals in the new test, and get rid of IEEE_802_11_AIROPEEK.
(Yes, if you have a Lua script that depends on IEEE_802_11_AIROPEEK
being defined, or that depends on the values of the Wiretap
encapsulations not changing, it breaks. Fix it.)
Change-Id: I245c1c0c3ba1c450f7950c754624c51b5564848a
Reviewed-on: https://code.wireshark.org/review/12210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Updated AirPDcapPacketProcess function description
- Try to return better error codes
- Remove broken/useless return of keys from AirPDcapRsna4WHandshake
Change-Id: I1e4e0a76f6d1307e11c0466f17935dd7030561e1
Reviewed-on: https://code.wireshark.org/review/12033
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the pcap captures from test/captures/ and
- Get information for the input pcap file with capinfos
- Generate an ASCII hexdump with text2pcap
- Convert the ASCII hexdump back to pcap using text2pcap
- Get information for the output pcap file with capinfs
- Check that file type, encapsulation type, number of packets and data size
in the output file are the same as in the input file
Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e
Reviewed-on: https://code.wireshark.org/review/11042
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The tests only allowed a single character suite selection, which
prevented suite 10 from being run on its own.
Modified test.sh to now require a newline in addition to the input
so that a 2 digit number can be entered.
Also fixed test display to remove illusion that an individual step
could be run. Only whole suites can be run.
Change-Id: I4dee0ec6a8e1f34fa443a6a0a3f2d52a73146e54
Reviewed-on: https://code.wireshark.org/review/10676
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This change will be undone once the problem is found.
Change-Id: Ica9cfe31b4e30fad2bb9de508af61baa1c455cc1
Reviewed-on: https://code.wireshark.org/review/10136
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add a test suite for mergecap (and indirectly capinfos I guess).
This is not exhaustive, but it's a start.
Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e
Reviewed-on: https://code.wireshark.org/review/10082
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See what it prints on Windows.
Change-Id: Id35d87595543eca3e5b5d80dbe9a7639e0a85994
Reviewed-on: https://code.wireshark.org/review/9693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Too bad DEC used / as an option character and Bell Labs chose it as a
pathname separator.
Change-Id: Ie58ba79476e0f24e408fae55f6c5eaff3ffb11fa
Reviewed-on: https://code.wireshark.org/review/9680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In the decryption_step_ssl_rsa_pq - and the
decryption_step_ssl_master_secret test - duplicate the code used to
generate TEST_KEYS_DIR, so that we construct a UN*X-style path and then,
if we're running on Windows, map the UN*X-style path, which is a Cygwin
path, to the equivalent Windows-style path, and pass that to TShark on
the command line.
Bug: 11372
Change-Id: I442a30c4c954540a05942ed70ec3687941428a96
Reviewed-on: https://code.wireshark.org/review/9675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Trying to debug the problem.
Change-Id: I26f78e49556cb1d40f0c8ddbfd58f058dceb0e77
Reviewed-on: https://code.wireshark.org/review/9674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TEST_KEYS_DIR already contains a trailing slash. Windows does not like
forward slashes, so drop the additional slash to fix tests under
Windows.
Fixes: v1.99.8rc0-417-g85f8a99
Bug: 11372
Change-Id: Ief794977281b70549369c344a193f4d48bcc1776
Reviewed-on: https://code.wireshark.org/review/9668
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add Lua functions so a plugin can introspect field information, such
as the type of field, flags, tvb, etc. Also add a couple of Tvb and
ByteArray methods. And cleanup the TreeItem code a little.
Change-Id: I7b58ce589ace91cce14b8abccd01ceabb63e2653
Reviewed-on: https://code.wireshark.org/review/6500
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
It's currently crashing in the Solaris buildbot when we do "tshark -v";
hopefully this will give us something more useful than
test.sh: line 144: 21543 Abort (core dumped) $TSHARK -v
"Version information" Failed!
Failed to print version information
Binary file ./core matches
as a diagnostic.
