From 99e3c584942724946f6c54eb80213f4b84d88559 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 3 Apr 2012 22:12:44 -0700 Subject: [PATCH 01/51] Fixing threads' DoFinish() method. It wasn't called reliably. Now, it's always called before the thread is destroyed (assuming processing has went normally so far). --- src/threading/MsgThread.cc | 47 ++++++++++++++++++++++++++++++++------ src/threading/MsgThread.h | 10 ++++++++ 2 files changed, 50 insertions(+), 7 deletions(-) diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index ddcd3df1dd..0b91f8790a 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -10,13 +10,21 @@ namespace threading { ////// Messages. -// Signals child thread to terminate. This is actually a no-op; its only -// purpose is unblock the current read operation so that the child's Run() -// methods can check the termination status. -class TerminateMessage : public InputMessage +// Signals child thread to shutdown operation. +class FinishMessage : public InputMessage { public: - TerminateMessage(MsgThread* thread) : InputMessage("Terminate", thread) { } + FinishMessage(MsgThread* thread) : InputMessage("Finish", thread) { } + + virtual bool Process() { return Object()->DoFinish(); } +}; + +// A dummy message that's only purpose is unblock the current read operation +// so that the child's Run() methods can check the termination status. +class UnblockMessage : public InputMessage +{ +public: + UnblockMessage(MsgThread* thread) : InputMessage("Unblock", thread) { } virtual bool Process() { return true; } }; @@ -130,13 +138,30 @@ bool ReporterMessage::Process() MsgThread::MsgThread() : BasicThread() { cnt_sent_in = cnt_sent_out = 0; + finished = false; thread_mgr->AddMsgThread(this); } void MsgThread::OnStop() { - // This is to unblock the current queue read operation. - SendIn(new TerminateMessage(this), true); + // Signal thread to terminate and wait until it has acknowledged. + SendIn(new FinishMessage(this), true); + + int cnt = 0; + while ( ! finished ) + { + if ( ++cnt > 1000 ) // Insurance against broken threads ... + { + abort(); + reporter->Warning("thread %s didn't finish in time", Name().c_str()); + break; + } + + usleep(1000); + } + + // One more message to make sure the current queue read operation unblocks. + SendIn(new UnblockMessage(this), true); } void MsgThread::Heartbeat() @@ -157,6 +182,14 @@ bool MsgThread::DoHeartbeat(double network_time, double current_time) return true; } +bool MsgThread::DoFinish() + { + // This is thread-safe "enough", we're the only one ever writing + // there. + finished = true; + return true; + } + void MsgThread::Info(const char* msg) { SendOut(new ReporterMessage(ReporterMessage::INFO, this, msg)); diff --git a/src/threading/MsgThread.h b/src/threading/MsgThread.h index 5ac1c0f780..16e6a92772 100644 --- a/src/threading/MsgThread.h +++ b/src/threading/MsgThread.h @@ -171,6 +171,8 @@ public: protected: friend class Manager; friend class HeartbeatMessage; + friend class FinishMessage; + friend class FinishedMessage; /** * Pops a message sent by the child from the child-to-main queue. @@ -215,6 +217,12 @@ protected: */ virtual bool DoHeartbeat(double network_time, double current_time); + /** Triggered for execution in the child thread just before shutting threads down. + * The child thread shoudl finish its operations and then *must* + * call this class' implementation. + */ + virtual bool DoFinish(); + private: /** * Pops a message sent by the main thread from the main-to-chold @@ -270,6 +278,8 @@ private: uint64_t cnt_sent_in; // Counts message sent to child. uint64_t cnt_sent_out; // Counts message sent by child. + + bool finished; // Set to true by Finished message. }; /** From 952b6b293a6068ea9892efd61890047206bd60ae Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 3 Apr 2012 22:14:56 -0700 Subject: [PATCH 02/51] Merging in DataSeries support from topic/gilbert/logging. I copied the code over manually, no merging, because (1) it needed to be adapted to the new threading API, and (2) there's more stuff in the branch that I haven't ported yet. The DS output generally seems to work, but it has seen no further testing yet. Not unit tests yet either. --- CMakeLists.txt | 16 + cmake | 2 +- config.h.in | 3 + configure | 9 + scripts/base/frameworks/logging/__load__.bro | 1 + .../frameworks/logging/writers/dataseries.bro | 62 +++ src/CMakeLists.txt | 1 + src/logging.bif | 8 + src/logging/Manager.cc | 58 ++- src/logging/Manager.h | 8 +- src/logging/WriterBackend.cc | 11 - src/logging/WriterBackend.h | 33 +- src/logging/WriterFrontend.cc | 7 +- src/logging/writers/Ascii.cc | 5 +- src/logging/writers/DataSeries.cc | 476 ++++++++++++++++++ src/logging/writers/DataSeries.h | 69 +++ src/main.cc | 21 + src/types.bif | 1 + 18 files changed, 726 insertions(+), 65 deletions(-) create mode 100644 scripts/base/frameworks/logging/writers/dataseries.bro create mode 100644 src/logging/writers/DataSeries.cc create mode 100644 src/logging/writers/DataSeries.h diff --git a/CMakeLists.txt b/CMakeLists.txt index febc2d6ec1..04b28d2c32 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -107,6 +107,21 @@ if (GOOGLEPERFTOOLS_FOUND) endif () endif () +set(USE_DATASERIES false) +find_package(Lintel) +find_package(DataSeries) +find_package(LibXML2) + +if (LINTEL_FOUND AND DATASERIES_FOUND AND LIBXML2_FOUND) + set(USE_DATASERIES true) + include_directories(BEFORE ${Lintel_INCLUDE_DIR}) + include_directories(BEFORE ${DataSeries_INCLUDE_DIR}) + include_directories(BEFORE ${LibXML2_INCLUDE_DIR}) + list(APPEND OPTLIBS ${Lintel_LIBRARIES}) + list(APPEND OPTLIBS ${DataSeries_LIBRARIES}) + list(APPEND OPTLIBS ${LibXML2_LIBRARIES}) +endif() + set(brodeps ${BinPAC_LIBRARY} ${PCAP_LIBRARY} @@ -193,6 +208,7 @@ message( "\nGeoIP: ${USE_GEOIP}" "\nGoogle perftools: ${USE_PERFTOOLS}" "\n debugging: ${USE_PERFTOOLS_DEBUG}" + "\nDataSeries: ${USE_DATASERIES}" "\n" "\n================================================================\n" ) diff --git a/cmake b/cmake index 550ab2c8d9..60b2873937 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 