search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags
[wireshark-sm.git] / test / suite_dfilter / group_syntax.py
blobe16417f78fd9e8a7f667e1509b1cc350a450c7fa
1 # Copyright (c) 2013 by Gilbert Ramirez <gram@alumni.rice.edu>
2 #
3 # SPDX-License-Identifier: GPL-2.0-or-later
4
5 import pytest
6 from suite_dfilter.dfiltertest import *
7
8
9 class TestDfilterSyntax:
10 trace_file = "http.pcap"
11
12 def test_exists_1(self, checkDFilterCount):
13 dfilter = "frame"
14 checkDFilterCount(dfilter, 1)
15
16 def test_exists_2(self, checkDFilterCount):
17 # Protocol using minus
18 dfilter = "mac-lte"
19 checkDFilterCount(dfilter, 0)
20
21 def test_exists_3(self, checkDFilterCount):
22 # Protocol starting with digit
23 dfilter = "9p or http"
24 checkDFilterCount(dfilter, 1)
25
26 # The HTTP dissector no longer has a expert Chat
27 # def test_exists_4(self, checkDFilterCount):
28 # Protocol with dot
29 # dfilter = "_ws.expert"
30 # checkDFilterCount(dfilter, 1)
31
32 def test_exists_5(self, checkDFilterSucceed):
33 # Protocol field name with leading digit and minus
34 dfilter = "diameter.3GPP-Reporting-Reason"
35 checkDFilterSucceed(dfilter)
36
37 def test_commute_1(self, checkDFilterCount):
38 dfilter = "ip.proto == 6"
39 checkDFilterCount(dfilter, 1)
40
41 def test_commute_2(self, checkDFilterCount):
42 dfilter = "6 == ip.proto"
43 checkDFilterCount(dfilter, 1)
44
45 def test_commute_3(self, checkDFilterFail):
46 dfilter = "6 == 7"
47 error = "Constant expression is invalid"
48 checkDFilterFail(dfilter, error)
49
50 def test_func_1(self, checkDFilterCount):
51 dfilter = "len(frame) == 207"
52 checkDFilterCount(dfilter, 1)
53
54 def test_value_string_1(self, checkDFilterSucceed):
55 dfilter = 'eth.fcs.status=="Bad"'
56 checkDFilterSucceed(dfilter)
57
58 def test_matches_1(self, checkDFilterSucceed):
59 dfilter = 'http.request.method matches "^HEAD"'
60 checkDFilterSucceed(dfilter)
61
62 def test_matches_2(self, checkDFilterFail):
63 dfilter = 'http.request.method matches HEAD'
64 checkDFilterFail(dfilter, 'requires a double quoted string')
65
66 def test_matches_3(self, checkDFilterFail):
67 dfilter = 'http.request.method matches "^HEAD" matches "^POST"'
68 checkDFilterFail(dfilter, '"matches" was unexpected in this context.')
69
70 def test_matches_4(self, checkDFilterCount):
71 dfilter = r'http.host matches r"update\.microsoft\.c.."'