Change-Id: I278c8dd9f6acf5ddfa83bc0a7f3f7a3c48577ac2
Reviewed-on: https://code.wireshark.org/review/9052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buildbot printed "expr: syntax error", presumably from this, but
that oh-so-descriptive error message doesn't indicate what the problem
is, and just about any string should be valid as the left-hand operand
of the : operator.
Change-Id: I1140522357b8df07e4183bf0eb8c5fa9fbe275e4
Reviewed-on: https://code.wireshark.org/review/8827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
SSL traffic from tshark with -o ssl.keys_list.
For example, as used in a new test also added in this commit:
-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS"
Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e
Reviewed-on: https://code.wireshark.org/review/8746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That got the crash information in the WPA EAPOL Rekey test; use it for
all other tests where, otherwise, the crash information would be lost.
Change-Id: I230b7952b6d79ebf6dc003747dc05328616ef7c2
Reviewed-on: https://code.wireshark.org/review/8394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a script that takes a command as an argument and runs it in a
subshell, so that said subshell will catch any signals from it and
report it.
This would be done for commands that aren't the last command in the
pipeline, as, given that the exit status of a pipeline is the exit
status of the last command in the pipeline, there's no guarantee that
the shell will bother to pick up the exit status of earlier commands in
the pipeline.
Use that for the tshark in the WPA EAPOL Rekey test, so it at least can
report the signal (on Solaris, SIGSEGV means, among other things,
"dereferenced a pointer pointing out of the address space" and SIGBUS
means, among other things, "dereferenced a misaligned pointer on
SPARC"). Maybe we can make the script also fire up a debugger if it
finds a core dump (and a debugger) and get a stack trace.
Change-Id: I4188190a1f1a4d3afc4719d886161ee56bd89d8b
Reviewed-on: https://code.wireshark.org/review/8392
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "test-programs" target to each toolchain which builds each unit
test executable. "test-programs" must now be built before running
the unit test suite.
Change-Id: I9317a1e305d987f244c4bd8b4a7f05d11fed7090
Reviewed-on: https://code.wireshark.org/review/7673
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Process wslua/CMakeLists.txt using add_subdirectory instead of
include. Generate files in the build directory instead of the source
directory.
Copy lua scripts to DATAFILE_DIR instead of DATAFILE_DIR/lua. That's
where init.lua looks for console.lua.
Always set WIRESHARK_RUN_FROM_BUILD_DIRECTORY when testing. We
presumably want to test our source files and not files which may or
may not be in the system path.
When we're running from the build directory look for lua scripts in both
the Autotools and CMake build locations.
Change-Id: Ic15ab8c58ff1b170d000c9b3e0a329af2ec44b7b
Reviewed-on: https://code.wireshark.org/review/7590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the FPM dissector test, only check the fields produced by the
frame and FPM dissectors.
Change-Id: I212afb8a8a4a7a9aa54391b0d5971b982b819395
Reviewed-on: https://code.wireshark.org/review/7643
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
We don't want to have to change the pcap-ng file against which we
compare, so we hardcode the year here to be the same as the year from
the pcap-ng capture.
Change-Id: Ibd83d06e035341f617b8285f6ba51c749c38a177
Reviewed-on: https://code.wireshark.org/review/7448
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
We should probably do the same for the other decryption tests but we're
having issues with HTTP2 right now.
Change-Id: I8e8f5da200a29a5ca1cddb39c082bb7ee12d1eaf
Reviewed-on: https://code.wireshark.org/review/6686
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The test script was running lua/nstime.lua rather than lua/pinfo.lua for
the Pinfo test, and the Pinfo test was testing the ipproto property for
a Pinfo, but that was removed.
Change-Id: Iccdccd265dd550e41640af3acd607362f1f2f02e
Reviewed-on: https://code.wireshark.org/review/6747
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Fix the Cygwin path added for tests so that Cygwin comes after the
existing path and that the correct link command is found for exntest.
Same change to runa2x.sh to be consistent.
