test/suite-capture.sh

   1 #!/bin/bash
   2 #
   3 # Test the capture engine of the Wireshark tools
   4 #
   5 # Wireshark - Network traffic analyzer
   6 # By Gerald Combs <gerald@wireshark.org>
   7 # Copyright 2005 Ulf Lamping
   8 #
   9 # SPDX-License-Identifier: GPL-2.0-or-later
  10 #
  11
  12
  13 # common exit status values
  14 EXIT_OK=0
  15 EXIT_COMMAND_LINE=1
  16 EXIT_ERROR=2
  17
  18 WIRESHARK_CMD="$WIRESHARK -o gui.update.enabled:FALSE -k"
  19
  20 PING_PID=
  21
  22 capture_test_output_print() {
  23         wait
  24         for f in "$@"; do
  25                 if [[ -f "$f" ]]; then
  26                         printf " --> $f\n"
  27                         cat "$f"
  28                         printf "\n"
  29                 fi
  30         done
  31 }
  32
  33 capture_test_output_capinfos() {
  34         wait
  35         for f in "$@"; do
  36                 if [[ -f "$f" ]]; then
  37                         $CAPINFOS "$f"
  38                 else
  39                         printf "$f not found.\n"
  40                 fi
  41         done
  42 }
  43
  44 traffic_gen_ping() {
  45         # Generate some traffic for quiet networks.
  46         # The following will run in the background and return immediately
  47         {
  48         date
  49         for sweep_size in {1..240} # try to number the packets
  50         do
  51                 # How does ping _not_ have a standard set of arguments?
  52                 case $WS_SYSTEM in
  53                         Windows)
  54                                 ping -n 1 -l $sweep_size www.wireshark.org      ;;
  55                         SunOS)
  56                                 /usr/sbin/ping www.wireshark.org $sweep_size 1          ;;
  57                         *) # *BSD, Linux
  58                                 ping -c 1 -s $sweep_size www.wireshark.org      ;;
  59                 esac
  60                 sleep 0.25 # 240 * 0.25 = 60-ish seconds
  61         done
  62         date
  63         } > ./testout_ping.txt 2>&1 &
  64         PING_PID=$!
  65 }
  66
  67 ping_cleanup() {
  68         if [ -n "$PING_PID" ] ; then
  69                 kill $PING_PID
  70                 PING_PID=
  71         fi
  72         wait 2> /dev/null
  73         rm -f ./testout_ping.txt
  74 }
  75
  76 # capture exactly 10 packets
  77 capture_step_10packets() {
  78         if [ $SKIP_CAPTURE -ne 0 ] ; then
  79                 test_step_skipped
  80                 return
  81         fi
  82
  83         traffic_gen_ping
  84
  85         date > ./testout.txt
  86         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  87                 -w ./testout.pcap \
  88                 -c 10 \
  89                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  90                 -f "icmp || icmp6" \
  91                 >> ./testout.txt 2>&1
  92         RETURNVALUE=$?
  93         date >> ./testout.txt
  94         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  95                 echo
  96                 capture_test_output_print ./testout.txt
  97                 # part of the Prerequisite checks
  98                 # wrong interface ? output the possible interfaces
  99                 $TSHARK -D
 100                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 101                 return
 102         fi
 103
 104         # we should have an output file now
 105         if [ ! -f "./testout.pcap" ]; then
 106                 capture_test_output_print ./testout.txt
 107                 test_step_failed "No output file!"
 108                 return
 109         fi
 110
 111         # ok, we got a capture file, does it contain exactly 10 packets?
 112         $CAPINFOS ./testout.pcap > ./testout2.txt
 113         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
 114         if [ $? -eq 0 ]; then
 115                 test_step_ok
 116         else
 117                 echo
 118                 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
 119                 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
 120                 # part of the Prerequisite checks
 121                 # probably wrong interface, output the possible interfaces
 122                 $TSHARK -D
 123                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 124         fi
 125 }
 126
 127 # capture exactly 10 packets using "-w -" (piping to stdout)
 128 capture_step_10packets_stdout() {
 129         if [ $SKIP_CAPTURE -ne 0 ] ; then
 130                 test_step_skipped
 131                 return
 132         fi
 133
 134         traffic_gen_ping
 135
 136         date > ./testout.txt
 137         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 138                 -c 10 \
 139                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 140                 -w - \
 141                 -f "icmp || icmp6" \
 142                 > ./testout.pcap 2>>./testout.txt
 143         RETURNVALUE=$?
 144         date >> ./testout.txt
 145         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 146                 echo
 147                 capture_test_output_print ./testout.txt
 148                 $TSHARK -D
 149                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 150                 return
 151         fi
 152
 153         # we should have an output file now
 154         if [ ! -f "./testout.pcap" ]; then
 155                 test_step_failed "No output file!"
