2012-03-13 19:58:19 +00:00
|
|
|
#!/bin/bash
|
|
|
|
#
|
|
|
|
# Test file format conversions of the Wireshark tools
|
|
|
|
#
|
|
|
|
# Wireshark - Network traffic analyzer
|
|
|
|
# By Gerald Combs <gerald@wireshark.org>
|
|
|
|
# Copyright 2005 Ulf Lamping
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2012-03-13 19:58:19 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
# common exit status values
|
|
|
|
EXIT_OK=0
|
|
|
|
EXIT_COMMAND_LINE=1
|
|
|
|
EXIT_ERROR=2
|
|
|
|
|
2012-03-30 17:51:54 +00:00
|
|
|
TS_FF_ARGS="-Tfields -e frame.number -e frame.time_epoch -e frame.time_delta"
|
2012-03-13 19:58:19 +00:00
|
|
|
|
|
|
|
FF_BASELINE=./ff-ts-usec-pcap-direct.txt
|
|
|
|
DIFF_OUT=./diff-output.txt
|
|
|
|
|
|
|
|
# Microsecond pcap / stdin
|
|
|
|
ff_step_usec_pcap_stdin() {
|
Use -r rather than -i for the "via stdin" tests.
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-09 02:13:11 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r - < "${CAPTURE_DIR}dhcp.pcap" > ./ff-ts-usec-pcap-stdin.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-usec-pcap-stdin.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs microsecond pcap via stdin differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Nanosecond pcap / stdin
|
|
|
|
ff_step_nsec_pcap_stdin() {
|
Use -r rather than -i for the "via stdin" tests.
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-09 02:13:11 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r - < "${CAPTURE_DIR}dhcp-nanosecond.pcap" > ./ff-ts-nsec-pcap-stdin.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-nsec-pcap-stdin.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs nanosecond pcap via stdin differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Nanosecond pcap / direct
|
|
|
|
ff_step_nsec_pcap_direct() {
|
2012-03-30 17:51:54 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r "${CAPTURE_DIR}dhcp-nanosecond.pcap" > ./ff-ts-nsec-pcap-direct.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-nsec-pcap-direct.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs nanosecond pcap direct read differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Microsecond pcap-ng / stdin
|
|
|
|
ff_step_usec_pcapng_stdin() {
|
Use -r rather than -i for the "via stdin" tests.
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-09 02:13:11 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r - < "${CAPTURE_DIR}dhcp.pcapng" > ./ff-ts-usec-pcapng-stdin.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-usec-pcapng-stdin.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs microsecond pcap-ng via stdin differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Microsecond pcap-ng / direct
|
|
|
|
ff_step_usec_pcapng_direct() {
|
2012-03-30 17:51:54 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r "${CAPTURE_DIR}dhcp.pcapng" > ./ff-ts-usec-pcapng-direct.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-usec-pcapng-direct.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs microsecond pcap-ng direct read differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Nanosecond pcap-ng / stdin
|
|
|
|
ff_step_nsec_pcapng_stdin() {
|
Use -r rather than -i for the "via stdin" tests.
TShark, at least when running in one-pass mode, now supports reading
from the standard input if the file format is one that *can* be read
purely sequentially; both pcap and pcapng can be read purely
sequentially (unlike, for example, Microsoft Network Monitor format,
where you have to read the frame table, at the end of the file, before
you can read the frames, meaning you have to seek backwards, which you
can't do on a pipe).
Using -r 1) tests the "read from standard input" path, which we should
do in versions that support it, and 2) means we can check whether, for
the crashes we're seeing on 32-bit Windows 8.1, it's a problem with
reading from the standard input in general, or just a problem with
*capturing* from the standard input.
Change-Id: I67da34de43f47dd8c63fa2f2072be41148cfe5a7
Reviewed-on: https://code.wireshark.org/review/16968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2016-08-09 02:13:11 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r - < "${CAPTURE_DIR}dhcp-nanosecond.pcapng" > ./ff-ts-nsec-pcapng-stdin.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-nsec-pcapng-stdin.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs nanosecond pcap-ng via stdin differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
# Nanosecond pcap-ng / direct
|
|
|
|
ff_step_nsec_pcapng_direct() {
|
2012-03-30 17:51:54 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r "${CAPTURE_DIR}dhcp-nanosecond.pcapng" > ./ff-ts-nsec-pcapng-direct.txt 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
diff -u $FF_BASELINE ./ff-ts-nsec-pcapng-direct.txt > $DIFF_OUT 2>&1
|
|
|
|
RETURNVALUE=$?
|
|
|
|
if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
|
|
|
|
test_step_failed "Output of microsecond pcap direct read vs nanosecond pcap-ng direct read differ"
|
|
|
|
cat $DIFF_OUT
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
test_step_ok
|
|
|
|
}
|
|
|
|
|
|
|
|
tshark_ff_suite() {
|
|
|
|
# Microsecond pcap direct read is used as the baseline.
|
|
|
|
test_step_add "Microsecond pcap via stdin" ff_step_usec_pcap_stdin
|
|
|
|
test_step_add "Nanosecond pcap via stdin" ff_step_nsec_pcap_stdin
|
|
|
|
test_step_add "Nanosecond pcap direct read" ff_step_nsec_pcap_direct
|
|
|
|
# test_step_add "Microsecond pcap-ng via stdin" ff_step_usec_pcapng_stdin
|
|
|
|
test_step_add "Microsecond pcap-ng direct read" ff_step_usec_pcapng_direct
|
|
|
|
# test_step_add "Nanosecond pcap-ng via stdin" ff_step_nsec_pcapng_stdin
|
|
|
|
test_step_add "Nanosecond pcap-ng direct read" ff_step_nsec_pcapng_direct
|
|
|
|
}
|
|
|
|
|
|
|
|
ff_cleanup_step() {
|
|
|
|
rm -f ./ff-ts-*.txt
|
|
|
|
rm -f $DIFF_OUT
|
|
|
|
}
|
|
|
|
|
|
|
|
ff_prep_step() {
|
|
|
|
ff_cleanup_step
|
2012-03-30 17:51:54 +00:00
|
|
|
$TSHARK $TS_FF_ARGS -r "${CAPTURE_DIR}dhcp.pcap" > $FF_BASELINE 2> /dev/null
|
2012-03-13 19:58:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
fileformats_suite() {
|
|
|
|
test_step_set_pre ff_prep_step
|
|
|
|
test_step_set_post ff_cleanup_step
|
|
|
|
test_suite_add "TShark file format conversion" tshark_ff_suite
|
|
|
|
#test_suite_add "Wireshark file format" wireshark_ff_suite
|
|
|
|
#test_suite_add "Editcap file format" editcap_ff_suite
|
|
|
|
}
|
2012-03-30 17:51:54 +00:00
|
|
|
#
|
2013-03-01 16:13:44 +00:00
|
|
|
# Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
#
|
|
|
|
# Local variables:
|
2016-02-03 09:27:09 +00:00
|
|
|
# sh-basic-offset: 8
|
2012-03-30 17:51:54 +00:00
|
|
|
# tab-width: 8
|
|
|
|
# indent-tabs-mode: t
|
|
|
|
# End:
|
|
|
|
#
|
2013-03-01 16:13:44 +00:00
|
|
|
# vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
2012-03-30 17:51:54 +00:00
|
|
|
# :indentSize=8:tabSize=8:noTabs=false:
|
2013-03-01 16:13:44 +00:00
|
|
|
#
|