#!/usr/bin/env python
"""
-Test-suite to test ethereal's dfilter mechanism.
+Test-suite to test wireshark's dfilter mechanism.
"""
#
-# $Id: dfilter-test.py,v 1.2 2003/07/25 03:44:05 gram Exp $
+# $Id$
#
# Copyright (C) 2003 by Gilbert Ramirez <gram@alumni.rice.edu>
#
REMOVE_TEMP_FILES = 1
VERBOSE = 0
TEXT2PCAP = os.path.join(".", "text2pcap")
-TETHEREAL = os.path.join(".", "tethereal")
+TSHARK = os.path.join(".", "tshark")
# Some DLT values. Add more from <net/bpf.h> if you need to.
def DFilterCount(self, packet, dfilter, num_lines_expected):
"""Run a dfilter on a packet file and expect
a certain number of output lines. If num_lines_expected
- is None, then the tethereal command is expected to fail
+ is None, then the tshark command is expected to fail
with a non-zero return value."""
packet_file = packet.Filename()
- cmd = (TETHEREAL, "-n -r", packet_file, "-R '", dfilter, "'")
+ cmd = (TSHARK, "-n -r", packet_file, "-R '", dfilter, "'")
- tethereal_failed = 0
+ tshark_failed = 0
try:
(output, retval) = run_cmd(cmd)
except RunCommandError:
- tethereal_failed = 1
+ tshark_failed = 1
# print "GOT", len(output), "lines:", output, retval
- if tethereal_failed:
+ if retval:
+ tshark_failed = 1
+
+ if tshark_failed:
if num_lines_expected == None:
if VERBOSE:
print "\nGot:", output
else:
print "\nGot:", output
return FAILED
+
elif len(output) == num_lines_expected:
if VERBOSE:
print "\nGot:", output
return self.DFilterCount(pkt_nfs,
"nfs.fattr3.size == 264000", 0)
+ def ck_contains_1(self):
+ return self.DFilterCount(pkt_ipx_rip,
+ "ipx.src.node contains a3", 1)
+
+ def ck_contains_2(self):
+ return self.DFilterCount(pkt_ipx_rip,
+ "ipx.src.node contains a3:e3", 1)
+
+ def ck_contains_3(self):
+ return self.DFilterCount(pkt_ipx_rip,
+ "ipx.src.node contains 00:aa:00:a3:e3:a4", 1)
+
+ def ck_contains_4(self):
+ return self.DFilterCount(pkt_ipx_rip,
+ "ipx.src.node contains aa:e3", 0)
+
tests = [
ck_eq_1,
ck_bytes_2,
ck_uint64_1,
ck_uint64_2,
+ ck_contains_1,
+ ck_contains_2,
+ ck_contains_3,
+ ck_contains_4,
]
return self.DFilterCount(pkt_http,
'http.request.method <= "HEAE"', 1)
- # XXX - this isn't handled in ethereal yet
+ # XXX - this isn't handled in wireshark yet
def ck_slice_1(self):
return self.DFilterCount(pkt_http,
'http.request.method[0] == "H"', 1)
return self.DFilterCount(pkt_tftp,
'tftp.type == "junk"', 0)
+ def ck_contains_1(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains "E"', 1)
+
+ def ck_contains_2(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains "EA"', 1)
+
+ def ck_contains_3(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains "HEAD"', 1)
+
+ def ck_contains_4(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains "POST"', 0)
+
+ def ck_contains_5(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains 50:4f:53:54"', None) # "POST"
+
+ def ck_contains_6(self):
+ return self.DFilterCount(pkt_http,
+ 'http.request.method contains 48:45:41:44"', 1) # "HEAD"
+
+ def ck_contains_fail_0(self):
+ return self.DFilterCount(pkt_http,
+ 'http.user_agent contains "update"', 0)
+
+ def ck_contains_fail_1(self):
+ return self.DFilterCount(pkt_http,
+ 'http.user_agent contains "UPDATE"', 0)
+
+ def ck_contains_upper_0(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(http.user_agent) contains "UPDATE"', 1)
+
+ def ck_contains_upper_1(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(http.user_agent) contains "update"', 0)
+
+ def ck_contains_upper_2(self):
+ return self.DFilterCount(pkt_http,
+ 'upper(tcp.seq) == 4', None)
+
+ def ck_contains_lower_0(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(http.user_agent) contains "UPDATE"', 0)
+
+ def ck_contains_lower_1(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(http.user_agent) contains "update"', 1)
+
+ def ck_contains_lower_2(self):
+ return self.DFilterCount(pkt_http,
+ 'lower(tcp.seq) == 4', None)
tests = [
# ck_slice_8,
ck_stringz_1,
ck_stringz_2,
+ ck_contains_1,
+ ck_contains_2,
+ ck_contains_3,
+ ck_contains_4,
+ ck_contains_5,
+ ck_contains_fail_0,
+ ck_contains_fail_1,
+ ck_contains_upper_0,
+ ck_contains_upper_1,
+ ck_contains_upper_2,
+ ck_contains_lower_0,
+ ck_contains_lower_1,
+ ck_contains_lower_2,
]
class TVB(Test):
"""Tests routines in ftype-tvb.c"""
+ def ck_eq_1(self):
+ # We expect 0 because even though this byte
+ # string matches the 'eth' protocol, protocols cannot
+ # work in an '==' comparison yet.
