summaryrefslogtreecommitdiffstats
path: root/test/lua/verify_dissector.lua
blob: b391f8596adf64b4075b24d0523e1103185a009b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
-- This is a test script for tshark.
-- This script runs inside tshark.
-- FIRST run tshark with the "dns_dissector.lua" plugin, with the dns_port.pcap file,
-- and with full tree output (-V switch).  Pipe that to a file named testin.txt.
-- This verify script then reads in that testin.txt. The filename can be specified
-- using the "verify_file" argument.
--
-- tshark -r bogus.cap -X lua_script:<path_to_testdir>/lua/verify_dns_dissector.lua

local function testing(...)
    print("---- Testing "..tostring(...).." ----")
end

local lines = {
    {
        "MyDNS Protocol",
        "Transaction ID: 42",
        "Flags: 0x0100",
        "0... .... .... .... = Response: this is a query",
        "[Expert Info (Chat/Request): DNS query message]",
        "[DNS query message]",
        "[Severity level: Chat]",
        "[Group: Request]",
        ".000 0... .... .... = Opcode: 0",
        ".... ..0. .... .... = Truncated: False",
        ".... ...1 .... .... = Recursion desired: yes",
        ".... .... .0.. .... = World War Z - Reserved for future use: 0x0",
        ".... .... ...0 .... = Checking disabled: False",
        "Number of Questions: 1",
        "Number of Answer RRs: 0",
        "Number of Authority RRs: 0",
        "Number of Additional RRs: 0",
        "Queries",
        "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)",
        "Name: us.pool.ntp.org",
        "[Name Length: 17]",
        "[Label Count: 4]",
        "Type: A (IPv4 host address) (1)",
        "Class: IN (Internet) (1)",
    },

    {
        "MyDNS Protocol",
        "Transaction ID: 42",
        "Flags: 0x8180",
        "1... .... .... .... = Response: this is a response",
        "[Expert Info (Chat/Response): It's a response!]",
        "[It's a response!]",
        "[Severity level: Chat]",
        "[Group: Response]",
         ".000 0... .... .... = Opcode: 0",
        ".... .0.. .... .... = Authoritative: False",
        ".... ..0. .... .... = Truncated: False",
        ".... .... 1... .... = Recursion available: True",
        ".... .... .0.. .... = World War Z - Reserved for future use: 0x0",
        ".... .... ..0. .... = Authenticated: no",
        ".... .... .... 0000 = Response code: No Error (0)",
        ".... .... ...0 .... = Checking disabled: False",
        "DNS answer to life, the universe, and everything",
        "[Expert Info (Note/Comment): DNS answer to life, the universe, and everything]",
        "[DNS answer to life, the universe, and everything]",
        "[Severity level: Note]",
        "[Group: Comment]",
        "Number of Questions: 1",
        "Number of Answer RRs: 15",
        "Number of Authority RRs: 6",
        "Number of Additional RRs: 2",
        "Queries",
        "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)",
        "Name: us.pool.ntp.org",
        "[Name Length: 17]",
        "[Label Count: 4]",
        "Type: A (IPv4 host address) (1)",
        "Class: IN (Internet) (1)",
    },

    {
        "MyDNS Protocol",
        "Transaction ID: 43",
        "Flags: 0x0100",
        "0... .... .... .... = Response: this is a query",
        "[Expert Info (Chat/Request): DNS query message]",
        "[DNS query message]",
        "[Severity level: Chat]",
        "[Group: Request]",
       ".000 0... .... .... = Opcode: 0",
        ".... ..0. .... .... = Truncated: False",
        ".... ...1 .... .... = Recursion desired: yes",
        ".... .... .0.. .... = World War Z - Reserved for future use: 0x0",
        ".... .... ...0 .... = Checking disabled: False",
        "Number of Questions: 1",
        "Number of Answer RRs: 0",
        "Number of Authority RRs: 0",
        "Number of Additional RRs: 0",
        "Queries",
        "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)",
        "Name: us.pool.ntp.org",
        "[Name Length: 17]",
        "[Label Count: 4]",
        "Type: A (IPv4 host address) (1)",
        "Class: IN (Internet) (1)",
    },