Change-Id: I177a5e7d17a0077b0e8ca7d264d7e725a5312e24
Reviewed-on: https://code.wireshark.org/review/6503
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
1. Set the igncr option a little differently, this is the preferred
way according to the latest Cygwin bash update announcement
(See https://sourceware.org/ml/cygwin-announce/2014-10/msg00015.html, Sect 4a)
The previous way didn't work for me.
2. Ensure /usr/bin is on the path if running under Cygwin.
I really don't want Cygwin on my normal paths, the build process
adds if required, so this change makes the test scripts do the same.
Change-Id: I0f4da1fa87802bf0a4039bb5a91e577fae506d79
Reviewed-on: https://code.wireshark.org/review/6243
Tested-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Convert TEST_DIR path to a Windows path, this is used in all the lua tests.
Fix a typo
Change-Id: I38808822c998ed1df007732b3701b6b13d6c886b
Reviewed-on: https://code.wireshark.org/review/6235
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Rather than running `cd` and letting it potentially fail, just use the `-d` flag
to test that `run` exists and is a directory. Avoids useless stderr output.
Change-Id: Iab8b63681db6256aa1a6fc389d2536acbd491aba
Reviewed-on: https://code.wireshark.org/review/6239
Reviewed-by: Evan Huus <eapache@gmail.com>
it used to be SOURCE_DIR, which is still the fallback for WS_BIN_PATH, but this
way if you specify a custom WS_BIN_PATH it gets picked up for both
Change-Id: If9198565fc7b7b3911550fd200adb0f918622540
Reviewed-on: https://code.wireshark.org/review/6238
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I4ed10339d3c543d9d199e5262b6e7bb8247544ac
Reviewed-on: https://code.wireshark.org/review/5148
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Due to the change in change-id Ib43e16a9d98d08e5ddaff81fd3235f5b64d7b95b, the setlocale() call has been moved earlier in tshark's processing, such that Lua plugins load with the environment locale instead of C-locale. Since that matches Wireshark's behavior, it's good, but it causes the Lua regex test suite to fail. So the test suite needs to be fixed.
Bug: 10824
Change-Id: I3dcad15a9e247a1e42d2f708ccfb7272de2fe960
Reviewed-on: https://code.wireshark.org/review/6226
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Feed the output of `tshark -G <glossary>` to `iconv -f UTF-8`. Adjust a
couple of the Bluetooth dissectors and X11 keysyms accordingly.
Change-Id: I5b04dc3fa4734c8f0a795daf44bd398fe5ebc1bd
Reviewed-on: https://code.wireshark.org/review/6146
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Because call_heur_dissector_direct() didn't set the pinfo->heur_list_name
before calling the heuristic dissector, heur_dissect_lua() would invoke
report_failure(). Unfortunately, calling report_failure() within a dissector
can cause problems because GTK continues invoking timed callbacks while
it displays the modal dialog created by report_failure()... without yet
returning from report_failure(). In such a case, it's possible for
epan_dissect_run() to be called while still within the execution of a
previous call to epan_dissect_run(), which casues an assert since
epan_dissect_run() is not reentrant.
So this commit both fixes the call_heur_dissector_direct() bug as well
as avoids using report_failure() within heur_dissect_lua(). It also
upadtes the dissector.lua script used in the testsuite to match the one
pubshied on the wiki, since that script's heuristic dissector triggered
the bug.
Bug: 10233
Change-Id: If022604347745fadac01c02d370ca1a5d3f88b5b
Reviewed-on: https://code.wireshark.org/review/6040
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Dissectors should pass data directly to their subdissectors through the data parameter (of new-style dissectors). This avoids unintentional "trampling" from other dissectors trying to "share" private_data member.
Change-Id: I2efef5c8dfeef64588ba3ac6e695b469238c6468
Reviewed-on: https://code.wireshark.org/review/5487
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ping four times a second for ~60 seconds. Save the subprocess PID so that
we can kill it when we're done with each test instead of waiting for it
to finish.
Change-Id: I64f889c700e8a6fa1bc1c3916ef045341ef59cc6
Reviewed-on: https://code.wireshark.org/review/4557
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Qt requires Xrender and XKEYBOARD. Unfortunately the Ubuntu and Solaris
buildbots run the test script under Xtightvnc, which provides neither of
those. Only enable the tests on Windows and OS X for now.