+ return self.DFilterCount(pkt_http,
+ "eth == 00:e0:81:00:b0:28:00:09:6b:88:f6:c9:08:00", None)
+
+ def ck_eq_2(self):
+ # We expect 0 because even though this byte
+ # string matches the 'eth' protocol, protocols cannot
+ # work in an '==' comparison yet.
+ return self.DFilterCount(pkt_http,
+ "00:e0:81:00:b0:28:00:09:6b:88:f6:c9:08:00 == eth", None)
+
def ck_slice_1(self):
return self.DFilterCount(pkt_http,
"ip[0:2] == 45:00", 1)
return self.DFilterCount(pkt_http,
"ip[2:2] == 00:c1", 1)
- # These don't work yet in Ethereal
+ # These don't work yet in Wireshark
def ck_slice_4(self):
return self.DFilterCount(pkt_http,
"ip[-5] == 0x86", 1)
"ip[-1] == 0x86", 0)
+ def ck_contains_1(self):
+ return self.DFilterCount(pkt_http,
+ "eth contains 6b", 1)
+
+ def ck_contains_2(self):
+ return self.DFilterCount(pkt_http,
+ "eth contains 09:6b:88", 1)
+
+ def ck_contains_3(self):
+ return self.DFilterCount(pkt_http,
+ "eth contains 00:e0:81:00:b0:28:00:09:6b:88:f5:c9:08:00", 1)
+
+ def ck_contains_4(self):
+ return self.DFilterCount(pkt_http,
+ "eth contains ff:ff:ff", 0)
+
+ def ck_contains_5(self):
+ return self.DFilterCount(pkt_http,
+ 'http contains "HEAD"', 1)
+
tests = [
+ ck_eq_1,
+ ck_eq_2,
+
ck_slice_1,
ck_slice_2,
ck_slice_3,
# XXX
# ck_slice_4,
# ck_slice_5,
+ ck_contains_1,
+ ck_contains_2,
+ ck_contains_3,
+ ck_contains_4,
+ ck_contains_5,
]
def usage():
print "usage: %s [OPTS] [TEST ...]" % (sys.argv[0],)
- print "\t-p PATH : path to find both tethereal and text2pcap (DEFAULT: . )"
- print "\t-t FILE : location of tethereal binary"
+ print "\t-p PATH : path to find both tshark and text2pcap (DEFAULT: . )"
+ print "\t-t FILE : location of tshark binary"
print "\t-x FILE : location of text2pcap binary"
print "\t-k : keep temporary files"
print "\t-v : verbose"
def main():
- global TETHEREAL
+ global TSHARK
global TEXT2PCAP
global VERBOSE
global REMOVE_TEMP_FILES
for opt, arg in opts:
if opt == "-t":
- TETHEREAL = arg
+ TSHARK = arg
elif opt == "-x":
TEXT2PCAP = arg
elif opt == "-v":
VERBOSE = 1
elif opt == "-p":
TEXT2PCAP = os.path.join(arg, "text2pcap")
- TETHEREAL = os.path.join(arg, "tethereal")
+ TSHARK = os.path.join(arg, "tshark")
elif opt == "-k":
REMOVE_TEMP_FILES = 0
else:
usage()
# Sanity test
- if not os.path.exists(TETHEREAL):
- sys.exit("tethereal program '%s' does not exist." % (TETHEREAL,))
+ if not os.path.exists(TSHARK):
+ sys.exit("tshark program '%s' does not exist." % (TSHARK,))
if not os.path.exists(TEXT2PCAP):
sys.exit("text2pcap program '%s' does not exist." % (TEXT2PCAP,))