test/lua/try_heuristics.lua

   1 -- Define a new protocol that runs TCP heuristics and on failure runs UDP heuristics
   2 --
   3 -- This expects to be run against dns_port.pcap, so it should end up resolving all packets to DNS with the UDP heuristic
   4 local test_proto = Proto("test", "Test Protocol")
   5
   6 -- Have all tests passed so far?
   7 -- Anything that fails should set this to false, which will suppress the "".
   8 all_ok = true
   9
  10 -- The number of frames expected
  11 -- Final test status is output with last frame
  12 LAST_FRAME = 4
  13
  14 function test_proto.dissector(buf, pinfo, root)
  15     print("Dissector function run")
  16
  17     orig_proto_name = tostring(pinfo.cols.protocol)
  18
  19     -- Run TCP heuristic dissectors
  20     -- Dissection should fail, and the protocol name should be unchanged
  21     tcp_success = DissectorTable.try_heuristics("tcp", buf, pinfo, root)
  22     curr_proto_name = tostring(pinfo.cols.protocol)
  23
  24     if tcp_success then
  25         all_ok = false
  26         print("tcp heuristics were not expected to report success, but did!")
  27     end
  28
  29     if curr_proto_name ~= orig_proto_name then
  30         all_ok = false
  31         print("after tcp heuristics were run, protocol " .. orig_proto_name .. " was not expected to change, but became " .. curr_proto_name .. "!")
  32     end
  33
  34     -- Run UDP heuristic dissectors
  35     -- Dissection should succeed, and the protocol name should be changed to DNS
  36     udp_success = DissectorTable.try_heuristics("udp", buf, pinfo, root)
  37     curr_proto_name = tostring(pinfo.cols.protocol)
  38
  39     if not udp_success then
  40         all_ok = false
  41         print("udp heuristics were expected to report success, but did not!")
  42     end
  43
  44     if curr_proto_name ~= "DNS" then
  45         all_ok = false
  46         print("after udp heuristics were run, protocol should be changed to DNS, but became " .. curr_proto_name .. "!")
  47     end
  48
  49     -- If we're on the last frame, report success or failure
  50     if pinfo.number == LAST_FRAME then
  51         if all_ok then
  52             print("All tests passed!")
  53         else
  54             print("Some tests failed!")
  55         end
  56     end
  57 end
  58
  59 -- Invoke test_proto on the expected UDP traffic
  60 DissectorTable.get("udp.port"):add(65333, test_proto)
  61 DissectorTable.get("udp.port"):add(65346, test_proto)