diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake index c0c37d71bb..fe1e6c20e2 100644 --- a/doc/scripts/DocSourcesList.cmake +++ b/doc/scripts/DocSourcesList.cmake @@ -19,28 +19,31 @@ rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro) rest_target(${psd} bro.init) -rest_target(${psd} functions.bro) rest_target(${psd} site.bro) -rest_target(${psd} detectors/http-MHR.bro) +rest_target(${psd} frameworks/cluster/base/main.bro) +rest_target(${psd} frameworks/cluster/base/node/manager.bro) +rest_target(${psd} frameworks/cluster/base/node/proxy.bro) +rest_target(${psd} frameworks/cluster/base/node/worker.bro) +rest_target(${psd} frameworks/cluster/base/setup-connections.bro) -rest_target(${psd} frameworks/communication/base.bro) +rest_target(${psd} frameworks/communication/base/main.bro) rest_target(${psd} frameworks/communication/listen-clear.bro) rest_target(${psd} frameworks/communication/listen-ssl.bro) -rest_target(${psd} frameworks/dpd/base.bro) +rest_target(${psd} frameworks/dpd/base/main.bro) rest_target(${psd} frameworks/dpd/packet-segment-logging.bro) +rest_target(${psd} frameworks/dpd/detect-protocols.bro) rest_target(${psd} frameworks/intel/base.bro) rest_target(${psd} frameworks/logging/base.bro) rest_target(${psd} frameworks/logging/plugins/ascii.bro) -rest_target(${psd} frameworks/metrics/base.bro) +rest_target(${psd} frameworks/metrics/base/main.bro) rest_target(${psd} frameworks/metrics/conn-example.bro) rest_target(${psd} frameworks/metrics/http-example.bro) -rest_target(${psd} frameworks/notice/action-filters.bro) rest_target(${psd} frameworks/notice/base.bro) rest_target(${psd} frameworks/notice/weird.bro) @@ -49,23 +52,25 @@ rest_target(${psd} frameworks/packet-filter/netstats.bro) rest_target(${psd} frameworks/signatures/base.bro) -rest_target(${psd} frameworks/software/base.bro) +rest_target(${psd} frameworks/software/base/main.bro) rest_target(${psd} frameworks/software/vulnerable.bro) rest_target(${psd} integration/barnyard2/base.bro) rest_target(${psd} integration/barnyard2/event.bro) rest_target(${psd} integration/barnyard2/types.bro) -rest_target(${psd} protocols/conn/base.bro) -rest_target(${psd} protocols/conn/contents.bro) -rest_target(${psd} protocols/conn/inactivity.bro) -rest_target(${psd} protocols/conn/known-hosts.bro) -rest_target(${psd} protocols/conn/known-services.bro) +rest_target(${psd} misc/loaded-scripts.bro) +rest_target(${psd} protocols/conn/base/main.bro) +rest_target(${psd} protocols/conn/base/contents.bro) +rest_target(${psd} protocols/conn/base/inactivity.bro) +rest_target(${psd} protocols/conn/base/known-hosts.bro) +rest_target(${psd} protocols/conn/base/known-services.bro) + +rest_target(${psd} protocols/dns/base/main.bro) +rest_target(${psd} protocols/dns/base/consts.bro) +rest_target(${psd} protocols/dns/base/detect.bro) rest_target(${psd} protocols/dns/auth-addl.bro) -rest_target(${psd} protocols/dns/base.bro) -rest_target(${psd} protocols/dns/consts.bro) -rest_target(${psd} protocols/dns/detect.bro) rest_target(${psd} protocols/ftp/base.bro) rest_target(${psd} protocols/ftp/detect.bro) @@ -73,16 +78,17 @@ rest_target(${psd} protocols/ftp/file-extract.bro) rest_target(${psd} protocols/ftp/software.bro) rest_target(${psd} protocols/ftp/utils-commands.bro) -rest_target(${psd} protocols/http/base.bro) -rest_target(${psd} protocols/http/detect-intel.bro) -rest_target(${psd} protocols/http/detect-sqli.bro) -rest_target(${psd} protocols/http/detect-webapps.bro) -rest_target(${psd} protocols/http/file-extract.bro) -rest_target(${psd} protocols/http/file-hash.bro) -rest_target(${psd} protocols/http/file-ident.bro) +rest_target(${psd} protocols/http/base/main.bro) +rest_target(${psd} protocols/http/base/detect-intel.bro) +rest_target(${psd} protocols/http/base/detect-sqli.bro) +rest_target(${psd} protocols/http/base/file-extract.bro) +rest_target(${psd} protocols/http/base/file-hash.bro) +rest_target(${psd} protocols/http/base/file-ident.bro) +rest_target(${psd} protocols/http/base/software.bro) +rest_target(${psd} protocols/http/base/utils.bro) + rest_target(${psd} protocols/http/headers.bro) -rest_target(${psd} protocols/http/software.bro) -rest_target(${psd} protocols/http/utils.bro) +rest_target(${psd} protocols/http/detect-webapps.bro) rest_target(${psd} protocols/http/var-extraction-cookies.bro) rest_target(${psd} protocols/http/var-extraction-uri.bro) @@ -96,9 +102,9 @@ rest_target(${psd} protocols/mime/file-ident.bro) rest_target(${psd} protocols/rpc/base.bro) -rest_target(${psd} protocols/smtp/base.bro) -rest_target(${psd} protocols/smtp/detect.bro) -rest_target(${psd} protocols/smtp/software.bro) +rest_target(${psd} protocols/smtp/base/main.bro) +rest_target(${psd} protocols/smtp/base/detect.bro) +rest_target(${psd} protocols/smtp/base/software.bro) rest_target(${psd} protocols/ssh/base.bro) rest_target(${psd} protocols/ssh/software.bro) diff --git a/doc/scripts/example.bro b/doc/scripts/example.bro index 0699cc7237..f4888cec54 100644 --- a/doc/scripts/example.bro +++ b/doc/scripts/example.bro @@ -42,7 +42,7 @@ # is taken as the summary text for a given identifier. # @load directives are self-documenting -@load notice +@load frameworks/notice # "module" statements are self-documenting module Example; diff --git a/policy/all.bro b/policy/all.bro index c29e23bfc6..72fe661003 100644 --- a/policy/all.bro +++ b/policy/all.bro @@ -20,4 +20,4 @@ @load tuning/defaults -@load support/loaded-scripts +@load misc/loaded-scripts diff --git a/policy/frameworks/cluster/base/__load__.bro b/policy/frameworks/cluster/base/__load__.bro index 8e97e7f6ec..1298861957 100644 --- a/policy/frameworks/cluster/base/__load__.bro +++ b/policy/frameworks/cluster/base/__load__.bro @@ -1,7 +1,8 @@ -@load frameworks/cluster/base/main - @if ( Cluster::node != "" ) +# Load the core cluster support. +@load frameworks/cluster/base/main + # Only load the communication framework if it really looks like someone is # trying to start up a cluster node. @load frameworks/communication diff --git a/policy/frameworks/cluster/base/main.bro b/policy/frameworks/cluster/base/main.bro index b3a29b67fa..00a133010a 100644 --- a/policy/frameworks/cluster/base/main.bro +++ b/policy/frameworks/cluster/base/main.bro @@ -59,6 +59,12 @@ export { const node = getenv("CLUSTER_NODE") &redef; } +# Give the node being started up it's peer name. +redef peer_description = Cluster::node; + +## Set the port that this node is supposed to listen on. +redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; + event bro_init() { if ( node != "" && node !in nodes ) diff --git a/policy/frameworks/cluster/base/node/manager.bro b/policy/frameworks/cluster/base/node/manager.bro index 2f416c2432..2618a8d4f0 100644 --- a/policy/frameworks/cluster/base/node/manager.bro +++ b/policy/frameworks/cluster/base/node/manager.bro @@ -9,29 +9,18 @@ ##! This is where the cluster manager sets it's specific settings for other ##! frameworks and in the core. -## Set the port that the manager is supposed to listen on. -redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; - ## Turn off remote logging since this is the manager and should only log here. redef Log::enable_remote_logging = F; -## Make the logging framework's default log rotation 1 hour. -redef Log::default_rotation_interval = 1hr; - ## Use the cluster's archive logging script. redef Log::default_rotation_postprocessor = "archive-log"; ## The cluster manager does not capture packets. redef interfaces = ""; -## Set the name for the manager. -redef peer_description = Cluster::node; - ## We're processing essentially *only* remote events. redef max_remote_events_processed = 10000; -module Cluster; - # Reraise remote notices locally. event Notice::notice(n: Notice::Info) { diff --git