c210d944175761ec0fdf61d6785b1cf77b00b7a4
[obnox/wireshark/wip.git] / test / suite-capture.sh
1 #!/bin/bash
2 #
3 # Test the capture engine of the Wireshark tools
4 #
5 # $Id$
6 #
7 # Wireshark - Network traffic analyzer
8 # By Gerald Combs <gerald@wireshark.org>
9 # Copyright 2005 Ulf Lamping
10 #
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
15 #
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19 # GNU General Public License for more details.
20 #
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, writeto the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
24 #
25
26
27 # common exit status values
28 EXIT_OK=0
29 EXIT_COMMAND_LINE=1
30 EXIT_ERROR=2
31
32 traffic_gen_ping() {
33         # Generate some traffic for quiet networks.
34         # This will have to be adjusted for non-Windows systems.
35 ##      ping -n 20 www.wireshark.org > /dev/null 2>&1 &
36         ping -n 20 www.wireshark.org > ./pingout.txt 2>&1 &
37 }
38
39 # capture exactly 10 packets
40 capture_step_10packets() {
41         if [ "$WS_SYSTEM" != "Windows" ] ; then
42                 test_step_skipped
43                 return
44         fi
45
46         traffic_gen_ping
47         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
48                 -w ./testout.pcap \
49                 -c 10  \
50                 -a duration:$TRAFFIC_CAPTURE_DURATION \
51                 icmp \
52                 > ./testout.txt 2>&1
53         RETURNVALUE=$?
54         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
55                 wait  # for ping to complete
56                 echo
57                 cat ./testout.txt
58                 echo
59                 cat ./pingout.txt
60                 # part of the Prerequisite checks
61                 # wrong interface ? output the possible interfaces
62                 $TSHARK -D
63                 test_step_failed "exit status of $DUT: $RETURNVALUE"
64                 return
65         fi
66
67         # we should have an output file now
68         if [ ! -f "./testout.pcap" ]; then
69                 test_step_failed "No output file!"
70                 return
71         fi
72
73         # ok, we got a capture file, does it contain exactly 10 packets?
74         $CAPINFOS ./testout.pcap > ./testout.txt
75         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
76         if [ $? -eq 0 ]; then
77                 test_step_ok
78         else
79                 echo
80                 cat ./testout.txt
81                 # part of the Prerequisite checks
82                 # probably wrong interface, output the possible interfaces
83                 $TSHARK -D
84                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
85         fi
86 }
87
88 # capture exactly 10 packets using "-w -" (piping to stdout)
89 capture_step_10packets_stdout() {
90         if [ "$WS_SYSTEM" != "Windows" ] ; then
91                 test_step_skipped
92                 return
93         fi
94
95         traffic_gen_ping
96         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
97                 -c 10 \
98                 -a duration:$TRAFFIC_CAPTURE_DURATION \
99                 -w - \
100                 icmp \
101                 > ./testout.pcap 2>./testout.txt
102         RETURNVALUE=$?
103         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
104                 $TSHARK -D
105                 test_step_failed "exit status of $DUT: $RETURNVALUE"
106                 return
107         fi
108
109         # we should have an output file now
110         if [ ! -f "./testout.pcap" ]; then
111                 test_step_failed "No output file!"
112                 return
113         fi
114
115         # ok, we got a capture file, does it contain exactly 10 packets?
116         $CAPINFOS ./testout.pcap > ./testout2.txt 2>&1
117         grep -i 'Number of packets: 10' ./testout2.txt > /dev/null
118         if [ $? -eq 0 ]; then
119                 test_step_ok
120         else
121                 echo
122                 cat ./testout.txt
123                 cat ./testout2.txt
124                 $TSHARK -D
125                 test_step_failed "No or not enough traffic captured. Probably the wrong interface: $TRAFFIC_CAPTURE_IFACE!"
126         fi
127 }
128
129 # capture packets via a fifo
130 capture_step_fifo() {
131         mkfifo 'fifo'
132         (cat $CAPFILE; sleep 1; tail -c +25 $CAPFILE) > fifo &
133         $DUT -i fifo $TRAFFIC_CAPTURE_PROMISC \
134                 -w ./testout.pcap \
135                 -a duration:$TRAFFIC_CAPTURE_DURATION \
136                 > ./testout.txt 2>&1
137         RETURNVALUE=$?
138         rm 'fifo'
139         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
140                 test_step_failed "exit status of $DUT: $RETURNVALUE"
141                 return
142         fi
143
144         # we should have an output file now
145         if [ ! -f "./testout.pcap" ]; then
146                 test_step_failed "No output file!"
147                 return
148         fi
149
150         # ok, we got a capture file, does it contain exactly 8 packets?
151         $CAPINFOS ./testout.pcap > ./testout.txt
152         grep -i 'Number of packets: 8' ./testout.txt > /dev/null
153         if [ $? -eq 0 ]; then
154                 test_step_ok
155         else
156                 echo
157                 cat ./testout.txt
158                 test_step_failed "No or not enough traffic captured."
159         fi
160 }
161
162 # capture exactly 2 times 10 packets (multiple files)
163 capture_step_2multi_10packets() {
164         if [ "$WS_SYSTEM" != "Windows" ] ; then
165                 test_step_skipped
166                 return
167         fi
168
169         traffic_gen_ping
170         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
171                 -w ./testout.pcap \
172                 -c 10 \
173                 -a duration:$TRAFFIC_CAPTURE_DURATION \
174                 icmp
175                 > ./testout.txt 2>&1
176
177         RETURNVALUE=$?
178         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
179                 # part of the Prerequisite checks
180                 # probably wrong interface, output the possible interfaces
181                 $TSHARK -D
182                 test_step_failed "exit status of $DUT: $RETURNVALUE"
183                 return
184         fi
185
186         # we should have an output file now
187         if [ ! -f "./testout.pcap" ]; then
188                 test_step_failed "No output file!"