 156                 return
 157         fi
 158
 159         # ok, we got a capture file, does it contain exactly 10 packets?
 160         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
 161         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
 162         if [ $? -eq 0 ]; then
 163                 test_step_ok
 164         else
 165                 echo
 166                 capture_test_output_print ./testout.txt ./testout2.txt
 167                 $TSHARK -D
 168                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 169         fi
 170 }
 171
 172 # capture packets via a fifo
 173 capture_step_fifo() {
 174         mkfifo 'fifo'
 175         (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") > fifo &
 176         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
 177                 -w ./testout.pcap \
 178                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 179                 > ./testout.txt 2>&1
 180         RETURNVALUE=$?
 181         rm 'fifo'
 182         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 183                 capture_test_output_print ./testout.txt
 184                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 185                 return
 186         fi
 187
 188         # we should have an output file now
 189         if [ ! -f "./testout.pcap" ]; then
 190                 test_step_failed "No output file!"
 191                 return
 192         fi
 193
 194         # ok, we got a capture file, does it contain exactly 8 packets?
 195         $CAPINFOS ./testout.pcap > ./testout.txt
 196         grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
 197         if [ $? -eq 0 ]; then
 198                 test_step_ok
 199         else
 200                 echo
 201                 capture_test_output_print ./testout.txt
 202                 test_step_failed "No or not enough traffic captured."
 203         fi
 204 }
 205
 206 # capture packets via a fifo
 207 capture_step_stdin() {
 208         CONSOLE_LOG_ARGS=""
 209         if [[ "$DUT" == "$WIRESHARK_CMD" && "$WS_SYSTEM" == "Windows" ]] ; then
 210                 CONSOLE_LOG_ARGS="-o console.log.level:127"
 211         fi
 212
 213         (cat "${CAPTURE_DIR}dhcp.pcap"; sleep 1; tail -c +25 "${CAPTURE_DIR}dhcp.pcap") | \
 214         $DUT -i - $TRAFFIC_CAPTURE_PROMISC \
 215                 -w ./testout.pcap \
 216                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 217                 $CONSOLE_LOG_ARGS \
 218                 > ./testout.txt 2> ./testerr.txt
 219         RETURNVALUE=$?
 220         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 221                 capture_test_output_print ./testout.txt ./testerr.txt ./dumpcap_debug_log.tmp
 222                 capture_test_output_capinfos ./testout.pcap
 223                 test_step_failed "Exit status of $DUT: $RETURNVALUE"
 224                 return
 225         fi
 226
 227         if [ -n "$CONSOLE_LOG_ARGS" ] ; then
 228                 grep "Wireshark is up and ready to go" ./testout.txt > /dev/null 2>&1
 229                 if [ $? -ne 0 ]; then
 230                         test_step_failed "No startup message!"
 231                 fi
 232
 233                 grep "Capture started" ./testerr.txt > /dev/null 2>&1
 234                 if [ $? -ne 0 ]; then
 235                         test_step_failed "No capture started message!"
 236                 fi
 237
 238                 grep "Capture stopped" ./testerr.txt > /dev/null 2>&1
 239                 if [ $? -ne 0 ]; then
 240                         test_step_failed "No capture stopped message!"
 241                 fi
 242         fi
 243
 244         # we should have an output file now
 245         if [ ! -f "./testout.pcap" ]; then
 246                 test_step_failed "No output file!"
 247                 return
 248         fi
 249
 250         # ok, we got a capture file, does it contain exactly 8 packets?
 251         $CAPINFOS ./testout.pcap > ./testout.txt
 252         grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
 253         if [ $? -eq 0 ]; then
 254                 test_step_ok
 255         else
 256                 echo
 257                 capture_test_output_print ./testout.txt
 258                 test_step_failed "No or not enough traffic captured."
