Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/vladg/ssh

Browse source
This commit is contained in:
Vlad Grigorescu 2015-03-17 12:36:30 -04:00
commit 092a78d14b
256 changed files with 11215 additions and 1544 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/Baseline/bifs.net_stats_trace/output
View file

@ -1 +1 @@
[pkts_recvd=136, pkts_dropped=0, pkts_link=0]
[pkts_recvd=136, pkts_dropped=0, pkts_link=0, bytes_recvd=25260]

5
testing/btest/Baseline/broker.clone_store/clone.clone.out Normal file
View file

@ -0,0 +1,5 @@
clone keys, [status=BrokerStore::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
lookup, one, [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup, two, [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup, myset, [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup, myvec, [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]

0
testing/btest/Baseline/broker.clone_store/master.master.out Normal file
View file

2
testing/btest/Baseline/broker.connection_updates/recv.recv.out Normal file
View file

@ -0,0 +1,2 @@
BrokerComm::incoming_connection_established, connector
BrokerComm::incoming_connection_broken, connector

1
testing/btest/Baseline/broker.connection_updates/send.send.out Normal file
View file

@ -0,0 +1 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp, listener

99
testing/btest/Baseline/broker.data/out Normal file
View file

@ -0,0 +1,99 @@
BrokerComm::BOOL
BrokerComm::INT
BrokerComm::COUNT
BrokerComm::DOUBLE
BrokerComm::STRING
BrokerComm::ADDR
BrokerComm::SUBNET
BrokerComm::PORT
BrokerComm::TIME
BrokerComm::INTERVAL
BrokerComm::ENUM
BrokerComm::SET
BrokerComm::TABLE
BrokerComm::VECTOR
BrokerComm::RECORD
***************************
T
F
1
0
-1
1
0
1.1
-11.1
hello
1.2.3.4
192.168.0.0/16
22/tcp
42.0
180.0
BrokerComm::BOOL
***************************
{
two,
one,
three
}
0
T
1
T
F
T
2
T
1
F
{
bye
}
0
***************************
{
[two] = 2,
[one] = 1,
[three] = 3
}
0
[d=<uninitialized>]
1
T
42
F
[d=<uninitialized>]
2
[d=broker::data{7}]
2
37
[d=broker::data{42}]
1
***************************
[zero, one, two]
0
T
T
T
T
[hi, salutations, hello, greetings]
4
[d=broker::data{hello}]
[d=broker::data{bah}]
[d=broker::data{hi}]
[hi, salutations, bah, greetings]
[d=broker::data{bah}]
[hi, salutations, greetings]
3
***************************
[a=<uninitialized>, b=bee, c=1]
[a=test, b=bee, c=1]
[a=test, b=testagain, c=1]
3
T
T
T
[d=broker::data{hi}]
[d=broker::data{hello}]
[d=broker::data{37}]
3

14
testing/btest/Baseline/broker.master_store/master.out Normal file
View file

@ -0,0 +1,14 @@
lookup(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup(four): [status=BrokerStore::SUCCESS, result=[d=<uninitialized>]]
lookup(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
exists(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
exists(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(four): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
pop_right(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{omega}]]
pop_left(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{delta}]]
keys: [status=BrokerStore::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
size: [status=BrokerStore::SUCCESS, result=[d=broker::data{3}]]
size (after clear): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]

6
testing/btest/Baseline/broker.remote_event/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
got event msg, ping, 0
got event msg, ping, 1
got event msg, ping, 2
got event msg, ping, 3
got event msg, ping, 4
got event msg, ping, 5

11
testing/btest/Baseline/broker.remote_event/send.send.out Normal file
View file

@ -0,0 +1,11 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got event msg, pong, 0
got auto event msg, ping, 0
got event msg, pong, 1
got auto event msg, ping, 1
got event msg, pong, 2
got auto event msg, ping, 2
got event msg, pong, 3
got auto event msg, ping, 3
got event msg, pong, 4
got auto event msg, ping, 4

6
testing/btest/Baseline/broker.remote_log/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
wrote log, [msg=ping, num=0, nolog=no]
wrote log, [msg=ping, num=1, nolog=no]
wrote log, [msg=ping, num=2, nolog=no]
wrote log, [msg=ping, num=3, nolog=no]
wrote log, [msg=ping, num=4, nolog=no]
wrote log, [msg=ping, num=5, nolog=no]

15
testing/btest/Baseline/broker.remote_log/recv.test.log Normal file
View file

@ -0,0 +1,15 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-01-26-22-47-11
#fields msg num
#types string count
ping 0
ping 1
ping 2
ping 3
ping 4
ping 5
#close 2015-01-26-22-47-11

1
testing/btest/Baseline/broker.remote_log/send.send.out Normal file
View file

@ -0,0 +1 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp

15
testing/btest/Baseline/broker.remote_log/send.test.log Normal file
View file

@ -0,0 +1,15 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-01-26-22-47-11
#fields msg num
#types string count
ping 0
ping 1
ping 2
ping 3
ping 4
ping 5
#close 2015-01-26-22-47-11

6
testing/btest/Baseline/broker.remote_print/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
got print msg, ping 0
got print msg, ping 1
got print msg, ping 2
got print msg, ping 3
got print msg, ping 4
got print msg, ping 5

6
testing/btest/Baseline/broker.remote_print/send.send.out Normal file
View file

@ -0,0 +1,6 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got print msg, pong 0
got print msg, pong 1
got print msg, pong 2
got print msg, pong 3
got print msg, pong 4

5
testing/btest/Baseline/core.leaks.broker.clone_store/clone.clone.out Normal file
View file

@ -0,0 +1,5 @@
clone keys, [status=BrokerStore::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
lookup, one, [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup, two, [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup, myset, [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup, myvec, [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]

99
testing/btest/Baseline/core.leaks.broker.data/bro..stdout Normal file
View file

@ -0,0 +1,99 @@
BrokerComm::BOOL
BrokerComm::INT
BrokerComm::COUNT
BrokerComm::DOUBLE
BrokerComm::STRING
BrokerComm::ADDR
BrokerComm::SUBNET
BrokerComm::PORT
BrokerComm::TIME
BrokerComm::INTERVAL
BrokerComm::ENUM
BrokerComm::SET
BrokerComm::TABLE
BrokerComm::VECTOR
BrokerComm::RECORD
***************************
T
F
1
0
-1
1
0
1.1
-11.1
hello
1.2.3.4
192.168.0.0/16
22/tcp
42.0
180.0
BrokerComm::BOOL
***************************
{
two,
one,
three
}
0
T
1
T
F
T
2
T
1
F
{
bye
}
0
***************************
{
[two] = 2,
[one] = 1,
[three] = 3
}
0
[d=<uninitialized>]
1
T
42
F
[d=<uninitialized>]
2
[d=broker::data{7}]
2
37
[d=broker::data{42}]
1
***************************
[zero, one, two]
0
T
T
T
T
[hi, salutations, hello, greetings]
4
[d=broker::data{hello}]
[d=broker::data{bah}]
[d=broker::data{hi}]
[hi, salutations, bah, greetings]
[d=broker::data{bah}]
[hi, salutations, greetings]
3
***************************
[a=<uninitialized>, b=bee, c=1]
[a=test, b=bee, c=1]
[a=test, b=testagain, c=1]
3
T
T
T
[d=broker::data{hi}]
[d=broker::data{hello}]
[d=broker::data{37}]
3

14
testing/btest/Baseline/core.leaks.broker.master_store/bro..stdout Normal file
View file

@ -0,0 +1,14 @@
lookup(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup(four): [status=BrokerStore::SUCCESS, result=[d=<uninitialized>]]
lookup(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
exists(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
exists(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(four): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
pop_right(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{omega}]]
pop_left(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{delta}]]
keys: [status=BrokerStore::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
size: [status=BrokerStore::SUCCESS, result=[d=broker::data{3}]]
size (after clear): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]

6
testing/btest/Baseline/core.leaks.broker.remote_event/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
got event msg, ping, 0
got event msg, ping, 1
got event msg, ping, 2
got event msg, ping, 3
got event msg, ping, 4
got event msg, ping, 5

11
testing/btest/Baseline/core.leaks.broker.remote_event/send.send.out Normal file
View file

@ -0,0 +1,11 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got event msg, pong, 0
got auto event msg, ping, 0
got event msg, pong, 1
got auto event msg, ping, 1
got event msg, pong, 2
got auto event msg, ping, 2
got event msg, pong, 3
got auto event msg, ping, 3
got event msg, pong, 4
got auto event msg, ping, 4

6
testing/btest/Baseline/core.leaks.broker.remote_log/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
wrote log, [msg=ping, num=0]
wrote log, [msg=ping, num=1]
wrote log, [msg=ping, num=2]
wrote log, [msg=ping, num=3]
wrote log, [msg=ping, num=4]
wrote log, [msg=ping, num=5]