72 checkDFilterCount(dfilter, 1)
73
74 def test_matches_5(self, checkDFilterSucceed):
75 # case insensitive
76 dfilter = 'http.request.method matches "^head"'
77 checkDFilterSucceed(dfilter)
78
79 def test_equal_1(self, checkDFilterCount):
80 dfilter = 'ip.addr == 10.0.0.5'
81 checkDFilterCount(dfilter, 1)
82
83 def test_equal_2(self, checkDFilterCount):
84 dfilter = 'ip.addr == 207.46.134.94'
85 checkDFilterCount(dfilter, 1)
86
87 def test_equal_3(self, checkDFilterCount):
88 dfilter = 'ip.addr == 10.0.0.5 or ip.addr == 207.46.134.94'
89 checkDFilterCount(dfilter, 1)
90
91 def test_equal_4(self, checkDFilterCount):
92 dfilter = 'ip.addr == 10.0.0.5 and ip.addr == 207.46.134.94'
93 checkDFilterCount(dfilter, 1)
94
95 def test_not_equal_1(self, checkDFilterCount):
96 dfilter = 'ip.addr != 10.0.0.5'
97 checkDFilterCount(dfilter, 0)
98
99 def test_not_equal_2(self, checkDFilterCount):
100 dfilter = 'ip.addr != 207.46.134.94'
101 checkDFilterCount(dfilter, 0)
102
103 def test_not_equal_3(self, checkDFilterCount):
104 dfilter = 'ip.addr != 10.0.0.5 and ip.addr != 207.46.134.94'
105 checkDFilterCount(dfilter, 0)
106
107 def test_not_equal_4(self, checkDFilterCount):
108 dfilter = 'ip.addr != 10.0.0.5 or ip.addr != 207.46.134.94'
109 checkDFilterCount(dfilter, 0)
110
111 def test_deprecated_1(self, checkDFilterSucceed):
112 dfilter = "bootp"
113 checkDFilterSucceed(dfilter, "Deprecated token \"bootp\"")
114
115 def test_charconst_bytes_1(self, checkDFilterCount):
116 # Bytes as a character constant.
117 dfilter = "frame contains 'H'"
118 checkDFilterCount(dfilter, 1)
119
120 def test_charconst_bytes_2(self, checkDFilterCount):
121 dfilter = "frame[54] == 'H'"
122 checkDFilterCount(dfilter, 1)
123
124 def test_charconst_invalid(self, checkDFilterFail):
125 dfilter = r"ip.proto == '\Z'"
126 checkDFilterFail(dfilter, "isn't a valid character constant")
127
128 def test_bool_1(self, checkDFilterCount):
129 dfilter = "tcp.flags.push == 1"
130 checkDFilterCount(dfilter, 1)
131
132 def test_bool_2(self, checkDFilterCount):
133 dfilter = "tcp.flags.push == True"
134 checkDFilterCount(dfilter, 1)
135
136 def test_bool_2(self, checkDFilterCount):
137 dfilter = "tcp.flags.push == FALSE"
138 checkDFilterCount(dfilter, 0)
139
140 def test_misc_1(self, checkDFilterSucceed):
141 # Issue #18418
142 dfilter = "icmp and ((icmp.type > 0 and icmp.type < 8) or icmp.type > 8)"
143 checkDFilterSucceed(dfilter)
144
145 def test_whitespace(self, checkDFilterSucceed):
146 dfilter = '\ttcp.stream \r\n== 1'
147 checkDFilterSucceed(dfilter)
148
149 def test_func_name_clash1(self, checkDFilterFail):
150 # "tcp" is a (non-existent) function, not a protocol
151 error = "Function 'tcp' does not exist"
152 dfilter = 'frame == tcp()'
153 checkDFilterFail(dfilter, error)
154
155 class TestDfilterEquality:
156 trace_file = "sip.pcapng"
157
158 def test_all_eq_1(self, checkDFilterCount):
159 dfilter = "udp.port === 5060"
160 checkDFilterCount(dfilter, 2)
161
162 def test_any_ne_1(self, checkDFilterCount):
163 dfilter = "udp.port !== 5060"
164 checkDFilterCount(dfilter, 4)
165
166 def test_any_eq_1(self, checkDFilterCount):
