pcapr-local 0.1.10

data/test/mu/pcap/tc_udp.rb

@@ -0,0 +1,33 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/testcase'
+require 'mu/pcap'
+
+module Mu
+class Pcap
+class UDP
+
+class Test < Mu::TestCase
+    def test_basics
+        udp = UDP.new
+        udp.src_port = 0x3039
+        udp.dst_port = 0x0050
+        udp.payload = 'hello'
+        udp.payload_raw = 'hello'
+        
+        bytes =
+            "\x30\x39" + # src port
+            "\x00\x50" + # dst port
+            "\x00\x0d" + # length
+            "\x00\x00" + # checksum
+            'hello'
+        udp_in = UDP.from_bytes bytes
+        assert_equal udp_in, udp
+    end
+end
+
+end
+end
+end

data/test/mu/pcap/tc_wrapper.rb

@@ -0,0 +1,80 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/testcase'
+require 'mu/pcap/io_wrapper'
+require 'mu/pcap/io_pair'
+
+module Mu
+class Pcap
+class IOWrapper
+class Test < Mu::TestCase
+    class MessageReader 
+        def initialize msg_size=10
+            @msg_size = msg_size
+        end
+
+        def read_message! bytes, state
+            state[:bytes_read] ||= 0
+            if bytes.length >= @msg_size
+                msg = bytes.slice!(0,@msg_size)
+                msg.upcase!
+                state[:bytes_read] += @msg_size
+            end
+            msg
+        end
+
+        def record_write bytes, state
+            state[:bytes_sent] ||= 0
+            state[:bytes_sent] += bytes.size
+        end
+    end
+
+    def test_basics
+        inner, other = IOPair.stream_pair
+        wrapped = IOWrapper.new inner, MessageReader.new
+
+        # Reads
+        other.write "01234567890123"
+        assert_equal "", wrapped.unread
+        assert_equal "0123456789", wrapped.read
+        assert_equal "0123", wrapped.unread
+        assert_equal 10,  wrapped.state[:bytes_read]
+        assert_nil wrapped.read
+        other.write "456789"
+        assert_equal "0123456789", wrapped.read
+        assert_equal "", wrapped.unread
+        assert_equal 20,  wrapped.state[:bytes_read]
+        other.write "abcdefghij"
+        assert_equal "ABCDEFGHIJ", wrapped.read
+        assert_equal 30,  wrapped.state[:bytes_read]
+
+        # Writes
+        wrapped.write "hi mom"
+        assert_equal 6, wrapped.state[:bytes_sent]
+        assert_equal "hi mom", other.read
+        assert_equal "", other.read
+    end
+
+    def test_too_big_receive
+        # Message at max size.
+        inner, other = IOPair.stream_pair
+        wrapped = IOWrapper.new inner, MessageReader.new(MAX_RECEIVE_SIZE + 2)
+        big = "a" * MAX_RECEIVE_SIZE
+        other.write big
+        wrapped.read
+
+        # Message over max size.
+        too_big = big + "1"
+        other.write too_big
+        e = assert_raises(RuntimeError) do
+            wrapped.read
+        end
+        assert_match "Maximum message size (#{MAX_RECEIVE_SIZE}) exceeded", e.message
+    end
+
+end
+end
+end
+end

