Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Provide infrastructure to migrate legacy analyzers to Spicy.

Browse source 
As initial examples, this branch ports the Syslog and Finger analyzers
over. We leave the old analyzers in place for now and activate them
iff we compile without any Spicy.

Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`,
`CMake/`, and `zeek/zeek-testing-private`.

Note that the analyzer events remain associated with the Spicy plugin
for now: that's where they will show up with `-NN`, and also inside
the Zeekygen documentation.

We switch CMake over to linking the runtime library into the plugin,
vs. at the top-level through object libraries.
This commit is contained in:
Robin Sommer 2022-11-08 09:54:08 +01:00
parent 283bea346b
commit 04a1ead978
No known key found for this signature in database
GPG key ID: 6BEDA4DA6B8B23E3
48 changed files with 359 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

68
CMakeLists.txt
View file

@ -547,14 +547,17 @@ else ()
endif () endif ()
if ( NOT DISABLE_SPICY ) if ( NOT DISABLE_SPICY )
set(USE_SPICY_ANALYZERS yes)
if ( NOT SPICY_ROOT_DIR ) if ( NOT SPICY_ROOT_DIR )
set(HAVE_SPICY yes) # evaluated by Spicy plugin build
add_subdirectory(auxil/spicy) add_subdirectory(auxil/spicy)
# Set variables used by the spicy-plugin build since we are building Spicy # Set variables used by the spicy-plugin build since we are building Spicy
# as part of Zeek so spicy-plugin cannot use `spicy-config` at configure # as part of Zeek so spicy-plugin cannot use `spicy-config` at configure
# time to set these. # time to set these.
set(SPICY_CONFIG "<builtin>") set(SPICY_CONFIG "<builtin>")
set(HAVE_SPICY "YES")
set(SPICY_HAVE_TOOLCHAIN "YES") set(SPICY_HAVE_TOOLCHAIN "YES")
set(SPICY_INCLUDE_DIRS_RUNTIME set(SPICY_INCLUDE_DIRS_RUNTIME
${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/hilti/runtime/include ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/hilti/runtime/include
@ -564,6 +567,10 @@ if ( NOT DISABLE_SPICY )
${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/hilti/toolchain/include ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/hilti/toolchain/include
${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/spicy/toolchain/include) ${PROJECT_SOURCE_DIR}/auxil/spicy/spicy/spicy/toolchain/include)
set(SPICY_LIBRARY spicy) set(SPICY_LIBRARY spicy)
set(HILTI_LIBRARY_RT hilti-rt)
set(HILTI_LIBRARY_RT_DEBUG hilti-rt-debug)
set(SPICY_LIBRARY_RT spicy-rt)
set(SPICY_LIBRARY_RT_DEBUG spicy-rt-debug)
# Needed only for logging from CMake configure phase. # Needed only for logging from CMake configure phase.
get_directory_property( get_directory_property(
@ -586,12 +593,20 @@ if ( NOT DISABLE_SPICY )
endif () endif ()
if ( NOT SPICY_PLUGIN_PATH ) if ( NOT SPICY_PLUGIN_PATH )
set(_spicy_plugin "included")
set(SPICY_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/spicy-plugin) set(SPICY_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/spicy-plugin)
endif () endif ()
set(SPICY_PLUGIN_BINARY_PATH ${CMAKE_BINARY_DIR}/src/builtin-plugins/spicy-plugin)
string(APPEND ZEEK_INCLUDE_PLUGINS ";${SPICY_PLUGIN_PATH}") string(APPEND ZEEK_INCLUDE_PLUGINS ";${SPICY_PLUGIN_PATH}")
else ()
set(HAVE_SPICY no) # evaluated by Spicy plugin build
set(USE_SPICY_ANALYZERS no)
endif () endif ()
set(USE_SPICY_ANALYZERS "${USE_SPICY_ANALYZERS}" CACHE BOOL "Use built-in Spicy analyzers")
include(BuiltInSpicyAnalyzer)
include_directories(BEFORE include_directories(BEFORE
${PCAP_INCLUDE_DIR} ${PCAP_INCLUDE_DIR}
${BIND_INCLUDE_DIR} ${BIND_INCLUDE_DIR}
@ -866,26 +881,6 @@ if ( NOT DISABLE_SPICY )
add_dependencies(zeek spicyz) add_dependencies(zeek spicyz)
if ( NOT SPICY_ROOT_DIR ) if ( NOT SPICY_ROOT_DIR )
list(APPEND _spicy_rt_libs spicy-rt hilti-rt)
# Use the debug runtime libraries if we are building a debug Zeek.
if ( SPICY_BUILD_MODE STREQUAL "Debug" )
list(TRANSFORM _spicy_rt_libs APPEND "-debug")
endif ()
# If we build spicy-plugin into Zeek we also need to build the Spicy
# runtime dependencies into Zeek. Since no matter how Spicy itself was
# linked this is always a static library, link the object files so we
# get all symbols and can resolve all potential dependencies of
# HLTO files at runtime.
#
# TODO(bbannier): Conceptually cleaner would be linking the runtime
# objects into spicy-plugin and then inherit that up to zeek, but it
# seems this does not work reliable (due incomplete support for object
# libraries in CMake?).
list(TRANSFORM _spicy_rt_libs APPEND "-objects")
target_link_libraries(zeek ${_spicy_rt_libs})
# Make sure we build targets of spicy-plugin after the `spicy` target. # Make sure we build targets of spicy-plugin after the `spicy` target.
add_dependencies(plugin-Zeek-Spicy spicy) add_dependencies(plugin-Zeek-Spicy spicy)
add_dependencies(spicyz spicy) add_dependencies(spicyz spicy)
@ -959,6 +954,33 @@ if ( GEN_ZAM_EXE_PATH )
set(_gen_zam_exe_path ${GEN_ZAM_EXE_PATH}) set(_gen_zam_exe_path ${GEN_ZAM_EXE_PATH})
endif () endif ()
set(_spicy "included")
if ( DISABLE_SPICY )
set(_spicy "disabled")
elseif ( SPICY_ROOT_DIR )
set(_spicy "external (${SPICY_ROOT_DIR})")
endif ()
if ( DISABLE_SPICY )
set(_spicy_plugin "disabled")
elseif ( "${_spicy_plugin}" STREQUAL "" )
set(_spicy_plugin "external (${SPICY_PLUGIN_PATH})")
endif ()
if ( ZEEK_LEGACY_ANALYZERS )
list(JOIN ZEEK_LEGACY_ANALYZERS ", " _legacy_analyzers)
set(_legacy_analyzers "\n - Using unmaintained legacy analyzers for: ${_legacy_analyzers}")
endif ()
if ( ZEEK_SKIPPED_ANALYZERS )
list(JOIN ZEEK_SKIPPED_ANALYZERS ", " _skipped_analyzers)
set(_skipped_analyzers "\n - Skipping analyzers: ${_skipped_analyzers}")
endif ()
if ( ZEEK_LEGACY_ANALYZERS OR ZEEK_SKIPPED_ANALYZERS )
set(_analyzer_warning "\n\n[Warning] Some analyzers are not available due to lack of Spicy:${_legacy_analyzers}${_skipped_analyzers}")
endif ()
message( message(
"\n====================| Zeek Build Summary |====================" "\n====================| Zeek Build Summary |===================="
"\n" "\n"
@ -993,6 +1015,9 @@ message(
"\nBTest tooling: ${_install_btest_tools_msg}" "\nBTest tooling: ${_install_btest_tools_msg}"
"\nGen-ZAM: ${_gen_zam_exe_path}" "\nGen-ZAM: ${_gen_zam_exe_path}"
"\nzkg: ${INSTALL_ZKG}" "\nzkg: ${INSTALL_ZKG}"
"\nSpicy: ${_spicy}"
"\nSpicy plugin: ${_spicy_plugin}"
"\nSpicy analyzers: ${USE_SPICY_ANALYZERS}"
"\n" "\n"
"\nlibmaxminddb: ${USE_GEOIP}" "\nlibmaxminddb: ${USE_GEOIP}"
"\nKerberos: ${USE_KRB5}" "\nKerberos: ${USE_KRB5}"
@ -1003,6 +1028,7 @@ message(
"\n" "\n"
"\nFuzz Targets: ${ZEEK_ENABLE_FUZZERS}" "\nFuzz Targets: ${ZEEK_ENABLE_FUZZERS}"
"\nFuzz Engine: ${ZEEK_FUZZING_ENGINE}" "\nFuzz Engine: ${ZEEK_FUZZING_ENGINE}"
"${_analyzer_warning}"
"\n" "\n"
"\n================================================================\n" "\n================================================================\n"
) )