a/policy/frameworks/cluster/base/node/proxy.bro b/policy/frameworks/cluster/base/node/proxy.bro index 05bd8be604..6051e5c7ab 100644 --- a/policy/frameworks/cluster/base/node/proxy.bro +++ b/policy/frameworks/cluster/base/node/proxy.bro @@ -1,7 +1,4 @@ -## Communication port setup. -redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; - ## No packet capture on proxy. redef interfaces = ""; @@ -15,12 +12,6 @@ redef Log::enable_local_logging = F; ## Make sure that remote logging is enabled. redef Log::enable_remote_logging = T; -## Make the logging framework's default log rotation 1 hour. -redef Log::default_rotation_interval = 1hr; - ## Use the cluster's delete-log script. redef Log::default_rotation_postprocessor = "delete-log"; -## Set our name. -redef peer_description = Cluster::node; - diff --git a/policy/frameworks/cluster/base/node/worker.bro b/policy/frameworks/cluster/base/node/worker.bro index c3dbaa6ff4..517287372e 100644 --- a/policy/frameworks/cluster/base/node/worker.bro +++ b/policy/frameworks/cluster/base/node/worker.bro @@ -1,22 +1,13 @@ -## Set the port that this worker is supposed to listen on. -redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; - ## Don't do any local logging. -redef Log::enable_local_logging = T; +redef Log::enable_local_logging = F; ## Make sure that remote logging is enabled. redef Log::enable_remote_logging = T; -## Make the logging framework's default log rotation 1 hour. -redef Log::default_rotation_interval = 1hr; - ## Use the cluster's delete-log script. redef Log::default_rotation_postprocessor = "delete-log"; -## Give the worker a name. -redef peer_description = Cluster::node; - ## Record all packets into trace file. # TODO: should we really be setting this to T? redef record_all_packets = T; diff --git a/policy/support/loaded-scripts.bro b/policy/misc/loaded-scripts.bro similarity index 100% rename from policy/support/loaded-scripts.bro rename to policy/misc/loaded-scripts.bro diff --git a/policy/misc/remote/__load__.bro b/policy/misc/remote/__load__.bro new file mode 100644 index 0000000000..052015a7c7 --- /dev/null +++ b/policy/misc/remote/__load__.bro @@ -0,0 +1 @@ +@load frameworks/communication/events \ No newline at end of file diff --git a/policy/support/remote/analysis-groups.bro b/policy/misc/remote/analysis-groups.bro similarity index 100% rename from policy/support/remote/analysis-groups.bro rename to policy/misc/remote/analysis-groups.bro diff --git a/policy/support/remote/config.bro b/policy/misc/remote/config.bro similarity index 100% rename from policy/support/remote/config.bro rename to policy/misc/remote/config.bro diff --git a/policy/support/remote/events.bro b/policy/misc/remote/events.bro similarity index 100% rename from policy/support/remote/events.bro rename to policy/misc/remote/events.bro diff --git a/policy/protocols/http/__load__.bro b/policy/protocols/http/__load__.bro index eb810320bf..1d68cf3b40 100644 --- a/policy/protocols/http/__load__.bro +++ b/policy/protocols/http/__load__.bro @@ -1,11 +1,4 @@ ##! This script is the wrapper script for HTTP analysis. ##! :Author: Seth Hall - Inspired by the work of many others. -@load protocols/http/base/main - -#@load protocols/http/detect-MHR -#@load protocols/http/headers - -# Disabling web app detection for now. It's too intense and will probably -# be moved out of the core http protocol support later. -#@load http/detect-webapps \ No newline at end of file +@load protocols/http/base \ No newline at end of file diff --git a/policy/protocols/http/base/detect-intel.bro b/policy/protocols/http/base/detect-intel.bro index 02b3af570d..f1c5640881 100644 --- a/policy/protocols/http/base/detect-intel.bro +++ b/policy/protocols/http/base/detect-intel.bro @@ -1,7 +1,7 @@ ##! Intelligence based HTTP detections. -@load intel -@load http/utils +@load frameworks/intel +@load protocols/http/base/utils