search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HACK: pinfo->private_data points to smb_info again
[wireshark-wip.git] / test / suite-capture.sh
blob773b73b039e5b25db4162f085dc265f3de4b50b0
1 #!/bin/bash
2 #
3 # Test the capture engine of the Wireshark tools
4 #
5 # $Id$
6 #
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
10 #
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
15 #
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
20 #
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 #
25
26
27 # common exit status values
28 EXIT_OK=0
29 EXIT_COMMAND_LINE=1
30 EXIT_ERROR=2
31
32 WIRESHARK_CMD="$WIRESHARK -o gui.update.enabled:FALSE -k"
33
34 capture_test_output_print() {
35 wait
36 for f in "$@"; do
37 if [[ -f "$f" ]]; then
38 printf " --> $f\n"
39 cat "$f"
40 printf "\n"
41 fi
42 done
43 }
44
45 traffic_gen_ping() {
46 # Generate some traffic for quiet networks.
47 # This will have to be adjusted for non-Windows systems.
48
49 # the following will run in the background and return immediately
50 {
51 date
52 for (( x=28; x<=58; x++ )) # in effect: number the packets
53 do
54 # How does ping _not_ have a standard set of arguments?
55 case $WS_SYSTEM in
56 Windows)
57 ping -n 1 -l $x www.wireshark.org ;;
58 SunOS)
59 /usr/sbin/ping www.wireshark.org $x 1 ;;
60 *) # *BSD, Linux
61 ping -c 1 -s $x www.wireshark.org ;;
62 esac
63 sleep 1
64 done
65 date
66 } > ./testout_ping.txt 2>&1 &
67 }
68
69 ping_cleanup() {
70 wait
71 rm -f ./testout_ping.txt
72 }
73
74 # capture exactly 10 packets
75 capture_step_10packets() {
76 if [ $SKIP_CAPTURE -ne 0 ] ; then
77 test_step_skipped
78 return
79 fi
80
81 traffic_gen_ping
82
83 date > ./testout.txt
84 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
85 -w ./testout.pcap \
86 -c 10 \
87 -a duration:$TRAFFIC_CAPTURE_DURATION \
88 -f icmp \
89 >> ./testout.txt 2>&1
90 RETURNVALUE=$?
91 date >> ./testout.txt
92 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
93 echo
94 capture_test_output_print ./testout.txt
95 # part of the Prerequisite checks
96 # wrong interface ? output the possible interfaces
97 $TSHARK -D
98 test_step_failed "exit status of $DUT: $RETURNVALUE"
99 return
100 fi
101
102 # we should have an output file now
103 if [ ! -f "./testout.pcap" ]; then
104 capture_test_output_print ./testout.txt
105 test_step_failed "No output file!"
106 return
107 fi
108
109 # ok, we got a capture file, does it contain exactly 10 packets?
110 $CAPINFOS ./testout.pcap > ./testout2.txt
111 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
112 if [ $? -eq 0 ]; then
113 test_step_ok
114 else
115 echo
116 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
117 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
118 # part of the Prerequisite checks
119 # probably wrong interface, output the possible interfaces
120 $TSHARK -D
121 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
122 fi
123 }
124
125 # capture exactly 10 packets using "-w -" (piping to stdout)
126 capture_step_10packets_stdout() {
127 if [ $SKIP_CAPTURE -ne 0 ] ; then
128 test_step_skipped
129 return
130 fi
131
132 traffic_gen_ping
133
134 date > ./testout.txt
135 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
136 -c 10 \
137 -a duration:$TRAFFIC_CAPTURE_DURATION \
138 -w - \
139 -f icmp \
140 > ./testout.pcap 2>>./testout.txt
141 RETURNVALUE=$?
142 date >> ./testout.txt
143 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
144 echo
145 capture_test_output_print ./testout.txt
146 $TSHARK -D
147 test_step_failed "exit status of $DUT: $RETURNVALUE"
148 return
149 fi
150
151 # we should have an output file now
152 if [ ! -f "./testout.pcap" ]; then
153 test_step_failed "No output file!"
154 return
155 fi
156
157 # ok, we got a capture file, does it contain exactly 10 packets?
158 $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
159 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
160 if [ $? -eq 0 ]; then
161 test_step_ok
162 else
163 echo
164 capture_test_output_print ./testout.txt ./testout2.txt
165 $TSHARK -D
166 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
167 fi
168 }
169
170 # capture packets via a fifo
171 capture_step_fifo() {
172 mkfifo 'fifo'
173 (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") > fifo &
174 $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
175 -w ./testout.pcap \
176 -a duration:$TRAFFIC_CAPTURE_DURATION \
177 > ./testout.txt 2>&1
178 RETURNVALUE=$?
179 rm 'fifo'
180 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
181 capture_test_output_print ./testout.txt
182 test_step_failed "exit status of $DUT: $RETURNVALUE"
183 return
184 fi
185
186 # we should have an output file now
187 if [ ! -f "./testout.pcap" ]; then
188 test_step_failed "No output file!"
189 return
190 fi
191
192 # ok, we got a capture file, does it contain exactly 8 packets?