2
auxil/spicy-plugin

@ -1 +1 @@
Subproject commit 9480a7dc8f9049c46f42069b415e1c18a44aa51b Subproject commit bd5a32f5c78e1cc1d60b8f010797fe3fb5a6c3aa

2
auxil/spicy/spicy

@ -1 +1 @@
Subproject commit 8c5f9466c5f87a237451438af82dbb8dcf743d5d Subproject commit 1e074f8db5f2ccc4a946f66634410bcc7d94dcef

2
cmake

@ -1 +1 @@
Subproject commit f69e08247ed4d7e36258157df6328bad3c81269d Subproject commit 9f05362a5c33ed11dab37d2dedf74206d59d8f6d

1
scripts/base/init-default.zeek
View file

@ -49,6 +49,7 @@
@load base/protocols/dhcp @load base/protocols/dhcp
@load base/protocols/dnp3 @load base/protocols/dnp3
@load base/protocols/dns @load base/protocols/dns
@load base/protocols/finger
@load base/protocols/ftp @load base/protocols/ftp
@load base/protocols/http @load base/protocols/http
@load base/protocols/imap @load base/protocols/imap

2
scripts/base/protocols/finger/__load__.zeek Normal file
View file

@ -0,0 +1,2 @@
@load ./spicy-events
@load ./main

14
scripts/base/protocols/finger/main.zeek Normal file
View file

@ -0,0 +1,14 @@
##! Implements base functionality for Finger analysis. We currently do not generate
##! a log file, but just configure the analyzer.
module Finger;
export {
const ports = { 79/tcp };
redef likely_server_ports += { ports };
}
event zeek_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_FINGER, ports);
}

33
scripts/base/protocols/finger/spicy-events.zeek Normal file
View file

@ -0,0 +1,33 @@
##! Events generated by the Finger analyzer.
@ifdef ( Spicy::available ) # must not be used with legacy analyzer
## Generated for Finger requests.
##
## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
## information about the Finger protocol.
##
## c: The connection.
##
## full: True if verbose information is requested (``/W`` switch).
##
## username: The request's user name.
##
## hostname: The request's host name.
##
## .. zeek:see:: finger_reply
global finger_request: event(c: connection, full: bool, username: string, hostname: string);
## Generated for Finger replies.
##
## See `Wikipedia <http://en.wikipedia.org/wiki/Finger_protocol>`__ for more
## information about the Finger protocol.
##
## c: The connection.
##
## reply_line: The reply as returned by the server
##
## .. zeek:see:: finger_request
global finger_reply: event(c: connection, reply_line: string);
@endif

1
scripts/base/protocols/syslog/__load__.zeek
View file

@ -1,2 +1,3 @@
@load ./spicy-events
@load ./consts @load ./consts
@load ./main @load ./main

21
scripts/base/protocols/syslog/spicy-events.zeek Normal file
View file

@ -0,0 +1,21 @@
##! Events generated by the Syslog analyzer.
@ifdef ( Spicy::available ) # must not be used with legacy analyzer
## Generated for monitored Syslog messages.
##
## See `Wikipedia <http://en.wikipedia.org/wiki/Syslog>`__ for more
## information about the Syslog protocol.
##
## c: The connection record for the underlying transport-layer session/flow.
##
## facility: The "facility" included in the message.
##
## severity: The "severity" included in the message.
##
## msg: The message logged.
##
## .. note:: Zeek currently parses only UDP syslog traffic.
global syslog_message: event(c: connection, facility: count, severity: count, msg: string);
@endif

18
src/analyzer/protocol/finger/CMakeLists.txt
View file

@ -1,9 +1,9 @@
spicy_add_analyzer(
include(ZeekPlugin) NAME
Finger
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) SOURCES
finger.spicy
zeek_plugin_begin(Zeek Finger) finger.evt
zeek_plugin_cc(Finger.cc Plugin.cc) LEGACY
zeek_plugin_bif(events.bif) legacy
zeek_plugin_end() )