15
testing/btest/Baseline/core.leaks.broker.remote_log/recv.test.log Normal file
View file

@ -0,0 +1,15 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-02-12-17-33-13
#fields msg num
#types string count
ping 0
ping 1
ping 2
ping 3
ping 4
ping 5
#close 2015-02-12-17-33-14

1
testing/btest/Baseline/core.leaks.broker.remote_log/send.send.out Normal file
View file

@ -0,0 +1 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp

15
testing/btest/Baseline/core.leaks.broker.remote_log/send.test.log Normal file
View file

@ -0,0 +1,15 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-02-12-17-33-13
#fields msg num
#types string count
ping 0
ping 1
ping 2
ping 3
ping 4
ping 5
#close 2015-02-12-17-33-15

6
testing/btest/Baseline/core.leaks.broker.remote_print/recv.recv.out Normal file
View file

@ -0,0 +1,6 @@
got print msg, ping 0
got print msg, ping 1
got print msg, ping 2
got print msg, ping 3
got print msg, ping 4
got print msg, ping 5

6
testing/btest/Baseline/core.leaks.broker.remote_print/send.send.out Normal file
View file

@ -0,0 +1,6 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got print msg, pong 0
got print msg, pong 1
got print msg, pong 2
got print msg, pong 3
got print msg, pong 4

14
testing/btest/Baseline/core.mpls-in-vlan/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - 0 D 1 257 0 0 (empty)
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - 0 d 0 0 1 1500 (empty)
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - 0 D 1 710 0 0 (empty)
#close 2014-04-01-22-56-13
#open 2015-02-23-21-32-33
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 (empty)
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 d 0 0 1 1500 (empty)
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 (empty)
#close 2015-02-23-21-32-33

40
testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
View file

@ -3,23 +3,23 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-08-24-15-51-55
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
1300475168.853899 CCvvfg3TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
1300475168.854378 CsRx2w45OKnoww6xl4 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CRJuHdVW0XPVINV8a 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CPbrpk1qSsw6ESzHV4 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
1300475168.858306 C6pKV8GSxOnSLghOa 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 (empty)
1300475168.858713 CIPOse170MGiRM1Qf4 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 (empty)
1300475168.891644 C7XEbhP654jzLoe3a 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 (empty)
1300475168.892037 CJ3xTn1c4Zw9TmAE05 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 (empty)
1300475168.892414 CMXxB5GvmoxJFXdTa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 (empty)
1300475168.893988 Caby8b1slFea8xwSmb 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 (empty)
1300475168.894422 Che1bq3i2rO3KD1Syg 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 (empty)
1300475168.894787 C3SfNE4BWaU4aSuwkc 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 (empty)
1300475168.901749 CEle3f3zno26fFZkrh 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 (empty)
1300475168.902195 CwSkQu4eWZCH7OONC1 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 (empty)
1300475168.652003 CjhGID4nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - 0 D 1 515 0 0 (empty)
#close 2014-08-24-15-51-55
#open 2015-02-23-21-32-35
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
1300475168.853899 CCvvfg3TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.854378 CsRx2w45OKnoww6xl4 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CRJuHdVW0XPVINV8a 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CPbrpk1qSsw6ESzHV4 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.858306 C6pKV8GSxOnSLghOa 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.858713 CIPOse170MGiRM1Qf4 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.891644 C7XEbhP654jzLoe3a 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.892037 CJ3xTn1c4Zw9TmAE05 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.892414 CMXxB5GvmoxJFXdTa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.893988 Caby8b1slFea8xwSmb 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.894422 Che1bq3i2rO3KD1Syg 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.894787 C3SfNE4BWaU4aSuwkc 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.901749 CEle3f3zno26fFZkrh 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
1300475168.902195 CwSkQu4eWZCH7OONC1 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
1300475168.652003 CjhGID4nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 (empty)
#close 2015-02-23-21-32-35

10
testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-08-23-18-29-48
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1300475168.892936 CXWv6p3arKYeMETxOg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 (empty)
#close 2014-08-23-18-29-48
#open 2015-02-23-21-32-46
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475168.892936 CXWv6p3arKYeMETxOg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
#close 2015-02-23-21-32-46

22
testing/btest/Baseline/core.pppoe/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - 0 D 2 288 0 0 (empty)
1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - 0 D 2 210 0 0 (empty)
1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
1284385411.035560 CXWv6p3arKYeMETxOg fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - 0 - 8 608 0 0 (empty)
1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - 0 - 5 500 5 500 (empty)
1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - 0 - 1 64 0 0 (empty)
1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - 0 - 1 48 0 0 (empty)
#close 2014-04-01-22-56-20
#open 2015-02-23-21-32-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 (empty)
1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 (empty)
1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
1284385411.035560 CXWv6p3arKYeMETxOg fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 (empty)
1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 (empty)
1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 (empty)
#close 2015-02-23-21-32-47

10
testing/btest/Baseline/core.print-bpf-filters/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
#close 2014-04-01-22-56-24
#open 2015-02-23-21-32-49
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
#close 2015-02-23-21-32-49

12
testing/btest/Baseline/core.q-in-q/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-29
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - 0 D 2 92 0 0 (empty)
1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - 0 D 2 608 0 0 (empty)
#close 2014-04-01-22-56-29
#open 2015-02-23-21-32-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty)
1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty)
#close 2015-02-23-21-32-51

14
testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-09-16-44-53
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1395939406.175845 CjhGID4nQcgTWjvg4c 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - 0 ShAdfFa 5 272 4 486 (empty)
1395939411.361078 CCvvfg3TEfuqmmG4bh 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - 4675708816 ShAdfFa 13 688 12 24454 (empty)
1395939399.984671 CXWv6p3arKYeMETxOg 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - 0 ShAdDaFf 31 1728 18 1985 (empty)
#close 2014-04-09-16-44-54
#open 2015-02-23-21-32-56
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1395939406.175845 CjhGID4nQcgTWjvg4c 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 (empty)
1395939411.361078 CCvvfg3TEfuqmmG4bh 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 (empty)
1395939399.984671 CXWv6p3arKYeMETxOg 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 (empty)
#close 2015-02-23-21-32-56

10
testing/btest/Baseline/core.tcp.miss-end-data/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-36
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - 2902 ShADafF 5 750 4 172 (empty)
#close 2014-04-01-22-56-36
#open 2015-02-23-21-32-57
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 (empty)
#close 2015-02-23-21-32-57

24
testing/btest/Baseline/core.tunnels.ayiya/conn.log
View file

@ -3,15 +3,15 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-43
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - 0 Dd 21 5717 13 6473 (empty)
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - 0 d 0 0 1 176 (empty)
1257655296.585333 C6pKV8GSxOnSLghOa :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - 0 - 1 64 0 0 CCvvfg3TEfuqmmG4bh
1257655293.629048 CjhGID4nQcgTWjvg4c 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - 0 - 3 312 1 104 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
#close 2014-04-01-22-56-43
#open 2015-02-23-21-33-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 (empty)
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 d 0 0 1 176 (empty)
1257655296.585333 C6pKV8GSxOnSLghOa :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 CCvvfg3TEfuqmmG4bh
1257655293.629048 CjhGID4nQcgTWjvg4c 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
#close 2015-02-23-21-33-02

14
testing/btest/Baseline/core.tunnels.gre-in-gre/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-55
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c
1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c
1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c
#close 2014-04-01-22-56-55
#open 2015-02-23-21-33-06
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c
1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c
1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c
#close 2015-02-23-21-33-06

4
testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
View file

@ -6,6 +6,6 @@
#open 2014-01-16-21-51-36
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::IP Tunnel::DISCOVER
1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::IP Tunnel::DISCOVER
1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::GRE Tunnel::DISCOVER
1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::GRE Tunnel::DISCOVER
#close 2014-01-16-21-51-36

22
testing/btest/Baseline/core.tunnels.gre/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg
1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289973.849878 CCvvfg3TEfuqmmG4bh 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg
1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-56-51
#open 2015-02-23-21-33-05
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg
1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289973.849878 CCvvfg3TEfuqmmG4bh 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg
1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg
#close 2015-02-23-21-33-05

2
testing/btest/Baseline/core.tunnels.gre/tunnel.log
View file

@ -6,5 +6,5 @@
#open 2014-01-16-21-51-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::IP Tunnel::DISCOVER
1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::GRE Tunnel::DISCOVER
#close 2014-01-16-21-51-12

14
testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-56-58
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - 0 D 49 67160 0 0 (empty)
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - 0 D 29 3354 0 0 (empty)
#close 2014-04-01-22-56-58
#open 2015-02-23-21-33-07
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty)
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty)
#close 2015-02-23-21-33-07