550ab2c8d95b1d3e18e40a903152650e6c7a3c45 +Subproject commit 60b28739379da75f26c5c2a312b7886f5209a1cc diff --git a/config.h.in b/config.h.in index e744cb7dbd..558337d1bc 100644 --- a/config.h.in +++ b/config.h.in @@ -111,6 +111,9 @@ /* Use Google's perftools */ #cmakedefine USE_PERFTOOLS +/* Use the DataSeries writer. */ +#cmakedefine USE_DATASERIES + /* Version number of package */ #define VERSION "@VERSION@" diff --git a/configure b/configure index 05aa12815b..fe7db3b06d 100755 --- a/configure +++ b/configure @@ -54,6 +54,8 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --with-ruby-lib=PATH path to ruby library --with-ruby-inc=PATH path to ruby headers --with-swig=PATH path to SWIG executable + --with-dataseries=PATH path to DataSeries and Lintel libraries + --with-xml2=PATH path to libxml2 installation (for DataSeries) Packaging Options (for developers): --binary-package toggle special logic for binary packaging @@ -203,6 +205,13 @@ while [ $# -ne 0 ]; do --with-swig=*) append_cache_entry SWIG_EXECUTABLE PATH $optarg ;; + --with-dataseries=*) + append_cache_entry DataSeries_ROOT_DIR PATH $optarg + append_cache_entry Lintel_ROOT_DIR PATH $optarg + ;; + --with-xml2=*) + append_cache_entry LibXML2_ROOT_DIR PATH $optarg + ;; --binary-package) append_cache_entry BINARY_PACKAGING_MODE BOOL true ;; diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro index 42b2d7c564..17e03e2ef7 100644 --- a/scripts/base/frameworks/logging/__load__.bro +++ b/scripts/base/frameworks/logging/__load__.bro @@ -1,3 +1,4 @@ @load ./main @load ./postprocessors @load ./writers/ascii +@load ./writers/dataseries diff --git a/scripts/base/frameworks/logging/writers/dataseries.bro b/scripts/base/frameworks/logging/writers/dataseries.bro new file mode 100644 index 0000000000..c8ba922d2a --- /dev/null +++ b/scripts/base/frameworks/logging/writers/dataseries.bro @@ -0,0 +1,62 @@ +##! Interface for the dataseries log writer. + +module LogDataSeries; + +export { + ## Compression to use with the DS output file. Options are: + ## + ## 'none' -- No compression. + ## 'lzf' -- LZF compression. Very quick, but leads to larger output files. + ## 'lzo' -- LZO compression. Very fast decompression times. + ## 'gz' -- GZIP compression. Slower than LZF, but also produces smaller output. + ## 'bz2' -- BZIP2 compression. Slower than GZIP, but also produces smaller output. + const ds_compression = "lzf" &redef; + + ## The extent buffer size. + ## Larger values here lead to better compression and more efficient writes, but + ## also increases the lag between the time events are received and the time they + ## are actually written to disk. + const ds_extent_size = 65536 &redef; + + ## Should we dump the XML schema we use for this ds file to disk? + ## If yes, the XML schema shares the name of the logfile, but has + ## an XML ending. + const ds_dump_schema = T &redef; + + ## How many threads should DataSeries spawn to perform compression? + ## Note that this dictates the number of threads per log stream. If + ## you're using a lot of streams, you may want to keep this number + ## relatively small. + ## + ## Default value is 1, which will spawn one thread / core / stream. + ## + ## MAX is 128, MIN is 1. + const ds_num_threads = 1 &redef; + + ## Should time be stored as an integer or a double? + ## Storing time as a double leads to possible precision issues and + ## could (significantly) increase the size of the resulting DS log. + ## That said, timestamps stored in double form are more consistent + ## with the rest of Bro and are more easily readable / understandable + ## when working with the raw DataSeries format. + ## + ## Double timestamps are used by default. + const ds_use_integer = F &redef; +} + +# Default function to postprocess a rotated DataSeries log file. It moves the +# rotated file to a new name that includes a timestamp with the opening time, and +# then runs the writer's default postprocessor command on it. +function default_rotation_postprocessor_func(info: Log::RotationInfo) : bool + { + # Move file to name including both opening and closing time. + local dst = fmt("%s.%s.ds", info$path, + strftime(Log::default_rotation_date_format, info$open)); + + system(fmt("/bin/mv %s %s", info$fname, dst)); + + # Run default postprocessor. + return Log::run_rotation_postprocessor_cmd(info, dst); + } + +redef Log::default_rotation_postprocessors += { [Log::WRITER_DATASERIES] = default_rotation_postprocessor_func }; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ce1b25dd42..ad40fc377c 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -419,6 +419,7 @@ set(bro_SRCS logging/WriterBackend.cc logging/WriterFrontend.cc logging/writers/Ascii.cc + logging/writers/DataSeries.cc logging/writers/None.cc ${dns_SRCS} diff --git a/src/logging.bif b/src/logging.bif index c8960b4e38..6e66de8772 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -72,3 +72,11 @@ const set_separator: string; const empty_field: string; const unset_field: string; +# Options for the DataSeries writer. + +module LogDataSeries; + +const ds_compression: string; +const ds_extent_size: count; +const ds_dump_schema: bool; +const ds_num_threads: count; diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 74220ecde4..04b4ef4b86 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -16,9 +16,11 @@ #include "writers/Ascii.h" #include "writers/None.h" +#ifdef USE_DATASERIES +#include "writers/DataSeries.h" +#endif + using namespace logging; -using threading::Value; -using threading::Field; // Structure describing a log writer type. struct WriterDefinition { @@ -32,6 +34,9 @@ struct WriterDefinition { WriterDefinition log_writers[] = { { BifEnum::Log::WRITER_NONE, "None", 0, writer::None::Instantiate }, { BifEnum::Log::WRITER_ASCII, "Ascii", 0, writer::Ascii::Instantiate }, +#ifdef USE_DATASERIES + { BifEnum::Log::WRITER_DATASERIES, "DataSeries", 0, writer::DataSeries::Instantiate }, +#endif // End marker, don't touch. { BifEnum::Log::WRITER_DEFAULT, "None", 0, (WriterBackend* (*)(WriterFrontend* frontend))0 } @@ -51,7 +56,7 @@ struct Manager::Filter { Func* postprocessor; int