10
src/analyzer/protocol/finger/finger.evt Normal file
View file

@ -0,0 +1,10 @@
# Copyright (c) 2022 by the Zeek Project. See LICENSE for details.
protocol analyzer Finger over TCP:
parse originator with Finger::Request,
parse responder with Finger::Reply;
import Finger;
on Finger::Request -> event finger_request($conn, self.whois, self.user, self.host);
on Finger::ReplyLine if ( |self.data| != 0 ) -> event finger_reply($conn, self.data);

54
src/analyzer/protocol/finger/finger.spicy Normal file
View file

@ -0,0 +1,54 @@
# Copyright (c) 2022 by the Zeek Project. See LICENSE for details.
#
# Giving the rare number of instances of this protocol these days, we err on the side of
# rejecting sessions if they don't parse well.
module Finger;
import spicy;
const OptionalWhiteSpace = /[ \t]*/;
const NewLine = /\r?\n/;
public type Request = unit {
: OptionalWhiteSpace;
switch {
-> : /\/W/ { self.whois = True; }
-> void;
};
: OptionalWhiteSpace;
arg: /[^\r\n]*/ &convert=$$.strip().split1(b"@") {
# We require valid UTF-8 to weed out binary data.
self.user = self.arg[0].decode();
if ( |self.arg[1]| > 0 )
self.host = self.arg[1].decode();
}
on %done {
if ( |self.arg[0]| > 0 || self.whois )
spicy::accept_input();
}
var user: string;
var host: string;
var whois: bool = False;
};
type ReplyLine = unit {
data: /[^\r\n]*/ &convert=$$.decode(); # Require valid UTF-8 here as well.
: NewLine;
on %done {
if ( |self.data| > 10 )
# Require some non-trivial output to accept.
spicy::accept_input();
}
};
public type Reply = unit {
: ReplyLine[];
};

9
src/analyzer/protocol/finger/legacy/CMakeLists.txt Normal file
View file

@ -0,0 +1,9 @@
include(ZeekPlugin)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
zeek_plugin_begin(Zeek Finger)
zeek_plugin_cc(Finger.cc Plugin.cc)
zeek_plugin_bif(events.bif)
zeek_plugin_end()

4
src/analyzer/protocol/finger/Finger.cc → src/analyzer/protocol/finger/legacy/Finger.cc
View file

@ -1,6 +1,6 @@
// See the file "COPYING" in the main distribution directory for copyright. // See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/analyzer/protocol/finger/Finger.h" #include "zeek/analyzer/protocol/finger/legacy/Finger.h"
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
@ -8,7 +8,7 @@
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
#include "zeek/analyzer/protocol/finger/events.bif.h" #include "zeek/analyzer/protocol/finger/legacy/events.bif.h"
#include "zeek/analyzer/protocol/tcp/ContentLine.h" #include "zeek/analyzer/protocol/tcp/ContentLine.h"
namespace zeek::analyzer::finger namespace zeek::analyzer::finger

0
src/analyzer/protocol/finger/Finger.h → src/analyzer/protocol/finger/legacy/Finger.h
View file

2
src/analyzer/protocol/finger/Plugin.cc → src/analyzer/protocol/finger/legacy/Plugin.cc
View file

@ -3,7 +3,7 @@
#include "zeek/plugin/Plugin.h" #include "zeek/plugin/Plugin.h"
#include "zeek/analyzer/Component.h" #include "zeek/analyzer/Component.h"
#include "zeek/analyzer/protocol/finger/Finger.h" #include "zeek/analyzer/protocol/finger/legacy/Finger.h"
namespace zeek::plugin::detail::Zeek_Finger namespace zeek::plugin::detail::Zeek_Finger
{ {

0
src/analyzer/protocol/finger/events.bif → src/analyzer/protocol/finger/legacy/events.bif
View file

19
src/analyzer/protocol/syslog/CMakeLists.txt
View file

@ -1,10 +1,9 @@
spicy_add_analyzer(
include(ZeekPlugin) NAME
Syslog
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) SOURCES
syslog.spicy
zeek_plugin_begin(Zeek Syslog) syslog.evt
zeek_plugin_cc(Syslog.cc Plugin.cc) LEGACY
zeek_plugin_bif(events.bif) legacy
zeek_plugin_pac(syslog.pac syslog-analyzer.pac syslog-protocol.pac) )
zeek_plugin_end()

10
src/analyzer/protocol/syslog/legacy/CMakeLists.txt Normal file
View file

@ -0,0 +1,10 @@
include(ZeekPlugin)
include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
zeek_plugin_begin(Zeek Syslog)
zeek_plugin_cc(Syslog.cc Plugin.cc)
zeek_plugin_bif(events.bif)
zeek_plugin_pac(syslog.pac syslog-analyzer.pac syslog-protocol.pac)
zeek_plugin_end()

2
src/analyzer/protocol/syslog/Plugin.cc → src/analyzer/protocol/syslog/legacy/Plugin.cc
View file

@ -3,7 +3,7 @@
#include "zeek/plugin/Plugin.h" #include "zeek/plugin/Plugin.h"
#include "zeek/analyzer/Component.h" #include "zeek/analyzer/Component.h"
#include "zeek/analyzer/protocol/syslog/Syslog.h" #include "zeek/analyzer/protocol/syslog/legacy/Syslog.h"
namespace zeek::plugin::detail::Zeek_Syslog namespace zeek::plugin::detail::Zeek_Syslog
{ {

4
src/analyzer/protocol/syslog/Syslog.cc → src/analyzer/protocol/syslog/legacy/Syslog.cc
View file

@ -1,6 +1,6 @@
#include "zeek/analyzer/protocol/syslog/Syslog.h" #include "zeek/analyzer/protocol/syslog/legacy/Syslog.h"
#include "zeek/analyzer/protocol/syslog/events.bif.h" #include "zeek/analyzer/protocol/syslog/legacy/events.bif.h"
#include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h" #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
namespace zeek::analyzer::syslog namespace zeek::analyzer::syslog

2
src/analyzer/protocol/syslog/Syslog.h → src/analyzer/protocol/syslog/legacy/Syslog.h
View file