167 dfilter = "udp.port == 5060"
168 checkDFilterCount(dfilter, 5)
169
170 def test_all_ne_1(self, checkDFilterCount):
171 dfilter = "udp.port != 5060"
172 checkDFilterCount(dfilter, 1)
173
174 def test_root_1(self, checkDFilterCount):
175 dfilter = "udp.srcport == .udp.dstport"
176 checkDFilterCount(dfilter, 2)
177
178 def test_literal_3(self, checkDFilterCount):
179 dfilter = "frame[0:10] contains :00:01:6c"
180 checkDFilterCount(dfilter, 1)
181
182 def test_literal_4(self, checkDFilterCount):
183 dfilter = "frame[0:10] contains :00016c"
184 checkDFilterCount(dfilter, 1)
185
186 def test_literal_5(self, checkDFilterCount):
187 dfilter = "frame[0:10] contains :00.01.6c"
188 checkDFilterCount(dfilter, 1)
189
190 def test_literal_6(self, checkDFilterCount):
191 dfilter = "frame[0:10] contains :00-01-6c"
192 checkDFilterCount(dfilter, 1)
193
194 def test_rhs_bias_1(self, checkDFilterCount):
195 # Protocol "Fibre Channel" on the RHS
196 dfilter = 'frame[37] == fc'
197 checkDFilterCount(dfilter, 0)
198
199 def test_rhs_bias_2(self, checkDFilterCount):
200 # Byte 0xFC on the RHS
201 dfilter = 'frame[37] == :fc'
202 checkDFilterCount(dfilter, 1)
203
204 def test_rhs_bias_3(self, checkDFilterCount):
205 # Byte 0xFC on the RHS
206 dfilter = 'frame[37] == fc:'
207 checkDFilterCount(dfilter, 1)
208
209 def test_rhs_bias_4(self, checkDFilterCount):
210 # Protocol "Fibre Channel" on the RHS
211 dfilter = 'frame[37] == .fc'
212 checkDFilterCount(dfilter, 0)
213
214 def test_rhs_bias_5(self, checkDFilterSucceed):
215 # Protocol "Fibre Channel" on the RHS (with warning)
216 dfilter = 'frame contains fc'
217 checkDFilterSucceed(dfilter, 'Interpreting "fc" as Fibre Channel')
218
219 def test_rhs_bias_6(self, checkDFilterSucceed):
220 # Protocol "Fibre Channel" on the RHS (without warning)
221 dfilter = 'frame contains .fc'
222 checkDFilterSucceed(dfilter)
223
224 def test_rhs_bias_7(self, checkDFilterSucceed):
225 # Byte 0xFC on the RHS
226 dfilter = 'frame contains fc:'
227 checkDFilterSucceed(dfilter)
228
229 class TestDfilterBitwise:
230 trace_file = "http.pcap"
231
232 def test_exists_1(self, checkDFilterCount):
233 dfilter = "tcp.flags & 0x8"
234 checkDFilterCount(dfilter, 1)
235
236 def test_exists_2(self, checkDFilterCount):
237 dfilter = "tcp.flags bitand 0x8"
238 checkDFilterCount(dfilter, 1)
239
240 def test_exists_3(self, checkDFilterCount):
241 dfilter = "eth[0] & 1"
242 checkDFilterCount(dfilter, 0)
243
244 def test_equal_1(self, checkDFilterCount):
245 dfilter = "tcp.flags & 0x0F == 8"
246 checkDFilterCount(dfilter, 1)
247
248 def test_equal_2(self, checkDFilterCount):
249 dfilter = "tcp.srcport != tcp.dstport & 0x0F"
250 checkDFilterCount(dfilter, 1)
251
252 def test_equal_3(self, checkDFilterCount):
253 dfilter = "tcp.srcport != tcp.dstport bitand 0x0F"
254 checkDFilterCount(dfilter, 1)
255
256 def test_equal_4(self, checkDFilterCount):
257 dfilter = "tcp.srcport != tcp.dstport bitwise_and 0x0F"
258 checkDFilterCount(dfilter, 1)
259
260 class TestDfilterUnaryMinus:
261 trace_file = "http.pcap"
262
263 def test_minus_const_1(self, checkDFilterCount):