193 $CAPINFOS ./testout.pcap > ./testout.txt
194 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
195 if [ $? -eq 0 ]; then
196 test_step_ok
197 else
198 echo
199 capture_test_output_print ./testout.txt
200 test_step_failed "No or not enough traffic captured."
201 fi
202 }
203
204 # capture packets via a fifo
205 capture_step_stdin() {
206 CONSOLE_LOG_ARGS=""
207 if [ "$DUT" == "$WIRESHARK_CMD" -a "$WS_SYSTEM" == "Windows" ] ; then
208 CONSOLE_LOG_ARGS="-o console.log.level:127"
209 fi
210
211 (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") | \
212 $DUT -i - $TRAFFIC_CAPTURE_PROMISC \
213 -w ./testout.pcap \
214 -a duration:$TRAFFIC_CAPTURE_DURATION \
215 $CONSOLE_LOG_ARGS \
216 > ./testout.txt 2> ./testerr.txt
217 RETURNVALUE=$?
218 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
219 capture_test_output_print ./testout.txt ./testerr.txt ./dumpcap_debug_log.tmp
220 test_step_failed "Exit status of $DUT: $RETURNVALUE"
221 return
222 fi
223
224 if [ -n "$CONSOLE_LOG_ARGS" ] ; then
225 grep "Wireshark is up and ready to go" ./testout.txt > /dev/null 2>&1
226 if [ $? -ne 0 ]; then
227 test_step_failed "No startup message!"
228 fi
229
230 grep "Capture started" ./testerr.txt > /dev/null 2>&1
231 if [ $? -ne 0 ]; then
232 test_step_failed "No capture started message!"
233 fi
234
235 grep "Capture stopped" ./testerr.txt > /dev/null 2>&1
236 if [ $? -ne 0 ]; then
237 test_step_failed "No capture stopped message!"
238 fi
239 fi
240
241 # we should have an output file now
242 if [ ! -f "./testout.pcap" ]; then
243 test_step_failed "No output file!"
244 return
245 fi
246
247 # ok, we got a capture file, does it contain exactly 8 packets?
248 $CAPINFOS ./testout.pcap > ./testout.txt
249 grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
250 if [ $? -eq 0 ]; then
251 test_step_ok
252 else
253 echo
254 capture_test_output_print ./testout.txt
255 test_step_failed "No or not enough traffic captured."
256 fi
257 }
258
259 # capture exactly 2 times 10 packets (multiple files)
260 capture_step_2multi_10packets() {
261 if [ $SKIP_CAPTURE -ne 0 ] ; then
262 test_step_skipped
263 return
264 fi
265
266 traffic_gen_ping
267
268 date > ./testout.txt
269 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
270 -w ./testout.pcap \
271 -c 10 \
272 -a duration:$TRAFFIC_CAPTURE_DURATION \
273 -f icmp \
274 >> ./testout.txt 2>&1
275
276 RETURNVALUE=$?
277 date >> ./testout.txt
278 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
279 echo
280 capture_test_output_print ./testout.txt
281 # part of the Prerequisite checks
282 # probably wrong interface, output the possible interfaces
283 $TSHARK -D
284 test_step_failed "exit status of $DUT: $RETURNVALUE"
285 return
286 fi
287
288 # we should have an output file now
289 if [ ! -f "./testout.pcap" ]; then
290 test_step_failed "No output file!"
291 return
292 fi
293
294 # ok, we got a capture file, does it contain exactly 10 packets?
295 $CAPINFOS ./testout.pcap > ./testout.txt
296 grep -Ei 'Number of packets:[[:blank:]]+10' ./testout.txt > /dev/null
297 if [ $? -eq 0 ]; then
298 test_step_ok
299 else
300 echo
301 capture_test_output_print ./testout.txt
302 test_step_failed "Probably the wrong interface (no traffic captured)!"
303 fi
304 }
305
306 # capture with a very unlikely read filter, packets must be zero afterwards
307 capture_step_read_filter() {
308 if [ $SKIP_CAPTURE -ne 0 ] ; then
309 test_step_skipped
310 return
311 fi
312
313 traffic_gen_ping
314
315 # valid, but very unlikely filter
316 date > ./testout.txt
317 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
318 -w ./testout.pcap \
319 -a duration:$TRAFFIC_CAPTURE_DURATION \
320 -2 -R 'dcerpc.cn_call_id==123456' \
321 -c 10 \
322 -f icmp \
323 >> ./testout.txt 2>&1
324 RETURNVALUE=$?
325 date >> ./testout.txt
326 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
327 echo
328 capture_test_output_print ./testout.txt
329 # part of the Prerequisite checks
330 # wrong interface ? output the possible interfaces
331 $TSHARK -D
332 test_step_failed "exit status: $RETURNVALUE"
333 return
334 fi
335
336 # we should have an output file now
337 if [ ! -f "./testout.pcap" ]; then
338 test_step_failed "No output file!"
339 return
340 fi
341
342 # ok, we got a capture file, does it contain exactly 0 packets?
343 $CAPINFOS ./testout.pcap > ./testout.txt
344 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
345 if [ $? -eq 0 ]; then
346 test_step_ok
347 else
348 echo
349 capture_test_output_print ./testout.txt
350 test_step_failed "Capture file should contain zero packets!"