@ -2,7 +2,7 @@
#include "zeek/analyzer/protocol/tcp/TCP.h" #include "zeek/analyzer/protocol/tcp/TCP.h"
#include "analyzer/protocol/syslog/syslog_pac.h" #include "analyzer/protocol/syslog/legacy/syslog_pac.h"
namespace zeek::analyzer::syslog namespace zeek::analyzer::syslog
{ {

0
src/analyzer/protocol/syslog/events.bif → src/analyzer/protocol/syslog/legacy/events.bif
View file

0
src/analyzer/protocol/syslog/syslog-analyzer.pac → src/analyzer/protocol/syslog/legacy/syslog-analyzer.pac
View file

0
src/analyzer/protocol/syslog/syslog-protocol.pac → src/analyzer/protocol/syslog/legacy/syslog-protocol.pac
View file

2
src/analyzer/protocol/syslog/syslog.pac → src/analyzer/protocol/syslog/legacy/syslog.pac
View file

@ -3,7 +3,7 @@
%include zeek.pac %include zeek.pac
%extern{ %extern{
#include "zeek/analyzer/protocol/syslog/events.bif.h" #include "zeek/analyzer/protocol/syslog/legacy/events.bif.h"
%} %}
analyzer Syslog withcontext { analyzer Syslog withcontext {

8
src/analyzer/protocol/syslog/syslog.evt Normal file
View file

@ -0,0 +1,8 @@
# Copyright (c) 2022 by the Zeek Project. See LICENSE for details.
protocol analyzer Syslog over UDP:
parse with Syslog::Message;
import Syslog;
on Syslog::Message -> event syslog_message($conn, self.facility, self.severity, self.msg);

32
src/analyzer/protocol/syslog/syslog.spicy Normal file
View file

@ -0,0 +1,32 @@
# Copyright (c) 2022 by the Zeek Project. See LICENSE for details.
module Syslog;
import spicy;
public type Message = unit {
switch {
-> prio: Priority;
-> void;
};
msg: bytes &eod;
on %done {
spicy::accept_input();
if ( self?.prio ) {
self.severity = (self.prio.value & 0x07);
self.facility = (self.prio.value & 0x03f8) >> 3;
}
}
var severity: uint64 = 999; # default per legacy analyzer
var facility: uint64 = 999; # default per legacy analyzer
};
type Priority = unit {
: b"<";
value: /[[:digit:]]+/ &convert=$$.to_uint();
: b">";
};

9
testing/btest/Baseline/core.print-bpf-filters/output2
View file

@ -48,6 +48,7 @@
1 6669 1 6669
1 67 1 67
1 68 1 68
1 79
1 80 1 80
1 8000 1 8000
1 8080 1 8080
@ -59,8 +60,8 @@
1 992 1 992
1 993 1 993
1 995 1 995
66 and 67 and
65 or 66 or
66 port 67 port
43 tcp 44 tcp
23 udp 23 udp

2
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -151,7 +151,6 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Finger.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek
@ -227,7 +226,6 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek
build/scripts/base/bif/plugins/Zeek_Syslog.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.types.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek

6
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -151,7 +151,6 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek build/scripts/base/bif/plugins/Zeek_DNP3.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek build/scripts/base/bif/plugins/Zeek_DNS.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek build/scripts/base/bif/plugins/Zeek_File.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Finger.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek build/scripts/base/bif/plugins/Zeek_FTP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_FTP.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek build/scripts/base/bif/plugins/Zeek_Gnutella.events.bif.zeek
@ -227,7 +226,6 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek build/scripts/base/bif/plugins/Zeek_SSL.consts.bif.zeek
build/scripts/base/bif/plugins/Zeek_Syslog.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.types.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.types.bif.zeek
build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek build/scripts/base/bif/plugins/Zeek_TCP.functions.bif.zeek
@ -359,6 +357,9 @@ scripts/base/init-default.zeek
scripts/base/protocols/dns/__load__.zeek scripts/base/protocols/dns/__load__.zeek
scripts/base/protocols/dns/consts.zeek scripts/base/protocols/dns/consts.zeek
scripts/base/protocols/dns/main.zeek scripts/base/protocols/dns/main.zeek
scripts/base/protocols/finger/__load__.zeek
scripts/base/protocols/finger/spicy-events.zeek
scripts/base/protocols/finger/main.zeek
scripts/base/protocols/ftp/__load__.zeek scripts/base/protocols/ftp/__load__.zeek
scripts/base/protocols/ftp/utils-commands.zeek scripts/base/protocols/ftp/utils-commands.zeek
scripts/base/protocols/ftp/info.zeek scripts/base/protocols/ftp/info.zeek
@ -438,6 +439,7 @@ scripts/base/init-default.zeek
scripts/base/protocols/ssh/__load__.zeek scripts/base/protocols/ssh/__load__.zeek
scripts/base/protocols/ssh/main.zeek scripts/base/protocols/ssh/main.zeek
scripts/base/protocols/syslog/__load__.zeek scripts/base/protocols/syslog/__load__.zeek
scripts/base/protocols/syslog/spicy-events.zeek
scripts/base/protocols/syslog/consts.zeek scripts/base/protocols/syslog/consts.zeek
scripts/base/protocols/syslog/main.zeek scripts/base/protocols/syslog/main.zeek
scripts/base/protocols/tunnels/__load__.zeek scripts/base/protocols/tunnels/__load__.zeek