10
testing/btest/Baseline/core.tunnels.gtp.false_gtp/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-03
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - 0 D 1 64 0 0 (empty)
#close 2014-04-01-22-57-03
#open 2015-02-23-21-33-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 (empty)
#close 2015-02-23-21-33-09

14
testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-05
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - 0 D 2 208 0 0 (empty)
1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-57-05
#open 2015-02-23-21-33-09
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 (empty)
1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg
#close 2015-02-23-21-33-09

42
testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
View file

@ -3,24 +3,24 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - 0 d 0 0 1 84 C3SfNE4BWaU4aSuwkc
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - 0 D 2 248 0 0 (empty)
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh
1333458850.029781 C6pKV8GSxOnSLghOa 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - 0 D 2 250 0 0 (empty)
1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - 0 Dd 1 116 1 120 (empty)
1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - 0 D 2 248 0 0 (empty)
1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - 0 D 1 120 0 0 (empty)
1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - 0 D 1 124 0 0 (empty)
1333458850.040098 CfTOmO0HKorjr8Zp7 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - 0 D 2 176 0 0 CwSkQu4eWZCH7OONC1
1333458850.029783 CIPOse170MGiRM1Qf4 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.032887 C7XEbhP654jzLoe3a 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - 0 d 0 0 1 84 CCvvfg3TEfuqmmG4bh
1333458850.014199 CjhGID4nQcgTWjvg4c 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CXWv6p3arKYeMETxOg
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4
1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
#close 2014-04-01-22-57-08
#open 2015-02-23-21-33-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 d 0 0 1 84 C3SfNE4BWaU4aSuwkc
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 (empty)
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh
1333458850.029781 C6pKV8GSxOnSLghOa 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 (empty)
1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 (empty)
1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 (empty)
1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 (empty)
1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 (empty)
1333458850.040098 CfTOmO0HKorjr8Zp7 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CwSkQu4eWZCH7OONC1
1333458850.029783 CIPOse170MGiRM1Qf4 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.032887 C7XEbhP654jzLoe3a 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 d 0 0 1 84 CCvvfg3TEfuqmmG4bh
1333458850.014199 CjhGID4nQcgTWjvg4c 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CXWv6p3arKYeMETxOg
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4
1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
#close 2015-02-23-21-33-10

12
testing/btest/Baseline/core.tunnels.gtp.not_user_plane_data/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-11
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - 0 D 1 52 0 0 (empty)
1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - 0 Dd 1 40 1 42 (empty)
#close 2014-04-01-22-57-11
#open 2015-02-23-21-33-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 (empty)
1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 (empty)
#close 2015-02-23-21-33-12

12
testing/btest/Baseline/core.tunnels.gtp.opt_header/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - 0 Dd 17 2216 14 2322 (empty)
#close 2014-04-01-22-57-12
#open 2015-02-23-21-33-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 (empty)
#close 2015-02-23-21-33-13

12
testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-15
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - 0 Dd 27 4176 41 54070 (empty)
#close 2014-04-01-22-57-15
#open 2015-02-23-21-33-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty)
#close 2015-02-23-21-33-14

50
testing/btest/Baseline/core.tunnels.teredo/conn.log
View file

@ -3,28 +3,28 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty)
1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - 0 fA 1 40 1 40 (empty)
1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - 0 Fa 1 40 1 40 (empty)
1210953058.007081 CJ3xTn1c4Zw9TmAE05 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - 0 R 1 40 0 0 (empty)
1210953057.834454 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - 0 ShADadR 6 1038 4 335 (empty)
1210953058.350065 CMXxB5GvmoxJFXdTa 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - 0 Dd 2 122 2 494 (empty)
1210953058.577231 Caby8b1slFea8xwSmb 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - 0 D 3 234 0 0 (empty)
1210953074.264819 CyAhVIzHqb7t7kv28 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - 0 Dd 3 207 3 682 (empty)
1210953061.312379 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - 0 ShADad 10 2279 12 11191 C3SfNE4BWaU4aSuwkc
1210953076.058333 Cx2FqO23omNawSNrxj 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty)
1210953074.055744 CfTOmO0HKorjr8Zp7 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty)
1210953074.057124 CzA03V1VcgagLjnO92 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty)
1210953074.570439 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - 0 ShADadFf 7 757 6 4164 (empty)
1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - 0 Dd 2 185 1 76 (empty)
1210953060.829233 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - 0 Dd 12 2695 13 11607 (empty)
1210953058.933954 Che1bq3i2rO3KD1Syg 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - 0 D 1 328 0 0 (empty)
1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - 0 d 0 0 1 137 (empty)
1210953046.591933 CXWv6p3arKYeMETxOg 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - 0 D 2 472 0 0 (empty)
1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4
1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4
#close 2014-04-01-22-57-21
#open 2015-02-23-21-33-18
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 fA 1 40 1 40 (empty)
1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 fA 1 40 1 40 (empty)
1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 (empty)
1210953058.007081 CJ3xTn1c4Zw9TmAE05 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 (empty)
1210953057.834454 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 (empty)
1210953058.350065 CMXxB5GvmoxJFXdTa 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 (empty)
1210953058.577231 Caby8b1slFea8xwSmb 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 (empty)
1210953074.264819 CyAhVIzHqb7t7kv28 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 (empty)
1210953061.312379 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 C3SfNE4BWaU4aSuwkc
1210953076.058333 Cx2FqO23omNawSNrxj 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.055744 CfTOmO0HKorjr8Zp7 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.057124 CzA03V1VcgagLjnO92 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.570439 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 (empty)
1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 (empty)
1210953060.829233 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 (empty)
1210953058.933954 Che1bq3i2rO3KD1Syg 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 (empty)
1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 d 0 0 1 137 (empty)
1210953046.591933 CXWv6p3arKYeMETxOg 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 (empty)
1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4
1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4
#close 2015-02-23-21-33-18

22
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - 0 Dd 2 185 1 80 (empty)
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - 0 Dd 12 2703 13 11607 (empty)
1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - 0 d 0 0 1 137 (empty)
1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh
1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-57-27
#open 2015-02-23-21-33-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 (empty)
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 (empty)
1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 d 0 0 1 137 (empty)
1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh
1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg
#close 2015-02-23-21-33-21

14
testing/btest/Baseline/core.vlan-mpls/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-57-31
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - 0 SADF 11 470 0 0 (empty)
1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty)
1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
#close 2014-04-01-22-57-31
#open 2015-02-23-21-33-22
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 (empty)
1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 (empty)
1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
#close 2015-02-23-21-33-22

10
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2015-03-16-19-43-09
#open 2015-02-03-22-47-13
#fields name
#types string
scripts/base/init-bare.bro
@ -14,6 +14,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/reporter.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
build/scripts/base/bif/event.bif.bro
scripts/base/frameworks/broker/__load__.bro
scripts/base/frameworks/broker/main.bro
scripts/base/frameworks/logging/__load__.bro
scripts/base/frameworks/logging/main.bro
build/scripts/base/bif/logging.bif.bro
@ -47,6 +49,10 @@ scripts/base/init-bare.bro
build/scripts/base/bif/bloom-filter.bif.bro
build/scripts/base/bif/cardinality-counter.bif.bro
build/scripts/base/bif/top-k.bif.bro
build/scripts/base/bif/comm.bif.bro
build/scripts/base/bif/data.bif.bro
build/scripts/base/bif/messaging.bif.bro
build/scripts/base/bif/store.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
@ -116,4 +122,4 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro
scripts/policy/misc/loaded-scripts.bro
scripts/base/utils/paths.bro
#close 2015-03-16-19-43-09
#close 2015-02-03-22-47-13

10
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2015-03-16-19-44-07
#open 2015-02-03-22-47-15
#fields name
#types string
scripts/base/init-bare.bro
@ -14,6 +14,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/reporter.bif.bro
build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro
build/scripts/base/bif/event.bif.bro
scripts/base/frameworks/broker/__load__.bro
scripts/base/frameworks/broker/main.bro
scripts/base/frameworks/logging/__load__.bro
scripts/base/frameworks/logging/main.bro
build/scripts/base/bif/logging.bif.bro
@ -47,6 +49,10 @@ scripts/base/init-bare.bro
build/scripts/base/bif/bloom-filter.bif.bro
build/scripts/base/bif/cardinality-counter.bif.bro
build/scripts/base/bif/top-k.bif.bro
build/scripts/base/bif/comm.bif.bro
build/scripts/base/bif/data.bif.bro
build/scripts/base/bif/messaging.bif.bro
build/scripts/base/bif/store.bif.bro
build/scripts/base/bif/plugins/__load__.bro
build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
@ -248,4 +254,4 @@ scripts/base/init-default.bro
scripts/base/misc/find-checksum-offloading.bro
scripts/base/misc/find-filtered-trace.bro
scripts/policy/misc/loaded-scripts.bro
#close 2015-03-16-19-44-07
#close 2015-02-03-22-47-15

