When the tests are run in the buildbot, messages such as
Error during test execution: see {pathname}
aren't very useful.
Change-Id: I4509ea58c162c264c316358019a1cbc01cd93e31
Reviewed-on: https://code.wireshark.org/review/14135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
(There's also work needed in libpcap; that's also in progress.)
Change-Id: Iff5a34c139a000865e2d78cc17a4af5ff24fb44b
Reviewed-on: https://code.wireshark.org/review/14025
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We cannot easily predict what will happen, given the configuration of
the OS, the permissions on files, the availability of extcap devices,
the version of libpcap/WinPcap/NPcap (present or future), etc., etc.,
etc.. Allow those tests to succeed (as would be the case if you have
the necessary permissions) or fail with a non-command-line-syntax error
(as would be the case if you don't have the necessary permissions), but
not to fail with a command-line syntax error.
Change-Id: I76af898d5f146fcf3507c06f101acb578085e6fa
Reviewed-on: https://code.wireshark.org/review/13957
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Add a test to check decryption of management frames
Bug: 11995
Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f
Reviewed-on: https://code.wireshark.org/review/13259
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Not all versions of mktemp support omitting the template; in particular,
the one provided by some BSD-flavored OSes don't.
Change-Id: I657e002559dce165c677a473aa10bb17cc506037
Reviewed-on: https://code.wireshark.org/review/12592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The default prefix policy on modern versions of Windows prefers IPv6.
This in combination with the fact that our ping target (www.wireshark.org)
currently has both A and AAAA records might result in ICMPv6 traffic
instead of ICMPv4. Update the capture test suite accordingly.
Change-Id: I5c88f24fb9458526ffd44c5003f09247b6999ce7
Reviewed-on: https://code.wireshark.org/review/12553
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The old global tests don't work; get rid of them. Fix the values of the
Lua globals in the new test, and get rid of IEEE_802_11_AIROPEEK.
(Yes, if you have a Lua script that depends on IEEE_802_11_AIROPEEK
being defined, or that depends on the values of the Wiretap
encapsulations not changing, it breaks. Fix it.)
Change-Id: I245c1c0c3ba1c450f7950c754624c51b5564848a
Reviewed-on: https://code.wireshark.org/review/12210
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- Updated AirPDcapPacketProcess function description
- Try to return better error codes
- Remove broken/useless return of keys from AirPDcapRsna4WHandshake
Change-Id: I1e4e0a76f6d1307e11c0466f17935dd7030561e1
Reviewed-on: https://code.wireshark.org/review/12033
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
If we ever change the way file writers work, in a fashion incompatible
with the existing way they work, we'll also rename this member - and get
rid of checks for earlier versions of the Lua interface.
Change-Id: I64065944fa31371f5249cafd930c18f180ad7299
Reviewed-on: https://code.wireshark.org/review/11879
Reviewed-by: Guy Harris <guy@alum.mit.edu>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Use the pcap captures from test/captures/ and
- Get information for the input pcap file with capinfos
- Generate an ASCII hexdump with text2pcap
- Convert the ASCII hexdump back to pcap using text2pcap
- Get information for the output pcap file with capinfs
- Check that file type, encapsulation type, number of packets and data size
in the output file are the same as in the input file
Change-Id: I659204fb0a46e9cd99d03eb666f55fac95ae053e
Reviewed-on: https://code.wireshark.org/review/11042
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The tests only allowed a single character suite selection, which
prevented suite 10 from being run on its own.
Modified test.sh to now require a newline in addition to the input
so that a 2 digit number can be entered.
Also fixed test display to remove illusion that an individual step
could be run. Only whole suites can be run.
Change-Id: I4dee0ec6a8e1f34fa443a6a0a3f2d52a73146e54
Reviewed-on: https://code.wireshark.org/review/10676
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
This change will be undone once the problem is found.
Change-Id: Ica9cfe31b4e30fad2bb9de508af61baa1c455cc1
Reviewed-on: https://code.wireshark.org/review/10136
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add a test suite for mergecap (and indirectly capinfos I guess).
This is not exhaustive, but it's a start.
Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e
Reviewed-on: https://code.wireshark.org/review/10082
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
See what it prints on Windows.
Change-Id: Id35d87595543eca3e5b5d80dbe9a7639e0a85994
Reviewed-on: https://code.wireshark.org/review/9693
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Too bad DEC used / as an option character and Bell Labs chose it as a
pathname separator.