264 dfilter = "tcp.window_size_scalefactor == -1"
265 checkDFilterCount(dfilter, 1)
266
267 def test_minus_const_2(self, checkDFilterCount):
268 dfilter = "tcp.window_size_scalefactor == -2"
269 checkDFilterCount(dfilter, 0)
270
271 def test_plus_const_1(self, checkDFilterCount):
272 dfilter = "tcp.window_size_scalefactor == +1"
273 checkDFilterCount(dfilter, 0)
274
275 def test_unary_1(self, checkDFilterCount):
276 dfilter = "tcp.window_size_scalefactor == -tcp.dstport"
277 checkDFilterCount(dfilter, 0)
278
279 def test_unary_2(self, checkDFilterCount):
280 dfilter = "tcp.window_size_scalefactor == +tcp.dstport"
281 checkDFilterCount(dfilter, 0)
282
283 def test_unary_3(self, checkDFilterCount):
284 dfilter = "-2 == tcp.dstport"
285 checkDFilterCount(dfilter, 0)
286
287 def test_unary_4(self, checkDFilterCount):
288 dfilter = "tcp.window_size_scalefactor == -{tcp.dstport * 20}"
289 checkDFilterCount(dfilter, 0)
290
291 def test_unary_invalid_1(self, checkDFilterFail):
292 error = 'FT_PROTOCOL cannot be negated'
293 dfilter = "-tcp"
294 checkDFilterFail(dfilter, error)
295
296 class TestDfilterArithmetic:
297 trace_file = "dhcp.pcap"
298
299 def test_add_1(self, checkDFilterCount):
300 dfilter = "udp.dstport == udp.srcport + 1"
301 checkDFilterCount(dfilter, 2)
302
303 def test_add_2(self, checkDFilterCount):
304 dfilter = "udp.dstport == 66 + 1"
305 checkDFilterCount(dfilter, 2)
306
307 def test_add_3(self, checkDFilterCount):
308 dfilter = "udp.dstport == 66+1"
309 checkDFilterCount(dfilter, 2)
310
311 def test_add_4(self, checkDFilterCount):
312 dfilter = "1 + 2 == frame.number"
313 checkDFilterCount(dfilter, 1)
314
315 def test_add_5(self, checkDFilterFail):
316 error = 'Constant expression is invalid'
317 dfilter = "1 + 2 == 2 + 1"
318 checkDFilterFail(dfilter, error)
319
320 def test_add_6(self, checkDFilterFail):
321 error = 'Constant expression is invalid'
322 dfilter = "1 - 2"
323 checkDFilterFail(dfilter, error)
324
325 def test_add_7(self, checkDFilterCount):
326 dfilter = r"udp.dstport == 66+'\x01'"
327 checkDFilterCount(dfilter, 2)
328
329 def test_sub_1(self, checkDFilterCount):
330 dfilter = "udp.srcport == udp.dstport - 1"
331 checkDFilterCount(dfilter, 2)
332
333 def test_sub_2(self, checkDFilterCount):
334 dfilter = "udp.dstport == 68 - 1"
335 checkDFilterCount(dfilter, 2)
336
337 def test_sub_3(self, checkDFilterCount):
338 dfilter = "udp.length == ip.len - 20"
339 checkDFilterCount(dfilter, 4)
340
341 def test_sub_4(self, checkDFilterCount):
342 # The RHS is sometimes negative, sometimes equal to LHS.
343 # LHS is a FT_UINT8. It should match twice.
344 dfilter = "ip.proto == ip.len - 311"
345 checkDFilterCount(dfilter, 2)
346
347 def test_sub_no_space_1(self, checkDFilterFail):
348 # Minus operator requires whitespace preceding it.
349 error = '"68-1" cannot be converted to Unsigned integer'
350 dfilter = "udp.dstport == 68-1"
351 checkDFilterFail(dfilter, error)
352
353 def test_sub_no_space_2(self, checkDFilterFail):
354 # Different case, 68-67 should not be parsed
355 # as bytes separated by hyphen XX-XX-XX
356 # Minus operator still requires whitespace preceding it.