2
testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
View file

@ -7,7 +7,7 @@
# bro -b -r http/get.trace connection_record_01.bro
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}], extract_orig=F, extract_resp=F]

2
testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
View file

@ -7,7 +7,7 @@
# bro -b -r http/get.trace connection_record_02.bro
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}], extract_orig=F, extract_resp=F, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={

23
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-connector_bro/output Normal file
View file

@ -0,0 +1,23 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
connecting-connector.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "connector";
event bro_init()
{
BrokerComm::enable();
BrokerComm::connect("127.0.0.1", broker_port, 1sec);
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established",
peer_address, peer_port, peer_name;
terminate();
}

25
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_connecting-listener_bro/output Normal file
View file

@ -0,0 +1,25 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
connecting-listener.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "listener";
event bro_init()
{
BrokerComm::enable();
BrokerComm::listen(broker_port, "127.0.0.1");
}
event BrokerComm::incoming_connection_established(peer_name: string)
{
print "BrokerComm::incoming_connection_established", peer_name;
}
event BrokerComm::incoming_connection_broken(peer_name: string)
{
print "BrokerComm::incoming_connection_broken", peer_name;
terminate();
}

35
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-connector_bro/output Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
events-connector.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "connector";
global my_event: event(msg: string, c: count);
global my_auto_event: event(msg: string, c: count);
event bro_init()
{
BrokerComm::enable();
BrokerComm::connect("127.0.0.1", broker_port, 1sec);
BrokerComm::auto_event("bro/event/my_auto_event", my_auto_event);
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established",
peer_address, peer_port, peer_name;
BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "hi", 0));
event my_auto_event("stuff", 88);
BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "...", 1));
event my_auto_event("more stuff", 51);
BrokerComm::event("bro/event/my_event", BrokerComm::event_args(my_event, "bye", 2));
}
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}

41
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_events-listener_bro/output Normal file
View file

@ -0,0 +1,41 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
events-listener.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "listener";
global msg_count = 0;
global my_event: event(msg: string, c: count);
global my_auto_event: event(msg: string, c: count);
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/");
BrokerComm::listen(broker_port, "127.0.0.1");
}
event BrokerComm::incoming_connection_established(peer_name: string)
{
print "BrokerComm::incoming_connection_established", peer_name;
}
event my_event(msg: string, c: count)
{
++msg_count;
print "got my_event", msg, c;
if ( msg_count == 5 )
terminate();
}
event my_auto_event(msg: string, c: count)
{
++msg_count;
print "got my_auto_event", msg, c;
if ( msg_count == 5 )
terminate();
}

44
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-connector_bro/output Normal file
View file

@ -0,0 +1,44 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
logs-connector.bro
@load ./testlog
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "connector";
redef Log::enable_local_logging = F;
redef Log::enable_remote_logging = F;
global n = 0;
event bro_init()
{
BrokerComm::enable();
BrokerComm::enable_remote_logs(Test::LOG);
BrokerComm::connect("127.0.0.1", broker_port, 1sec);
}
event do_write()
{
if ( n == 6 )
return;
Log::write(Test::LOG, [$msg = "ping", $num = n]);
++n;
event do_write();
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established",
peer_address, peer_port, peer_name;
event do_write();
}
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}

29
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_logs-listener_bro/output Normal file
View file

@ -0,0 +1,29 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
logs-listener.bro
@load ./testlog
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "listener";
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_logs("bro/log/Test::LOG");
BrokerComm::listen(broker_port, "127.0.0.1");
}
event BrokerComm::incoming_connection_established(peer_name: string)
{
print "BrokerComm::incoming_connection_established", peer_name;
}
event Test::log_test(rec: Test::Info)
{
print "wrote log", rec;
if ( rec$num == 5 )
terminate();
}

30
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-connector_bro/output Normal file
View file

@ -0,0 +1,30 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
printing-connector.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "connector";
event bro_init()
{
BrokerComm::enable();
BrokerComm::connect("127.0.0.1", broker_port, 1sec);
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established",
peer_address, peer_port, peer_name;
BrokerComm::print("bro/print/hi", "hello");
BrokerComm::print("bro/print/stuff", "...");
BrokerComm::print("bro/print/bye", "goodbye");
}
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}

30
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_printing-listener_bro/output Normal file
View file

@ -0,0 +1,30 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
printing-listener.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "listener";
global msg_count = 0;
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_prints("bro/print/");
BrokerComm::listen(broker_port, "127.0.0.1");
}
event BrokerComm::incoming_connection_established(peer_name: string)
{
print "BrokerComm::incoming_connection_established", peer_name;
}
event BrokerComm::print_handler(msg: string)
{
++msg_count;
print "got print message", msg;
if ( msg_count == 3 )
terminate();
}

57
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-connector_bro/output Normal file
View file

@ -0,0 +1,57 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
stores-connector.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
function dv(d: BrokerComm::Data): BrokerComm::DataVector
{
local rval: BrokerComm::DataVector;
rval[0] = d;
return rval;
}
global ready: event();
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
h = BrokerStore::create_master("mystore");
BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
BrokerStore::increment(h, BrokerComm::data("one"));
BrokerStore::decrement(h, BrokerComm::data("two"));
BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
when ( local res = BrokerStore::size(h) )
{
print "master size", res;
event ready();
}
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
BrokerComm::enable();
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
BrokerComm::auto_event("bro/event/ready", ready);
}

47
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_stores-listener_bro/output Normal file
View file

@ -0,0 +1,47 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
stores-listener.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
global expected_key_count = 4;
global key_count = 0;
function do_lookup(key: string)
{
when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
{
++key_count;
print "lookup", key, res;
if ( key_count == expected_key_count )
terminate();
}
timeout 10sec
{ print "timeout", key; }
}
event ready()
{
h = BrokerStore::create_clone("mystore");
when ( local res = BrokerStore::keys(h) )
{
print "clone keys", res;
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
}
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/ready");
BrokerComm::listen(broker_port, "127.0.0.1");
}

23
testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output Normal file
View file

@ -0,0 +1,23 @@
# @TEST-EXEC: cat %INPUT >output && btest-diff output
testlog.bro
module Test;
export {
redef enum Log::ID += { LOG };
type Info: record {
msg: string &log;
num: count &log;
};
global log_test: event(rec: Test::Info);
}
event bro_init() &priority=5
{
BrokerComm::enable();
Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]);
}

1
testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output
View file

@ -17,6 +17,7 @@ export {
resp_bytes: count &log &optional;
conn_state: string &log &optional;
local_orig: bool &log &optional;
local_resp: bool &log &optional;
missed_bytes: count &log &default=0;
history: string &log &optional;
orig_pkts: count &log &optional;

20
testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1
View file

@ -16,15 +16,15 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-22-59-28
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - 0 D 1 199 0 0 (empty)
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 179 0 0 (empty)
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty)
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty)
#open 2015-02-24-00-03-50
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
[...]

12
testing/btest/Baseline/language.while/out Normal file
View file

@ -0,0 +1,12 @@
10
s
ss
sss
{
7,
1,
9,
5,
3
}
[number 0, number 1, number 2, number 3, number 4, number 5, number 6, number 7, number 8, number 9, number 10, number 11, number 12]

2
testing/btest/Baseline/plugins.api-version-mismatch/output
View file

@ -1 +1 @@
fatal error in /home/robin/bro/master/scripts/base/init-bare.bro, line 1: plugin's API version does not match Bro (expected 2, got 42 in /home/robin/bro/master/testing/btest/.tmp/plugins.api-version-mismatch//lib/XXX)
fatal error in /home/robin/bro/plugins/scripts/base/init-bare.bro, line 1: plugin's API version does not match Bro (expected 2, got 42 in /home/robin/bro/plugins/testing/btest/.tmp/plugins.api-version-mismatch/build//lib/XXX)

2
testing/btest/Baseline/plugins.bifs-and-scripts-install/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 1.0)
Demo::Foo - <Insert description> (dynamic, version 0.1)
[Function] hello_plugin_world
[Event] plugin_event

2
testing/btest/Baseline/plugins.bifs-and-scripts/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 1.0)
Demo::Foo - <Insert description> (dynamic, version 0.1)
[Function] hello_plugin_world
[Event] plugin_event

1796
testing/btest/Baseline/plugins.hooks/output
View file

File diff suppressed because it is too large Load diff

2
testing/btest/Baseline/plugins.init-plugin/output
View file

@ -1,3 +1,3 @@
Demo::Foo - <Insert description> (dynamic, version 1.0)
Demo::Foo - <Insert description> (dynamic, version 0.1)
===

10
testing/btest/Baseline/plugins.pktsrc/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-09-04-18-06-05
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1409193037.000000 CXWv6p3arKYeMETxOg 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - 0 S 1 64 0 0 (empty)
#close 2014-09-04-18-06-05
#open 2015-02-23-21-37-52
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1409193037.000000 CXWv6p3arKYeMETxOg 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - - 0 S 1 64 0 0 (empty)
#close 2015-02-23-21-37-52