33
testing/btest/Baseline/plugins.hooks/output
View file

@ -12,6 +12,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FINGER, 79/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result>
@ -73,6 +74,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FINGER, 79/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) -> <no result>
@ -126,6 +128,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FINGER, {79/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> <no result>
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result>
@ -807,7 +810,6 @@
0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_Finger.events.bif.zeek, <...>/Zeek_Finger.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> -1
@ -895,7 +897,6 @@
0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_Syslog.events.bif.zeek, <...>/Zeek_Syslog.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> -1
@ -977,6 +978,7 @@
0.000000 MetaHookPost LoadFile(0, ./site, <...>/site.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./site, <...>/site.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./smb1-main, <...>/smb1-main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./smb1-main, <...>/smb1-main.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./smb2-main, <...>/smb2-main.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./smb2-main, <...>/smb2-main.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./spicy-events, <...>/spicy-events.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./std-dev, <...>/std-dev.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./std-dev, <...>/std-dev.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./store, <...>/store.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, ./store, <...>/store.zeek) -> -1
@ -1058,6 +1060,7 @@
0.000000 MetaHookPost LoadFile(0, base<...>/files, <...>/files.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/files, <...>/files.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/finger, <...>/finger) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/ftp, <...>/ftp) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/ftp, <...>/ftp) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/geneve, <...>/geneve) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/geneve, <...>/geneve) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) -> -1 0.000000 MetaHookPost LoadFile(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) -> -1
@ -1194,7 +1197,6 @@
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Finger.events.bif.zeek, <...>/Zeek_Finger.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) -> (-1, <no content>)
@ -1282,7 +1284,6 @@
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_Syslog.events.bif.zeek, <...>/Zeek_Syslog.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) -> (-1, <no content>)
@ -1364,6 +1365,7 @@
0.000000 MetaHookPost LoadFileExtended(0, ./site, <...>/site.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./site, <...>/site.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./smb1-main, <...>/smb1-main.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./smb1-main, <...>/smb1-main.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./smb2-main, <...>/smb2-main.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./smb2-main, <...>/smb2-main.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./spicy-events, <...>/spicy-events.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./std-dev, <...>/std-dev.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./std-dev, <...>/std-dev.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./store, <...>/store.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, ./store, <...>/store.zeek) -> (-1, <no content>)
@ -1445,6 +1447,7 @@
0.000000 MetaHookPost LoadFileExtended(0, base<...>/files, <...>/files.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/files, <...>/files.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/finger, <...>/finger) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/ftp, <...>/ftp) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/ftp, <...>/ftp) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/geneve, <...>/geneve) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/geneve, <...>/geneve) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) -> (-1, <no content>) 0.000000 MetaHookPost LoadFileExtended(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) -> (-1, <no content>)
@ -1573,6 +1576,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FINGER, 79/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp))
@ -1634,6 +1638,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5353/udp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DNS, 5355/udp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DTLS, 443/udp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FINGER, 79/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 21/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_FTP, 2811/tcp))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_HTTP, 1080/tcp))
@ -1687,6 +1692,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FINGER, {79/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp}))
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp}))
@ -2368,7 +2374,6 @@
0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_Finger.events.bif.zeek, <...>/Zeek_Finger.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek)
@ -2456,7 +2461,6 @@
0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_Syslog.events.bif.zeek, <...>/Zeek_Syslog.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek)
@ -2538,6 +2542,7 @@
0.000000 MetaHookPre LoadFile(0, ./site, <...>/site.zeek) 0.000000 MetaHookPre LoadFile(0, ./site, <...>/site.zeek)
0.000000 MetaHookPre LoadFile(0, ./smb1-main, <...>/smb1-main.zeek) 0.000000 MetaHookPre LoadFile(0, ./smb1-main, <...>/smb1-main.zeek)
0.000000 MetaHookPre LoadFile(0, ./smb2-main, <...>/smb2-main.zeek) 0.000000 MetaHookPre LoadFile(0, ./smb2-main, <...>/smb2-main.zeek)
0.000000 MetaHookPre LoadFile(0, ./spicy-events, <...>/spicy-events.zeek)
0.000000 MetaHookPre LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFile(0, ./stats.bif.zeek, <...>/stats.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./std-dev, <...>/std-dev.zeek) 0.000000 MetaHookPre LoadFile(0, ./std-dev, <...>/std-dev.zeek)
0.000000 MetaHookPre LoadFile(0, ./store, <...>/store.zeek) 0.000000 MetaHookPre LoadFile(0, ./store, <...>/store.zeek)
@ -2619,6 +2624,7 @@
0.000000 MetaHookPre LoadFile(0, base<...>/files, <...>/files.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/files, <...>/files.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/finger, <...>/finger)
0.000000 MetaHookPre LoadFile(0, base<...>/ftp, <...>/ftp) 0.000000 MetaHookPre LoadFile(0, base<...>/ftp, <...>/ftp)
0.000000 MetaHookPre LoadFile(0, base<...>/geneve, <...>/geneve) 0.000000 MetaHookPre LoadFile(0, base<...>/geneve, <...>/geneve)
0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) 0.000000 MetaHookPre LoadFile(0, base<...>/geoip-distance, <...>/geoip-distance.zeek)
@ -2755,7 +2761,6 @@
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.events.bif.zeek, <...>/Zeek_FileExtract.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileExtract.functions.bif.zeek, <...>/Zeek_FileExtract.functions.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_FileHash.events.bif.zeek, <...>/Zeek_FileHash.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Finger.events.bif.zeek, <...>/Zeek_Finger.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GSSAPI.events.bif.zeek, <...>/Zeek_GSSAPI.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.events.bif.zeek, <...>/Zeek_GTPv1.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_GTPv1.functions.bif.zeek, <...>/Zeek_GTPv1.functions.bif.zeek)
@ -2843,7 +2848,6 @@
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.consts.bif.zeek, <...>/Zeek_Spicy.consts.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.events.bif.zeek, <...>/Zeek_Spicy.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Spicy.functions.bif.zeek, <...>/Zeek_Spicy.functions.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_Syslog.events.bif.zeek, <...>/Zeek_Syslog.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.events.bif.zeek, <...>/Zeek_TCP.events.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.functions.bif.zeek, <...>/Zeek_TCP.functions.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_TCP.types.bif.zeek, <...>/Zeek_TCP.types.bif.zeek)
@ -2925,6 +2929,7 @@
