def test_tshark_glossary_valid_utf8(self): for glossary in glossaries: env = config.baseEnv() env['LANG'] = 'en_US.UTF-8' g_contents = subprocess.check_output((config.cmd_tshark, '-G', glossary), env=env, stderr=subprocess.PIPE) decoded = True try: g_contents.decode('UTF-8') except UnicodeDecodeError: decoded = False self.assertTrue(decoded, '{} is not valid UTF-8'.format(glossary))
def features(cmd_tshark): '''Returns an object describing available features in tshark.''' try: # XXX stop using config tshark_v = subprocess.check_output((cmd_tshark, '--version'), stderr=subprocess.PIPE, universal_newlines=True, env=config.baseEnv()) tshark_v = re.sub(r'\s+', ' ', tshark_v) except subprocess.CalledProcessError as ex: logging.warning('Failed to detect tshark features: %s', ex) tshark_v = '' gcry_m = re.search(r'with +Gcrypt +([0-9]+\.[0-9]+)', tshark_v) return types.SimpleNamespace( have_lua='with Lua' in tshark_v, have_nghttp2='with nghttp2' in tshark_v, have_kerberos='with MIT Kerberos' in tshark_v or 'with Heimdal Kerberos' in tshark_v, have_libgcrypt16=gcry_m and float(gcry_m.group(1)) >= 1.6, have_libgcrypt17=gcry_m and float(gcry_m.group(1)) >= 1.7, )
def test_tshark_glossary_plugin_count(self): self.runProcess((config.cmd_tshark, '-G', 'plugins'), env=config.baseEnv()) self.assertGreaterEqual(self.countOutput('dissector'), 10, 'Fewer than 10 dissector plugins found')
def check_text2pcap(self, cap_file, file_type, expected_packets=None, expected_datasize=None): # Perform the following actions # - Get information for the input pcap file with capinfos # - Generate an ASCII hexdump with TShark # - Convert the ASCII hexdump back to pcap using text2pcap # - Get information for the output pcap file with capinfos # - Check that file type, encapsulation type, number of packets and data size # in the output file are the same as in the input file pre_cap_info = check_capinfos_info(self, cap_file) # Due to limitations of "tshark -x", the output might contain more than one # data source which is subsequently interpreted as additional frame data. # See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14639 if expected_packets is not None: self.assertNotEqual(pre_cap_info['packets'], expected_packets) pre_cap_info['packets'] = expected_packets if expected_datasize is not None: self.assertNotEqual(pre_cap_info['datasize'], expected_datasize) pre_cap_info['datasize'] = expected_datasize self.assertTrue(pre_cap_info['encapsulation'] in encap_to_link_type) self.assertTrue(file_type in file_type_to_testout, 'Invalid file type') # text2pcap_generate_input() # $TSHARK -o 'gui.column.format:"Time","%t"' -tad -P -x -r $1 > testin.txt testin_file = self.filename_from_id(testin_txt) cf_path = os.path.join(config.capture_dir, cap_file) tshark_cmd = '{cmd} -r {cf} -o gui.column.format:"Time","%t" -t ad -P -x > {of}'.format( cmd=config.cmd_tshark, cf=cf_path, of=testin_file, ) self.assertRun(tshark_cmd, shell=True, env=config.baseEnv()) testout_fname = file_type_to_testout[file_type] testout_file = self.filename_from_id(testout_fname) if 'pcapng' in pre_cap_info[ 'filetype'] or 'nanosecond libpcap' in pre_cap_info['filetype']: pcapng_flag = '-n' else: pcapng_flag = '' text2pcap_cmd = '{cmd} {ns} -d -l {linktype} -t "%Y-%m-%d %H:%M:%S." {in_f} {out_f}'.format( cmd=config.cmd_text2pcap, ns=pcapng_flag, linktype=encap_to_link_type[pre_cap_info['encapsulation']], in_f=testin_file, out_f=testout_file, ) self.assertRun(text2pcap_cmd, shell=True) self.assertTrue(self.grepOutput('potential packet'), "text2pcap didn't complete") self.assertFalse(self.grepOutput('Inconsistent offset'), 'text2pcap detected inconsistent offset') post_cap_info = check_capinfos_info(self, testout_file) compare_capinfos_info(self, pre_cap_info, post_cap_info, cap_file, testout_fname)