357 error = '"68-67" cannot be converted to Unsigned integer'
358 dfilter = "frame.number == 68-67"
359 checkDFilterFail(dfilter, error)
360
361 def test_expr_1(self, checkDFilterCount):
362 dfilter = 'udp.port * { 10 / {5 - 4} } == udp.port * { {50 + 50} / 2 - 40 }'
363 checkDFilterCount(dfilter, 4)
364
365 def test_expr_2(self, checkDFilterCount):
366 dfilter = 'udp.dstport * { udp.srcport / {5 - 4} } == udp.srcport * { 2 * udp.dstport - 68 }'
367 checkDFilterCount(dfilter, 2)
368
369 class TestDfilterFieldReference:
370 trace_file = "ipoipoip.pcap"
371
372 def test_ref_1(self, checkDFilterCountWithSelectedFrame):
373 dfilter = 'frame.number < ${frame.number}'
374 # select frame 2, expect 1 frames out of 2.
375 checkDFilterCountWithSelectedFrame(dfilter, 1, 2)
376
377 def test_ref_2(self, checkDFilterCountWithSelectedFrame):
378 dfilter = 'ip.src#3 == ${ip.src#4}'
379 # select frame 1, expect 1 frames out of 2.
380 checkDFilterCountWithSelectedFrame(dfilter, 1, 1)
381
382 def test_ref_3(self, checkDFilterCountWithSelectedFrame):
383 dfilter = 'frame.number < $frame.number'
384 # select frame 2, expect 1 frames out of 2.
385 checkDFilterCountWithSelectedFrame(dfilter, 1, 2)
386
387 def test_ref_4(self, checkDFilterCountWithSelectedFrame):
388 dfilter = 'ip.src#3 == $ip.src#4'
389 # select frame 1, expect 1 frames out of 2.
390 checkDFilterCountWithSelectedFrame(dfilter, 1, 1)
391
392 def test_ref_5(self, checkDFilterCountWithSelectedFrame):
393 dfilter = 'frame[52-54] == ${@ip.src}[0-2]'
394 # select frame 1, expect 1 frames out of 2.
395 checkDFilterCountWithSelectedFrame(dfilter, 1, 1)
396
397 def test_ref_6(self, checkDFilterCountWithSelectedFrame):
398 dfilter = 'frame[52-54] == $@ip.src[0-2]'
399 # select frame 1, expect 1 frames out of 2.
400 checkDFilterCountWithSelectedFrame(dfilter, 1, 1)
401
402 def test_ref_7(self, checkDFilterFail):
403 # anything after $ must be a field
404 dfilter = 'frame == $aaaa'
405 error = '"aaaa" is not a valid protocol or protocol field'
406 checkDFilterFail(dfilter, error)
407
408 class TestDfilterLayer:
409 trace_file = "ipoipoip.pcap"
410
411 def test_layer_1(self, checkDFilterCount):
412 dfilter = 'ip.addr#2 == 4.4.4.4'
413 checkDFilterCount(dfilter, 1)
414
415 def test_layer_2(self, checkDFilterCount):
416 dfilter = 'ip.addr#5'
417 checkDFilterCount(dfilter, 1)
418
419 def test_layer_3(self, checkDFilterCount):
420 dfilter = 'ip.addr#6'
421 checkDFilterCount(dfilter, 0)
422
423 def test_layer_4(self, checkDFilterCount):
424 dfilter = 'ip.dst#[2-4] == 8.8.8.8'
425 checkDFilterCount(dfilter, 1)
426
427 def test_layer_5(self, checkDFilterCount):
428 dfilter = 'ip.dst#[-1] == 8.8.8.8'
429 checkDFilterCount(dfilter, 0)
430
431 def test_layer_6(self, checkDFilterCount):
432 dfilter = 'ip.dst#[-1] == 9.9.9.9'
433 checkDFilterCount(dfilter, 1)
434
435 def test_layer_7(self, checkDFilterCount):
436 dfilter = 'ip.dst#[-5] == 2.2.2.2'
437 checkDFilterCount(dfilter, 1)
438
439 class TestDfilterQuantifiers:
440 trace_file = "ipoipoip.pcap"
441
442 def test_any_1(self, checkDFilterCount):
443 dfilter = 'any ip.addr > 1.1.1.1'
444 checkDFilterCount(dfilter, 2)
445
446 def test_all_1(self, checkDFilterCount):
447 dfilter = 'all ip.addr > 1.1.1.1'
448 checkDFilterCount(dfilter, 1)
449
450 class TestDfilterRawModifier:
451 trace_file = "s7comm-fuzz.pcapng.gz"
452
453 def test_regular(self, checkDFilterCount):
454 dfilter = 's7comm.blockinfo.blocktype == "0\uFFFD"'
455 checkDFilterCount(dfilter, 3)
456
457 def test_raw1(self, checkDFilterCount):
458 dfilter = '@s7comm.blockinfo.blocktype == 30:aa'
459 checkDFilterCount(dfilter, 2)
460
461 def test_raw2(self, checkDFilterCount):
462 dfilter = '@s7comm.blockinfo.blocktype == 30:fe'
463 checkDFilterCount(dfilter, 1)
464
465 def test_raw_ref(self, checkDFilterCountWithSelectedFrame):
466 dfilter = '@s7comm.blockinfo.blocktype == ${@s7comm.blockinfo.blocktype}'
467 # select frame 3, expect 2 frames out of 3.