 259         fi
 260 }
 261
 262 # capture exactly 2 times 10 packets (multiple files)
 263 capture_step_2multi_10packets() {
 264         if [ $SKIP_CAPTURE -ne 0 ] ; then
 265                 test_step_skipped
 266                 return
 267         fi
 268
 269         traffic_gen_ping
 270
 271         date > ./testout.txt
 272         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 273                 -w ./testout.pcap \
 274                 -c 10 \
 275                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 276                 -f "icmp || icmp6" \
 277                 >> ./testout.txt 2>&1
 278
 279         RETURNVALUE=$?
 280         date >> ./testout.txt
 281         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 282                 echo
 283                 capture_test_output_print ./testout.txt
 284                 # part of the Prerequisite checks
 285                 # probably wrong interface, output the possible interfaces
 286                 $TSHARK -D
 287                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 288                 return
 289         fi
 290
 291         # we should have an output file now
 292         if [ ! -f "./testout.pcap" ]; then
 293                 test_step_failed "No output file!"
 294                 return
 295         fi
 296
 297         # ok, we got a capture file, does it contain exactly 10 packets?
 298         $CAPINFOS ./testout.pcap > ./testout.txt
 299         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout.txt > /dev/null
 300         if [ $? -eq 0 ]; then
 301                 test_step_ok
 302         else
 303                 echo
 304                 capture_test_output_print ./testout.txt
 305                 test_step_failed "Probably the wrong interface (no traffic captured)!"
 306         fi
 307 }
 308
 309 # capture with a very unlikely read filter, packets must be zero afterwards
 310 capture_step_read_filter() {
 311         if [ $SKIP_CAPTURE -ne 0 ] ; then
 312                 test_step_skipped
 313                 return
 314         fi
 315
 316         traffic_gen_ping
 317
 318         # valid, but very unlikely filter
 319         date > ./testout.txt
 320         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 321                 -w ./testout.pcap \
 322                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 323                 -2 -R 'dcerpc.cn_call_id==123456' \
 324                 -c 10 \
 325                 -f "icmp || icmp6" \
 326                 >> ./testout.txt 2>&1
 327         RETURNVALUE=$?
 328         date >> ./testout.txt
 329         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 330                 echo
 331                 capture_test_output_print ./testout.txt
 332                 # part of the Prerequisite checks
 333                 # wrong interface ? output the possible interfaces
 334                 $TSHARK -D
 335                 test_step_failed "exit status: $RETURNVALUE"
 336                 return
 337         fi
 338
 339         # we should have an output file now
 340         if [ ! -f "./testout.pcap" ]; then
 341                 test_step_failed "No output file!"
 342                 return
 343         fi
 344
 345         # ok, we got a capture file, does it contain exactly 0 packets?
 346         $CAPINFOS ./testout.pcap > ./testout.txt
 347         grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
 348         if [ $? -eq 0 ]; then
 349                 test_step_ok
 350         else
 351                 echo
 352                 capture_test_output_print ./testout.txt
 353                 test_step_failed "Capture file should contain zero packets!"
 354         fi
 355 }
 356
 357
 358 # capture with a snapshot length
 359 capture_step_snapshot() {
 360         if [ $SKIP_CAPTURE -ne 0 ] ; then
 361                 test_step_skipped
 362                 return
 363         fi
 364
 365         traffic_gen_ping
 366
 367         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
 368         # this should result in no packets greater than 68 bytes
 369         date > ./testout.txt
 370         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 371                 -w ./testout.pcap \
 372                 -s 68 \
 373                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 374                 -f "icmp || icmp6" \
 375                 >> ./testout.txt 2>&1
 376         RETURNVALUE=$?
 377         date >> ./testout.txt
 378         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 379                 echo
 380                 capture_test_output_print ./testout.txt
 381                 # part of the Prerequisite checks
 382                 # wrong interface ? output the possible interfaces
 383                 $TSHARK -D
 384                 test_step_failed "exit status: $RETURNVALUE"
 385                 return
 386         fi
 387
 388         # we should have an output file now
 389         if [ ! -f "./testout.pcap" ]; then
 390                 test_step_failed "No output file!"