data/test/mu/scenario/pcap/tc_fields.rb

@@ -0,0 +1,67 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/testcase'
+require 'mu/scenario/pcap/fields'
+
+module Mu
+class Scenario
+module Pcap
+class Fields
+
+class Test < Mu::TestCase
+    TFIELDS_DATA = <<EOF
+pale ale\xffkobe burger\xffmayo
+milk shake\xffsundae\xffwhipped cream
+\xff\xff
+EOF
+
+
+    def test_basics
+        fields_save = FIELDS
+        field_count_save = FIELD_COUNT
+        Fields.const_set! :FIELDS,  [:"meal.drink", :"meal.entre", :"meal.side"]
+        Fields.const_set! :FIELD_COUNT, 3
+
+        read, write = ::IO.pipe
+        write.print TFIELDS_DATA
+
+        fields1 = Fields.next_from_io read
+        assert_equal 3, fields1.length
+        assert_equal "pale ale", fields1[:"meal.drink"]
+
+        fields2 = Fields.next_from_io read
+        assert_equal 3, fields2.length
+        assert_equal "sundae", fields2[:"meal.entre"]
+        assert_equal "whipped cream", fields2[:"meal.side"]
+
+        # nil for empty fields
+        fields3 = Fields.next_from_io read
+        assert_equal 3, fields3.length
+        assert_nil fields3[:"meal.drink"]
+        assert_nil fields3[:"meal.entre"]
+        assert_nil fields3[:"meal.side"]
+
+        # nil on timeout
+        begin
+            timeout_save = Pcap.const_get :TSHARK_READ_TIMEOUT
+            Pcap.const_set! :TSHARK_READ_TIMEOUT, 0.1
+            assert_nil Fields.next_from_io(read)
+        ensure
+            Pcap.const_set! :TSHARK_READ_TIMEOUT, timeout_save
+        end
+
+        # nil on EOFError
+        write.close
+        assert_nil Fields.next_from_io(read)
+    ensure
+        Fields.const_set! :FIELDS, fields_save if fields_save
+        Fields.const_set! :FIELD_COUNT, field_count_save if field_count_save
+    end
+end
+
+end
+end
+end
+end

data/test/mu/scenario/pcap/tc_rtp.rb

@@ -0,0 +1,135 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/testcase'
+require 'mu/scenario/pcap/rtp'
+
+module Mu
+class Scenario
+module Pcap
+module Rtp
+
+class Test < Mu::TestCase
+
+    DATA = [
+        [[:udp, 1,2,3,4], {}],
+        [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}]
+    ]
+
+    Packet = ::Struct.new :flow_id
+    def gen_packets data
+        packets = [] 
+        fields_array = []
+        data.map do |flow_id, fields|
+            packets << Packet.new(flow_id)
+            fields_array << fields
+        end
+        return packets, fields_array
+    end
+
+    def test_preprocess
+        trunc_count_save = Rtp::TRUNC_COUNT
+        Rtp.const_set! :TRUNC_COUNT, 5
+        # No truncation
+        packets, fields = gen_packets [
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}],
+            [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}],
+            [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}],
+            [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}],
+            [[:udp, 3,4,5,6], {:"rtp.setup-frame" => 1}],
+        ]
+        filter = Rtp.preprocess packets, fields
+        assert_equal 6, packets.length
+        assert_equal "not rtp", filter
+
+        # Truncate stream
+        packets, fields = gen_packets [
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+        ]
+        filter = Rtp.preprocess packets, fields
+        assert_equal TRUNC_COUNT + 1, packets.length
+        assert_equal TRUNC_COUNT + 1, fields.length
+        assert_equal "not rtp or frame.number == 2 or frame.number == 3 or frame.number == 4 or frame.number == 5 or frame.number == 6", filter
+
+        # Updated signaling resets truncation counter
+        packets, fields = gen_packets [
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], #skip
+
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}], #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "8"}], #skip
+        ]
+        filter = Rtp.preprocess packets, fields
+        assert_equal TRUNC_COUNT*2 + 2, packets.length
+        assert_equal TRUNC_COUNT*2 + 2, fields.length
+        assert_equal "not rtp or frame.number == 2 or frame.number == 3 or frame.number == 4 or frame.number == 5 or frame.number == 6 or frame.number == 9 or frame.number == 10 or frame.number == 11 or frame.number == 12 or frame.number == 13", filter
+
+        # Missing signaling (e.g. rtp not fully dissected) can be filled in. 
+        packets, fields = gen_packets [
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],  
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],  
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],  
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],  
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}], # skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}], # skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}], # skip
+        ]
+        filter = Rtp.preprocess packets, fields
+        assert_equal TRUNC_COUNT + 1, packets.length
+        assert_equal TRUNC_COUNT + 1, fields.length
+        assert_equal "not rtp or frame.number == 2 or frame.number == 3 or frame.number == 4 or frame.number == 5 or frame.number == 6", filter
+
+
+        # We don't bother trying to fill in missing signaling for
+        # first packets in stream. Just skip it.
+        packets, fields = gen_packets [
+            [[:udp, 1,2,3,4], {}],
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],   #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],   #skip
+            [[:udp, 3,4,5,6], {:rtp => "rtp", :"rtp.setup-frame" => "1"}], # keep
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],   # keep 
+            [[:udp, 3,4,5,6], {:rtp => "rtp"}],   # keep 
+        ]
+        filter = Rtp.preprocess packets, fields
+        assert_equal 4, packets.length
+        assert_equal 4, fields.length
+        assert_equal "not rtp or frame.number == 4 or frame.number == 5 or frame.number == 6", filter
+    ensure
+        Rtp.const_set! :TRUNC_COUNT, trunc_count_save if trunc_count_save
+    end
+end
+
+end
+end
+end
+end