18
testing/btest/Baseline/plugins.writer/output
View file

@ -2,13 +2,13 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
[Writer] Foo (Log::WRITER_FOO)
===
[conn] 1340213005.165293|CXWv6p3arKYeMETxOg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|0|S|5|320|0|0|
[conn] 1340213010.582723|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|0|ShADadfF|23|5080|20|3986|
[conn] 1340213048.780152|CCvvfg3TEfuqmmG4bh|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0|
[conn] 1340213097.272764|CsRx2w45OKnoww6xl4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0|
[conn] 1340213162.160367|CRJuHdVW0XPVINV8a|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0|
[conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0|
[conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0|
[conn] 1340213005.165293|CXWv6p3arKYeMETxOg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|
[conn] 1340213010.582723|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|
[conn] 1340213048.780152|CCvvfg3TEfuqmmG4bh|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213097.272764|CsRx2w45OKnoww6xl4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213162.160367|CRJuHdVW0XPVINV8a|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|CjhGID4nQcgTWjvg4c|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|-
[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[packet_filter] 1412721099.419280|bro|ip or not ip|T|T
[socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
[packet_filter] 1424736260.256998|bro|ip or not ip|T|T
[socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
[tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER

68
testing/btest/Baseline/scripts.base.frameworks.input.sqlite.basic/out
View file

@ -1,136 +1,136 @@
[ts=1300475167.096535, uid=dnGM1AdIVyh, id=[orig_h=141.142.220.202, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=73, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475167.096535, uid=dnGM1AdIVyh, id=[orig_h=141.142.220.202, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=73, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475167.097012, uid=fv9q7WjEgp1, id=[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/unknown, resp_h=ff02::fb, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=199, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475167.097012, uid=fv9q7WjEgp1, id=[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/unknown, resp_h=ff02::fb, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=199, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475167.099816, uid=0Ox0H56yl88, id=[orig_h=141.142.220.50, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=179, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475167.099816, uid=0Ox0H56yl88, id=[orig_h=141.142.220.50, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=179, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000435, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
[ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000435, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}]
0
[ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.00042, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
[ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.00042, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}]
0
[ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000392, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
[ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000392, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}]
0
[ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
[ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}]
0
[ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000343, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
[ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000343, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}]
0
[ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000375, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
[ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000375, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}]
0
[ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000339, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
[ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000339, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}]
0
[ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000335, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
[ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000335, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}]
0
[ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000421, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
[ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000421, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}]
0
[ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000384, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
[ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000384, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}]
0
[ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
[ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}]
0
[ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000423, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
[ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000423, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}]
0
[ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000402, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={
[ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000402, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={
}]
0
[ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000374, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={
[ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000374, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={
}]
0
[ts=1300475169.899438, uid=3xwJPc7mQ9a, id=[orig_h=141.142.220.44, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=85, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475169.899438, uid=3xwJPc7mQ9a, id=[orig_h=141.142.220.44, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=85, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.613017, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.613017, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100096, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100096, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100021, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100021, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099801, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099801, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099849, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099849, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475173.153679, uid=sw1bKJOMjuk, id=[orig_h=141.142.220.238, orig_p=56641/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=78, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
[ts=1300475173.153679, uid=sw1bKJOMjuk, id=[orig_h=141.142.220.238, orig_p=56641/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=78, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}]
0
[ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=0.119905, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={
[ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=0.119905, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={
}]
0
[ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.229603, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
[ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.229603, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}]
0
[ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.215893, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
[ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.215893, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}]
0
[ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.218501, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
[ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.218501, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}]
0
[ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.227284, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
[ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.227284, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}]
0
[ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=0.120041, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={
[ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=0.120041, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={
}]
0
[ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.21972, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
[ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.21972, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}]
0
[ts=1300475169.780331, uid=1xFx4PGdeq5, id=[orig_h=141.142.220.235, orig_p=6705/unknown, resp_h=173.192.163.128, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=OTH, local_orig=<uninitialized>, missed_bytes=0, history=h, orig_pkts=0, orig_ip_bytes=0, resp_pkts=1, resp_ip_bytes=48, tunnel_parents={
[ts=1300475169.780331, uid=1xFx4PGdeq5, id=[orig_h=141.142.220.235, orig_p=6705/unknown, resp_h=173.192.163.128, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=h, orig_pkts=0, orig_ip_bytes=0, resp_pkts=1, resp_ip_bytes=48, tunnel_parents={
}]
0
[ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=0.061329, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={
[ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=0.061329, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={
}]
0
[ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.220961, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
[ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.220961, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}]
0

4
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.failure.log Normal file
View file

@ -0,0 +1,4 @@
t id.orig_h id.orig_p id.resp_h id.resp_p status country
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX

14
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.log Normal file
View file

@ -0,0 +1,14 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-02-23-21-54-13
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX
#close 2015-02-23-21-54-13

11
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.success.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test.success
#open 2015-02-23-21-54-13
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR
#close 2015-02-23-21-54-13

68
testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/conn.select
View file

@ -1,34 +1,34 @@
1300475167.09653|CXWv6p3arKYeMETxOg|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|73|0|0|(empty)
1300475167.09701|CjhGID4nQcgTWjvg4c|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0||0|D|1|199|0|0|(empty)
1300475167.09982|CCvvfg3TEfuqmmG4bh|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|179|0|0|(empty)
1300475168.652|CsRx2w45OKnoww6xl4|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH||0|DdA|2|567|1|402|(empty)
1300475168.72401|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1||0|ShADad|4|741|3|396|(empty)
1300475168.8539|CPbrpk1qSsw6ESzHV4|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF||0|Dd|1|66|1|117|(empty)
1300475168.85438|C6pKV8GSxOnSLghOa|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF||0|Dd|1|80|1|127|(empty)
1300475168.85484|CIPOse170MGiRM1Qf4|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF||0|Dd|1|66|1|211|(empty)
1300475168.8553|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1||0|ShADad|6|1491|4|949|(empty)
1300475168.85533|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1||0|ShADad|6|1445|4|950|(empty)
1300475168.85796|CMXxB5GvmoxJFXdTa|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF||0|Dd|1|66|1|117|(empty)
1300475168.85831|Caby8b1slFea8xwSmb|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF||0|Dd|1|80|1|127|(empty)
1300475168.85871|Che1bq3i2rO3KD1Syg|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF||0|Dd|1|66|1|211|(empty)
1300475168.85916|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1||0|ShADad|6|1450|4|950|(empty)
1300475168.89164|CEle3f3zno26fFZkrh|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF||0|Dd|1|66|1|117|(empty)
1300475168.89204|CwSkQu4eWZCH7OONC1|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF||0|Dd|1|80|1|127|(empty)
1300475168.89241|CfTOmO0HKorjr8Zp7|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF||0|Dd|1|66|1|211|(empty)
1300475168.89291|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1||0|ShADad|6|1457|4|949|(empty)
1300475168.89294|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1||0|ShADad|6|1468|4|950|(empty)
1300475168.89399|Cab0vO1xNYSS2hJkle|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF||0|Dd|1|66|1|117|(empty)
1300475168.89442|Cx2FqO23omNawSNrxj|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF||0|Dd|1|80|1|127|(empty)
1300475168.89479|Cx3C534wEyF3OvvcQe|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF||0|Dd|1|66|1|211|(empty)
1300475168.89527|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1||0|ShADad|6|1498|4|950|(empty)
1300475168.90175|CUKS0W3HFYOnBqSE5e|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF||0|Dd|1|64|1|159|(empty)
1300475168.90219|CRrfvP2lalMAYOCLhj|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF||0|Dd|1|64|1|226|(empty)
1300475168.90264|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1||0|ShADad|4|750|3|576|(empty)
1300475169.78033|CUof3F2yAIid8QS3dk|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH||0|h|0|0|1|48|(empty)
1300475169.89944|CojBOU3CXcLHl1r6x1|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|85|0|0|(empty)
1300475170.86238|CJzVQRGJrX6V15ik7|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0||0|D|7|546|0|0|(empty)
1300475171.67537|ClAbxY1nmdjCuo0Le2|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0||0|D|2|162|0|0|(empty)
1300475171.67708|CwG0BF1VXE0gWgs78|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0||0|D|2|122|0|0|(empty)
1300475173.11675|CisNaL1Cm73CiNOmcg|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0||0|D|2|162|0|0|(empty)
1300475173.11736|CBQnJn22qN8TOeeZil|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0||0|D|2|122|0|0|(empty)
1300475173.15368|CbEsuD3dgDDngdlbKf|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0||0|D|1|78|0|0|(empty)
1300475167.09653|CXWv6p3arKYeMETxOg|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|73|0|0|(empty)
1300475167.09701|CjhGID4nQcgTWjvg4c|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|||0|D|1|199|0|0|(empty)
1300475167.09982|CCvvfg3TEfuqmmG4bh|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|179|0|0|(empty)
1300475168.652|CsRx2w45OKnoww6xl4|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|||0|DdA|2|567|1|402|(empty)
1300475168.72401|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|||0|ShADad|4|741|3|396|(empty)
1300475168.8539|CPbrpk1qSsw6ESzHV4|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.85438|C6pKV8GSxOnSLghOa|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.85484|CIPOse170MGiRM1Qf4|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.8553|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|||0|ShADad|6|1491|4|949|(empty)
1300475168.85533|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|||0|ShADad|6|1445|4|950|(empty)
1300475168.85796|CMXxB5GvmoxJFXdTa|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.85831|Caby8b1slFea8xwSmb|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.85871|Che1bq3i2rO3KD1Syg|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.85916|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|||0|ShADad|6|1450|4|950|(empty)
1300475168.89164|CEle3f3zno26fFZkrh|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.89204|CwSkQu4eWZCH7OONC1|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.89241|CfTOmO0HKorjr8Zp7|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.89291|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|||0|ShADad|6|1457|4|949|(empty)
1300475168.89294|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|||0|ShADad|6|1468|4|950|(empty)
1300475168.89399|Cab0vO1xNYSS2hJkle|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.89442|Cx2FqO23omNawSNrxj|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.89479|Cx3C534wEyF3OvvcQe|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.89527|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|||0|ShADad|6|1498|4|950|(empty)
1300475168.90175|CUKS0W3HFYOnBqSE5e|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|||0|Dd|1|64|1|159|(empty)
1300475168.90219|CRrfvP2lalMAYOCLhj|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|||0|Dd|1|64|1|226|(empty)
1300475168.90264|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|||0|ShADad|4|750|3|576|(empty)
1300475169.78033|CUof3F2yAIid8QS3dk|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|||0|h|0|0|1|48|(empty)
1300475169.89944|CojBOU3CXcLHl1r6x1|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|85|0|0|(empty)
1300475170.86238|CJzVQRGJrX6V15ik7|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|||0|D|7|546|0|0|(empty)
1300475171.67537|ClAbxY1nmdjCuo0Le2|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|||0|D|2|162|0|0|(empty)
1300475171.67708|CwG0BF1VXE0gWgs78|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|||0|D|2|122|0|0|(empty)
1300475173.11675|CisNaL1Cm73CiNOmcg|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|||0|D|2|162|0|0|(empty)
1300475173.11736|CBQnJn22qN8TOeeZil|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|||0|D|2|122|0|0|(empty)
1300475173.15368|CbEsuD3dgDDngdlbKf|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|||0|D|1|78|0|0|(empty)