0.000000 MetaHookPre LoadFileExtended(0, ./site, <...>/site.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./site, <...>/site.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./smb1-main, <...>/smb1-main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./smb1-main, <...>/smb1-main.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./smb2-main, <...>/smb2-main.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./smb2-main, <...>/smb2-main.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./spicy-events, <...>/spicy-events.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./stats.bif.zeek, <...>/stats.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./std-dev, <...>/std-dev.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./std-dev, <...>/std-dev.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./store, <...>/store.zeek) 0.000000 MetaHookPre LoadFileExtended(0, ./store, <...>/store.zeek)
@ -3006,6 +3011,7 @@
0.000000 MetaHookPre LoadFileExtended(0, base<...>/files, <...>/files.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/files, <...>/files.zeek)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/find-checksum-offloading, <...>/find-checksum-offloading.zeek)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/find-filtered-trace, <...>/find-filtered-trace.zeek)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/finger, <...>/finger)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/ftp, <...>/ftp) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/ftp, <...>/ftp)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/geneve, <...>/geneve) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/geneve, <...>/geneve)
0.000000 MetaHookPre LoadFileExtended(0, base<...>/geoip-distance, <...>/geoip-distance.zeek) 0.000000 MetaHookPre LoadFileExtended(0, base<...>/geoip-distance, <...>/geoip-distance.zeek)
@ -3134,6 +3140,7 @@
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FINGER, 79/tcp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp)
0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp)
@ -3195,6 +3202,7 @@
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FINGER, 79/tcp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp)
0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_HTTP, 1080/tcp)
@ -3248,6 +3256,7 @@
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FINGER, {79/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp})
@ -3928,7 +3937,6 @@
0.000000 | HookLoadFile ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek
0.000000 | HookLoadFile ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_Finger.events.bif.zeek <...>/Zeek_Finger.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek
@ -4016,7 +4024,6 @@
0.000000 | HookLoadFile ./Zeek_Spicy.consts.bif.zeek <...>/Zeek_Spicy.consts.bif.zeek 0.000000 | HookLoadFile ./Zeek_Spicy.consts.bif.zeek <...>/Zeek_Spicy.consts.bif.zeek
0.000000 | HookLoadFile ./Zeek_Spicy.events.bif.zeek <...>/Zeek_Spicy.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_Spicy.events.bif.zeek <...>/Zeek_Spicy.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_Spicy.functions.bif.zeek <...>/Zeek_Spicy.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_Spicy.functions.bif.zeek <...>/Zeek_Spicy.functions.bif.zeek
0.000000 | HookLoadFile ./Zeek_Syslog.events.bif.zeek <...>/Zeek_Syslog.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek
0.000000 | HookLoadFile ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek
0.000000 | HookLoadFile ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek 0.000000 | HookLoadFile ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek
@ -4109,6 +4116,7 @@
0.000000 | HookLoadFile ./site <...>/site.zeek 0.000000 | HookLoadFile ./site <...>/site.zeek
0.000000 | HookLoadFile ./smb1-main <...>/smb1-main.zeek 0.000000 | HookLoadFile ./smb1-main <...>/smb1-main.zeek
0.000000 | HookLoadFile ./smb2-main <...>/smb2-main.zeek 0.000000 | HookLoadFile ./smb2-main <...>/smb2-main.zeek
0.000000 | HookLoadFile ./spicy-events <...>/spicy-events.zeek
0.000000 | HookLoadFile ./stats.bif.zeek <...>/stats.bif.zeek 0.000000 | HookLoadFile ./stats.bif.zeek <...>/stats.bif.zeek
0.000000 | HookLoadFile ./std-dev <...>/std-dev.zeek 0.000000 | HookLoadFile ./std-dev <...>/std-dev.zeek
0.000000 | HookLoadFile ./store <...>/store.zeek 0.000000 | HookLoadFile ./store <...>/store.zeek
@ -4191,6 +4199,7 @@
0.000000 | HookLoadFile base<...>/files <...>/files.zeek 0.000000 | HookLoadFile base<...>/files <...>/files.zeek
0.000000 | HookLoadFile base<...>/find-checksum-offloading <...>/find-checksum-offloading.zeek 0.000000 | HookLoadFile base<...>/find-checksum-offloading <...>/find-checksum-offloading.zeek
0.000000 | HookLoadFile base<...>/find-filtered-trace <...>/find-filtered-trace.zeek 0.000000 | HookLoadFile base<...>/find-filtered-trace <...>/find-filtered-trace.zeek
0.000000 | HookLoadFile base<...>/finger <...>/finger
0.000000 | HookLoadFile base<...>/ftp <...>/ftp 0.000000 | HookLoadFile base<...>/ftp <...>/ftp
0.000000 | HookLoadFile base<...>/geneve <...>/geneve 0.000000 | HookLoadFile base<...>/geneve <...>/geneve
0.000000 | HookLoadFile base<...>/geoip-distance <...>/geoip-distance.zeek 0.000000 | HookLoadFile base<...>/geoip-distance <...>/geoip-distance.zeek
@ -4315,7 +4324,6 @@
0.000000 | HookLoadFileExtended ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileExtract.events.bif.zeek <...>/Zeek_FileExtract.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileExtract.functions.bif.zeek <...>/Zeek_FileExtract.functions.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_FileHash.events.bif.zeek <...>/Zeek_FileHash.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_Finger.events.bif.zeek <...>/Zeek_Finger.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GSSAPI.events.bif.zeek <...>/Zeek_GSSAPI.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GTPv1.events.bif.zeek <...>/Zeek_GTPv1.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_GTPv1.functions.bif.zeek <...>/Zeek_GTPv1.functions.bif.zeek
@ -4403,7 +4411,6 @@
0.000000 | HookLoadFileExtended ./Zeek_Spicy.consts.bif.zeek <...>/Zeek_Spicy.consts.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Spicy.consts.bif.zeek <...>/Zeek_Spicy.consts.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_Spicy.events.bif.zeek <...>/Zeek_Spicy.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Spicy.events.bif.zeek <...>/Zeek_Spicy.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_Spicy.functions.bif.zeek <...>/Zeek_Spicy.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_Spicy.functions.bif.zeek <...>/Zeek_Spicy.functions.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_Syslog.events.bif.zeek <...>/Zeek_Syslog.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.events.bif.zeek <...>/Zeek_TCP.events.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.functions.bif.zeek <...>/Zeek_TCP.functions.bif.zeek
0.000000 | HookLoadFileExtended ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek 0.000000 | HookLoadFileExtended ./Zeek_TCP.types.bif.zeek <...>/Zeek_TCP.types.bif.zeek
@ -4496,6 +4503,7 @@
0.000000 | HookLoadFileExtended ./site <...>/site.zeek 0.000000 | HookLoadFileExtended ./site <...>/site.zeek
0.000000 | HookLoadFileExtended ./smb1-main <...>/smb1-main.zeek 0.000000 | HookLoadFileExtended ./smb1-main <...>/smb1-main.zeek
0.000000 | HookLoadFileExtended ./smb2-main <...>/smb2-main.zeek 0.000000 | HookLoadFileExtended ./smb2-main <...>/smb2-main.zeek
0.000000 | HookLoadFileExtended ./spicy-events <...>/spicy-events.zeek
0.000000 | HookLoadFileExtended ./stats.bif.zeek <...>/stats.bif.zeek 0.000000 | HookLoadFileExtended ./stats.bif.zeek <...>/stats.bif.zeek
0.000000 | HookLoadFileExtended ./std-dev <...>/std-dev.zeek 0.000000 | HookLoadFileExtended ./std-dev <...>/std-dev.zeek
0.000000 | HookLoadFileExtended ./store <...>/store.zeek 0.000000 | HookLoadFileExtended ./store <...>/store.zeek
@ -4578,6 +4586,7 @@
0.000000 | HookLoadFileExtended base<...>/files <...>/files.zeek 0.000000 | HookLoadFileExtended base<...>/files <...>/files.zeek
0.000000 | HookLoadFileExtended base<...>/find-checksum-offloading <...>/find-checksum-offloading.zeek 0.000000 | HookLoadFileExtended base<...>/find-checksum-offloading <...>/find-checksum-offloading.zeek
0.000000 | HookLoadFileExtended base<...>/find-filtered-trace <...>/find-filtered-trace.zeek 0.000000 | HookLoadFileExtended base<...>/find-filtered-trace <...>/find-filtered-trace.zeek
0.000000 | HookLoadFileExtended base<...>/finger <...>/finger
0.000000 | HookLoadFileExtended base<...>/ftp <...>/ftp 0.000000 | HookLoadFileExtended base<...>/ftp <...>/ftp
0.000000 | HookLoadFileExtended base<...>/geneve <...>/geneve 0.000000 | HookLoadFileExtended base<...>/geneve <...>/geneve
0.000000 | HookLoadFileExtended base<...>/geoip-distance <...>/geoip-distance.zeek 0.000000 | HookLoadFileExtended base<...>/geoip-distance <...>/geoip-distance.zeek