189                 return
190         fi
191
192         # ok, we got a capture file, does it contain exactly 10 packets?
193         $CAPINFOS ./testout.pcap > ./testout.txt
194         grep -i 'Number of packets: 10' ./testout.txt > /dev/null
195         if [ $? -eq 0 ]; then
196                 test_step_ok
197         else
198                 echo
199                 cat ./testout.txt
200                 test_step_failed "Probably the wrong interface (no traffic captured)!"
201         fi
202 }
203
204 # capture with a very unlikely read filter, packets must be zero afterwards
205 capture_step_read_filter() {
206         if [ "$WS_SYSTEM" != "Windows" ] ; then
207                 test_step_skipped
208                 return
209         fi
210
211         traffic_gen_ping
212         # valid, but very unlikely filter
213         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
214                 -w ./testout.pcap \
215                 -a duration:$TRAFFIC_CAPTURE_DURATION \
216                 -R 'dcerpc.cn_call_id==123456' \
217                 -c 10 \
218                 icmp
219                 > ./testout.txt 2>&1
220         RETURNVALUE=$?
221         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
222                 test_step_failed "exit status: $RETURNVALUE"
223                 return
224         fi
225
226         # we should have an output file now
227         if [ ! -f "./testout.pcap" ]; then
228                 test_step_failed "No output file!"
229                 return
230         fi
231
232         # ok, we got a capture file, does it contain exactly 0 packets?
233         $CAPINFOS ./testout.pcap > ./testout.txt
234         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
235         if [ $? -eq 0 ]; then
236                 test_step_ok
237         else
238                 echo
239                 cat ./testout.txt
240                 test_step_failed "Capture file should contain zero packets!"
241         fi
242 }
243
244
245 # capture with a snapshot length
246 capture_step_snapshot() {
247         if [ "$WS_SYSTEM" != "Windows" ] ; then
248                 test_step_skipped
249                 return
250         fi
251
252         traffic_gen_ping
253
254         # capture with a snapshot length of 68 bytes for $TRAFFIC_CAPTURE_DURATION seconds
255         # this should result in no packets
256         $DUT -i $TRAFFIC_CAPTURE_IFACE $TRAFFIC_CAPTURE_PROMISC \
257                 -w ./testout.pcap \
258                 -s 68 \
259                 -a duration:$TRAFFIC_CAPTURE_DURATION
260                 icmp \
261                 > ./testout.txt 2>&1
262         RETURNVALUE=$?
263         if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
264                 test_step_failed "exit status: $RETURNVALUE"
265                 return
266         fi
267
268         # we should have an output file now
269         if [ ! -f "./testout.pcap" ]; then
270                 test_step_failed "No output file!"
271                 return
272         fi
273
274         # use tshark to filter out all packets, which are larger than 68 bytes
275         $TSHARK -r ./testout.pcap -w ./testout2.pcap -R 'frame.cap_len>68' > ./testout.txt 2>&1
276
277         # ok, we got a capture file, does it contain exactly 0 packets?
278         $CAPINFOS ./testout2.pcap > ./testout.txt
279         grep -i 'Number of packets: 0' ./testout.txt > /dev/null
280         if [ $? -eq 0 ]; then
281                 test_step_ok
282         else
283                 echo
284                 cat ./testout.txt
285                 test_step_failed "Capture file should contain zero packets!"
286                 return
287         fi
288 }
289
290 wireshark_capture_suite() {
291         # Q: quit after cap, k: start capture immediately
292         DUT="$WIRESHARK -Q -k"
293         test_step_add "Capture 10 packets" capture_step_10packets
294         # piping to stdout doesn't work with Wireshark and capturing!
295         #test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
296         # read filter doesn't work with Wireshark and capturing!
297         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
298         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
299 }
300
301 tshark_capture_suite() {
302         DUT=$TSHARK
303         test_step_add "Capture 10 packets" capture_step_10packets
304         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
305         if [ $TEST_FIFO ]; then
306                 test_step_add "Capture via fifo" capture_step_fifo
307         fi
308         test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
309         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
310 }
311
312 dumpcap_capture_suite() {
313         #DUT="$DUMPCAP -Q"
314         DUT=$DUMPCAP
315         test_step_add "Capture 10 packets" capture_step_10packets
316         test_step_add "Capture 10 packets using stdout: -w -" capture_step_10packets_stdout
317         if [ $TEST_FIFO ]; then
318                 test_step_add "Capture via fifo" capture_step_fifo
319         fi
320         # read (display) filters intentionally doesn't work with dumpcap!
321         #test_step_add "Capture read filter (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_read_filter
322         test_step_add "Capture snapshot length 68 bytes (${TRAFFIC_CAPTURE_DURATION}s)" capture_step_snapshot
323 }
324
325 capture_cleanup_step() {
326         rm -f ./testout.txt
327         rm -f ./testout2.txt
328         rm -f ./testout.pcap
329         rm -f ./testout2.pcap
330         rm -f ./pingout.txt
331 }
332
333 capture_suite() {
334         test_step_set_pre capture_cleanup_step
335         test_step_set_post capture_cleanup_step
336         test_remark_add "Capture - need some traffic on interface: \"$TRAFFIC_CAPTURE_IFACE\""
337         test_suite_add "TShark capture" tshark_capture_suite
338         test_suite_add "Wireshark capture" wireshark_capture_suite
339         test_suite_add "Dumpcap capture" dumpcap_capture_suite
340 }