    {
        "MyDNS Protocol",
        "Transaction ID: 43",
        "Flags: 0x8180",
        "1... .... .... .... = Response: this is a response",
        "[Expert Info (Chat/Response): It's a response!]",
        "[It's a response!]",
        "[Severity level: Chat]",
        "[Group: Response]",
         ".000 0... .... .... = Opcode: 0",
        ".... .0.. .... .... = Authoritative: False",
        ".... ..0. .... .... = Truncated: False",
        ".... .... 1... .... = Recursion available: True",
        ".... .... .0.. .... = World War Z - Reserved for future use: 0x0",
        ".... .... ..0. .... = Authenticated: no",
        ".... .... .... 0000 = Response code: No Error (0)",
        ".... .... ...0 .... = Checking disabled: False",
        "Number of Questions: 1",
        "Number of Answer RRs: 15",
        "Number of Authority RRs: 6",
        "Number of Additional RRs: 2",
        "Queries",
        "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)",
        "Name: us.pool.ntp.org",
        "[Name Length: 17]",
        "[Label Count: 4]",
        "Type: A (IPv4 host address) (1)",
        "Class: IN (Internet) (1)",
    },
}

-- we're going to see those two sets of output twice: both by the normal
-- dissector, then the first one by the heuristic, then the second one by
-- a conversation match
local numtests = 1 + #lines[1] + #lines[2] + #lines[3] + #lines[4]

local hasHeuristic = true

local verify_file = "testin.txt"

-- grab passed-in arguments
local args = { ... }
if #args > 0 then
    for _, arg in ipairs(args) do
        local name, value = arg:match("(.+)=(.+)")
        if arg == "no_heur" then
            numtests = numtests - 1
        elseif name == "verify_file" and value then
            verify_file = value
        end
    end
end

print("going to run "..numtests.." tests")

-- for an example of what we're reading through to verify, look at end of this file
print("opening file "..verify_file)
local file = io.open(verify_file, "r")
local line = file:read()

local pktidx = 1
local total = 0
local found = false

while line do
    -- eat beginning whitespace
    line = line:gsub("^%s+","",1)
    if line:find("^Frame %d+:") then
        pktidx = line:match("^Frame (%d+):")
        testing("Frame "..pktidx)
        pktidx = tonumber(pktidx)
        if pktidx > 4 then pktidx = pktidx - 4 end
        line = file:read()
    elseif line:find("%[Heuristic dissector used%]") then
        -- start again, because it now repeats
        -- but we should not see this [Heuristic dissector used] line again
        -- or it's an error in setting the conversation
        if found then
            error("Heuristic dissector ran twice - conversation setting not working?")
            return
        end
        found = true
        total = total + 1
        line = file:read()
    elseif line == lines[pktidx][1] then
        -- we've matched the first line of our section
        -- now verify the rest is sequential
        for i, v in ipairs(lines[pktidx]) do
            io.stdout:write("testing Frame "..pktidx..", line "..i.."...")
            if not line then
                -- ended too soon
                io.stdout:write("failed!\n")
                error("Ran out of file lines!")
                return
            end
            -- eat beginning whitespace
            line = line:gsub("^%s+","",1)
            if line ~= v then
                io.stdout:write("failed!\n")
                print("Got this:'"..line.."', expected this:'"..v.."'")
                error("mismatched lines!")
                return
            end
            io.stdout:write("passed\n")
            total = total + 1
            line = file:read()
        end
    else
        line = file:read()
    end
end

print(total.." of "..numtests.." tests run and passed")

if total ~= numtests then
    error("Did not find all our lines to test!")
    return
end

print("\n-----------------------------\n")
-- must print out the following for success (the test shell sciprt looks for this)
print("All tests passed!\n\n")