Change-Id: Ie58ba79476e0f24e408fae55f6c5eaff3ffb11fa
Reviewed-on: https://code.wireshark.org/review/9680
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In the decryption_step_ssl_rsa_pq - and the
decryption_step_ssl_master_secret test - duplicate the code used to
generate TEST_KEYS_DIR, so that we construct a UN*X-style path and then,
if we're running on Windows, map the UN*X-style path, which is a Cygwin
path, to the equivalent Windows-style path, and pass that to TShark on
the command line.
Bug: 11372
Change-Id: I442a30c4c954540a05942ed70ec3687941428a96
Reviewed-on: https://code.wireshark.org/review/9675
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Trying to debug the problem.
Change-Id: I26f78e49556cb1d40f0c8ddbfd58f058dceb0e77
Reviewed-on: https://code.wireshark.org/review/9674
Reviewed-by: Guy Harris <guy@alum.mit.edu>
TEST_KEYS_DIR already contains a trailing slash. Windows does not like
forward slashes, so drop the additional slash to fix tests under
Windows.
Fixes: v1.99.8rc0-417-g85f8a99
Bug: 11372
Change-Id: Ief794977281b70549369c344a193f4d48bcc1776
Reviewed-on: https://code.wireshark.org/review/9668
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add Lua functions so a plugin can introspect field information, such
as the type of field, flags, tvb, etc. Also add a couple of Tvb and
ByteArray methods. And cleanup the TreeItem code a little.
Change-Id: I7b58ce589ace91cce14b8abccd01ceabb63e2653
Reviewed-on: https://code.wireshark.org/review/6500
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
It's currently crashing in the Solaris buildbot when we do "tshark -v";
hopefully this will give us something more useful than
test.sh: line 144: 21543 Abort (core dumped) $TSHARK -v
"Version information" Failed!
Failed to print version information
Binary file ./core matches
as a diagnostic.
Change-Id: I278c8dd9f6acf5ddfa83bc0a7f3f7a3c48577ac2
Reviewed-on: https://code.wireshark.org/review/9052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buildbot printed "expr: syntax error", presumably from this, but
that oh-so-descriptive error message doesn't indicate what the problem
is, and just about any string should be valid as the left-hand operand
of the : operator.
Change-Id: I1140522357b8df07e4183bf0eb8c5fa9fbe275e4
Reviewed-on: https://code.wireshark.org/review/8827
Reviewed-by: Guy Harris <guy@alum.mit.edu>
SSL traffic from tshark with -o ssl.keys_list.
For example, as used in a new test also added in this commit:
-o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS"
Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e
Reviewed-on: https://code.wireshark.org/review/8746
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
That got the crash information in the WPA EAPOL Rekey test; use it for
all other tests where, otherwise, the crash information would be lost.
Change-Id: I230b7952b6d79ebf6dc003747dc05328616ef7c2
Reviewed-on: https://code.wireshark.org/review/8394
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add a script that takes a command as an argument and runs it in a
subshell, so that said subshell will catch any signals from it and
report it.
This would be done for commands that aren't the last command in the
pipeline, as, given that the exit status of a pipeline is the exit
status of the last command in the pipeline, there's no guarantee that
the shell will bother to pick up the exit status of earlier commands in
the pipeline.
Use that for the tshark in the WPA EAPOL Rekey test, so it at least can
report the signal (on Solaris, SIGSEGV means, among other things,
"dereferenced a pointer pointing out of the address space" and SIGBUS
means, among other things, "dereferenced a misaligned pointer on
SPARC"). Maybe we can make the script also fire up a debugger if it
finds a core dump (and a debugger) and get a stack trace.
Change-Id: I4188190a1f1a4d3afc4719d886161ee56bd89d8b
Reviewed-on: https://code.wireshark.org/review/8392
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add a "test-programs" target to each toolchain which builds each unit
test executable. "test-programs" must now be built before running
the unit test suite.
Change-Id: I9317a1e305d987f244c4bd8b4a7f05d11fed7090
Reviewed-on: https://code.wireshark.org/review/7673
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Process wslua/CMakeLists.txt using add_subdirectory instead of
include. Generate files in the build directory instead of the source
directory.
Copy lua scripts to DATAFILE_DIR instead of DATAFILE_DIR/lua. That's
where init.lua looks for console.lua.
Always set WIRESHARK_RUN_FROM_BUILD_DIRECTORY when testing. We
presumably want to test our source files and not files which may or
may not be in the system path.
When we're running from the build directory look for lua scripts in both
the Autotools and CMake build locations.
Change-Id: Ic15ab8c58ff1b170d000c9b3e0a329af2ec44b7b
Reviewed-on: https://code.wireshark.org/review/7590
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>