Tests: add Zeek to get passiverecon logs

test/test_masscanned.py

@@ -43,6 +43,8 @@ def setup_logs():
 
 LOG = setup_logs()
 IFACE = "tap0"
+TCPDUMP = bool(os.environ.get("USE_TCPDUMP"))
+ZEEK_PASSIVERECON = bool(os.environ.get("USE_ZEEK"))
 conf.verb = 0
 
 # prepare configuration file for masscanned
@@ -61,9 +63,27 @@ subprocess.check_call(["ip", "route", "add", "1.2.3.4/32", "via", IPV4_ADDR])
 conf.route.resync()
 
 # start capture
-tcpdump = subprocess.Popen(
+if TCPDUMP:
-    ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")]
+    tcpdump = subprocess.Popen(
-)
+        ["tcpdump", "-enli", IFACE, "-w", os.path.join(OUTDIR, "test_capture.pcap")]
+    )
+if ZEEK_PASSIVERECON:
+    zeek = subprocess.Popen(
+        [
+            "zeek",
+            "-C",
+            "-b",
+            "-i",
+            IFACE,
+            "/usr/share/ivre/zeek/ivre/passiverecon/bare.zeek",
+            "-e",
+            "redef tcp_content_deliver_all_resp = T; "
+            "redef tcp_content_deliver_all_orig = T; "
+            f"redef PassiveRecon::HONEYPOTS += {{ {IPV4_ADDR}, [{IPV6_ADDR}] }}",
+        ],
+        stdout=open("test/res/zeek_passiverecon.stdout", "w"),
+        stderr=open("test/res/zeek_passiverecon.stderr", "w"),
+    )
 # run masscanned
 masscanned = subprocess.Popen(
     [
@@ -93,6 +113,10 @@ except AssertionError:
 masscanned.kill()
 masscanned.wait()
 # terminate capture
-tcpdump.kill()
+if TCPDUMP:
-tcpdump.wait()
+    tcpdump.kill()
+    tcpdump.wait()
+if ZEEK_PASSIVERECON:
+    zeek.kill()
+    zeek.wait()
 sys.exit(result)