num_fields; - Field** fields; + threading::Field** fields; // Vector indexed by field number. Each element is a list of record // indices defining a path leading to the value across potential @@ -127,6 +132,17 @@ Manager::~Manager() delete *s; } +list Manager::SupportedFormats() + { + list formats; + + for ( WriterDefinition* ld = log_writers; ld->type != BifEnum::Log::WRITER_DEFAULT; ++ld ) + formats.push_back(ld->name); + + return formats; + } + + WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type) { WriterDefinition* ld = log_writers; @@ -135,7 +151,7 @@ WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type) { if ( ld->type == BifEnum::Log::WRITER_DEFAULT ) { - reporter->Error("unknow writer when creating writer"); + reporter->Error("unknown writer type requested"); return 0; } @@ -159,10 +175,8 @@ WriterBackend* Manager::CreateBackend(WriterFrontend* frontend, bro_int_t type) // function. ld->factory = 0; - DBG_LOG(DBG_LOGGING, "failed to init writer class %s", - ld->name); - - return false; + reporter->Error("initialization of writer %s failed", ld->name); + return 0; } } @@ -449,7 +463,7 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, filter->indices.push_back(new_indices); - filter->fields = (Field**) + filter->fields = (threading::Field**) realloc(filter->fields, sizeof(Field) * ++filter->num_fields); @@ -459,7 +473,7 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, return false; } - Field* field = new Field(); + threading::Field* field = new threading::Field(); field->name = new_path; field->type = t->Tag(); if ( field->type == TYPE_TABLE ) @@ -572,7 +586,7 @@ bool Manager::AddFilter(EnumVal* id, RecordVal* fval) for ( int i = 0; i < filter->num_fields; i++ ) { - Field* field = filter->fields[i]; + threading::Field* field = filter->fields[i]; DBG_LOG(DBG_LOGGING, " field %10s: %s", field->name.c_str(), type_name(field->type)); } @@ -744,10 +758,10 @@ bool Manager::Write(EnumVal* id, RecordVal* columns) // Copy the fields for WriterFrontend::Init() as it // will take ownership. - Field** arg_fields = new Field*[filter->num_fields]; + threading::Field** arg_fields = new threading::Field*[filter->num_fields]; for ( int j = 0; j < filter->num_fields; ++j ) - arg_fields[j] = new Field(*filter->fields[j]); + arg_fields[j] = new threading::Field(*filter->fields[j]); writer = CreateWriter(stream->id, filter->writer, path, filter->num_fields, @@ -898,10 +912,10 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty) return lval; } -Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, +threading::Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* columns) { - Value** vals = new Value*[filter->num_fields]; + threading::Value** vals = new threading::Value*[filter->num_fields]; for ( int i = 0; i < filter->num_fields; ++i ) { @@ -920,7 +934,7 @@ Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, if ( ! val ) { // Value, or any of its parents, is not set. - vals[i] = new Value(filter->fields[i]->type, false); + vals[i] = new threading::Value(filter->fields[i]->type, false); break; } } @@ -933,7 +947,7 @@ Value** Manager::RecordToFilterVals(Stream* stream, Filter* filter, } WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, string path, - int num_fields, const Field* const* fields, bool local, bool remote) + int num_fields, const threading::Field* const* fields, bool local, bool remote) { Stream* stream = FindStream(id); @@ -997,7 +1011,7 @@ WriterFrontend* Manager::CreateWriter(EnumVal* id, EnumVal* writer, string path, return writer_obj; } -void Manager::DeleteVals(int num_fields, Value** vals) +void Manager::DeleteVals(int num_fields, threading::Value** vals) { // Note this code is duplicated in WriterBackend::DeleteVals(). for ( int i = 0; i < num_fields; i++ ) @@ -1007,7 +1021,7 @@ void Manager::DeleteVals(int num_fields, Value** vals) } bool Manager::Write(EnumVal* id, EnumVal* writer, string path, int num_fields, - Value** vals) + threading::Value** vals) { Stream* stream = FindStream(id); @@ -1116,8 +1130,10 @@ void Manager::Terminate() { for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) { - if ( *s ) - Flush((*s)->id); + if ( ! *s ) + continue; + + Flush((*s)->id); } } diff --git a/src/logging/Manager.h b/src/logging/Manager.h index bf097c5e1a..5af3e55b4a 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -15,7 +15,6 @@ class RotationTimer; namespace logging { - class WriterBackend; class WriterFrontend; class RotationFinishedMessage; @@ -56,7 +55,7 @@ public: * logging.bif, which just forwards here. */ bool EnableStream(EnumVal* id); - + /** * Disables a log stream. * @@ -145,6 +144,11 @@ public: */ void Terminate(); + /** + * Returns a list of supported output formats. + */ + static list SupportedFormats(); + protected: friend class WriterFrontend; friend class RotationFinishedMessage; diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 7c71c09604..28b623988c 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -222,17 +222,6 @@ bool WriterBackend::Flush() return true; } -bool WriterBackend::Finish() - { - if ( ! DoFlush() ) - { - DisableFrontend(); - return false; - } - - return true; - } - bool WriterBackend::DoHeartbeat(double network_time, double current_time) { MsgThread::DoHeartbeat(network_time, current_time); diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index efb3b5d95e..cf58430e9a 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -101,15 +101,6 @@ public: */ bool Rotate(string rotated_path, double open, double close, bool terminating); - /** - * Finishes writing to this logger in a regularl fashion. Must not be - * called if an error has been indicated earlier. After calling this, - * no further writing must be performed. - * - * @return False if an error occured. - */ - bool Finish(); - /** * Disables the frontend that has instantiated this backend. Once * disabled,the frontend will not send any further message over. @@ -175,6 +166,8 @@ public: string Render(const threading::Value::subnet_t& subnet) const; protected: + friend class FinishMessage; + /** * Writer-specific intialization method. * @@ -272,26 +265,18 @@ protected: bool terminating) = 0; /** - * Writer-specific method implementing log output finalization at - * termination. Not called when any of the other methods has - * previously signaled an error, i.e., executing this method signals - * a regular shutdown of the writer. - * - * A writer implementation must override this method but it can just - * ignore calls if flushing doesn't align with its semantics. - * - * If the method returns false, it will be assumed that a fatal error - * has occured that prevents the writer from further operation; it - * will then be disabled and eventually deleted. When returning - * false, an implementation should also call Error() to indicate what - * happened. + * Writer-specific method called just before the threading system is + * going to shutdown. + * + * This method can be overridden but one must call + * WriterBackend::DoFinish(). */ - virtual bool DoFinish() = 0; + virtual bool DoFinish() { return MsgThread::DoFinish(); } /** * Triggered by regular heartbeat messages from the main thread. * - * This method can be overridden but once must call + * This method can be overridden but one must call * WriterBackend::DoHeartbeat(). */ virtual bool DoHeartbeat(double network_time, double current_time); diff --git a/src/logging/WriterFrontend.cc b/src/logging/WriterFrontend.cc index 26e8eaf22e..c6a90c1fa5 100644 --- a/src/logging/WriterFrontend.cc +++ b/src/logging/WriterFrontend.cc @@ -90,7 +90,7 @@ public: FinishMessage(WriterBackend* backend) : threading::InputMessage("Finish", backend) {} - virtual bool Process() { return Object()->Finish(); } + virtual bool Process() { return Object()->DoFinish(); } }; } @@ -117,8 +117,9 @@ WriterFrontend::WriterFrontend(EnumVal* arg_stream, EnumVal* arg_writer, bool ar if ( local ) { backend = log_mgr->CreateBackend(this, writer->AsEnum()); - assert(backend); - backend->Start(); + + if ( backend ) + backend->Start(); } else diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 0759e60a82..2f25ac418f 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -69,8 +69,7 @@ bool Ascii::WriteHeaderField(const string& key, const string& val) return (fwrite(str.c_str(), str.length(), 1, file) == 1); } -bool Ascii::DoInit(string path, int num_fields, - const Field* const * fields) +bool Ascii::DoInit(string path, int num_fields, const Field* const * fields) { if ( output_to_stdout ) path = "/dev/stdout"; @@ -146,7 +145,7 @@ bool Ascii::DoFlush() bool Ascii::DoFinish() { - return true; + return WriterBackend::DoFinish(); } bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc new file mode 100644 index 0000000000..27c4cd6009 --- /dev/null +++ b/src/logging/writers/DataSeries.cc @@ -0,0 +1,476 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#include +#include +#include + +#include + +#include "NetVar.h" +#include "threading/SerialTypes.h" + +#include "DataSeries.h" + +using namespace logging; +using namespace writer; + +// NOTE: Naming conventions are a little bit scattershot at the moment. +// Within the scope of this file, a function name prefixed by '_' denotes a +// static function. + +// ************************ LOCAL PROTOTYPES ********************************* + +struct SchemaValue; + +/** + * Turns a log value into a std::string. Uses an ostringstream to do the + * heavy lifting, but still need to switch on the type to know which value + * in the union to give to the string string for processing. + * + * @param val The value we wish to convert to a string + * @return the string value of val + */ +static std::string _LogValueToString(threading::Value* val); + +/** + * Takes a field type and converts it to a relevant DataSeries type. + * + * @param field We extract the type from this and convert it into a relevant DS type. + * @return String representation of type that DataSeries can understand. + */ +static string _GetDSFieldType(const threading::Field* field); + +/** + * Takes a field type and converts it to a readable string. + * + * @param field We extract the type from this and convert it into a readable string. + * @return String representation of the field's type + */ +static string _GetBroTypeString(const threading::Field *field); + +/** + * Takes a list of types, a list of names, and a title, and uses it to construct a valid DataSeries XML schema + * thing, which is then returned as a std::string + * + * @param opts std::vector of strings containing a list of options to be appended to each field (e.g. "pack_relative=yes") + * @param sTitle Name of this schema. Ideally, these schemas would be aggregated and re-used. + */ +static string _BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle); + +/** + * Are there any options we should put into the XML schema? + * + * @param field We extract the type from this and return any options that make sense for that type. + * @return Options that can be added directly to the XML (e.g. "pack_relative=\"yes\"") + */ +static std::string _GetDSOptionsForType(const threading::Field *field); + +/** + * Internal helper structure; populate a vector of these which is passed to the XML generator for its use. + */ +struct SchemaValue +{ + string ds_type; + string bro_type; + string field_name; + string field_options; + + SchemaValue(const threading::Field *field) + { + ds_type = _GetDSFieldType(field); + field_name = string(field->name); + field_options = _GetDSOptionsForType(field); + bro_type = _GetBroTypeString(field); + } +}; + +// ************************ LOCAL IMPL ********************************* + +std::string DataSeries::LogValueToString(threading::Value *val) +{ + const int strsz = 1024; + char strbuf[strsz]; + + // In some cases, no value is attached. If this is the case, return an empty string. + if(!val->present) + return ""; + + std::ostringstream ostr; + switch(val->type) + { + case TYPE_BOOL: + return (val->val.int_val ? "true" : "false"); + + case TYPE_INT: + ostr << val->val.int_val; + return ostr.str(); + + case TYPE_COUNT: + case TYPE_COUNTER: + case TYPE_PORT: + ostr << val->val.uint_val; + return ostr.str(); + + case TYPE_SUBNET: + ostr << Render(val->val.subnet_val); + return ostr.str(); + + case TYPE_ADDR: + ostr << Render(val->val.addr_val); + return ostr.str(); + + // Note: These two cases are relatively special. We need to convert these values into their integer equivalents + // to maximize precision. At the moment, there won't be a noticeable effect (Bro uses the double format everywhere + // internally, so we've already lost the precision we'd gain here), but timestamps may eventually switch to this + // representation within Bro. + // + // in the near-term, this *should* lead to better pack_relative (and thus smaller output files). + case TYPE_TIME: + case TYPE_INTERVAL: + ostr << (unsigned long)(DataSeries::TIME_SCALE * val->val.double_val); + return ostr.str(); + + case TYPE_DOUBLE: + ostr << val->val.double_val; + return ostr.str(); + + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + { + int size = val->val.string_val->size(); + string tmpString = ""; + if(size) + tmpString = string(val->val.string_val->data(), val->val.string_val->size()); + else + tmpString = string(""); + return tmpString; + } + case TYPE_TABLE: + { + if ( ! val->val.set_val.size ) + { + return ""; + } + + string tmpString = ""; + for ( int j = 0; j < val->val.set_val.size; j++ ) + { + if ( j > 0 ) + tmpString += ":"; //TODO: Specify set separator char in configuration. + + tmpString += LogValueToString(val->val.set_val.vals[j]); + } + return tmpString; + } + case TYPE_VECTOR: + { + if ( ! val->val.vector_val.size ) + { + return ""; + } + + string tmpString = ""; + for ( int j = 0; j < val->val.vector_val.size; j++ ) + { + if ( j > 0 ) + tmpString += ":"; //TODO: Specify set separator char in configuration. + + tmpString += LogValueToString(val->val.vector_val.vals[j]); + } + + return tmpString; + } + default: + return "???"; + } +} + +static string _GetDSFieldType(const threading::Field *field) +{ + switch(field->type) + { + case TYPE_BOOL: + return "bool"; + + case TYPE_COUNT: + case TYPE_COUNTER: + case TYPE_PORT: + case TYPE_INT: + case TYPE_TIME: + case TYPE_INTERVAL: + return "int64"; + + case TYPE_DOUBLE: + return "double"; + + case TYPE_SUBNET: + case TYPE_ADDR: + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + case TYPE_TABLE: + case TYPE_VECTOR: + default: + return "variable32"; + + } +} + +static string _GetBroTypeString(const threading::Field *field) +{ + switch(field->type) + { + case TYPE_BOOL: + return "bool"; + case TYPE_COUNT: + return "count"; + case TYPE_COUNTER: + return "counter"; + case TYPE_PORT: + return "port"; + case TYPE_INT: + return "int"; + case TYPE_TIME: + return "time"; + case TYPE_INTERVAL: + return "interval"; + case TYPE_DOUBLE: + return "double"; + case TYPE_SUBNET: + return "subnet"; + case TYPE_ADDR: + return "addr"; + case TYPE_ENUM: + return "enum"; + case TYPE_STRING: + return "string"; + case TYPE_FILE: + return "file"; + case TYPE_TABLE: + return "table"; + case TYPE_VECTOR: + return "vector"; + default: + return "???"; + } +} + +static string _BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle) +{ + if("" == sTitle) + { + sTitle = "GenericBroStream"; + } + string xmlschema; + xmlschema = "\n"; + for(size_t i = 0; i < vals.size(); ++i) + { + xmlschema += "\t\n"; + } + xmlschema += "\n"; + for(size_t i = 0; i < vals.size(); ++i) + { + xmlschema += "\n"; + } + return xmlschema; +} + +static std::string _GetDSOptionsForType(const threading::Field *field) +{ + switch(field->type) + { + case TYPE_TIME: + case TYPE_INTERVAL: + return "pack_relative=\"" + std::string(field->name) + "\""; + case TYPE_SUBNET: + case TYPE_ADDR: + case TYPE_ENUM: + case TYPE_STRING: + case TYPE_FILE: + case TYPE_TABLE: + case TYPE_VECTOR: + return "pack_unique=\"yes\""; + default: + return ""; + } +} + +// ************************ CLASS IMPL ********************************* + +DataSeries::DataSeries(WriterFrontend* frontend) : WriterBackend(frontend) +{ + ds_compression = string((const char *)BifConst::LogDataSeries::ds_compression->Bytes(), BifConst::LogDataSeries::ds_compression->Len()); + ds_dump_schema = BifConst::LogDataSeries::ds_dump_schema; + ds_extent_size = BifConst::LogDataSeries::ds_extent_size; + ds_num_threads = BifConst::LogDataSeries::ds_num_threads; +} + +DataSeries::~DataSeries() +{ +} + +bool DataSeries::DoInit(string path, int num_fields, const threading::Field* const * fields) + { + // We first construct an XML schema thing (and, if ds_dump_schema is + // set, dump it to path + ".ds.xml"). Assuming that goes well, we + // use that schema to build our output logfile and prepare it to be + // written to. + + // Note: compressor count must be set *BEFORE* DataSeriesSink is instantiated. + if(ds_num_threads < THREAD_MIN && ds_num_threads != 0) + { + fprintf(stderr, "%d is too few threads! Using %d instead\n", (int)ds_num_threads, (int)THREAD_MIN); + ds_num_threads = THREAD_MIN; + } + if(ds_num_threads > THREAD_MAX) + { + fprintf(stderr, "%d is too many threads! Dropping back to %d\n", (int)ds_num_threads, (int)THREAD_MAX); + ds_num_threads = THREAD_MAX; + } + + if(ds_num_threads > 0) + { + DataSeriesSink::setCompressorCount(ds_num_threads); + } + vector schema_list; + for ( int i = 0; i < num_fields; i++ ) + { + const threading::Field* field = fields[i]; + SchemaValue val(field); + schema_list.push_back(val); + } + string schema = _BuildDSSchemaFromFieldTypes(schema_list, path); + if(ds_dump_schema) + { + FILE * pFile; + pFile = fopen ( string(path + ".ds.xml").c_str() , "wb" ); + if(NULL == pFile) + { + perror("Could not dump schema"); + } + fwrite (schema.c_str(), 1 , schema.length() , pFile ); + fclose (pFile); + } + + int compress_type = Extent::compress_all; + + if(ds_compression == "lzf") + { + compress_type = Extent::compress_lzf; + } + else if(ds_compression == "lzo") + { + compress_type = Extent::compress_lzo; + } + else if(ds_compression == "gz") + { + compress_type = Extent::compress_gz; + } + else if(ds_compression == "bz2") + { + compress_type = Extent::compress_bz2; + } + else if(ds_compression == "none") + { + compress_type = Extent::compress_none; + } + else if(ds_compression == "any") + { + compress_type = Extent::compress_all; + } + else + { + fprintf(stderr, "%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'\n", ds_compression.c_str()); + fprintf(stderr, "Defaulting to 'any'\n"); + } + + log_type = const_cast(log_types.registerType(schema)); + + log_series.setType(*log_type); + log_file = new DataSeriesSink(path + ".ds", compress_type); + log_file->writeExtentLibrary(log_types); + + for(size_t i = 0; i < schema_list.size(); ++i) + extents.insert(std::make_pair(schema_list[i].field_name, GeneralField::create(log_series, schema_list[i].field_name))); + + if(ds_extent_size < ROW_MIN) + { + fprintf(stderr, "%d is not a valid value for 'rows'. Using min of %d instead.