diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/dns_port.pcap | bin | 1318 -> 1318 bytes | |||
-rw-r--r-- | test/lua/dissector.lua | 36 | ||||
-rw-r--r-- | test/lua/proto.lua | 30 | ||||
-rw-r--r-- | test/lua/verify_dissector.lua | 80 |
4 files changed, 137 insertions, 9 deletions
diff --git a/test/captures/dns_port.pcap b/test/captures/dns_port.pcap Binary files differindex c19a79c8c9..6974505abf 100644 --- a/test/captures/dns_port.pcap +++ b/test/captures/dns_port.pcap diff --git a/test/lua/dissector.lua b/test/lua/dissector.lua index 3fb835f289..2a68b9c5fe 100644 --- a/test/lua/dissector.lua +++ b/test/lua/dissector.lua @@ -132,6 +132,22 @@ dns.fields = { pf_trasaction_id, pf_flags, pf_flag_z, pf_flag_authenticated, pf_flag_checking_disabled, pf_flag_rcode, pf_query, pf_query_name, pf_query_name_len, pf_query_label_count, pf_query_type, pf_query_class } +---------------------------------------- +-- create some expert info fields +local ef_query = ProtoExpert.new("mydns.query.expert", "DNS query message", + expert.group.REQUEST_CODE, expert.severity.CHAT) +local ef_response = ProtoExpert.new("mydns.response.expert", "DNS response message", + expert.group.RESPONSE_CODE, expert.severity.CHAT) +local ef_ultimate = ProtoExpert.new("mydns.response.ultimate.expert", "DNS answer to life, the universe, and everything", + expert.group.COMMENTS_GROUP, expert.severity.NOTE) +-- some error expert info's +local ef_too_short = ProtoExpert.new("mydns.too_short.expert", "DNS message too short", + expert.group.MALFORMED, expert.severity.ERROR) +local ef_bad_query = ProtoExpert.new("mydns.query.missing.expert", "DNS query missing or malformed", + expert.group.MALFORMED, expert.severity.WARN) + +-- register them +dns.experts = { ef_query, ef_too_short, ef_bad_query, ef_response, ef_ultimate } ---------------------------------------- -- we don't just want to display our protocol's fields, we want to access the value of some of them too! @@ -214,7 +230,9 @@ function dns.dissector(tvbuf,pktinfo,root) if pktlen < DNS_HDR_LEN then -- since we're going to add this protocol to a specific UDP port, we're going to -- assume packets in this port are our protocol, so the packet being too short is an error - tree:add_expert_info(PI_MALFORMED, PI_ERROR, "packet too short") + -- the old way: tree:add_expert_info(PI_MALFORMED, PI_ERROR, "packet too short") + -- the correct way now: + tree:add_proto_expert_info(ef_too_short) dprint("packet length",pktlen,"too short") return end @@ -238,8 +256,19 @@ function dns.dissector(tvbuf,pktinfo,root) -- for our flags field, we want a sub-tree local flag_tree = tree:add(pf_flags, flagrange) -- I'm indenting this for clarity, because it's adding to the flag's child-tree + -- let's add the type of message (query vs. response) - flag_tree:add(pf_flag_response, flagrange) + local query_flag_tree = flag_tree:add(pf_flag_response, flagrange) + + -- let's also add an expert info about it + if isResponse() then + query_flag_tree:add_proto_expert_info(ef_response, "It's a response!") + if transid == 42 then + tree:add_tvb_expert_info(ef_ultimate, tvbuf:range(0,2)) + end + else + query_flag_tree:add_proto_expert_info(ef_query) + end -- we now know if it's a response or query, so let's put that in the -- GUI packet row, in the INFO column cell @@ -289,7 +318,8 @@ function dns.dissector(tvbuf,pktinfo,root) while num_queries > 0 and pktlen_remaining > 0 do if pktlen_remaining < MIN_QUERY_LEN then - queries_tree:add_expert_info(PI_MALFORMED, PI_ERROR, "query field missing or too short") + -- old way: queries_tree:add_expert_info(PI_MALFORMED, PI_ERROR, "query field missing or too short") + queries_tree:add_proto_expert_info(ef_bad_query) return end diff --git a/test/lua/proto.lua b/test/lua/proto.lua index 9b159e65a3..157c4b2a9c 100644 --- a/test/lua/proto.lua +++ b/test/lua/proto.lua @@ -289,6 +289,24 @@ function dns.init() end ---------------------------------------- +-- create some expert info fields +local ef_query = ProtoExpert.new("mydns.query.expert", "DNS query message", + expert.group.REQUEST_CODE, expert.severity.CHAT) +local ef_response = ProtoExpert.new("mydns.response.expert", "DNS response message", + expert.group.RESPONSE_CODE, expert.severity.CHAT) +local ef_ultimate = ProtoExpert.new("mydns.response.ultimate.expert", "DNS answer to life, the universe, and everything", + expert.group.COMMENTS_GROUP, expert.severity.NOTE) +-- some error expert info's +local ef_too_short = ProtoExpert.new("mydns.too_short.expert", "DNS message too short", + expert.group.MALFORMED, expert.severity.ERROR) +local ef_bad_query = ProtoExpert.new("mydns.query.missing.expert", "DNS query missing or malformed", + expert.group.MALFORMED, expert.severity.WARN) + +-- register them +dns.experts = { ef_query, ef_too_short, ef_bad_query, ef_response, ef_ultimate } + + +---------------------------------------- -- we don't just want to display our protocol's fields, we want to access the value of some of them too! -- There are several ways to