Change-Id: I84bc28f810782b862b4dca8fc8df088a4919066d
Reviewed-on: https://code.wireshark.org/review/4430
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Apparently what works for me doesn't work for the Buildbot users.
Change-Id: I7d3e4f2b89ae8ae3dadc8d92438c0e1923b97ace
Reviewed-on: https://code.wireshark.org/review/4416
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Make sure the Qt UI quits if WIRESHARK_QUIT_AFTER_CAPTURE is set. Make
sure Bourne shell scripts (*.sh) have UNIX/POSIX line endings. Reduce
some time values so that the tests run faster.
Change-Id: I81df7c6f72d7d807d1856863cbea1bb6326ca711
Reviewed-on: https://code.wireshark.org/review/4407
Tested-by: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The recent wiretap changes broke the generation of init.lua among other things,
though it did coincidentally fix one of the "yuck" comments in the generator
regex.
(Note that this is entirely untested, because out-of-tree init.lua is and always
has been broken, but it should work)
Change-Id: Id0c27b31c596613997de4ba2f6088eb9d6c8fc53
Reviewed-on: https://code.wireshark.org/review/4361
Reviewed-by: Evan Huus <eapache@gmail.com>
This was suggested in review 2297. Capture and key are from bug 7951.
Bug: 7951
Change-Id: I820c5e839b20ec464cc1be438633d5311f657fb2
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Reviewed-on: https://code.wireshark.org/review/4143
Reviewed-by: Evan Huus <eapache@gmail.com>
Make sure the Qt UI is named "Wireshark" and its executable is named
"wireshark" or "wireshark.exe". Make sure the GTK+ UI is named
"Wireshark 1" or "Wireshark (GTK+)" depending on how much the target
audience is likely to care about UI toolkits. Make sure the GTK+
executable is named "wireshark-gtk" or "wireshark-gtk.exe".
It looks like moving to Qt 5.3 (g978faf3) broke the PortableApps
package. It's likely even more broken now.
Autotools out-of-tree builds also broke on Ubuntu 12.02 (automake
1.11.3) at some point. The first attempt to compile in ui/qt returns
"error: source_file.cpp: No such file or directory". The second attempt
works. Out-of-tree builds work fine on Ubuntu 14.04 (automake 1.14.1).
Tested:
- Nmake builds
- NSIS packaging
- CMake builds (Windows, OS X)
- Autotools build and distcheck
- RPM packaging
To do:
- Test Debian packaging
- Fix PortableApps
Change-Id: I66429870e05fd2d6fc901942477959ed6164fce2
Reviewed-on: https://code.wireshark.org/review/3919
Reviewed-by: Gerald Combs <gerald@wireshark.org>
1. The only indication we get of an out-of-order value string is a message on
STDERR, so check that and fail the test if STDERR wasn't empty.
2. This exposes an out-of-order value string in packet-stun.c; fix it.
3. This triggered the pre-commit hook on packet-stun.c, which noticed an API
error (ENC_ASCII -> ENC_ASCII|ENC_NA); fix that too.
Change-Id: I36f87a2a87b40537119562f22a7e3012716ff239
Lesson: automated testing/tooling is both wonderful and scary.
Reviewed-on: https://code.wireshark.org/review/2682
Reviewed-by: Evan Huus <eapache@gmail.com>
Add a "record type" field to "struct wtap_pkthdr"; currently, it can be
REC_TYPE_PACKET, for a record containing a packet, or
REC_TYPE_FILE_TYPE_SPECIFIC, for records containing file-type-specific
data.
Modify code that reads packets to be able to handle non-packet records,
even if that just means ignoring them.
Rename some routines to indicate that they handle more than just
packets.
We don't yet have any libwiretap code that supplies records other than
REC_TYPE_PACKET or that supporting writing records other than
REC_TYPE_PACKET, or any code to support plugins for handling
REC_TYPE_FILE_TYPE_SPECIFIC records; this is just the first step for bug
8590.