data/test/mu/scenario/tc_pcap.rb

@@ -0,0 +1,190 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+
+require 'mu/testcase'
+require 'mu/scenario/pcap'
+
+module Mu
+class Scenario
+module Pcap
+
+class Test < Mu::TestCase
+
+    Packet = ::Struct.new(:payload, :skip)
+    class Packet
+        alias :skip? :skip
+    end
+
+    this_dir = File.dirname(File.expand_path(__FILE__))
+    PCAP_PATH = "#{this_dir}/sip_signalled_call_1.pcap"
+    File.exist?(PCAP_PATH) or raise "Test pcap not found #{PCAP_PATH}"
+
+
+    def test_validate_pcap_size
+        # Backup constants that this test alters.
+        max_size_save = Pcap::MAX_PCAP_SIZE
+        max_raw_size_save = Pcap::MAX_RAW_PCAP_SIZE
+        protos_save = Pcap::EXCLUDE_FROM_SIZE_CHECK
+        timeout_save = TSHARK_READ_TIMEOUT
+
+        # Smaller than max size.
+        size = Pcap.validate_pcap_size(PCAP_PATH)
+        assert_equal 4054, size
+
+        # Equal to max size.
+        begin
+            Pcap.const_set! :MAX_PCAP_SIZE, 4054
+            size = Pcap.validate_pcap_size(PCAP_PATH)
+            assert_equal 4054, size
+        ensure
+            Pcap.const_set! :MAX_PCAP_SIZE, max_size_save
+        end
+
+        # Bigger than max size.
+        begin
+            Pcap.const_set! :MAX_PCAP_SIZE, 4053
+            e = assert_raise PcapTooLarge do
+                Pcap.validate_pcap_size(PCAP_PATH)
+            end
+            assert e.message =~ /\b4054\b/, "Exception message should report actual size"
+        ensure
+            Pcap.const_set! :MAX_PCAP_SIZE, max_size_save
+        end
+
+        # Remove rtp from list of filtered protocols. We should report a bigger pcap now.
+        begin
+            Pcap.const_set! :EXCLUDE_FROM_SIZE_CHECK, []
+            size = Pcap.validate_pcap_size(PCAP_PATH)
+            assert_equal 4663, size
+        ensure
+            Pcap.const_set! :EXCLUDE_FROM_SIZE_CHECK, protos_save
+        end
+
+        # Add rtcp to list of filtered protocols. We should report a smaller pcap now.
+        begin
+            Pcap.const_set! :EXCLUDE_FROM_SIZE_CHECK, ['rtp', 'rtcp']
+            size = Pcap.validate_pcap_size(PCAP_PATH)
+            assert_equal 3548, size
+        ensure
+            Pcap.const_set! :EXCLUDE_FROM_SIZE_CHECK, protos_save
+        end
+        
+        # Use actual file size in the event of a tshark timeout.
+        begin
+            Pcap.const_set! :TSHARK_READ_TIMEOUT, 0
+            size = Pcap.validate_pcap_size(PCAP_PATH)
+            assert_equal File.size(PCAP_PATH), size, "should have reported actual file size on timeout"
+        ensure
+            Pcap.const_set! :TSHARK_READ_TIMEOUT, timeout_save
+        end
+
+        # Use actual file size in the event of a tshark timeout.
+        begin
+            Pcap.const_set! :MAX_RAW_PCAP_SIZE, 1
+            e = assert_raise PcapTooLarge do
+                Pcap.validate_pcap_size(PCAP_PATH)
+            end
+            assert e.message =~ /\b4054\b/, "Exception message should report actual size"
+        ensure
+            Pcap.const_set! :MAX_RAW_PCAP_SIZE, max_raw_size_save
+        end
+    ensure
+        Pcap.const_set! :TSHARK_READ_TIMEOUT, timeout_save
+        Pcap.const_set! :MAX_PCAP_SIZE, max_size_save
+        Pcap.const_set! :MAX_RAW_PCAP_SIZE, max_raw_size_save
+        Pcap.const_set! :EXCLUDE_FROM_SIZE_CHECK, protos_save