do that. One is to just parse the buffer contents in Lua code to find -- the values. But since ProtoFields actually do the parsing for us, and can be retrieved using Field @@ -391,7 +409,17 @@ function dns.dissector(tvbuf,pktinfo,root) local flag_tree = tree:add(pf_flags, flagrange) -- I'm indenting this for calarity, because it's adding to the flag's child-tree -- let's add the type of message (query vs. response) - flag_tree:add(pf_flag_response, flagrange) + local query_flag_tree = flag_tree:add(pf_flag_response, flagrange) + + -- let's also add an expert info about it + if isResponse() then + query_flag_tree:add_proto_expert_info(ef_response, "It's a response!") + if transid == 42 then + tree:add_tvb_expert_info(ef_ultimate, tvbuf:range(0,2)) + end + else + query_flag_tree:add_proto_expert_info(ef_query) + end -- we now know if it's a response or query, so let's put that in the -- GUI packet row, in the INFO column cell diff --git a/test/lua/verify_dissector.lua b/test/lua/verify_dissector.lua index f65d1ece72..46ec704e40 100644 --- a/test/lua/verify_dissector.lua +++ b/test/lua/verify_dissector.lua @@ -13,10 +13,76 @@ end local lines = { { "MyDNS Protocol", + "Transaction ID: 42", + "Flags: 0x0100", + "0... .... .... .... = Response: this is a query", + "[Expert Info (Chat/Request): DNS query message]", + "[DNS query message]", + "[Severity level: Chat]", + "[Group: Request]", + ".000 0... .... .... = Opcode: 0", + ".... ..0. .... .... = Truncated: False", + ".... ...1 .... .... = Recursion desired: yes", + ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", + ".... .... ...0 .... = Checking disabled: False", + "Number of Questions: 1", + "Number of Answer RRs: 0", + "Number of Authority RRs: 0", + "Number of Additional RRs: 0", + "Queries", + "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)", + "Name: us.pool.ntp.org", + "[Name Length: 17]", + "[Label Count: 4]", + "Type: A (IPv4 host address) (1)", + "Class: IN (Internet) (1)", + }, + + { + "MyDNS Protocol", + "Transaction ID: 42", + "Flags: 0x8180", + "1... .... .... .... = Response: this is a response", + "[Expert Info (Chat/Response): It's a response!]", + "[It's a response!]", + "[Severity level: Chat]", + "[Group: Response]", + ".000 0... .... .... = Opcode: 0", + ".... .0.. .... .... = Authoritative: False", + ".... ..0. .... .... = Truncated: False", + ".... .... 1... .... = Recursion available: True", + ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", + ".... .... ..0. .... = Authenticated: no", + ".... .... .... 0000 = Response code: No Error (0)", + ".... .... ...0 .... = Checking disabled: False", + "DNS answer to life, the universe, and everything", + "[Expert Info (Note/Comment): DNS answer to life, the universe, and everything]", + "[DNS answer to life, the universe, and everything]", + "[Severity level: Note]", + "[Group: Comment]", + "Number of Questions: 1", + "Number of Answer RRs: 15", + "Number of Authority RRs: 6", + "Number of Additional RRs: 2", + "Queries", + "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)", + "Name: us.pool.ntp.org", + "[Name Length: 17]", + "[Label Count: 4]", + "Type: A (IPv4 host address) (1)", + "Class: IN (Internet) (1)", + }, + + { + "MyDNS Protocol", "Transaction ID: 43", "Flags: 0x0100", "0... .... .... .... = Response: this is a query", - ".000 0... .... .... = Opcode: 0", + "[Expert Info (Chat/Request): DNS query message]", + "[DNS query message]", + "[Severity level: Chat]", + "[Group: Request]", + ".000 0... .... .... = Opcode: 0", ".... ..0. .... .... = Truncated: False", ".... ...1 .... .... = Recursion desired: yes", ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", @@ -39,7 +105,11 @@ local lines = { "Transaction ID: 43", "Flags: 0x8180", "1... .... .... .... = Response: this is a response", - ".000 0... .... .... = Opcode: 0", + "[Expert Info (Chat/Response): It's a response!]", + "[It's a response!]", + "[Severity level: Chat]", + "[Group: Response]", + ".000 0... .... .... = Opcode: 0", ".... .0.. .... .... = Authoritative: False", ".... ..0. .... .... = Truncated: False", ".... .... 1... .... = Recursion available: True", @@ -58,13 +128,13 @@ local lines = { "[Label Count: 4]", "Type: A (IPv4 host address) (1)", "Class: IN (Internet) (1)", - } + }, } -- we're going to see those two sets of output twice: both by the normal -- dissector, then the first one by the heuristic, then the second one by -- a conversation match -local numtests = 1 + (2 * (#lines[1] + #lines[2])) +local numtests = 1 + #lines[1] + #lines[2] + #lines[3] + #lines[4] print("going to run "..numtests.." tests") -- for an example of what we're reading through to verify, look at end of this file @@ -83,7 +153,7 @@ while line do pktidx = line:match("^Frame (%d+):") testing("Frame "..pktidx) pktidx = tonumber(pktidx) - if pktidx > 2 then pktidx = pktidx - 2 end + if pktidx > 4 then pktidx = pktidx - 4 end line = file:read() elseif line:find("%[Heuristic dissector used%]") then -- start again, because it now repeats |