Change-Id: Idb40b78f17c2c3aea72031bcd252abf9bc11c813
Reviewed-on: https://code.wireshark.org/review/1773
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It was intended to change the DTLS decryption test, but changed the SSL test
file instead, which led to the SSL test mysteriously failing. The SSL capture
really is http, so that's the right protocol, and the port is the standard 443,
not 4433 (which was perhaps a typo?).
Change-Id: I84448c2326d2a4301a4bba9607f8ba90a495531d
Reviewed-on: https://code.wireshark.org/review/1401
Reviewed-by: Evan Huus <eapache@gmail.com>
Follow-up to g757db64e484b009c33b67b5fa38e109d7b8f5e78 which changed the filter
being tested but didn't change the target protocol, so the test was still
failing because it was still trying to use HTTP.
Change-Id: I6675cfad3bba63f7a536eb7ae82e4b25132d108e
Reviewed-on: https://code.wireshark.org/review/1375
Reviewed-by: Evan Huus <eapache@gmail.com>
This commit adds tvb_get_string_bytes and proto_tree_add_bytes_item routines for
getting GByteArrays fields from the tvb when they are encoded in ASCII hex string form.
The proto_tree_add_bytes_item routine is also usable for normal
binary encoded byte arrays, and has the advantage of retrieving
the array values even if there's no proto tree.
It also exposes the routines to Lua, both so that a Lua script can take
advantage of this, but also so I can write a testsuite to test the functions.
Change-Id: I112a038653df6482a5d0ebe7c95708f207319e20
Reviewed-on: https://code.wireshark.org/review/1158
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit adds tvb_get_string_time and proto_tree_add_time_item routines for
getting nstime fields from the tvb when they are encoded in ASCII string form.
The proto_tree_add_time_item routine is also usable for normal
big/little-endian encoded time_t, and has the advantage of retrieving
the value even if there's no proto tree.
It also exposes the routines to Lua, both so that a Lua script can take
advantage of this, but also so I can write a testsuite to test the functions.
Change-Id: I955da10f68f2680e3da3a5be5ad8fdce7ed6808c
Reviewed-on: https://code.wireshark.org/review/1084
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The WindowsXP build is failing due to a wslua testsuite failure, in the
file reader/writer tests. I've looked at it a bit and I don't know
why it's failing yet - I know why it says it's failing, but it doesn't
fail for me. And it was passing on WindowsXP until the change to Lua 5.2.3,
but I run 5.2.3 all the time and it passes for me, and there's nothing
special about the portion that's failing.
The only way to debug it is to run it on WindowsXP myself, but I need
a build to do that with, so I've commented out the failing test and
hopefull it will build now and I can grab the automated build to debug
the issue.
Change-Id: Ib75e8f75829e8f506823e648605ba16e21c7973a
Reviewed-on: https://code.wireshark.org/review/982
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Using sed : sed -i '/^\# \$Id\$/,+1 d') (start with dash)
Change-Id: Ia4b5a6c2302f6a531f6a86c1ec3a2f8205c8c2dd
Reviewed-on: https://code.wireshark.org/review/881
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Using sed : sed -i '/^\$Id\$/,+1 d') (No space or star before $Id$)
Change-Id: I0801bd7cf234d32487008a8b6dcee64875b07688
Reviewed-on: https://code.wireshark.org/review/876
Reviewed-by: Evan Huus <eapache@gmail.com>
This adds new functions to get plugins path info, find out if a directory
exists, make a new one, remove one, etc. It also creates a file environment
for user-supplied Lua scripts, to prevent global variable contamination as
well as supply the script-specific file name. Some other minor cleanup was
done as I found them.
A new testsuite was added to test the existing and new directory functions.
Change-Id: I19bd587b5e8a73d89b8521af73670e023314fb33
Reviewed-on: https://code.wireshark.org/review/832
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the ability for a Lua script to register expert info fields,
similar to C-code dissectors. This change also removes the need for
the expert_add_info_format_internal() function. Existing Lua scripts
do not have to change, because the existing expert info function
uses the internal "_ws.lua" protocol instead of nothing; but using
the new functionality provides more benefits since it correctly
registers the expert info fields to the dissector's protocol.
