From a7fb278710a5f1e9c85c084ed86d090b20af5eda Mon Sep 17 00:00:00 2001 From: Pierre LALET Date: Tue, 15 May 2018 18:15:17 +0200 Subject: [PATCH] Add tests for ARP in 802.11 (w & w/o RadioTAP) --- .../scripts.base.protocols.arp.radiotap/.stdout | 2 ++ .../scripts.base.protocols.arp.wlanmon/.stdout | 2 ++ testing/btest/Traces/arp-who-has-radiotap.pcap | Bin 0 -> 294 bytes testing/btest/Traces/arp-who-has-wlanmon.pcap | Bin 0 -> 198 bytes .../scripts/base/protocols/arp/radiotap.test | 13 +++++++++++++ .../btest/scripts/base/protocols/arp/wlanmon.test | 13 +++++++++++++ 6 files changed, 30 insertions(+) create mode 100644 testing/btest/Baseline/scripts.base.protocols.arp.radiotap/.stdout create mode 100644 testing/btest/Baseline/scripts.base.protocols.arp.wlanmon/.stdout create mode 100644 testing/btest/Traces/arp-who-has-radiotap.pcap create mode 100644 testing/btest/Traces/arp-who-has-wlanmon.pcap create mode 100644 testing/btest/scripts/base/protocols/arp/radiotap.test create mode 100644 testing/btest/scripts/base/protocols/arp/wlanmon.test diff --git a/testing/btest/Baseline/scripts.base.protocols.arp.radiotap/.stdout b/testing/btest/Baseline/scripts.base.protocols.arp.radiotap/.stdout new file mode 100644 index 0000000000..d45f9ba0d7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.arp.radiotap/.stdout @@ -0,0 +1,2 @@ +78:31:c1:c6:3f:c2, ff:ff:ff:ff:ff:ff, 10.0.0.2, 78:31:c1:c6:3f:c2, 10.0.0.1, 00:00:00:00:00:00 +f8:ed:a5:c0:a4:f1, 78:31:c1:c6:3f:c2, 10.0.0.1, f8:ed:a5:c0:a4:f1, 10.0.0.2, 78:31:c1:c6:3f:c2 diff --git a/testing/btest/Baseline/scripts.base.protocols.arp.wlanmon/.stdout b/testing/btest/Baseline/scripts.base.protocols.arp.wlanmon/.stdout new file mode 100644 index 0000000000..d45f9ba0d7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.arp.wlanmon/.stdout @@ -0,0 +1,2 @@ +78:31:c1:c6:3f:c2, ff:ff:ff:ff:ff:ff, 10.0.0.2, 78:31:c1:c6:3f:c2, 10.0.0.1, 00:00:00:00:00:00 +f8:ed:a5:c0:a4:f1, 78:31:c1:c6:3f:c2, 10.0.0.1, f8:ed:a5:c0:a4:f1, 10.0.0.2, 78:31:c1:c6:3f:c2 diff --git a/testing/btest/Traces/arp-who-has-radiotap.pcap b/testing/btest/Traces/arp-who-has-radiotap.pcap new file mode 100644 index 0000000000000000000000000000000000000000..0ceda7a7ed98088a69c48e852953057ae1acdc4b GIT binary patch literal 294 zcmca|c+)~A1{MYw`2U}Qp&rOtt#di_#33$*JRo~2SkizYn?r`-VPaSqh%3ObMAU(C z+hRsPlj#nOj6hzFk~||j10z^1149R+4nvoy$n2;G6N((BZ~N+^&Ae)LuK)uZ!>U!x zKs6j}42&EMY%C0n6@~|o*#m82V1j4`vKT?O*QIhZGysJ@frTNqGqHpt*?ttmc91_n oxP!@n0b(!24G`NMfHG*dGyQnG^uUsjAUo0B0aOeI^4tmM00c)rGXMYp literal 0 HcmV?d00001 diff --git a/testing/btest/Traces/arp-who-has-wlanmon.pcap b/testing/btest/Traces/arp-who-has-wlanmon.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f2e6e2fc80f5474fbee269bf368bc386dee6e1c4 GIT binary patch literal 198 zcmca|c+)~A1{MYw`2U}QArr`%$oe}JNT$a5#00|1?jE^7b) literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/arp/radiotap.test b/testing/btest/scripts/base/protocols/arp/radiotap.test new file mode 100644 index 0000000000..95ce471532 --- /dev/null +++ b/testing/btest/scripts/base/protocols/arp/radiotap.test @@ -0,0 +1,13 @@ +# @TEST-EXEC: bro -r $TRACES/arp-who-has-radiotap.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout + +event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) + { + print mac_src, mac_dst, SPA, SHA, TPA, THA; + } + +event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) + { + print mac_src, mac_dst, SPA, SHA, TPA, THA; + } + diff --git a/testing/btest/scripts/base/protocols/arp/wlanmon.test b/testing/btest/scripts/base/protocols/arp/wlanmon.test new file mode 100644 index 0000000000..7f909eac4f --- /dev/null +++ b/testing/btest/scripts/base/protocols/arp/wlanmon.test @@ -0,0 +1,13 @@ +# @TEST-EXEC: bro -r $TRACES/arp-who-has-wlanmon.pcap %INPUT +# @TEST-EXEC: btest-diff .stdout + +event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) + { + print mac_src, mac_dst, SPA, SHA, TPA, THA; + } + +event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) + { + print mac_src, mac_dst, SPA, SHA, TPA, THA; + } +