test/suite-capture.sh

   1 #!/bin/bash
   2 #
   3 # Test the capture engine of the Wireshark tools
   4 #
   5 # $Id$
   6 #
   7 # Wireshark - Network traffic analyzer
   8 # By Gerald Combs <gerald@wireshark.org>
   9 # Copyright 2005 Ulf Lamping
  10 #
  11 # This program is free software; you can redistribute it and/or
  12 # modify it under the terms of the GNU General Public License
  13 # as published by the Free Software Foundation; either version 2
  14 # of the License, or (at your option) any later version.
  15 #
  16 # This program is distributed in the hope that it will be useful,
  17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19 # GNU General Public License for more details.
  20 #
  21 # You should have received a copy of the GNU General Public License
  22 # along with this program; if not, writeto the Free Software
  23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24 #
  25
  26
  27 # common exit status values
  28 EXIT_OK=0
  29 EXIT_COMMAND_LINE=1
  30 EXIT_ERROR=2
  31
  32 capture_test_output_print() {
  33         wait
  34         for f in "$@"; do
  35                 if [[ -f "$f" ]]; then
  36                 printf " --> $f\n"
  37                 cat "$f"
  38                 printf "\n"
  39                 fi
  40         done
  41 }
  42
  43 traffic_gen_ping() {
  44         # Generate some traffic for quiet networks.
  45         # This will have to be adjusted for non-Windows systems.
  46
  47         # the following will run in the background and return immediately
  48         {
  49         date
  50         for (( x=28; x<=58; x++ )) # in effect: number the packets
  51         do
  52                 # How does ping _not_ have a standard set of arguments?
  53                 case $WS_SYSTEM in
  54                         Windows)
  55                                 ping -n 1 -l $x www.wireshark.org       ;;
  56                         SunOS)
  57                                 /usr/sbin/ping www.wireshark.org $x 1           ;;
  58                         *) # *BSD, Linux
  59                                 ping -c 1 -s $x www.wireshark.org       ;;
  60                 esac
  61                 sleep 1
  62         done
  63         date
  64         } > ./testout_ping.txt 2>&1 &
  65 }
  66
  67 ping_cleanup() {
  68         wait
  69         rm -f ./testout_ping.txt
  70 }
  71
  72 # capture exactly 10 packets
  73 capture_step_10packets() {
  74         if [ $SKIP_CAPTURE -ne 0 ] ; then
  75                 test_step_skipped
  76                 return
  77         fi
  78
  79         traffic_gen_ping
  80
  81         date > ./testout.txt
  82         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
  83                 -w ./testout.pcap \
  84                 -c 10  \
  85                 -a duration:$TRAFFIC_CAPTURE_DURATION \
  86                 -f icmp \
  87                 >> ./testout.txt 2>&1
  88         RETURNVALUE=$?
  89         date >> ./testout.txt
  90         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
  91                 echo
  92                 capture_test_output_print ./testout.txt
  93                 # part of the Prerequisite checks
  94                 # wrong interface ? output the possible interfaces
  95                 $TSHARK -D
  96                 test_step_failed "exit status of $DUT: $RETURNVALUE"
  97                 return
  98         fi
  99
 100         # we should have an output file now
 101         if [ ! -f "./testout.pcap" ]; then
 102                 capture_test_output ./testout.txt
 103                 test_step_failed "No output file!"
 104                 return
 105         fi
 106
 107         # ok, we got a capture file, does it contain exactly 10 packets?
 108         $CAPINFOS ./testout.pcap > ./testout2.txt
 109         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
 110         if [ $? -eq 0 ]; then
 111                 test_step_ok
 112         else
 113                 echo
 114                 $TSHARK -ta -r ./testout.pcap >> ./testout2.txt
 115                 capture_test_output_print ./testout_ping.txt ./testout.txt ./testout2.txt
 116                 # part of the Prerequisite checks
 117                 # probably wrong interface, output the possible interfaces
 118                 $TSHARK -D
 119                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 120         fi
 121 }
 122
 123 # capture exactly 10 packets using "-w -" (piping to stdout)
 124 capture_step_10packets_stdout() {
 125         if [ $SKIP_CAPTURE -ne 0 ] ; then
 126                 test_step_skipped
 127                 return
 128         fi
 129
 130         traffic_gen_ping
 131
 132         date > ./testout.txt
 133         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 134                 -c 10 \
 135                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 136                 -w - \
 137                 -f icmp \
 138                 > ./testout.pcap 2>>./testout.txt
 139         RETURNVALUE=$?
 140         date >> ./testout.txt
 141         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 142                 echo
 143                 capture_test_output_print ./testout.txt
 144                 $TSHARK -D
 145                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 146                 return
 147         fi
 148
 149         # we should have an output file now
 150         if [ ! -f "./testout.pcap" ]; then
 151                 test_step_failed "No output file!"
