Merge branch 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek

* 'topic/jgras/connection-packet-threshold' of https://github.com/J-Gras/zeek: Add NEWS entry for generic packet thresholds Allow for multiple generic packet thresholds Add btest for conn_generic_packet_threshold_crossed event Update dump-events btest baseline Add conn_generic_packet_threshold_crossed event
2025-10-02 06:38:20 +00:00 · 2025-07-08 17:53:56 +02:00 · 2025-07-08 17:53:56 +02:00 · 0c60f2a70a
commit 0c60f2a70a
parent 8ba77da152 50ab72efc2
11 changed files with 140 additions and 2 deletions
--- a/testing/btest/core/conn-generic-packet-threshold.zeek
+++ b/testing/btest/core/conn-generic-packet-threshold.zeek
@ -0,0 +1,19 @@
+# @TEST-EXEC: echo "=== Generic threshold crossed ===" > out
+# @TEST-EXEC: zeek -b -C -r $TRACES/http/get.trace %INPUT >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/dns/long-connection.pcap %INPUT >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/communityid/sctp.pcap %INPUT >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/http/get.trace %INPUT ConnThreshold::generic_packet_thresholds+={10} >> out
+# @TEST-EXEC: echo "=== Generic threshold not crossed ===" >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/syn.pcap %INPUT >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/dns/dns-binds.pcap %INPUT >> out
+# @TEST-EXEC: zeek -b -C -r $TRACES/http/get.trace %INPUT ConnThreshold::generic_packet_thresholds={15} >> out
+
+# @TEST-EXEC: btest-diff out
+
+redef ConnThreshold::generic_packet_thresholds = {5};
+
+event new_connection(c: connection)
+	{ print fmt("new_connection: %s", c$id); }
+
+event conn_generic_packet_threshold_crossed(c: connection, threshold: count)
+	{ print fmt("conn_generic_packet_threshold_crossed: %s at %d", c$id, threshold); }