module HTTP; diff --git a/policy/protocols/http/base/detect-sqli.bro b/policy/protocols/http/base/detect-sqli.bro index c04419a16f..4c91d7e097 100644 --- a/policy/protocols/http/base/detect-sqli.bro +++ b/policy/protocols/http/base/detect-sqli.bro @@ -1,7 +1,6 @@ ##! SQL injection detection in HTTP. -@load http/base -@load metrics +@load frameworks/metrics module HTTP; diff --git a/policy/protocols/http/base/file-extract.bro b/policy/protocols/http/base/file-extract.bro index c53bdd0056..66bb2dcb75 100644 --- a/policy/protocols/http/base/file-extract.bro +++ b/policy/protocols/http/base/file-extract.bro @@ -1,7 +1,7 @@ ##! Extracts the items from HTTP traffic, one per file. At this time only ##! the message body from the server can be extracted with this script. -@load http/file-ident +@load protocols/http @load utils/files module HTTP; diff --git a/policy/protocols/http/base/file-hash.bro b/policy/protocols/http/base/file-hash.bro index b32bba65e3..bbfc5cefbc 100644 --- a/policy/protocols/http/base/file-hash.bro +++ b/policy/protocols/http/base/file-hash.bro @@ -1,7 +1,6 @@ ##! Calculate hashes for HTTP body transfers. -@load http/file-ident -@load notice +@load protocols/http module HTTP; diff --git a/policy/protocols/http/base/file-ident.bro b/policy/protocols/http/base/file-ident.bro index 37910d60eb..b723550bd5 100644 --- a/policy/protocols/http/base/file-ident.bro +++ b/policy/protocols/http/base/file-ident.bro @@ -1,13 +1,12 @@ ##! This script is involved in the identification of file types in HTTP ##! response bodies. -@load http/base -@load http/utils +@load protocols/http -@load notice -@load signatures +@load frameworks/notice +@load frameworks/signatures -redef signature_files += "protocols/http/file-ident.sig"; +redef signature_files += "protocols/http/base/file-ident.sig"; # Ignore the signatures used to match files redef Signatures::ignored_ids += /^matchfile-/; diff --git a/policy/protocols/http/base/software.bro b/policy/protocols/http/base/software.bro index 136d573f3c..3079fd63e5 100644 --- a/policy/protocols/http/base/software.bro +++ b/policy/protocols/http/base/software.bro @@ -1,7 +1,7 @@ ##! Software identification and extraction for HTTP traffic. -@load http/base -@load software +@load protocols/http +@load frameworks/software module HTTP; diff --git a/policy/protocols/http/base/utils.bro b/policy/protocols/http/base/utils.bro index 1689503ac0..ba3fb6f3d0 100644 --- a/policy/protocols/http/base/utils.bro +++ b/policy/protocols/http/base/utils.bro @@ -1,7 +1,5 @@ ##! Utilities specific for HTTP processing. -@load http/base - module HTTP; export { diff --git a/policy/support/remote/__load__.bro b/policy/support/remote/__load__.bro deleted file mode 100644 index b97af39388..0000000000 --- a/policy/support/remote/__load__.bro +++ /dev/null @@ -1 +0,0 @@ -@load support/remote/events \ No newline at end of file diff --git a/testing/btest/Baseline/core.load-pkg/loaded_scripts.log b/testing/btest/Baseline/core.load-pkg/loaded_scripts.log new file mode 100644 index 0000000000..3826ac83b3 --- /dev/null +++ b/testing/btest/Baseline/core.load-pkg/loaded_scripts.log @@ -0,0 +1,24 @@ +# depth name +0 /Users/seth/bro.git9/policy/bro.init +1 /Users/seth/bro.git9/build/src/const.bif.bro +1 /Users/seth/bro.git9/build/src/types.bif.bro +1 /Users/seth/bro.git9/build/src/strings.bif.bro +1 /Users/seth/bro.git9/build/src/bro.bif.bro +1 /Users/seth/bro.git9/build/src/reporter.bif.bro +1 /Users/seth/bro.git9/build/src/event.bif.bro +1 /Users/seth/bro.git9/policy/site.bro +2 /Users/seth/bro.git9/policy/utils/pattern.bro +1 /Users/seth/bro.git9/policy/frameworks/logging/__load__.bro +2 /Users/seth/bro.git9/policy/frameworks/logging/base.bro +3 /Users/seth/bro.git9/build/src/logging.bif.bro +2 /Users/seth/bro.git9/policy/frameworks/logging/plugins/ascii.bro +1 /Users/seth/bro.git9/policy/frameworks/packet-filter/__load__.bro +2 /Users/seth/bro.git9/policy/frameworks/packet-filter/base.bro +3 /Users/seth/bro.git9/policy/frameworks/notice/__load__.bro +4 /Users/seth/bro.git9/policy/frameworks/notice/base.bro +4 /Users/seth/bro.git9/policy/frameworks/notice/weird.bro +5 /Users/seth/bro.git9/policy/utils/conn_ids.bro +2 /Users/seth/bro.git9/policy/frameworks/packet-filter/netstats.bro +0 /Users/seth/bro.git9/policy/misc/loaded-scripts.bro +0 ./foo/__load__.bro +1 ./foo/test.bro diff --git a/testing/btest/Baseline/core.load-unload/loaded_scripts.log b/testing/btest/Baseline/core.load-unload/loaded_scripts.log new file mode 100644 index 0000000000..ea8d1f2862 --- /dev/null +++ b/testing/btest/Baseline/core.load-unload/loaded_scripts.log @@ -0,0 +1,24 @@ +# depth name +0 /Users/seth/bro.git9/policy/bro.init +1 /Users/seth/bro.git9/build/src/const.bif.bro +1 /Users/seth/bro.git9/build/src/types.bif.bro +1 /Users/seth/bro.git9/build/src/strings.bif.bro +1 /Users/seth/bro.git9/build/src/bro.bif.bro +1 /Users/seth/bro.git9/build/src/reporter.bif.bro +1 /Users/seth/bro.git9/build/src/event.bif.bro +1 /Users/seth/bro.git9/policy/site.bro +2 /Users/seth/bro.git9/policy/utils/pattern.bro +1 /Users/seth/bro.git9/policy/frameworks/logging/__load__.bro +2 /Users/seth/bro.git9/policy/frameworks/logging/base.bro +3 /Users/seth/bro.git9/build/src/logging.bif.bro +2 /Users/seth/bro.git9/policy/frameworks/logging/plugins/ascii.bro +1 /Users/seth/bro.git9/policy/frameworks/packet-filter/__load__.bro +2 /Users/seth/bro.git9/policy/frameworks/packet-filter/base.bro +3 /Users/seth/bro.git9/policy/frameworks/notice/__load__.bro +4 /Users/seth/bro.git9/policy/frameworks/notice/base.bro +4 /Users/seth/bro.git9/policy/frameworks/notice/weird.bro +5 /Users/seth/bro.git9/policy/utils/conn_ids.bro +2 /Users/seth/bro.git9/policy/frameworks/packet-filter/netstats.bro +0 /Users/seth/bro.git9/testing/btest/.tmp/core.load-unload/load-unload.bro +1 ./dontloadmebro.bro +0 /Users/seth/bro.git9/policy/misc/loaded-scripts.bro diff --git a/testing/btest/core/conn-uid.bro b/testing/btest/core/conn-uid.bro index 491b4f3005..67b2dc0234 100644 --- a/testing/btest/core/conn-uid.bro +++ b/testing/btest/core/conn-uid.bro @@ -1,23 +1,23 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn >output +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # -# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT conn >output2 +# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn >output2 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts # # Make sure it works without the connection compressor as well. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn use_connection_compressor=F >output.cc +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn use_connection_compressor=F >output.cc # @TEST-EXEC: btest-diff output.cc # # Make sure it works with the full connection compressor as well. # -# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn cc_handle_only_syns=F >output.cc2 +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn cc_handle_only_syns=F >output.cc2 # @TEST-EXEC: btest-diff output.cc2 diff --git a/testing/btest/core/load-normalization.bro b/testing/btest/core/load-normalization.bro index ff9ad3fb52..e5dd365838 100644 --- a/testing/btest/core/load-normalization.bro +++ b/testing/btest/core/load-normalization.bro @@ -3,11 +3,11 @@ # @TEST-EXEC: mkdir -p foo/bar # @TEST-EXEC: echo "@load bar/test" >loader.bro # @TEST-EXEC: cp %INPUT foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test.bro -# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader `pwd`/foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader foo/bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader `pwd`/foo/bar/test.bro type Test: enum { TEST, diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.bro index 8b23d3cda2..9cb67b1ed3 100644 --- a/testing/btest/core/load-pkg.bro +++ b/testing/btest/core/load-pkg.bro @@ -1,7 +1,8 @@ # @TEST-EXEC: mkdir foo # @TEST-EXEC: echo "@load foo/test.bro" >foo/__load__.bro # @TEST-EXEC: cp %INPUT foo/test.bro -# @TEST-EXEC: bro -l foo >output +# @TEST-EXEC: bro misc/loaded-scripts foo >output # @TEST-EXEC: btest-diff output +# @TEST-EXEC: btest-diff loaded_scripts.log print "Foo loaded"; diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.bro index 1cf637704c..cab7fd1414 100644 --- a/testing/btest/core/load-unload.bro +++ b/testing/btest/core/load-unload.bro @@ -1,7 +1,8 @@ # This tests the @unload directive # # @TEST-EXEC: echo 'print "oops12345";' >dontloadmebro.bro -# @TEST-EXEC: bro -l %INPUT dontloadmebro >output +# @TEST-EXEC: bro %INPUT misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output +# @TEST-EXEC: btest-diff loaded_scripts.log @unload dontloadmebro diff --git a/testing/btest/core/print-bpf-filters-ipv4.bro b/testing/btest/core/print-bpf-filters-ipv4.bro index acfeebe21e..aa1f270605 100644 --- a/testing/btest/core/print-bpf-filters-ipv4.bro +++ b/testing/btest/core/print-bpf-filters-ipv4.bro @@ -2,11 +2,11 @@ # # @TEST-EXEC: bro -e '' >output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro PacketFilter::all_packets=F ssh >>output +# @TEST-EXEC: bro PacketFilter::all_packets=F protocols/ssh >>output # @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: bro -f "port 42" -e '' >>output # @TEST-EXEC: cat packet_filter.log >>output -# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace conn >>output +# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace protocols/conn >>output # @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/vlan-mpls.bro b/testing/btest/core/vlan-mpls.bro index c7553e200a..7d877eaf7a 100644 --- a/testing/btest/core/vlan-mpls.bro +++ b/testing/btest/core/vlan-mpls.bro @@ -1,2 +1,2 @@ -# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace conn +# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace protocols/conn # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index 5f05e60094..7cf4387780 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -16,8 +16,8 @@ @TEST-START-FILE sender.bro -@load http/base -@load communication/listen-ssl +@load protocols/http +@load frameworks/communication/listen-ssl event bro_init() { @@ -41,8 +41,8 @@ redef ssl_passphrase = "my-password"; @TEST-START-FILE receiver.bro -@load http/base -@load communication +@load protocols/http +@load frameworks/communication event bro_init() { diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index 33dcc01b13..8f5f538b70 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -7,8 +7,8 @@ # @TEST-EXEC: btest-diff receiver/http.log # @TEST-EXEC: cmp sender/http.log receiver/http.log # -# @TEST-EXEC: bro -x sender/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log -# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log +# @TEST-EXEC: bro -x sender/events.bst protocols/http | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log +# @TEST-EXEC: bro -x receiver/events.bst protocols/http | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log # @TEST-EXEC: cmp events.rec.log events.snd.log # # We don't compare the transmitted event paramerters anymore. With the dynamic @@ -16,8 +16,8 @@ @TEST-START-FILE sender.bro -@load http/base -@load communication/listen-clear +@load protocols/http +@load frameworks/communication/listen-clear event bro_init() { @@ -37,8 +37,8 @@ redef tcp_close_delay = 0secs; @TEST-START-FILE receiver.bro -@load http/base -@load communication +@load protocols/http +@load frameworks/communication event bro_init() { diff --git a/testing/btest/istate/sync.bro b/testing/btest/istate/sync.bro index d04c11ee3e..21e963accf 100644 --- a/testing/btest/istate/sync.bro +++ b/testing/btest/istate/sync.bro @@ -133,7 +133,7 @@ function modify() foo2 = 1234567; } -@load communication/listen-clear +@load frameworks/communication/listen-clear event remote_connection_handshake_done(p: event_peer) { @@ -151,7 +151,7 @@ redef Communication::nodes += { @TEST-START-FILE receiver.bro -@load communication +@load frameworks/communication event bro_init() { diff --git a/testing/btest/policy/frameworks/intel/insert-and-matcher.bro b/testing/btest/policy/frameworks/intel/insert-and-matcher.bro index bf8cd10e75..0b2b806d76 100644 --- a/testing/btest/policy/frameworks/intel/insert-and-matcher.bro +++ b/testing/btest/policy/frameworks/intel/insert-and-matcher.