351 fi
352 }
353
354
355 # capture with a snapshot length
356 capture_step_snapshot() {
357 if [ $SKIP_CAPTURE -ne 0 ] ; then
358 test_step_skipped
359 return
360 fi
361
362 traffic_gen_ping
363
364 # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
365 # this should result in no packets greater than 68 bytes
366 date > ./testout.txt
367 $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
368 -w ./testout.pcap \
369 -s 68 \
370 -a duration:$TRAFFIC_CAPTURE_DURATION \
371 -f icmp \
372 >> ./testout.txt 2>&1
373 RETURNVALUE=$?
374 date >> ./testout.txt
375 if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
376 echo
377 capture_test_output_print ./testout.txt
378 # part of the Prerequisite checks
379 # wrong interface ? output the possible interfaces
380 $TSHARK -D
381 test_step_failed "exit status: $RETURNVALUE"
382 return
383 fi
384
385 # we should have an output file now
386 if [ ! -f "./testout.pcap" ]; then
387 test_step_failed "No output file!"
388 return
389 fi
390
391 # use tshark to filter out all packets, which are larger than 68 bytes
392 $TSHARK -r ./testout.pcap -w ./testout2.pcap -Y 'frame.cap_len>68' > ./testout.txt 2>&1
393 if [ $? -ne 0 ]; then
394 echo
395 capture_test_output_print ./testout.txt
396 test_step_failed "Problem running TShark!"
397 return
398 fi
399
400 # ok, we got a capture file, does it contain exactly 0 packets?
401 $CAPINFOS ./testout2.pcap > ./testout.txt
402 grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
403 if [ $? -eq 0 ]; then
404 test_step_ok
405 else
406 echo
407 capture_test_output_print ./testout.txt
408 test_step_failed "Capture file should contain zero packets!"
409 return
410 fi
411 }
412
413 wireshark_capture_suite() {
414 # k: start capture immediately
415 # WIRESHARK_QUIT_AFTER_CAPTURE needs to be set.
416
417 #
418 # NOTE: if, on OS X, we start using a native-Quartz toolkit,
419 # this would need to change to check for WS_SYSTEM being
420 # "Darwin" and, if it is, check whether the standard output
421 # of "launchctl managername" is "Aqua".
422 #
423 # This may not do the right thing if we use toolkits that
424 # use Wayland or Mir directly, unless they also depend on
425 # the DISPLAY environment variable.
426 #
427 if [[ $WS_SYSTEM != Windows ]] && [ -z "$DISPLAY" ]; then
428 echo -n ' (X server not available)'
429 test_step_skipped
430 return
431 fi
432
433 DUT="$WIRESHARK_CMD"
434 test_step_add "Capture 10 packets" capture_step_10packets
435 # piping to stdout doesn't work with Wireshark and capturing!
436 #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
437 if [ $TEST_FIFO ]; then
438 test_step_add "Capture via fifo" capture_step_fifo
439 fi
440 test_step_add "Capture via stdin" capture_step_stdin
441 # read filter doesn't work with Wireshark and capturing!
442 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
443 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
444 }
445
446 tshark_capture_suite() {
447 DUT=$TSHARK
448 test_step_add "Capture 10 packets" capture_step_10packets
449 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
450 if [ $TEST_FIFO ]; then
451 test_step_add "Capture via fifo" capture_step_fifo
452 fi
453 test_step_add "Capture via stdin" capture_step_stdin
454 # tshark now using dumpcap for capturing, read filters won't work by definition
455 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
456 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
457 }
458
459 dumpcap_capture_suite() {
460 #DUT="$DUMPCAP -Q"
461 DUT=$DUMPCAP
462 test_step_add "Capture 10 packets" capture_step_10packets
463 test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
464 if [ $TEST_FIFO ]; then
465 test_step_add "Capture via fifo" capture_step_fifo
466 fi
467 test_step_add "Capture via stdin" capture_step_stdin
468 # read (display) filters intentionally doesn't work with dumpcap!
469 #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
470 test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
471 }
472
473 capture_cleanup_step() {
474 ping_cleanup
475 rm -f ./testout.txt
476 rm -f ./testerr.txt
477 rm -f ./testout2.txt
478 rm -f ./testout.pcap
479 rm -f ./testout2.pcap
480 }
481
482 capture_suite() {
483 test_step_set_pre capture_cleanup_step
484 test_step_set_post capture_cleanup_step
485 test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
486 test_suite_add "Dumpcap capture" dumpcap_capture_suite
487 test_suite_add "TShark capture" tshark_capture_suite
488 test_suite_add "Wireshark capture" wireshark_capture_suite
489 }
490
491 #
492 # Editor modelines - http://www.wireshark.org/tools/modelines.html
493 #
494 # Local variables:
495 # c-basic-offset: 8
496 # tab-width: 8
497 # indent-tabs-mode: t
498 # End:
499 #
500 # vi: set shiftwidth=8 tabstop=8 noexpandtab:
501 # :indentSize=8:tabSize=8:noTabs=false:
502 #