----------------------------------------------------------
-- We should see something like this:
--[[
Frame 1: 75 bytes on wire (600 bits), 75 bytes captured (600 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Sep 26, 2004 23:18:04.938672000 EDT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1096255084.938672000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 75 bytes (600 bits)
    Capture Length: 75 bytes (600 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:mydns]
Ethernet II, Src: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e), Dst: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53)
    Destination: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53)
        Address: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e)
        Address: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.50.50 (192.168.50.50), Dst: 192.168.0.1 (192.168.0.1)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 61
    Identification: 0x0a41 (2625)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (17)
    Header checksum: 0x7ceb [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.50.50 (192.168.50.50)
    Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 65282 (65282), Dst Port: 65333 (65333)
    Source Port: 65282 (65282)
    Destination Port: 65333 (65333)
    Length: 41
    Checksum: 0x07a9 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [Stream index: 0]
MyDNS Protocol
    Transaction ID: 43
    Flags: 0x0100
        0... .... .... .... = Response: this is a query
        .000 0... .... .... = Opcode: 0
        .... ..0. .... .... = Truncated: False
        .... ...1 .... .... = Recursion desired: yes
        .... .... .0.. .... = World War Z - Reserved for future use: 0x0
        .... .... ...0 .... = Checking disabled: False
    Number of Questions: 1
    Number of Answer RRs: 0
    Number of Authority RRs: 0
    Number of Additional RRs: 0
    Queries
        us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)
            Name: us.pool.ntp.org
            [Name Length: 17]
            [Label Count: 4]
            Type: A (IPv4 host address) (1)
            Class: IN (Internet) (1)

Frame 2: 540 bytes on wire (4320 bits), 540 bytes captured (4320 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Sep 26, 2004 23:18:04.945618000 EDT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1096255084.945618000 seconds
    [Time delta from previous captured frame: 0.006946000 seconds]
    [Time delta from previous displayed frame: 0.006946000 seconds]
    [Time since reference or first frame: 0.006946000 seconds]
    Frame Number: 2
    Frame Length: 540 bytes (4320 bits)
    Capture Length: 540 bytes (4320 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:mydns]
Ethernet II, Src: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53), Dst: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e)
    Destination: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e)
        Address: AmbitMic_6c:40:4e (00:d0:59:6c:40:4e)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53)
        Address: Cisco-Li_82:b2:53 (00:0c:41:82:b2:53)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.50.50 (192.168.50.50)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 526
    Identification: 0x2153 (8531)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 63
    Protocol: UDP (17)
    Header checksum: 0xa508 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.0.1 (192.168.0.1)
    Destination: 192.168.50.50 (192.168.50.50)
User Datagram Protocol, Src Port: 65333 (65333), Dst Port: 65282 (65282)
    Source Port: 65333 (65333)
    Destination Port: 65282 (65282)
    Length: 506
    Checksum: 0xf9d5 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [Stream index: 0]
MyDNS Protocol
    Transaction ID: 43
    Flags: 0x8180
        1... .... .... .... = Response: this is a response
        .000 0... .... .... = Opcode: 0
        .... .0.. .... .... = Authoritative: False
        .... ..0. .... .... = Truncated: False
        .... .... 1... .... = Recursion available: True
        .... .... .0.. .... = World War Z - Reserved for future use: 0x0
        .... .... ..0. .... = Authenticated: no
        .... .... .... 0000 = Response code: No Error (0)
        .... .... ...0 .... = Checking disabled: False
    Number of Questions: 1
    Number of Answer RRs: 15
    Number of Authority RRs: 6
    Number of Additional RRs: 2
    Queries
        us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)
            Name: us.pool.ntp.org
            [Name Length: 17]
            [Label Count: 4]
            Type: A (IPv4 host address) (1)
            Class: IN (Internet) (1)
]]