\n", (int)ds_extent_size, (int)ROW_MIN); + ds_extent_size = ROW_MIN; + } + else if(ds_extent_size > ROW_MAX) + { + fprintf(stderr, "%d is not a valid value for 'rows'. Using max of %d instead.\n", (int)ds_extent_size, (int)ROW_MAX); + ds_extent_size = ROW_MAX; + } + log_output = new OutputModule(*log_file, log_series, log_type, ds_extent_size); + + return true; + + } + +bool DataSeries::DoFlush() +{ + // Flushing is handled by DataSeries automatically, so this function doesn't do anything. + return true; +} + +bool DataSeries::DoFinish() +{ + for(ExtentIterator iter = extents.begin(); + iter != extents.end(); ++iter) + { + delete iter->second; + } + extents.clear(); + // Don't delete the file before you delete the output, or bad things happen. + delete log_output; + delete log_file; + + return WriterBackend::DoFinish(); +} + +bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, + threading::Value** vals) +{ + log_output->newRecord(); + for(size_t i = 0; i < (size_t)num_fields; ++i) + { + ExtentIterator iter = extents.find(fields[i]->name); + assert(iter != extents.end()); + if( iter != extents.end() ) + { + GeneralField *cField = iter->second; + if(vals[i]->present) + cField->set(LogValueToString(vals[i])); + } + } + + return true; +} + +bool DataSeries::DoRotate(string rotated_path, double open, double close, bool terminating) +{ + // Note that if DS files are rotated too often, the aggregate log size will be (much) larger. + + DoFinish(); + + string dsname = Path() + ".ds"; + string nname = rotated_path + ".ds"; + rename(dsname.c_str(), nname.c_str()); + + if ( ! FinishedRotation(nname, dsname, open, close, terminating) ) + { + Error(Fmt("error rotating %s to %s", dsname.c_str(), nname.c_str())); + return false; + } + + return DoInit(Path(), NumFields(), Fields()); +} + +bool DataSeries::DoSetBuf(bool enabled) +{ + // DataSeries is *always* buffered to some degree. This option is ignored. + return true; +} diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h new file mode 100644 index 0000000000..5331975937 --- /dev/null +++ b/src/logging/writers/DataSeries.h @@ -0,0 +1,69 @@ +// See the file "COPYING" in the main distribution directory for copyright. +// +// A binary log writer producing DataSeries output. See doc/data-series.rst +// for more information. + +#ifndef LOGGING_WRITER_DATA_SERIES_H +#define LOGGING_WRITER_DATA_SERIES_H + +#include "../WriterBackend.h" + +#include +#include +#include +#include + +namespace logging { namespace writer { + +class DataSeries : public WriterBackend { +public: + DataSeries(WriterFrontend* frontend); + ~DataSeries(); + + static WriterBackend* Instantiate(WriterFrontend* frontend) + { return new DataSeries(frontend); } + +protected: + virtual bool DoInit(string path, int num_fields, + const threading::Field* const * fields); + + virtual bool DoWrite(int num_fields, const threading::Field* const* fields, + threading::Value** vals); + virtual bool DoSetBuf(bool enabled); + virtual bool DoRotate(string rotated_path, double open, + double close, bool terminating); + virtual bool DoFlush(); + virtual bool DoFinish(); + +private: + static const size_t ROW_MIN = 2048; // Minimum extent size. + static const size_t ROW_MAX = (1024 * 1024 * 100); // Maximum extent size. + static const size_t THREAD_MIN = 1; // Minimum number of compression threads that DataSeries may spawn. + static const size_t THREAD_MAX = 128; // Maximum number of compression threads that DataSeries may spawn. + static const size_t TIME_SCALE = 1000000; // Fixed-point multiplier for time values when converted to integers. + + std::string LogValueToString(threading::Value *val); + + typedef std::map ExtentMap; + typedef ExtentMap::iterator ExtentIterator; + + // Internal DataSeries structures we need to keep track of. + DataSeriesSink* log_file; + ExtentTypeLibrary log_types; + ExtentType *log_type; + ExtentSeries log_series; + OutputModule* log_output; + ExtentMap extents; + + // Options set from the script-level. + uint64 ds_extent_size; + uint64 ds_num_threads; + string ds_compression; + bool ds_dump_schema; +}; + +} +} + +#endif + diff --git a/src/main.cc b/src/main.cc index ff33a3859d..f604d379ac 100644 --- a/src/main.cc +++ b/src/main.cc @@ -201,6 +201,27 @@ void usage() fprintf(stderr, " $BRO_LOG_SUFFIX | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str()); fprintf(stderr, " $BRO_PROFILER_FILE | Output file for script execution statistics (not set)\n"); + fprintf(stderr, "\n"); + fprintf(stderr, " Supported log formats: "); + + bool first = true; + list fmts = logging::Manager::SupportedFormats(); + + for ( list::const_iterator i = fmts.begin(); i != fmts.end(); ++i ) + { + if ( *i == "None" ) + // Skip, it's uninteresting. + continue; + + if ( ! first ) + fprintf(stderr, ","); + + fprintf(stderr, "%s", (*i).c_str()); + first = false; + } + + fprintf(stderr, "\n"); + exit(1); } diff --git a/src/types.bif b/src/types.bif index 4657584a90..fe2e6ff861 100644 --- a/src/types.bif +++ b/src/types.bif @@ -162,6 +162,7 @@ enum Writer %{ WRITER_DEFAULT, WRITER_NONE, WRITER_ASCII, + WRITER_DATASERIES, %} enum ID %{ From 7131feefbc5164c7e92fbba938531fef0d913514 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 9 Apr 2012 17:30:57 -0700 Subject: [PATCH 03/51] Working on DataSeries support. - The option to use integers insteads of double was ignored. - Renaming script-level options to