18
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
View file

@ -3,12 +3,12 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-23-15-49
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2014-04-01-23-15-49
#open 2015-02-23-21-43-45
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2015-02-23-21-43-45

20
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
View file

@ -3,13 +3,13 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-23-15-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 (empty)
1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 (empty)
1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 (empty)
1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 (empty)
1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 (empty)
1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 (empty)
#close 2014-04-01-23-15-51
#open 2015-02-23-21-43-46
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - - 0 ShAdfFa 5 372 4 642 (empty)
1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - - 0 ShAdfFa 5 372 4 343 (empty)
1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - - 0 ShAdfFa 5 372 4 377 (empty)
1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - - 0 ShADFaf 5 449 4 300 (empty)
1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - - 0 ShAdDfFa 57 4426 34 5908 (empty)
1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - - 0 ShADFaf 5 714 4 300 (empty)
#close 2015-02-23-21-43-46

12
testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-23-15-53
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1348168976.274919 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 tcp ssl,ftp,gridftp 0.294743 4491 6659 SF - 0 ShAdDaFf 22 5643 21 7759 (empty)
1348168976.546371 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.011938 2135 3196 S1 - 0 ShADad 8 2559 6 3516 (empty)
#close 2014-04-01-23-15-53
#open 2015-02-23-21-43-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1348168976.274919 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 tcp ssl,ftp,gridftp 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 (empty)
1348168976.546371 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.011938 2135 3196 S1 - - 0 ShADad 8 2559 6 3516 (empty)
#close 2015-02-23-21-43-47

10
testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-23-15-59
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - 0 ShADadfF 14 2257 16 944 (empty)
#close 2014-04-01-23-15-59
#open 2015-02-23-21-43-52
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 (empty)
#close 2015-02-23-21-43-52

12
testing/btest/Baseline/scripts.base.protocols.irc.basic/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-05-01-19-07-07
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1311189318.898709 CjhGID4nQcgTWjvg4c 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - 0 ShAdDaFf 28 1592 43 44452 (empty)
1311189164.064603 CXWv6p3arKYeMETxOg 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - 0 ShADdaf 63 3761 52 28194 (empty)
#close 2014-05-01-19-07-07
#open 2015-02-23-21-43-57
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1311189318.898709 CjhGID4nQcgTWjvg4c 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - - 0 ShAdDaFf 28 1592 43 44452 (empty)
1311189164.064603 CXWv6p3arKYeMETxOg 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - - 0 ShADdaf 63 3761 52 28194 (empty)
#close 2015-02-23-21-43-57

10
testing/btest/Baseline/scripts.base.protocols.socks.socks-auth/socks.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path socks
#open 2015-02-05-16-13-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string string addr string port addr string port
1368517392.724989 CXWv6p3arKYeMETxOg 192.168.0.2 55951 192.168.0.1 1080 5 bob alice succeeded 192.168.0.2 - 22 192.168.0.1 - 55951
#close 2015-02-05-16-13-12

10
testing/btest/Baseline/scripts.base.protocols.socks.socks-auth/tunnel.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path tunnel
#open 2015-02-05-16-13-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1368517392.728523 - 192.168.0.2 0 192.168.0.1 1080 Tunnel::SOCKS Tunnel::DISCOVER
#close 2015-02-05-16-13-12

10
testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path socks
#open 2013-08-26-19-04-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string addr string port addr string port
1340213015.276495 CjhGID4nQcgTWjvg4c 10.0.0.55 53994 60.190.189.214 8124 5 - succeeded - www.osnews.com 80 192.168.0.31 - 2688
#close 2013-08-26-19-04-20
#open 2015-02-05-17-39-14
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string string addr string port addr string port
1340213015.276495 CjhGID4nQcgTWjvg4c 10.0.0.55 53994 60.190.189.214 8124 5 - - succeeded - www.osnews.com 80 192.168.0.31 - 2688
#close 2015-02-05-17-39-14

10
testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path socks
#open 2013-08-26-19-04-20
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string addr string port addr string port
1340113261.914619 CXWv6p3arKYeMETxOg 10.0.0.50 59580 85.194.84.197 1080 5 - succeeded - www.google.com 443 0.0.0.0 - 443
#close 2013-08-26-19-04-20
#open 2015-02-05-17-39-29
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string string addr string port addr string port
1340113261.914619 CXWv6p3arKYeMETxOg 10.0.0.50 59580 85.194.84.197 1080 5 - - succeeded - www.google.com 443 0.0.0.0 - 443
#close 2015-02-05-17-39-29

3
testing/btest/Baseline/scripts.base.protocols.ssl.common_name/.stdout Normal file
View file

@ -0,0 +1,3 @@
*.gstatic.com
Google Internet Authority
No CN

22
testing/btest/Baseline/scripts.policy.frameworks.intel.seen.certs/intel-all.log Normal file
View file

@ -0,0 +1,22 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path intel
#open 2015-03-04-01-12-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where seen.node sources
#types time string addr port addr port string string string string enum enum string set[string]
1416942644.593119 CXWv6p3arKYeMETxOg 192.168.4.149 49422 23.92.19.75 443 F0txuw2pvrkZOn04a8 - 23.92.19.75:443/tcp www.pantz.org Intel::DOMAIN X509::IN_CERT bro source1
#close 2015-03-04-01-12-47
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path intel
#open 2015-03-04-01-12-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where seen.node sources
#types time string addr port addr port string string string string enum enum string set[string]
1170717505.934612 CXWv6p3arKYeMETxOg 192.150.187.164 58868 194.127.84.106 443 - - - www.dresdner-privat.de Intel::DOMAIN X509::IN_CERT bro source1
1170717509.082241 CjhGID4nQcgTWjvg4c 192.150.187.164 58869 194.127.84.106 443 - - - www.dresdner-privat.de Intel::DOMAIN X509::IN_CERT bro source1
1170717512.108799 CCvvfg3TEfuqmmG4bh 192.150.187.164 58870 194.127.84.106 443 - - - www.dresdner-privat.de Intel::DOMAIN X509::IN_CERT bro source1
#close 2015-03-04-01-12-47

33
testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice-out.log Normal file
View file