8
testing/btest/Baseline/scripts.base.protocols.finger.events/output Normal file
View file

@ -0,0 +1,8 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
request, [orig_h=192.168.7.216, orig_p=56149/tcp, resp_h=95.179.238.241, resp_p=79/tcp], F, julien,
response, [orig_h=192.168.7.216, orig_p=56149/tcp, resp_h=95.179.238.241, resp_p=79/tcp], Login: julien\x09\x09\x09\x09Name:
response, [orig_h=192.168.7.216, orig_p=56149/tcp, resp_h=95.179.238.241, resp_p=79/tcp], Directory: /home/julien\x09\x09\x09Shell: /bin/sh
response, [orig_h=192.168.7.216, orig_p=56149/tcp, resp_h=95.179.238.241, resp_p=79/tcp], Logged: no
response, [orig_h=192.168.7.216, orig_p=56149/tcp, resp_h=95.179.238.241, resp_p=79/tcp], Project:
request, [orig_h=192.168.7.216, orig_p=56750/tcp, resp_h=95.179.238.241, resp_p=79/tcp], T, julien,
response, [orig_h=192.168.7.216, orig_p=56750/tcp, resp_h=95.179.238.241, resp_p=79/tcp], Are you lost?

5
testing/btest/Baseline/spicy.spicyz-jit/output
View file

@ -1,5 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
8, [$data=[b"POST /post HTTP/1.1", b"User-Agent: curl/7.29.0", b"Host: httpbin.org", b"Accept: */*", b"Content-Length: 11", b"Content-Type: application/x-www-form-urlencoded", b"", b"hello world"]]
Event:, [POST /post HTTP/1.1, User-Agent: curl/7.29.0, Host: httpbin.org, Accept: */*, Content-Length: 11, Content-Type: application/x-www-form-urlencoded, , hello world]
8, [$data=[b"HTTP/1.1 200 OK", b"Server: gunicorn/0.16.1", b"Date: Tue, 19 Mar 2013 16:05:11 GMT", b"Content-Type: application/json", b"Content-Length: 366", b"Connection: close", b"", b"{\x0a \"origin\": \"10.142.133.148\",\x0a \"files\": {},\x0a \"form\": null,\x0a \"url\": \"http://httpbin.org/post\",\x0a \"args\": {},\x0a \"headers\": {\x0a \"Content-Length\": \"11\",\x0a \"Connection\": \"close\",\x0a \"Accept\": \"*/*\",\x0a \"User-Agent\": \"curl/7.29.0\",\x0a \"Host\": \"httpbin.org\",\x0a \"Content-Type\": \"application/x-www-form-urlencoded\"\x0a },\x0a \"json\": null,\x0a \"data\": \"hello world\"\x0a}"]]
Event:, [HTTP/1.1 200 OK, Server: gunicorn/0.16.1, Date: Tue, 19 Mar 2013 16:05:11 GMT, Content-Type: application/json, Content-Length: 366, Connection: close, , {\x0a "origin": "10.142.133.148",\x0a "files": {},\x0a "form": null,\x0a "url": "http://httpbin.org/post",\x0a "args": {},\x0a "headers": {\x0a "Content-Length": "11",\x0a "Connection": "close",\x0a "Accept": "*/*",\x0a "User-Agent": "curl/7.29.0",\x0a "Host": "httpbin.org",\x0a "Content-Type": "application/x-www-form-urlencoded"\x0a },\x0a "json": null,\x0a "data": "hello world"\x0a}]

0
testing/btest/Baseline/spicy.spicyz-aot/output → testing/btest/Baseline/spicy.spicyz/output
View file

BIN
testing/btest/Traces/finger/standard.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/finger/verbose.pcap Normal file
View file

Binary file not shown.