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: btest-diff out -@load intel +@load frameworks/intel event bro_init() { diff --git a/testing/btest/policy/frameworks/logging/adapt-filter.bro b/testing/btest/policy/frameworks/logging/adapt-filter.bro index 6312e4c106..7036c907a8 100644 --- a/testing/btest/policy/frameworks/logging/adapt-filter.bro +++ b/testing/btest/policy/frameworks/logging/adapt-filter.bro @@ -5,8 +5,6 @@ module SSH; -@load logging - export { # Create a new ID for our log stream redef enum Log::ID += { SSH }; diff --git a/testing/btest/policy/frameworks/logging/ascii-empty.bro b/testing/btest/policy/frameworks/logging/ascii-empty.bro index 8aead35901..44db69ac60 100644 --- a/testing/btest/policy/frameworks/logging/ascii-empty.bro +++ b/testing/btest/policy/frameworks/logging/ascii-empty.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro %INPUT # @TEST-EXEC: btest-diff ssh.log -@load logging/plugins/ascii +@load frameworks/logging/plugins/ascii redef LogAscii::output_to_stdout = F; redef LogAscii::separator = "|"; diff --git a/testing/btest/policy/frameworks/logging/ascii-options.bro b/testing/btest/policy/frameworks/logging/ascii-options.bro index caf834a83d..2a5b121c8a 100644 --- a/testing/btest/policy/frameworks/logging/ascii-options.bro +++ b/testing/btest/policy/frameworks/logging/ascii-options.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro %INPUT # @TEST-EXEC: btest-diff ssh.log -@load logging/plugins/ascii +@load frameworks/logging/plugins/ascii redef LogAscii::output_to_stdout = F; redef LogAscii::separator = "|"; diff --git a/testing/btest/policy/frameworks/logging/events.bro b/testing/btest/policy/frameworks/logging/events.bro index 101b13b095..0ca7752acf 100644 --- a/testing/btest/policy/frameworks/logging/events.bro +++ b/testing/btest/policy/frameworks/logging/events.bro @@ -4,8 +4,6 @@ module SSH; -@load logging - export { # Create a new ID for our log stream redef enum Log::ID += { SSH }; diff --git a/testing/btest/policy/frameworks/logging/path-func.bro b/testing/btest/policy/frameworks/logging/path-func.bro index b744057a84..760bb81e4a 100644 --- a/testing/btest/policy/frameworks/logging/path-func.bro +++ b/testing/btest/policy/frameworks/logging/path-func.bro @@ -5,8 +5,6 @@ module SSH; -@load logging - export { # Create a new ID for our log stream redef enum Log::ID += { SSH }; diff --git a/testing/btest/policy/frameworks/logging/pred.bro b/testing/btest/policy/frameworks/logging/pred.bro index eb1a02cf08..dc7653e24d 100644 --- a/testing/btest/policy/frameworks/logging/pred.bro +++ b/testing/btest/policy/frameworks/logging/pred.bro @@ -5,8 +5,6 @@ module SSH; -@load logging - export { # Create a new ID for our log stream redef enum Log::ID += { SSH }; diff --git a/testing/btest/policy/frameworks/logging/remote-types.bro b/testing/btest/policy/frameworks/logging/remote-types.bro index 95088b257c..0d6dfbb0c9 100644 --- a/testing/btest/policy/frameworks/logging/remote-types.bro +++ b/testing/btest/policy/frameworks/logging/remote-types.bro @@ -51,7 +51,7 @@ event bro_init() module SSH; -@load communication/listen-clear +@load frameworks/communication/listen-clear event remote_connection_handshake_done(p: event_peer) { @@ -84,7 +84,7 @@ event remote_connection_handshake_done(p: event_peer) ##### -@load