@ -0,0 +1,33 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-10
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1397165496.713940 CXWv6p3arKYeMETxOg 192.168.4.149 59062 91.227.4.92 443 - - - tcp SSL::Old_Version Host uses protocol version SSLv2 which is lower than the safe minimum TLSv10 - 192.168.4.149 91.227.4.92 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-11
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2015-02-25-21-37-11
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1170717505.734145 CXWv6p3arKYeMETxOg 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Cipher Host established connection using unsafe ciper suite TLS_RSA_WITH_RC4_128_MD5 - 192.150.187.164 194.127.84.106 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1170717505.934612 CXWv6p3arKYeMETxOg 192.150.187.164 58868 194.127.84.106 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key - 192.150.187.164 194.127.84.106 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2015-02-25-21-37-11

12
testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log
View file

@ -1,12 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2014-04-27-07-15-32
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak DH parameters with 1024 key bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.430417 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key DH key length of 1024 bits is smaller certificate key length of 2048 bits - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
1398558136.542637 CXWv6p3arKYeMETxOg 192.168.18.50 62277 162.219.2.166 443 - - - tcp SSL::Weak_Key Host uses weak certificate with 2048 bit key - 192.168.18.50 162.219.2.166 443 - bro Notice::ACTION_LOG 86400.000000 F - - - - -
#close 2014-04-27-07-15-32

18
testing/btest/Baseline/signatures.eval-condition/conn.log
View file

@ -3,12 +3,12 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2014-04-01-23-16-29
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2014-04-01-23-16-29
#open 2015-02-23-21-45-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2015-02-23-21-45-47

BIN
testing/btest/Traces/socks-auth.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/tls/cert-no-cn.pcap Normal file
View file

Binary file not shown.

125
testing/btest/broker/clone_store.bro Normal file
View file

@ -0,0 +1,125 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-EXEC: btest-bg-run clone "bro -b -r $TRACES/wikipedia.trace ../clone.bro broker_port=$BROKER_PORT >clone.out"
# @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace ../master.bro broker_port=$BROKER_PORT >master.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
# @TEST-EXEC: btest-diff master/master.out
@TEST-START-FILE clone.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
global expected_key_count = 4;
global key_count = 0;
global query_timeout = 15sec;
function do_lookup(key: string)
{
when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
{
++key_count;
print "lookup", key, res;
if ( key_count == expected_key_count )
terminate();
}
timeout query_timeout
{
print "clone lookup query timeout";
terminate();
}
}
event ready()
{
h = BrokerStore::create_clone("mystore");
when ( local res = BrokerStore::keys(h) )
{
print "clone keys", res;
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
}
timeout query_timeout
{
print "clone keys query timeout";
terminate();
}
}
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/ready");
BrokerComm::listen(broker_port, "127.0.0.1");
}
@TEST-END-FILE
@TEST-START-FILE master.bro
global query_timeout = 15sec;
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
function dv(d: BrokerComm::Data): BrokerComm::DataVector
{
local rval: BrokerComm::DataVector;
rval[0] = d;
return rval;
}
global ready: event();
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
h = BrokerStore::create_master("mystore");
BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
BrokerStore::increment(h, BrokerComm::data("one"));
BrokerStore::decrement(h, BrokerComm::data("two"));
BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
when ( local res = BrokerStore::size(h) )
{ event ready(); }
timeout query_timeout
{
print "master size query timeout";
terminate();
}
}
event bro_init()
{
BrokerComm::enable();
BrokerComm::auto_event("bro/event/ready", ready);
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
}
@TEST-END-FILE

57
testing/btest/broker/connection_updates.bro Normal file
View file

@ -0,0 +1,57 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro broker_port=$BROKER_PORT >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out
@TEST-START-FILE recv.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "listener";
event bro_init()
{
BrokerComm::enable();
BrokerComm::listen(broker_port, "127.0.0.1");
}
event BrokerComm::incoming_connection_established(peer_name: string)
{
print "BrokerComm::incoming_connection_established", peer_name;;
}
event BrokerComm::incoming_connection_broken(peer_name: string)
{
print "BrokerComm::incoming_connection_broken", peer_name;;
terminate();
}
@TEST-END-FILE
@TEST-START-FILE send.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
redef BrokerComm::endpoint_name = "connector";
event bro_init()
{
BrokerComm::enable();
BrokerComm::connect("127.0.0.1", broker_port, 1sec);
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established",
peer_address, peer_port, peer_name;;
terminate();
}
@TEST-END-FILE

222
testing/btest/broker/data.bro Normal file
View file

@ -0,0 +1,222 @@
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
type bro_set: set[string];
type bro_table: table[string] of count;
type bro_vector: vector of string;
type bro_record : record {
a: string &optional;
b: string &default = "bee";
c: count;
};
function comm_record_to_bro_record_recurse(it: opaque of BrokerComm::RecordIterator,
rval: bro_record,
idx: count): bro_record
{
if ( BrokerComm::record_iterator_last(it) )
return rval;
local field_value = BrokerComm::record_iterator_value(it);
if ( field_value?$d )
switch ( idx ) {
case 0:
rval$a = BrokerComm::refine_to_string(field_value);
break;
case 1:
rval$b = BrokerComm::refine_to_string(field_value);
break;
case 2:
rval$c = BrokerComm::refine_to_count(field_value);
break;
};
++idx;
BrokerComm::record_iterator_next(it);
return comm_record_to_bro_record_recurse(it, rval, idx);
}
function comm_record_to_bro_record(d: BrokerComm::Data): bro_record
{
return comm_record_to_bro_record_recurse(BrokerComm::record_iterator(d),
bro_record($c = 0), 0);
}
function
comm_set_to_bro_set_recurse(it: opaque of BrokerComm::SetIterator,
rval: bro_set): bro_set
{
if ( BrokerComm::set_iterator_last(it) )
return rval;
add rval[BrokerComm::refine_to_string(BrokerComm::set_iterator_value(it))];
BrokerComm::set_iterator_next(it);
return comm_set_to_bro_set_recurse(it, rval);
}
function comm_set_to_bro_set(d: BrokerComm::Data): bro_set
{
return comm_set_to_bro_set_recurse(BrokerComm::set_iterator(d), bro_set());
}
function
comm_table_to_bro_table_recurse(it: opaque of BrokerComm::TableIterator,
rval: bro_table): bro_table
{
if ( BrokerComm::table_iterator_last(it) )
return rval;
local item = BrokerComm::table_iterator_value(it);
rval[BrokerComm::refine_to_string(item$key)] = BrokerComm::refine_to_count(item$val);
BrokerComm::table_iterator_next(it);
return comm_table_to_bro_table_recurse(it, rval);
}
function comm_table_to_bro_table(d: BrokerComm::Data): bro_table
{
return comm_table_to_bro_table_recurse(BrokerComm::table_iterator(d),
bro_table());
}
function comm_vector_to_bro_vector_recurse(it: opaque of BrokerComm::VectorIterator,
rval: bro_vector): bro_vector
{
if ( BrokerComm::vector_iterator_last(it) )
return rval;
rval[|rval|] = BrokerComm::refine_to_string(BrokerComm::vector_iterator_value(it));
BrokerComm::vector_iterator_next(it);
return comm_vector_to_bro_vector_recurse(it, rval);
}
function comm_vector_to_bro_vector(d: BrokerComm::Data): bro_vector
{
return comm_vector_to_bro_vector_recurse(BrokerComm::vector_iterator(d),
bro_vector());
}
event bro_init()
{
BrokerComm::enable();
print BrokerComm::data_type(BrokerComm::data(T));
print BrokerComm::data_type(BrokerComm::data(+1));
print BrokerComm::data_type(BrokerComm::data(1));
print BrokerComm::data_type(BrokerComm::data(1.1));
print BrokerComm::data_type(BrokerComm::data("1 (how creative)"));
print BrokerComm::data_type(BrokerComm::data(1.1.1.1));
print BrokerComm::data_type(BrokerComm::data(1.1.1.1/1));
print BrokerComm::data_type(BrokerComm::data(1/udp));
print BrokerComm::data_type(BrokerComm::data(double_to_time(1)));
print BrokerComm::data_type(BrokerComm::data(1sec));
print BrokerComm::data_type(BrokerComm::data(BrokerComm::BOOL));
local s: bro_set = bro_set("one", "two", "three");
local t: bro_table = bro_table(["one"] = 1, ["two"] = 2, ["three"] = 3);
local v: bro_vector = bro_vector("zero", "one", "two");
local r: bro_record = bro_record($c = 1);
print BrokerComm::data_type(BrokerComm::data(s));
print BrokerComm::data_type(BrokerComm::data(t));
print BrokerComm::data_type(BrokerComm::data(v));
print BrokerComm::data_type(BrokerComm::data(r));
print "***************************";
print BrokerComm::refine_to_bool(BrokerComm::data(T));
print BrokerComm::refine_to_bool(BrokerComm::data(F));
print BrokerComm::refine_to_int(BrokerComm::data(+1));
print BrokerComm::refine_to_int(BrokerComm::data(+0));
print BrokerComm::refine_to_int(BrokerComm::data(-1));
print BrokerComm::refine_to_count(BrokerComm::data(1));
print BrokerComm::refine_to_count(BrokerComm::data(0));
print BrokerComm::refine_to_double(BrokerComm::data(1.1));
print BrokerComm::refine_to_double(BrokerComm::data(-11.1));
print BrokerComm::refine_to_string(BrokerComm::data("hello"));
print BrokerComm::refine_to_addr(BrokerComm::data(1.2.3.4));
print BrokerComm::refine_to_subnet(BrokerComm::data(192.168.1.1/16));
print BrokerComm::refine_to_port(BrokerComm::data(22/tcp));
print BrokerComm::refine_to_time(BrokerComm::data(double_to_time(42)));
print BrokerComm::refine_to_interval(BrokerComm::data(3min));
print BrokerComm::refine_to_enum_name(BrokerComm::data(BrokerComm::BOOL));
print "***************************";
local cs = BrokerComm::data(s);
print comm_set_to_bro_set(cs);
cs = BrokerComm::set_create();
print BrokerComm::set_size(cs);
print BrokerComm::set_insert(cs, BrokerComm::data("hi"));
print BrokerComm::set_size(cs);
print BrokerComm::set_contains(cs, BrokerComm::data("hi"));
print BrokerComm::set_contains(cs, BrokerComm::data("bye"));
print BrokerComm::set_insert(cs, BrokerComm::data("bye"));
print BrokerComm::set_size(cs);
print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
print BrokerComm::set_size(cs);
print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
print comm_set_to_bro_set(cs);
BrokerComm::set_clear(cs);
print BrokerComm::set_size(cs);
print "***************************";
local ct = BrokerComm::data(t);
print comm_table_to_bro_table(ct);
ct = BrokerComm::table_create();
print BrokerComm::table_size(ct);
print BrokerComm::table_insert(ct, BrokerComm::data("hi"), BrokerComm::data(42));
print BrokerComm::table_size(ct);
print BrokerComm::table_contains(ct, BrokerComm::data("hi"));
print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("hi")));
print BrokerComm::table_contains(ct, BrokerComm::data("bye"));
print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(7));
print BrokerComm::table_size(ct);
print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(37));
print BrokerComm::table_size(ct);
print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("bye")));
print BrokerComm::table_remove(ct, BrokerComm::data("hi"));
print BrokerComm::table_size(ct);
print "***************************";
local cv = BrokerComm::data(v);
print comm_vector_to_bro_vector(cv);
cv = BrokerComm::vector_create();
print BrokerComm::vector_size(cv);
print BrokerComm::vector_insert(cv, BrokerComm::data("hi"), 0);
print BrokerComm::vector_insert(cv, BrokerComm::data("hello"), 1);
print BrokerComm::vector_insert(cv, BrokerComm::data("greetings"), 2);
print BrokerComm::vector_insert(cv, BrokerComm::data("salutations"), 1);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_size(cv);
print BrokerComm::vector_replace(cv, BrokerComm::data("bah"), 2);
print BrokerComm::vector_lookup(cv, 2);
print BrokerComm::vector_lookup(cv, 0);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_remove(cv, 2);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_size(cv);
print "***************************";
local cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
r$a = "test";
cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
r$b = "testagain";
cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
cr = BrokerComm::record_create(3);
print BrokerComm::record_size(cr);
print BrokerComm::record_assign(cr, BrokerComm::data("hi"), 0);
print BrokerComm::record_assign(cr, BrokerComm::data("hello"), 1);
print BrokerComm::record_assign(cr, BrokerComm::data(37), 2);
print BrokerComm::record_lookup(cr, 0);
print BrokerComm::record_lookup(cr, 1);
print BrokerComm::record_lookup(cr, 2);
print BrokerComm::record_size(cr);
}

