Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updating tests.

Browse source
This commit is contained in:
Robin Sommer 2011-07-01 18:57:03 -07:00
parent 8432258db0
commit 073358c488
7 changed files with 47 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

20
testing/btest/Baseline/istate.events-ssl/receiver.http.log
View file

@ -1,18 +1,2 @@
1301459542.533110 %events-rcv-1 start 141.42.64.125:56730 > 125.190.109.199:80
1301459542.533110 %events-rcv-1 > USER-AGENT: Wget/1.10
1301459542.533110 %events-rcv-1 > ACCEPT: */*
1301459542.533110 %events-rcv-1 > HOST: www.icir.org
1301459542.533110 %events-rcv-1 > CONNECTION: Keep-Alive
1301459542.717115 %events-rcv-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT
1301459542.717115 %events-rcv-1 < SERVER: Apache/1.3.33 (Unix)
1301459542.717115 %events-rcv-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT
1301459542.717115 %events-rcv-1 < ETAG: "2c96c-23aa-4346a0e5"
1301459542.717115 %events-rcv-1 < ACCEPT-RANGES: bytes
1301459542.717115 %events-rcv-1 < CONTENT-LENGTH: 9130
1301459542.717115 %events-rcv-1 < KEEP-ALIVE: timeout=15, max=100
1301459542.717115 %events-rcv-1 < CONNECTION: Keep-Alive
1301459542.717115 %events-rcv-1 < CONTENT-TYPE: text/html
1301459542.901119 %events-rcv-1 <= 4096 bytes: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML ..."
1301459542.941139 %events-rcv-1 <= 4096 bytes: "gn=top>^J^J<h2>^JPublications^J</h2>^J<ul>^J<l..."
1301459543.085124 %events-rcv-1 <= 938 bytes: "ational Internet Measurement Infrastruct..."
1301459543.085124 %events-rcv-1 GET / (200 "OK" [9130] www.icir.org)
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied
1309569685.50375 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -

20
testing/btest/Baseline/istate.events-ssl/sender.http.log
View file

@ -1,18 +1,2 @@
1301459542.463895 %events-send-1 start 141.42.64.125:56730 > 125.190.109.199:80
1301459542.463895 %events-send-1 > USER-AGENT: Wget/1.10
1301459542.463895 %events-send-1 > ACCEPT: */*
1301459542.463895 %events-send-1 > HOST: www.icir.org
1301459542.463895 %events-send-1 > CONNECTION: Keep-Alive
1301459542.647935 %events-send-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT
1301459542.647935 %events-send-1 < SERVER: Apache/1.3.33 (Unix)
1301459542.647935 %events-send-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT
1301459542.647935 %events-send-1 < ETAG: "2c96c-23aa-4346a0e5"
1301459542.647935 %events-send-1 < ACCEPT-RANGES: bytes
1301459542.647935 %events-send-1 < CONTENT-LENGTH: 9130
1301459542.647935 %events-send-1 < KEEP-ALIVE: timeout=15, max=100
1301459542.647935 %events-send-1 < CONNECTION: Keep-Alive
1301459542.647935 %events-send-1 < CONTENT-TYPE: text/html
1301459542.832424 %events-send-1 <= 4096 bytes: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML ..."
1301459542.832718 %events-send-1 <= 4096 bytes: "gn=top>^J^J<h2>^JPublications^J</h2>^J<ul>^J<l..."
1301459543.016242 %events-send-1 <= 938 bytes: "ational Internet Measurement Infrastruct..."
1301459543.016242 %events-send-1 GET / (200 "OK" [9130] www.icir.org)
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied
1309569685.50375 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -

2
testing/btest/Baseline/istate.events/receiver.http.log
View file

@ -1,2 +1,2 @@
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied
1308842601.71319 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -
1309568070.32496 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -

2
testing/btest/Baseline/istate.events/sender.http.log
View file

@ -1,2 +1,2 @@
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied
1308842601.71319 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -
1309568070.32496 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - -

53
testing/btest/istate/events-ssl.bro
View file

@ -1,29 +1,28 @@
#
#
# @TEST-EXEC: btest-bg-run sender bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
# @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro
# @TEST-EXEC: btest-bg-wait -k 20
#
#
# @TEST-EXEC: btest-diff sender/http.log
# @TEST-EXEC: btest-diff receiver/http.log
# @TEST-EXEC: cat receiver/http.log | sed 's/^\([^ ]* \)\{2\}//' >http.rec.log
# @TEST-EXEC: cat sender/http.log | sed 's/^\([^ ]* \)\{2\}//' >http.snd.log
# @TEST-EXEC: cmp http.rec.log http.snd.log
#
# @TEST-EXEC: bro -x sender/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.snd.log
# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.rec.log
# @TEST-EXEC: cmp sender/http.log receiver/http.log
#
# @TEST-EXEC: bro -x sender/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log
# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log
# @TEST-EXEC: cmp events.rec.log events.snd.log
#
# We don't compare the transmitted event paramerters anymore. With the dynamic
# state in there since 1.6, they don't match reliably.
@TEST-START-FILE sender.bro
@load tcp
@load http-request
@load http-reply
@load http-header
@load http-body
@load http-abstract
@load listen-ssl
@load http/base
@load communication/listen-ssl
@load capture-events
event bro_init()
{
capture_events("events.bst");
}
redef peer_description = "events-send";
@ -35,33 +34,31 @@ redef tcp_close_delay = 0secs;
redef ssl_ca_certificate = "../ca_cert.pem";
redef ssl_private_key = "../bro.pem";
redef ssl_passphrase = "my-password";
@TEST-END-FILE
#############
@TEST-START-FILE receiver.bro
@load tcp
@load http-request
@load http-reply
@load http-header
@load http-body
@load http-abstract
@load http/base
@load communication
@load capture-events
@load remote
event bro_init()
{
capture_events("events.bst");
}
redef peer_description = "events-rcv";
redef Remote::destinations += {
redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $events = /http_.*/, $connect=T, $ssl=T]
};
redef ssl_ca_certificate = "../ca_cert.pem";
redef ssl_private_key = "../bro.pem";
redef ssl_passphrase = "my-password";
event remote_connection_closed(p: event_peer)
{
terminate();
@ -69,8 +66,6 @@ event remote_connection_closed(p: event_peer)
@TEST-END-FILE
######
@TEST-START-FILE bro.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQD17FE8UVaO224Y8UL2bH1okCYxr5dVytTQ93uE5J9caGADzPZe

13
testing/btest/istate/events.bro
View file

@ -1,15 +1,18 @@
#
#
# @TEST-EXEC: btest-bg-run sender bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
# @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro
# @TEST-EXEC: btest-bg-wait -k 20
#
#
# @TEST-EXEC: btest-diff sender/http.log
# @TEST-EXEC: btest-diff receiver/http.log
# @TEST-EXEC: cmp sender/http.log receiver/http.log
#
# @TEST-EXEC: bro -x sender/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.snd.log
# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.rec.log
#
# @TEST-EXEC: bro -x sender/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log
# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log
# @TEST-EXEC: cmp events.rec.log events.snd.log
#
# We don't compare the transmitted event paramerters anymore. With the dynamic
# state in there since 1.6, they don't match reliably.
@TEST-START-FILE sender.bro

15
testing/btest/istate/sync.bro
View file

@ -1,7 +1,7 @@
#
# @TEST-EXEC: btest-bg-run sender bro %INPUT ../sender.bro
# @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro
# @TEST-EXEC: btest-bg-wait -k 20
# @TEST-EXEC: btest-bg-wait 20
#
# @TEST-EXEC: btest-diff sender/vars.log
# @TEST-EXEC: btest-diff receiver/vars.log
@ -133,7 +133,7 @@ function modify()
foo2 = 1234567;
}
@load listen-clear
@load communication/listen-clear
event remote_connection_handshake_done(p: event_peer)
{
@ -141,7 +141,7 @@ event remote_connection_handshake_done(p: event_peer)
terminate_communication();
}
redef Remote::destinations += {
redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $sync=T]
};
@ -151,11 +151,14 @@ redef Remote::destinations += {
@TEST-START-FILE receiver.bro
@load capture-events
@load remote
@load communication
event bro_init()
{
capture_events("events.bst");
}
redef Remote::destinations += {
redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $events = /.*/, $connect=T, $sync=T]
};