2
testing/btest/coverage/default-load-baseline.test
View file

@ -7,7 +7,7 @@
# prefix to make the test work everywhere. That's what the sed magic # prefix to make the test work everywhere. That's what the sed magic
# below does. Don't ask. :-) # below does. Don't ask. :-)
# @TEST-REQUIRES: test -x ${BUILD}/auxil/spicy/spicy/bin/spicy-config # @TEST-REQUIRES: ${SCRIPTS}/have-spicy
# @TEST-EXEC: zeek misc/loaded-scripts # @TEST-EXEC: zeek misc/loaded-scripts
# @TEST-EXEC: test -e loaded_scripts.log # @TEST-EXEC: test -e loaded_scripts.log
# @TEST-EXEC: cat loaded_scripts.log | grep -E -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix # @TEST-EXEC: cat loaded_scripts.log | grep -E -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix

2
testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
View file

@ -1,4 +1,4 @@
# @TEST-REQUIRES: test -x ${BUILD}/auxil/spicy/spicy/bin/spicy-config # @TEST-REQUIRES: $SCRIPTS/have-spicy
# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff .stderr

18
testing/btest/scripts/base/protocols/finger/events.zeek Normal file
View file

@ -0,0 +1,18 @@
# @TEST-EXEC: zeek -r $TRACES/finger/standard.pcap %INPUT >>output
# @TEST-EXEC: zeek -r $TRACES/finger/verbose.pcap %INPUT >>output
# @TEST-EXEC: btest-diff output
global resp_lines = 0;
event finger_request(c: connection, full: bool, username: string, hostname: string)
{
print "request", c$id, full, username, hostname;
}
event finger_reply(c: connection, reply_line: string)
{
if ( ++resp_lines >= 5 )
return;
print "response", c$id, reply_line;
}

39
testing/btest/spicy/spicyz-jit.test
View file

@ -1,39 +0,0 @@
# @TEST-DOC: Smoke test for a custom Spicy analyzer hooked into Zeek with JIT via Zeek itself.
#
# @TEST-REQUIRES: $SCRIPTS/have-spicy
# Use a script here to prevent spicy from outputting warnings during compilation. If the build is
# failing, the script can be modified to not redirect the output.
# @TEST-EXEC: HILTI_CXX=$SCRIPTS/hilti-ignore-cxx-errors zeek -NN test.zeek test.spicy test.evt | grep -q ANALYZER_SPICY_TEST
# @TEST-EXEC: HILTI_CXX=$SCRIPTS/hilti-ignore-cxx-errors zeek -r ${TRACES}/http/post.trace test.spicy test.evt test.zeek "Spicy::enable_print = T;" >>output 2>&1
# @TEST-EXEC: btest-diff output
# @TEST-START-FILE test.spicy
module test;
import zeek;
public type Dummy = unit {
# Consume all data. We split data into lines and log the number of lines and the lines when done.
data: bytes &eod &convert=$$.split(b"\r\n");
on %done { print |self.data|, self; }
};
# @TEST-END-FILE
# @TEST-START-FILE test.evt
protocol analyzer spicy::Test over TCP:
parse with test::Dummy,
port 80/tcp;
on test::Dummy -> event test::dummy(self.data);
# @TEST-END-FILE
# @TEST-START-FILE test.zeek
module test;
event test::dummy(data: vector of string)
{
print "Event:", data;
}
# @TEST-END-FILE

0
testing/btest/spicy/spicyz-aot.test → testing/btest/spicy/spicyz.test
View file

2
testing/external/commit-hash.zeek-testing-private vendored
View file

@ -1 +1 @@
c901e5a69c1d8496973e18d6475b7af7ca5e9fcc 7bbcd06c50dc5bcae3533842c302c617ac5f1852

1
testing/scripts/diff-canonifier-external
View file

@ -25,5 +25,6 @@ $(dirname $0)/diff-remove-timestamps |
$(dirname $0)/diff-remove-x509-names | $(dirname $0)/diff-remove-x509-names |
$(dirname $0)/diff-sort-conn-service | $(dirname $0)/diff-sort-conn-service |
$(dirname $0)/diff-sort-set-elements | $(dirname $0)/diff-sort-set-elements |
$(dirname $0)/diff-remove-spicy-abspath |
$(dirname $0)/diff-sort | $(dirname $0)/diff-sort |
eval $addl eval $addl

12
testing/scripts/diff-remove-spicy-abspath Executable file
View file

@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
# Replace absolute paths in Spicy error message with the basename. This is more
# restrictive than diff-remove-abspath to avoid catching other stuff.
if [ $(uname) == "Linux" ]; then
sed="sed -r"
else
sed="sed -E"
fi
$sed 's#/([^:/]{1,}/){1,}([^:/]{1,}\.spicy[:,])#<...>/\2#g'

6
testing/scripts/have-spicy
View file

@ -1,6 +1,2 @@
#!/bin/sh #!/bin/sh
if grep -q "DISABLE_SPICY:BOOL=true" "${BUILD}"/CMakeCache.txt; then "${BUILD}/zeek-config" --have-spicy-analyzers >/dev/null
return 1
else
true
fi

14
zeek-config.in
View file

@ -6,6 +6,7 @@ btest_tools_dir=@ZEEK_CONFIG_BTEST_TOOLS_DIR@
build_type=@CMAKE_BUILD_TYPE_LOWER@ build_type=@CMAKE_BUILD_TYPE_LOWER@
cmake_dir=@CMAKE_INSTALL_PREFIX@/share/zeek/cmake cmake_dir=@CMAKE_INSTALL_PREFIX@/share/zeek/cmake
config_dir=@ZEEK_ETC_INSTALL_DIR@ config_dir=@ZEEK_ETC_INSTALL_DIR@
have_spicy=@USE_SPICY_ANALYZERS@
include_dir=@CMAKE_INSTALL_PREFIX@/include include_dir=@CMAKE_INSTALL_PREFIX@/include
lib_dir=@CMAKE_INSTALL_FULL_LIBDIR@ lib_dir=@CMAKE_INSTALL_FULL_LIBDIR@
plugin_dir=@BRO_PLUGIN_INSTALL_PATH@ plugin_dir=@BRO_PLUGIN_INSTALL_PATH@
@ -64,6 +65,10 @@ Toplevel installation directories for third-party components:
--binpac_root BinPAC compiler --binpac_root BinPAC compiler
--broker_root Broker communication framework --broker_root Broker communication framework
Feature tests:
--have-spicy-analyzers Prints 'yes' if built-in Spicy analyzers are available; exit code reflects result
" "
} }
@ -103,6 +108,15 @@ while [ $# -ne 0 ]; do
--config_dir) --config_dir)
echo $config_dir echo $config_dir
;; ;;
--have-spicy-analyzers)
if [ "$have_spicy" = "yes" ]; then
echo "yes"
exit 0
else
echo "no"
exit 1
fi
;;
--include_dir) --include_dir)
echo $include_dir echo $include_dir
;; ;;