 152                 return
 153         fi
 154
 155         # ok, we got a capture file, does it contain exactly 10 packets?
 156         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
 157         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout2.txt > /dev/null
 158         if [ $? -eq 0 ]; then
 159                 test_step_ok
 160         else
 161                 echo
 162                 capture_test_output_print ./testout.txt ./testout2.txt
 163                 $TSHARK -D
 164                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
 165         fi
 166 }
 167
 168 # capture packets via a fifo
 169 capture_step_fifo() {
 170         mkfifo 'fifo'
 171         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
 172         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
 173                 -w ./testout.pcap \
 174                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 175                 > ./testout.txt 2>&1
 176         RETURNVALUE=$?
 177         rm 'fifo'
 178         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 179                 capture_test_output_print ./testout.txt
 180                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 181                 return
 182         fi
 183
 184         # we should have an output file now
 185         if [ ! -f "./testout.pcap" ]; then
 186                 test_step_failed "No output file!"
 187                 return
 188         fi
 189
 190         # ok, we got a capture file, does it contain exactly 8 packets?
 191         $CAPINFOS ./testout.pcap > ./testout.txt
 192         grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
 193         if [ $? -eq 0 ]; then
 194                 test_step_ok
 195         else
 196                 echo
 197                 capture_test_output_print ./testout.txt
 198                 test_step_failed "No or not enough traffic captured."
 199         fi
 200 }
 201
 202 # capture packets via a fifo
 203 capture_step_stdin() {
 204         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) | \
 205         $DUT -i - $TRAFFIC_CAPTURE_PROMISC \
 206                 -w ./testout.pcap \
 207                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 208                 > ./testout.txt 2>&1
 209         RETURNVALUE=$?
 210         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 211                 capture_test_output_print ./testout.txt ./dumpcap_debug_log.tmp
 212                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 213                 return
 214         fi
 215
 216         # we should have an output file now
 217         if [ ! -f "./testout.pcap" ]; then
 218                 test_step_failed "No output file!"
 219                 return
 220         fi
 221
 222         # ok, we got a capture file, does it contain exactly 8 packets?
 223         $CAPINFOS ./testout.pcap > ./testout.txt
 224         grep -Ei 'Number of packets:[[:blank:]]+8' ./testout.txt > /dev/null
 225         if [ $? -eq 0 ]; then
 226                 test_step_ok
 227         else
 228                 echo
 229                 capture_test_output_print ./testout.txt
 230                 test_step_failed "No or not enough traffic captured."
 231         fi
 232 }
 233
 234 # capture exactly 2 times 10 packets (multiple files)
 235 capture_step_2multi_10packets() {
 236         if [ $SKIP_CAPTURE -ne 0 ] ; then
 237                 test_step_skipped
 238                 return
 239         fi
 240
 241         traffic_gen_ping
 242
 243         date > ./testout.txt
 244         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 245                 -w ./testout.pcap \
 246                 -c 10 \
 247                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 248                 -f icmp \
 249                 >> ./testout.txt 2>&1
 250
 251         RETURNVALUE=$?
 252         date >> ./testout.txt
 253         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 254                 echo
 255                 capture_test_output_print ./testout.txt
 256                 # part of the Prerequisite checks
 257                 # probably wrong interface, output the possible interfaces
 258                 $TSHARK -D
 259                 test_step_failed "exit status of $DUT: $RETURNVALUE"
 260                 return
 261         fi
 262
 263         # we should have an output file now
 264         if [ ! -f "./testout.pcap" ]; then
 265                 test_step_failed "No output file!"
 266                 return
 267         fi
 268
 269         # ok, we got a capture file, does it contain exactly 10 packets?
 270         $CAPINFOS ./testout.pcap > ./testout.txt
 271         grep -Ei 'Number of packets:[[:blank:]]+10' ./testout.txt > /dev/null
 272         if [ $? -eq 0 ]; then
 273                 test_step_ok
 274         else
 275                 echo
 276                 capture_test_output_print ./testout.txt
 277                 test_step_failed "Probably the wrong interface (no traffic captured)!"
 278         fi
 279 }
 280
 281 # capture with a very unlikely read filter, packets must be zero afterwards
 282 capture_step_read_filter() {
 283         if [ $SKIP_CAPTURE -ne 0 ] ; then
 284                 test_step_skipped
 285                 return
 286         fi
 287
 288         traffic_gen_ping
 289
 290         # valid, but very unlikely filter
 291         date > ./testout.txt
 292         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 293                 -w ./testout.pcap \
 294                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 295                 -R 'dcerpc.cn_call_id==123456' \
 296                 -c 10 \
 297                 -f icmp \
 298                 >> ./testout.txt 2>&1
 299         RETURNVALUE=$?
 300         date >> ./testout.txt
 301         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 302                 echo
 303                 capture_test_output_print ./testout.txt
 304                 # part of the Prerequisite checks
 305                 # wrong interface ? output the possible interfaces
 306                 $TSHARK -D
 307                 test_step_failed "exit status: $RETURNVALUE"
 308                 return
 309         fi
 310
 311         # we should have an output file now
 312         if [ ! -f "./testout.pcap" ]; then
 313                 test_step_failed "No output file!"
