def test_tshark_glossary_valid_utf8(self):
for glossary in glossaries:
env = config.baseEnv()
env['LANG'] = 'en_US.UTF-8'
g_contents = subprocess.check_output((config.cmd_tshark, '-G', glossary), env=env, stderr=subprocess.PIPE)
decoded = True
try:
g_contents.decode('UTF-8')
except UnicodeDecodeError:
decoded = False
self.assertTrue(decoded, '{} is not valid UTF-8'.format(glossary))
def features(cmd_tshark):
'''Returns an object describing available features in tshark.'''
try:
# XXX stop using config
tshark_v = subprocess.check_output((cmd_tshark, '--version'),
stderr=subprocess.PIPE,
universal_newlines=True,
env=config.baseEnv())
tshark_v = re.sub(r'\s+', ' ', tshark_v)
except subprocess.CalledProcessError as ex:
logging.warning('Failed to detect tshark features: %s', ex)
tshark_v = ''
gcry_m = re.search(r'with +Gcrypt +([0-9]+\.[0-9]+)', tshark_v)
return types.SimpleNamespace(
have_lua='with Lua' in tshark_v,
have_nghttp2='with nghttp2' in tshark_v,
have_kerberos='with MIT Kerberos' in tshark_v
or 'with Heimdal Kerberos' in tshark_v,
have_libgcrypt16=gcry_m and float(gcry_m.group(1)) >= 1.6,
have_libgcrypt17=gcry_m and float(gcry_m.group(1)) >= 1.7,
)
def test_tshark_glossary_plugin_count(self):
self.runProcess((config.cmd_tshark, '-G', 'plugins'), env=config.baseEnv())
self.assertGreaterEqual(self.countOutput('dissector'), 10, 'Fewer than 10 dissector plugins found')
def check_text2pcap(self,
cap_file,
file_type,
expected_packets=None,
expected_datasize=None):
# Perform the following actions
# - Get information for the input pcap file with capinfos
# - Generate an ASCII hexdump with TShark
# - Convert the ASCII hexdump back to pcap using text2pcap
# - Get information for the output pcap file with capinfos
# - Check that file type, encapsulation type, number of packets and data size
# in the output file are the same as in the input file
pre_cap_info = check_capinfos_info(self, cap_file)
# Due to limitations of "tshark -x", the output might contain more than one
# data source which is subsequently interpreted as additional frame data.
# See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14639
if expected_packets is not None:
self.assertNotEqual(pre_cap_info['packets'], expected_packets)
pre_cap_info['packets'] = expected_packets
if expected_datasize is not None:
self.assertNotEqual(pre_cap_info['datasize'], expected_datasize)
pre_cap_info['datasize'] = expected_datasize
self.assertTrue(pre_cap_info['encapsulation'] in encap_to_link_type)
self.assertTrue(file_type in file_type_to_testout, 'Invalid file type')
# text2pcap_generate_input()
# $TSHARK -o 'gui.column.format:"Time","%t"' -tad -P -x -r $1 > testin.txt
testin_file = self.filename_from_id(testin_txt)
cf_path = os.path.join(config.capture_dir, cap_file)
tshark_cmd = '{cmd} -r {cf} -o gui.column.format:"Time","%t" -t ad -P -x > {of}'.format(
cmd=config.cmd_tshark,
cf=cf_path,
of=testin_file,
)
self.assertRun(tshark_cmd, shell=True, env=config.baseEnv())
testout_fname = file_type_to_testout[file_type]
testout_file = self.filename_from_id(testout_fname)
if 'pcapng' in pre_cap_info[
'filetype'] or 'nanosecond libpcap' in pre_cap_info['filetype']:
pcapng_flag = '-n'
else:
pcapng_flag = ''
text2pcap_cmd = '{cmd} {ns} -d -l {linktype} -t "%Y-%m-%d %H:%M:%S." {in_f} {out_f}'.format(
cmd=config.cmd_text2pcap,
ns=pcapng_flag,
linktype=encap_to_link_type[pre_cap_info['encapsulation']],
in_f=testin_file,
out_f=testout_file,
)
self.assertRun(text2pcap_cmd, shell=True)
self.assertTrue(self.grepOutput('potential packet'),
"text2pcap didn't complete")
self.assertFalse(self.grepOutput('Inconsistent offset'),
'text2pcap detected inconsistent offset')
post_cap_info = check_capinfos_info(self, testout_file)
compare_capinfos_info(self, pre_cap_info, post_cap_info, cap_file,
testout_fname)