The test suite was amended to generate both old and new forms.
Change-Id: Ib5ae74e927cfa81312baf7b04ff4104b0b4f936e
Reviewed-on: https://code.wireshark.org/review/830
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds a Struct.values() function to get the number of values
needed/returned with Struct.pack/unpack. It also changes the existing
Struct functions such that they don't coerce a non-string argument
into a string. (not preventing it confused a user on ask.wireshark.org)
Change-Id: I93d5846105e55b67680e1c276a7286535c77b039
Reviewed-on: https://code.wireshark.org/review/790
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Lua can create a file reader/writer, to open new capture file
formats or write to new ones. To save local state, it can save
things in Lua itself; but since there can be multiple open files
at the same time (for example during a reload), the Lua script
won't know for which file and state its read/write functions are
being invoked for. To remedy this, and also provide a convenient
way to store such state, this commit adds the ability for a Lua
script to store a Lua table in the wtap/wtap_dumper's priv
data member, just like C-code-based reader/writers do.
Change-Id: Ifc9e0d5f0379accee56f2a04b6080238670fec52
Reviewed-on: https://code.wireshark.org/review/766
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The testsuite for Lua file reader/writer uses the acme_file.lua script to
generate a pcapng file from an Acme sipmsg.log file. It then compares the
tshark verbose output of this new pcapng file to a sip.pcapng file in
the test/captures directory that was previously made. Unfortunately, the
acme_file.lua script generates a timestamp based on local system timezone,
rather than UTC, so the testsuite fails if not run in the EST timezone where
the sip.pcapng file was originally made. This has now been fixed.
Also, trying to register new weak heuristic readers fails because the GArray
is terminated with a NULL-based row without Glib knowing about that. So this
commit changes it to let Glib handle the NULL-terminated row, so that appending
takes it into account automatically.
Change-Id: I037ce1cfbda03585b3a1e159df78ff8ebb41fc32
Reviewed-on: https://code.wireshark.org/review/741
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This enables a Lua script to implement a brand new capture file format reader/writer, so that for example one could write a script to read from vendor-specific "logs" of packets, and show them as normal packets in wireshark.
Change-Id: Id394edfffa94529f39789844c382b7ab6cc2d814
Reviewed-on: https://code.wireshark.org/review/431
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
rename the existing SSL test to clarify that it uses the server's
private key for decryption
Change-Id: I13598fc4cf724b144a8f27bfa7a3316acfc78728
Reviewed-on: https://code.wireshark.org/review/640
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Due to the change I made previously for how methods are accessed, if you try
to access one that doesn't exist (for example mistype it or whatever), you get
an internal Lua error about a loop in table get, as opposed to the right error
message about the field not existing.
That's because I had set the class' metatable __index metamethod to point to
the class table, which of course has the metatable with the __index
metamethod, causing a lookup loop. Blech.
Change-Id: I20d3717feadd45f652c2640e1671846184e7082d
Reviewed-on: https://code.wireshark.org/review/593
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
While Lua's built-in pattern support is ok for simple things, many people end
up wanting a real regex engine. Since Wireshark already includes the GLib
Regex library (a wrapper for PCRE), it makes sense to expose that library to
Lua scripts. This has been done using Lrexlib, one of the most popular regex
bindings for Lua. Lrexlib didn't support binding GLib's Regex in particular -
it does for PCRE but GLib is a different API - so I've done that. A fairly
thorough testsuite came along with that, which has been incorporated into the
wireshark wslua testuites as well in this commit.
Change-Id: I05811d1edf7af8d7c9f4f081de6850f31c0717c7
Reviewed-on: https://code.wireshark.org/review/332
Reviewed-by: Anders Broman <a.broman58@gmail.com>
All it checks is that they don't crash, but this is enough to catch malformed
extended value strings and other oddities.