 314                 return
 315         fi
 316
 317         # ok, we got a capture file, does it contain exactly 0 packets?
 318         $CAPINFOS ./testout.pcap > ./testout.txt
 319         grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
 320         if [ $? -eq 0 ]; then
 321                 test_step_ok
 322         else
 323                 echo
 324                 capture_test_output_print ./testout.txt
 325                 test_step_failed "Capture file should contain zero packets!"
 326         fi
 327 }
 328
 329
 330 # capture with a snapshot length
 331 capture_step_snapshot() {
 332         if [ $SKIP_CAPTURE -ne 0 ] ; then
 333                 test_step_skipped
 334                 return
 335         fi
 336
 337         traffic_gen_ping
 338
 339         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
 340         # this should result in no packets greater than 68 bytes
 341         date > ./testout.txt
 342         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
 343                 -w ./testout.pcap \
 344                 -s 68 \
 345                 -a duration:$TRAFFIC_CAPTURE_DURATION \
 346                 -f icmp \
 347                 >> ./testout.txt 2>&1
 348         RETURNVALUE=$?
 349         date >> ./testout.txt
 350         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
 351                 echo
 352                 capture_test_output_print ./testout.txt
 353                 # part of the Prerequisite checks
 354                 # wrong interface ? output the possible interfaces
 355                 $TSHARK -D
 356                 test_step_failed "exit status: $RETURNVALUE"
 357                 return
 358         fi
 359
 360         # we should have an output file now
 361         if [ ! -f "./testout.pcap" ]; then
 362                 test_step_failed "No output file!"
 363                 return
 364         fi
 365
 366         # use tshark to filter out all packets, which are larger than 68 bytes
 367         $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
 368         if [ $? -ne 0 ]; then
 369                 echo
 370                 capture_test_output_print ./testout.txt
 371                 test_step_failed "Problem running TShark!"
 372                 return
 373         fi
 374
 375         # ok, we got a capture file, does it contain exactly 0 packets?
 376         $CAPINFOS ./testout2.pcap > ./testout.txt
 377         grep -Ei 'Number of packets:[[:blank:]]+0' ./testout.txt > /dev/null
 378         if [ $? -eq 0 ]; then
 379                 test_step_ok
 380         else
 381                 echo
 382                 capture_test_output_print ./testout.txt
 383                 test_step_failed "Capture file should contain zero packets!"
 384                 return
 385         fi
 386 }
 387
 388 wireshark_capture_suite() {
 389         # Q: quit after cap, k: start capture immediately
 390         DUT="$WIRESHARK -Q -k"
 391         test_step_add "Capture 10 packets" capture_step_10packets
 392         # piping to stdout doesn't work with Wireshark and capturing!
 393         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 394         if [ $TEST_FIFO ]; then
 395                 test_step_add "Capture via fifo" capture_step_fifo
 396         fi
 397         test_step_add "Capture via stdin" capture_step_stdin
 398         # read filter doesn't work with Wireshark and capturing!
 399         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 400         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 401 }
 402
 403 tshark_capture_suite() {
 404         DUT=$TSHARK
 405         test_step_add "Capture 10 packets" capture_step_10packets
 406         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 407         if [ $TEST_FIFO ]; then
 408                 test_step_add "Capture via fifo" capture_step_fifo
 409         fi
 410         test_step_add "Capture via stdin" capture_step_stdin
 411         # tshark now using dumpcap for capturing, read filters won't work by definition
 412         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 413         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 414 }
 415
 416 dumpcap_capture_suite() {
 417         #DUT="$DUMPCAP -Q"
 418         DUT=$DUMPCAP
 419         test_step_add "Capture 10 packets" capture_step_10packets
 420         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
 421         if [ $TEST_FIFO ]; then
 422                 test_step_add "Capture via fifo" capture_step_fifo
 423         fi
 424         test_step_add "Capture via stdin" capture_step_stdin
 425         # read (display) filters intentionally doesn't work with dumpcap!
 426         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
 427         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
 428 }
 429
 430 capture_cleanup_step() {
 431         ping_cleanup
 432         rm -f ./testout.txt
 433         rm -f ./testout2.txt
 434         rm -f ./testout.pcap
 435         rm -f ./testout2.pcap
 436 }
 437
 438 capture_suite() {
 439         test_step_set_pre capture_cleanup_step
 440         test_step_set_post capture_cleanup_step
 441         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
 442         test_suite_add "Dumpcap capture" dumpcap_capture_suite
 443         test_suite_add "TShark capture" tshark_capture_suite
 444         test_suite_add "Wireshark capture" wireshark_capture_suite
 445 }