468 checkDFilterCountWithSelectedFrame(dfilter, 2, 3)
469
470 class TestDfilterRawSlice:
471 trace_file = "http.pcap"
472
473 def test_raw_slice1(self, checkDFilterFail):
474 dfilter = 'tcp.port[1] == 0xc3'
475 checkDFilterFail(dfilter, "cannot be sliced")
476
477 def test_raw_slice2(self, checkDFilterCount):
478 dfilter = '@tcp.port[1] == 0xc3'
479 checkDFilterCount(dfilter, 1)
480
481 def test_raw_slice3(self, checkDFilterFail):
482 dfilter = 'tcp.port[0:] == 0c:c3'
483 checkDFilterFail(dfilter, "cannot be sliced")
484
485 def test_raw_slice4(self, checkDFilterCount):
486 dfilter = '@tcp.port[0:] == 0c:c3'
487 checkDFilterCount(dfilter, 1)
488
489 class TestDfilterXor:
490 trace_file = "ipoipoip.pcap"
491
492 def test_xor_1(self, checkDFilterCount):
493 dfilter = 'ip.src == 7.7.7.7 xor ip.dst == 7.7.7.7'
494 checkDFilterCount(dfilter, 1)
495
496 def test_xor_2(self, checkDFilterCount):
497 dfilter = 'ip.src == 7.7.7.7 ^^ ip.dst == 7.7.7.7'
498 checkDFilterCount(dfilter, 1)
499
500 def test_xor_3(self, checkDFilterCount):
501 dfilter = 'ip.src == 9.9.9.9 xor ip.dst == 9.9.9.9'
502 checkDFilterCount(dfilter, 0)
503
504 def test_xor_4(self, checkDFilterCount):
505 dfilter = 'ip.src == 9.9.9.9 ^^ ip.dst == 9.9.9.9'
506 checkDFilterCount(dfilter, 0)
507
508 class TestDfilterTFSValueString:
509 trace_file = "http.pcap"
510
511 def test_tfs_1(self, checkDFilterCount):
512 dfilter = 'ip.flags.df == True'
513 checkDFilterCount(dfilter, 1)
514
515 def test_tfs_2(self, checkDFilterCount):
516 dfilter = 'ip.flags.df == "True"'
517 checkDFilterCount(dfilter, 1)
518
519 def test_tfs_3(self, checkDFilterCount):
520 dfilter = 'ip.flags.df == "Set"'
521 checkDFilterCount(dfilter, 1)
522
523 def test_tfs_4(self, checkDFilterCount):
524 dfilter = 'frame.ignored == False'
525 checkDFilterCount(dfilter, 1)
526
527 def test_tfs_5(self, checkDFilterCount):
528 dfilter = 'frame.ignored == "False"'
529 checkDFilterCount(dfilter, 1)
530
531 def test_tfs_6(self, checkDFilterFail):
532 error = 'expected "True" or "False", not "Unset"'
533 dfilter = 'frame.ignored == "Unset"'
534 checkDFilterFail(dfilter, error)
Metzes wireshark repo