Change-Id: If853e8e2b19517a784daa4bbb8e41eddc7c7ddd9
Reviewed-on: https://code.wireshark.org/review/520
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
The current API for Lua provides a global function
"all_field_infos()" which returns all the populated field_info nodes
in the current proto_tree.
By default all_field_infos() "works", in the literal sense: it returns
exactly the fields the previous dissectors of the packet have
populated at that instant of time. But of course dissectors don't
populate all the applicable fields most of the time, because of the
TRY_TO_FAKE_THIS_ITEM optimization where they don't fill in things
that aren't needed at the time by a display, color, or tap's dfilter.
So this commit offers a way to force the dissectors to populate
all the applicable field_infos in the tree, by setting the proto_tree
to be visible. Obviously that is going to impact performance, since
it basically bypasses the TRY_TO_FAKE_THIS_ITEM optimization; so the
patch only does this if the Lua script author told it to explicitly,
by adding an argument to Listener.new() and register_postdissector().
Change-Id: I11d3559fbe8c14fbadf1b51415a3701dc1200b7b
Reviewed-on: https://code.wireshark.org/review/286
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There are some common things people need to do, such as convert to/from hex or get
the raw binary string in a ByteArray/Tvb/TvbRange. These have been added, as well
as some tests for them in the testsuites. Also, functions have been added to allow
a script to get all the available tap types and filter fields, since they are
not exactly what one can see in the Wireshark gui.
Change-Id: I92e5e4eae713bb90d79b0c024eaa4e55b99cc96b
Reviewed-on: https://code.wireshark.org/review/249
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As discussed in bug 3513 and 9709, one can register more than one new ProtoFields for
the same field name. Of course C-code can do that too, and does a LOT apparently, but
if they're not similar ftypes then things can get scrweed up in display filters.
So this change prevents duplicate field registration of dissimilar ftypes. The
similarity is based on the discussion on the mailing list, and the listing in
README.developer has been updated to refelect that as well.
Also, this change adds a testscript for Proto/ProtoFields.
Change-Id: I43bd323f785245941a21289647332a19adec2a9d
Reviewed-on: https://code.wireshark.org/review/285
Reviewed-by: Evan Huus <eapache@gmail.com>
Several bugs have been introduced due to changing of perl scripts or #define names, such
that things exported into Lua have dissapeared or changed unintentionally. This commit
adds a test suite which compares the Lua global table with the ones from previous
releases (1.8 and 1.10), to verify nothing has gone missing. New items can be added, but
old ones cannot go away. The added script to verify these things, called 'verify_globals.lua',
also has the ability to display what's new - i.e., what was not in the olrder releases.
Lastly, this commit also fixes a bug: MENU_STAT_ENDPOINT became MENU_STAT_ENDPOINT_LIST
due to a change in the make-init-lua.pl perl script in this 1.11 release.
Change-Id: Iba143d1a436e706970635a5f8cc2b317955392bf
Reviewed-on: https://code.wireshark.org/review/284
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Several bugs have been introduced due to changing of perl scripts or #define names, such
that things exported into Lua have dissapeared or changed unintentionally. This commit
adds a test suite which compares the Lua global table with the ones from previous
releases (1.8 and 1.10), to verify nothing has gone missing. New items can be added, but
old ones cannot go away. The added script to verify these things, called 'verify_globals.lua',
also has the ability to display what's new - i.e., what was not in the olrder releases.
Lastly, this commit also fixes a bug: MENU_STAT_ENDPOINT became MENU_STAT_ENDPOINT_LIST
due to a change in the make-init-lua.pl perl script in this 1.11 release.
Change-Id: Ic46172904256dc535b0fe4543237c07dddb3b9b5
Reviewed-on: https://code.wireshark.org/review/242
Reviewed-by: Evan Huus <eapache@gmail.com>
This adds test scripts for verifying Pinfo, Address, Field, FieldInfo, NSTime
and Listener classes/functions. It also moves Lua test scripts out of
unittests and into its own new testsuite.
Change-Id: I65c238fd459efb96db3f8f9145842cd038dea7c7
Reviewed-on: https://code.wireshark.org/review/270
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>