remove the ds_ prefix. - Log rotation didn't work. - A set of simple unit tests. --- .../frameworks/logging/writers/dataseries.bro | 10 +- src/logging.bif | 9 +- src/logging/writers/DataSeries.cc | 194 ++++----- src/logging/writers/DataSeries.h | 63 ++- .../ssh.ds.xml | 16 + .../out | 380 ++++++++++++++++++ .../ssh.ds.txt | 43 ++ .../conn.ds.txt | 96 +++++ .../conn.ds.txt | 96 +++++ .../http.ds.txt | 90 +++++ .../frameworks/logging/dataseries/options.bro | 43 ++ .../frameworks/logging/dataseries/rotate.bro | 33 ++ .../logging/dataseries/test-logging.bro | 34 ++ .../logging/dataseries/time-as-int.bro | 8 + .../logging/dataseries/wikipedia.bro | 8 + testing/scripts/has-writer | 6 + 16 files changed, 1001 insertions(+), 128 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt create mode 100644 testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt create mode 100644 testing/btest/scripts/base/frameworks/logging/dataseries/options.bro create mode 100644 testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro create mode 100644 testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro create mode 100644 testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro create mode 100644 testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro create mode 100755 testing/scripts/has-writer diff --git a/scripts/base/frameworks/logging/writers/dataseries.bro b/scripts/base/frameworks/logging/writers/dataseries.bro index c8ba922d2a..daf59ebf42 100644 --- a/scripts/base/frameworks/logging/writers/dataseries.bro +++ b/scripts/base/frameworks/logging/writers/dataseries.bro @@ -10,18 +10,18 @@ export { ## 'lzo' -- LZO compression. Very fast decompression times. ## 'gz' -- GZIP compression. Slower than LZF, but also produces smaller output. ## 'bz2' -- BZIP2 compression. Slower than GZIP, but also produces smaller output. - const ds_compression = "lzf" &redef; + const compression = "lzf" &redef; ## The extent buffer size. ## Larger values here lead to better compression and more efficient writes, but ## also increases the lag between the time events are received and the time they ## are actually written to disk. - const ds_extent_size = 65536 &redef; + const extent_size = 65536 &redef; ## Should we dump the XML schema we use for this ds file to disk? ## If yes, the XML schema shares the name of the logfile, but has ## an XML ending. - const ds_dump_schema = T &redef; + const dump_schema = F &redef; ## How many threads should DataSeries spawn to perform compression? ## Note that this dictates the number of threads per log stream. If @@ -31,7 +31,7 @@ export { ## Default value is 1, which will spawn one thread / core / stream. ## ## MAX is 128, MIN is 1. - const ds_num_threads = 1 &redef; + const num_threads = 1 &redef; ## Should time be stored as an integer or a double? ## Storing time as a double leads to possible precision issues and @@ -41,7 +41,7 @@ export { ## when working with the raw DataSeries format. ## ## Double timestamps are used by default. - const ds_use_integer = F &redef; + const use_integer_for_time = F &redef; } # Default function to postprocess a rotated DataSeries log file. It moves the diff --git a/src/logging.bif b/src/logging.bif index 6e66de8772..efc6ed0b4b 100644 --- a/src/logging.bif +++ b/src/logging.bif @@ -76,7 +76,8 @@ const unset_field: string; module LogDataSeries; -const ds_compression: string; -const ds_extent_size: count; -const ds_dump_schema: bool; -const ds_num_threads: count; +const compression: string; +const extent_size: count; +const dump_schema: bool; +const use_integer_for_time: bool; +const num_threads: count; diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 27c4cd6009..5ee8a812da 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -14,78 +14,6 @@ using namespace logging; using namespace writer; -// NOTE: Naming conventions are a little bit scattershot at the moment. -// Within the scope of this file, a function name prefixed by '_' denotes a -// static function. - -// ************************ LOCAL PROTOTYPES ********************************* - -struct SchemaValue; - -/** - * Turns a log value into a std::string. Uses an ostringstream to do the - * heavy lifting, but still need to switch on the type to know which value - * in the union to give to the string string for processing. - * - * @param val The value we wish to convert to a string - * @return the string value of val - */ -static std::string _LogValueToString(threading::Value* val); - -/** - * Takes a field type and converts it to a relevant DataSeries type. - * - * @param field We extract the type from this and convert it into a relevant DS type. - * @return String representation of type that DataSeries can understand. - */ -static string _GetDSFieldType(const threading::Field* field); - -/** - * Takes a field type and converts it to a readable string. - * - * @param field We extract the type from this and convert it into a readable string. - * @return String representation of the field's type - */ -static string _GetBroTypeString(const threading::Field *field); - -/** - * Takes a list of types, a list of names, and a title, and uses it to construct a valid DataSeries XML schema - * thing, which is then returned as a std::string - * - * @param opts std::vector of strings containing a list of options to be appended to each field (e.g. "pack_relative=yes") - * @param sTitle Name of this schema. Ideally, these schemas would be aggregated and re-used. - */ -static string _BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle); - -/** - * Are there any options we should put into the XML schema? - * - * @param field We extract the type from this and return any options that make sense for that type. - * @return Options that can be added directly to the XML (e.g. "pack_relative=\"yes\"") - */ -static std::string _GetDSOptionsForType(const threading::Field *field); - -/** - * Internal helper structure; populate a vector of these which is passed to the XML generator for its use. - */ -struct SchemaValue -{ - string ds_type; - string bro_type; - string field_name; - string field_options; - - SchemaValue(const