181
testing/btest/broker/master_store.bro Normal file
View file

@ -0,0 +1,181 @@
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace %INPUT >out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
global lookup_count = 0;
const lookup_expect_count = 5;
global exists_count = 0;
const exists_expect_count = 4;
global pop_count = 0;
const pop_expect_count = 2;
global test_size: event(where: string &default = "");
global query_timeout = 5sec;
event test_clear()
{
BrokerStore::clear(h);
event test_size("after clear");
}
event test_size(where: string)
{
when ( local res = BrokerStore::size(h) )
{
if ( where == "" )
{
print fmt("size: %s", res);
event test_clear();
}
else
{
print fmt("size (%s): %s", where, res);
terminate();
}
}
timeout query_timeout
{
print "'size' query timeout";
if ( where == "" )
event test_clear();
else
terminate();
}
}
event test_keys()
{
when ( local res = BrokerStore::keys(h) )
{
print fmt("keys: %s", res);
event test_size();
}
timeout query_timeout
{
print "'keys' query timeout";
event test_size();
}
}
event test_pop(key: string)
{
when ( local lres = BrokerStore::pop_left(h, BrokerComm::data(key)) )
{
print fmt("pop_left(%s): %s", key, lres);
++pop_count;
if ( pop_count == pop_expect_count )
event test_keys();
}
timeout query_timeout
{
print "'pop_left' timeout";
++pop_count;
if ( pop_count == pop_expect_count )
event test_keys();
}
when ( local rres = BrokerStore::pop_right(h, BrokerComm::data(key)) )
{
print fmt("pop_right(%s): %s", key, rres);
++pop_count;
if ( pop_count == pop_expect_count )
event test_keys();
}
timeout query_timeout
{
print "'pop_right' timeout";
++pop_count;
if ( pop_count == pop_expect_count )
event test_keys();
}
}
function do_exists(key: string)
{
when ( local res = BrokerStore::exists(h, BrokerComm::data(key)) )
{
print fmt("exists(%s): %s", key, res);
++exists_count;
if ( exists_count == exists_expect_count )
event test_pop("myvec");
}
timeout query_timeout
{
print "'exists' query timeout";
++exists_count;
if ( exists_count == exists_expect_count )
event test_pop("myvec");
}
}
event test_erase()
{
BrokerStore::erase(h, BrokerComm::data("two"));
do_exists("one");
do_exists("two");
do_exists("myset");
do_exists("four");
}
function do_lookup(key: string)
{
when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
{
print fmt("lookup(%s): %s", key, res);
++lookup_count;
if ( lookup_count == lookup_expect_count )
event test_erase();
}
timeout query_timeout
{
print "'lookup' query timeout";
++lookup_count;
if ( lookup_count == lookup_expect_count )
event test_erase();
}
}
function dv(d: BrokerComm::Data): BrokerComm::DataVector
{
local rval: BrokerComm::DataVector;
rval[0] = d;
return rval;
}
event bro_init()
{
BrokerComm::enable();
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
h = BrokerStore::create_master("master");
BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
BrokerStore::increment(h, BrokerComm::data("one"));
BrokerStore::decrement(h, BrokerComm::data("two"));
BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
do_lookup("one");
do_lookup("two");
do_lookup("myset");
do_lookup("four");
do_lookup("myvec");
}

94
testing/btest/broker/remote_event.test Normal file
View file

@ -0,0 +1,94 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro broker_port=$BROKER_PORT >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out
@TEST-START-FILE recv.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global event_handler: event(msg: string, c: count);
global auto_event_handler: event(msg: string, c: count);
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/");
BrokerComm::auto_event("bro/event/my_topic", auto_event_handler);
BrokerComm::listen(broker_port, "127.0.0.1");
}
global event_count = 0;
global events_to_recv = 6;
event event_handler(msg: string, n: count)
{
++event_count;
print "got event msg", msg, n;
if ( event_count == events_to_recv )
{
terminate();
return;
}
event auto_event_handler(msg, n);
local args = BrokerComm::event_args(event_handler, "pong", n);
BrokerComm::event("bro/event/my_topic", args);
}
@TEST-END-FILE
@TEST-START-FILE send.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global event_handler: event(msg: string, c: count);
global auto_event_handler: event(msg: string, c: count);
event bro_init()
{
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/my_topic");
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
}
global event_count = 0;
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
local args = BrokerComm::event_args(event_handler, "ping", event_count);
BrokerComm::event("bro/event/hi", args);
++event_count;
}
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event event_handler(msg: string, n: count)
{
print "got event msg", msg, n;
local args = BrokerComm::event_args(event_handler, "ping", event_count);
BrokerComm::event("bro/event/hi", args);
++event_count;
}
event auto_event_handler(msg: string, n: count)
{
print "got auto event msg", msg, n;
}
@TEST-END-FILE

Some files were not shown because too many files have changed in this diff Show more