communication +@load frameworks/communication redef Communication::nodes += { ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T] diff --git a/testing/btest/policy/frameworks/logging/remote.bro b/testing/btest/policy/frameworks/logging/remote.bro index b148b66c1a..e389e6be6b 100644 --- a/testing/btest/policy/frameworks/logging/remote.bro +++ b/testing/btest/policy/frameworks/logging/remote.bro @@ -40,7 +40,7 @@ event bro_init() module SSH; -@load communication/listen-clear +@load frameworks/communication/listen-clear function fail(rec: Log): bool { @@ -68,7 +68,7 @@ event remote_connection_handshake_done(p: event_peer) ##### -@load communication +@load frameworks/communication redef Communication::nodes += { ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T] diff --git a/testing/btest/policy/misc/testing-coverage.bro b/testing/btest/policy/misc/testing-coverage.bro index 83a6783bcf..c5898f9f65 100644 --- a/testing/btest/policy/misc/testing-coverage.bro +++ b/testing/btest/policy/misc/testing-coverage.bro @@ -2,5 +2,5 @@ # scripts loaded there actually exist. @TEST-EXEC: ( cd $DIST/policy && find . -name '*.bro' ) | sort >"all scripts found" -@TEST-EXEC: cat $DIST/policy/test-all.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all.bro +@TEST-EXEC: cat $DIST/policy/test-all.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all.bro @TEST-EXEC: diff -u "all scripts found" test-all.bro 1>&2 diff --git a/testing/btest/policy/protocols/conn/known-hosts.bro b/testing/btest/policy/protocols/conn/known-hosts.bro index 668887cb3c..38b44f21a4 100644 --- a/testing/btest/policy/protocols/conn/known-hosts.bro +++ b/testing/btest/policy/protocols/conn/known-hosts.bro @@ -15,7 +15,6 @@ # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_hosts.log -@load conn/known-hosts -@load site +@load protocols/conn redef Site::local_nets += {141.142.0.0/16}; diff --git a/testing/btest/policy/protocols/conn/known-services.bro b/testing/btest/policy/protocols/conn/known-services.bro index b7f968a793..0eaa3816d2 100644 --- a/testing/btest/policy/protocols/conn/known-services.bro +++ b/testing/btest/policy/protocols/conn/known-services.bro @@ -15,10 +15,9 @@ # @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_services.log -@load conn/known-services -@load http -@load ssh -@load ftp -@load site +@load protocols/conn +@load protocols/http +@load protocols/ssh +@load protocols/ftp redef Site::local_nets += {172.16.238.0/24}; diff --git a/testing/btest/policy/protocols/dns/event-priority.bro b/testing/btest/policy/protocols/dns/event-priority.bro index 4ddfe18af9..03a46fb6c5 100644 --- a/testing/btest/policy/protocols/dns/event-priority.bro +++ b/testing/btest/policy/protocols/dns/event-priority.bro @@ -1,5 +1,5 @@ # @TEST-EXEC: bro -r $TRACES/dns-session.trace %INPUT # @TEST-EXEC: btest-diff dns.log -@load dns -@load dns/auth-addl +@load protocols/dns +@load protocols/dns/auth-addl diff --git a/testing/btest/policy/protocols/http/http-header-crlf.bro b/testing/btest/policy/protocols/http/http-header-crlf.bro index 36038df3a2..3ebec4367d 100644 --- a/testing/btest/policy/protocols/http/http-header-crlf.bro +++ b/testing/btest/policy/protocols/http/http-header-crlf.bro @@ -5,5 +5,5 @@ # @TEST-EXEC: bro -r $TRACES/http-byteranges.trace %INPUT # @TEST-EXEC: grep -q http_no_crlf_in_header_list weird.log && exit 1 || exit 0 -@load http +@load protocols/http diff --git a/testing/btest/policy/protocols/http/http-pipelining-and-md5.bro b/testing/btest/policy/protocols/http/http-pipelining-and-md5.bro index b46c7f9458..0adead5970 100644 --- a/testing/btest/policy/protocols/http/http-pipelining-and-md5.bro +++ b/testing/btest/policy/protocols/http/http-pipelining-and-md5.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log -@load http +@load protocols/http redef HTTP::generate_md5 += /image\/png/; \ No newline at end of file