+    end
+
+    def test_export_to_archive
+        pcap_dir = File.expand_path(File.dirname(__FILE__) + "/test_data")
+        Dir.glob("#{pcap_dir}/*.pcap") do |pcap|
+            Dir.mktmpdir do |tmp|
+                Dir.chdir(tmp) do 
+                    io = Pcap.export_to_par pcap
+                    open("export.par", 'wb') do |f|
+                        while chunk = io.read(4096)
+                            f.write chunk
+                        end
+                    end
+                    # Archive file can be extracted.
+                    unzipped = system('unzip export.par > out 2>&1')
+                    assert unzipped, "failed to extract par file:\n" + File.read('out')
+
+                    # Normalized pcap is well formed.
+                    well_formed_pcap = system('tshark -r normalized.pcap > out 2>&1')
+                    assert well_formed_pcap, "Tshark did not like this pcap. Is it malformed? \n" + File.read('out')
+
+                end
+            end
+        end
+    end
+
+
+    RE_MU_RUBY_VER = /1\.8\.6/
+    def get_pcap2scenario_ruby
+        ENV['PATH'].split(":").each do |dir|
+            dir = File.expand_path dir
+            ruby = dir + '/ruby'
+            if File.file? ruby and File.executable? ruby
+                ver = `#{ruby} -v`
+                if ver =~ RE_MU_RUBY_VER
+                    return ruby
+                end
+            end
+        end
+
+        nil 
+    end
+
+    def test_archive_to_scenario
+        mu_root = ENV['MU_ROOT']
+        if not mu_root
+            warn "Skipping pcap2scenario tests because MU_ROOT is not available"
+            return
+        end
+
+        path_save = ENV['PATH']
+        ruby = get_pcap2scenario_ruby
+        assert ruby, "Could not find ruby executable that matches #{RE_MU_RUBY_VER}"
+
+        pcap_dir = File.expand_path(File.dirname(__FILE__) + "/test_data")
+        msl_dir = File.expand_path("#{mu_root}/test/mu/scenario/from_pcap")
+        Dir.glob("#{pcap_dir}/*.pcap") do |pcap|
+            expected_msl = File.basename(pcap, '.pcap') + '.msl'
+            expected_msl = File.join(msl_dir, expected_msl)
+            begin
+                Dir.mktmpdir do |tmp|
+                    Dir.chdir(tmp) do 
+                        # Get par file
+                        io = Pcap.export_to_par pcap, :isolate_l7 => true
+                        open("export.par", 'wb') do |f|
+                            while chunk = io.read(4096)
+                                f.write chunk
+                            end
+                        end
+
+                        # Create scenario from par file.
+                        created_scenario = system("#{ruby} #{mu_root}/tools/scenarios/pcap2scenario.rb -wmi export.par > scenario.msl 2> err")
+                        assert created_scenario, "Pcap2scenario failed with:\n" + File.read('err')
+
+                        # And make sure result is the same as what you get when starting from pcap.
+                        assert_files_same expected_msl, "scenario.msl" 
+
+                    end
+                end
+            rescue Exception => e
+                e.backtrace << "First pcap to failed was #{pcap}. Skipping subsequent pcaps."
+                raise e
+            end
+        end
+    end
+
+        
+
+end
+
+
+end
+end
+end