 391                 return
 392         fi
 393
 394         # use tshark to filter out all packets, which are larger than 68 bytes
 395         $TSHARK -r ./testout.pcap -w ./testout2.pcap -Y 'frame.cap_len>68' > ./testout.txt 2>&1
 396         if [ $? -ne 0 ]; then
 397                 echo
 398                 capture_test_output_print ./testout.txt
 399                 test_step_failed "Problem running TShark!"
 400                 return
 401         fi
 402
 403         # ok, we got a capture file, does it contain exactly 0 packets?
 404         $CAPINFOS ./testout2.pcap > ./testout.txt
 405         grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
 406         if [ $? -eq 0 ]; then
 407                 test_step_ok
 408         else
 409                 echo
 410                 capture_test_output_print ./testout.txt
 411                 test_step_failed "Capture file should contain zero packets!"
 412                 return
 413         fi
 414 }
 415
 416 wireshark_capture_suite() {
 417         # k: start capture immediately
 418         # WIRESHARK_QUIT_AFTER_CAPTURE needs to be set.
 419
 420         #
 421         # NOTE: This may not do the right thing if we use toolkits
 422         # that use Wayland or Mir directly, unless they also depend
 423         # on the DISPLAY environment variable.
 424         #
 425         #if [[ $WS_SYSTEM != Windows && $WS_SYSTEM != Darwin ]] && [ -z "$DISPLAY" ]; then
 426
 427         # Qt requires XKEYBOARD and Xrender, which our buildbots don't provide
 428         if [[ $WS_SYSTEM != "Windows" && $WS_SYSTEM != "Darwin" ]]; then
 429                 echo -n " (assuming Xvnc, which doesn't support Xrender)"
 430                 test_step_skipped
 431                 return
 432         fi
 433
 434         DUT="$WIRESHARK_CMD"
 435         test_step_add "Capture 10 packets" capture_step_10packets
 436         # piping to stdout doesn't work with Wireshark and capturing!
 437         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 438         if [ $TEST_FIFO ]; then
 439                 test_step_add "Capture via fifo" capture_step_fifo
 440         fi
 441         test_step_add "Capture via stdin" capture_step_stdin
 442         # read filter doesn't work with Wireshark and capturing!
 443         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 444         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 445 }
 446
 447 tshark_capture_suite() {
 448         DUT=$TSHARK
 449         test_step_add "Capture 10 packets" capture_step_10packets
 450         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 451         if [ $TEST_FIFO ]; then
 452                 test_step_add "Capture via fifo" capture_step_fifo
 453         fi
 454         test_step_add "Capture via stdin" capture_step_stdin
 455         # tshark now using dumpcap for capturing, read filters won't work by definition
 456         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 457         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 458 }
 459
 460 dumpcap_capture_suite() {
 461         #DUT="$DUMPCAP -Q"
 462         DUT=$DUMPCAP
 463         test_step_add "Capture 10 packets" capture_step_10packets
 464         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 465         if [ $TEST_FIFO ]; then
 466                 test_step_add "Capture via fifo" capture_step_fifo
 467         fi
 468         test_step_add "Capture via stdin" capture_step_stdin
 469         # read (display) filters intentionally doesn't work with dumpcap!
 470         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 471         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 472 }
 473
 474 capture_cleanup_step() {
 475         ping_cleanup
 476         rm -f ./testout.txt
 477         rm -f ./testerr.txt
 478         rm -f ./testout2.txt
 479         rm -f ./testout.pcap
 480         rm -f ./testout2.pcap
 481 }
 482
 483 capture_suite() {
 484         test_step_set_pre capture_cleanup_step
 485         test_step_set_post capture_cleanup_step
 486         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
 487         test_suite_add "Dumpcap capture" dumpcap_capture_suite
 488         test_suite_add "TShark capture" tshark_capture_suite
 489         test_suite_add "Wireshark capture" wireshark_capture_suite
 490 }
 491
 492 #
 493 # Editor modelines  -  http://www.wireshark.org/tools/modelines.html
 494 #
 495 # Local variables:
 496 # sh-basic-offset: 8
 497 # tab-width: 8
 498 # indent-tabs-mode: t
 499 # End:
 500 #
 501 # vi: set shiftwidth=8 tabstop=8 noexpandtab:
 502 # :indentSize=8:tabSize=8:noTabs=false:
 503 #