threading::Field *field) - { - ds_type = _GetDSFieldType(field); - field_name = string(field->name); - field_options = _GetDSOptionsForType(field); - bro_type = _GetBroTypeString(field); - } -}; - -// ************************ LOCAL IMPL ********************************* - std::string DataSeries::LogValueToString(threading::Value *val) { const int strsz = 1024; @@ -127,7 +55,11 @@ std::string DataSeries::LogValueToString(threading::Value *val) // in the near-term, this *should* lead to better pack_relative (and thus smaller output files). case TYPE_TIME: case TYPE_INTERVAL: - ostr << (unsigned long)(DataSeries::TIME_SCALE * val->val.double_val); + if ( ds_use_integer_for_time ) + ostr << (unsigned long)(DataSeries::TIME_SCALE * val->val.double_val); + else + ostr << val->val.double_val; + return ostr.str(); case TYPE_DOUBLE: @@ -186,7 +118,7 @@ std::string DataSeries::LogValueToString(threading::Value *val) } } -static string _GetDSFieldType(const threading::Field *field) +string DataSeries::GetDSFieldType(const threading::Field *field) { switch(field->type) { @@ -197,13 +129,15 @@ static string _GetDSFieldType(const threading::Field *field) case TYPE_COUNTER: case TYPE_PORT: case TYPE_INT: - case TYPE_TIME: - case TYPE_INTERVAL: return "int64"; case TYPE_DOUBLE: return "double"; + case TYPE_TIME: + case TYPE_INTERVAL: + return ds_use_integer_for_time ? "int64" : "double"; + case TYPE_SUBNET: case TYPE_ADDR: case TYPE_ENUM: @@ -217,7 +151,7 @@ static string _GetDSFieldType(const threading::Field *field) } } -static string _GetBroTypeString(const threading::Field *field) +string DataSeries::GetBroTypeString(const threading::Field *field) { switch(field->type) { @@ -256,7 +190,7 @@ static string _GetBroTypeString(const threading::Field *field) } } -static string _BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle) +string DataSeries::BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle) { if("" == sTitle) { @@ -276,13 +210,21 @@ static string _BuildDSSchemaFromFieldTypes(const vector& vals, stri return xmlschema; } -static std::string _GetDSOptionsForType(const threading::Field *field) +std::string DataSeries::GetDSOptionsForType(const threading::Field *field) { switch(field->type) { case TYPE_TIME: case TYPE_INTERVAL: - return "pack_relative=\"" + std::string(field->name) + "\""; + { + std::string s = "pack_relative=\"" + std::string(field->name) + "\""; + + if ( ! ds_use_integer_for_time ) + s += " pack_scale=\"1000000\""; + + return s; + } + case TYPE_SUBNET: case TYPE_ADDR: case TYPE_ENUM: @@ -300,16 +242,40 @@ static std::string _GetDSOptionsForType(const threading::Field *field) DataSeries::DataSeries(WriterFrontend* frontend) : WriterBackend(frontend) { - ds_compression = string((const char *)BifConst::LogDataSeries::ds_compression->Bytes(), BifConst::LogDataSeries::ds_compression->Len()); - ds_dump_schema = BifConst::LogDataSeries::ds_dump_schema; - ds_extent_size = BifConst::LogDataSeries::ds_extent_size; - ds_num_threads = BifConst::LogDataSeries::ds_num_threads; + ds_compression = string((const char *)BifConst::LogDataSeries::compression->Bytes(), BifConst::LogDataSeries::compression->Len()); + ds_dump_schema = BifConst::LogDataSeries::dump_schema; + ds_extent_size = BifConst::LogDataSeries::extent_size; + ds_num_threads = BifConst::LogDataSeries::num_threads; + ds_use_integer_for_time = BifConst::LogDataSeries::use_integer_for_time; } DataSeries::~DataSeries() { } +bool DataSeries::OpenLog(string path) + { + log_file = new DataSeriesSink(path + ".ds", compress_type); + log_file->writeExtentLibrary(log_types); + + for(size_t i = 0; i < schema_list.size(); ++i) + extents.insert(std::make_pair(schema_list[i].field_name, GeneralField::create(log_series, schema_list[i].field_name))); + + if(ds_extent_size < ROW_MIN) + { + fprintf(stderr, "%d is not a valid value for 'rows'. Using min of %d instead.\n", (int)ds_extent_size, (int)ROW_MIN); + ds_extent_size = ROW_MIN; + } + else if(ds_extent_size > ROW_MAX) + { + fprintf(stderr, "%d is not a valid value for 'rows'. Using max of %d instead.\n", (int)ds_extent_size, (int)ROW_MAX); + ds_extent_size = ROW_MAX; + } + log_output = new OutputModule(*log_file, log_series, log_type, ds_extent_size); + + return true; + } + bool DataSeries::DoInit(string path, int num_fields, const threading::Field* const * fields) { // We first construct an XML schema thing (and, if ds_dump_schema is @@ -333,14 +299,18 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con { DataSeriesSink::setCompressorCount(ds_num_threads); } - vector schema_list; + for ( int i = 0; i < num_fields; i++ ) { const threading::Field* field = fields[i]; - SchemaValue val(field); + SchemaValue val; + val.ds_type = GetDSFieldType(field); + val.field_name = string(field->name); + val.field_options = GetDSOptionsForType(field); + val.bro_type = GetBroTypeString(field); schema_list.push_back(val); } - string schema = _BuildDSSchemaFromFieldTypes(schema_list, path); + string schema = BuildDSSchemaFromFieldTypes(schema_list, path); if(ds_dump_schema) { FILE * pFile; @@ -353,7 +323,7 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con fclose (pFile); } - int compress_type = Extent::compress_all; + compress_type = Extent::compress_all; if(ds_compression == "lzf") { @@ -385,28 +355,11 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con fprintf(stderr, "Defaulting to 'any'\n"); } - log_type = const_cast(log_types.registerType(schema)); + log_type = const_cast(log_types.registerType(schema)); log_series.setType(*log_type); - log_file = new DataSeriesSink(path + ".ds", compress_type); - log_file->writeExtentLibrary(log_types); - for(size_t i = 0; i < schema_list.size(); ++i) - extents.insert(std::make_pair(schema_list[i].field_name, GeneralField::create(log_series, schema_list[i].field_name))); - - if(ds_extent_size < ROW_MIN) - { - fprintf(stderr, "%d is not a valid value for 'rows'. Using min of %d instead.\n", (int)ds_extent_size, (int)ROW_MIN); - ds_extent_size = ROW_MIN; - } - else if(ds_extent_size > ROW_MAX) - { - fprintf(stderr, "%d is not a valid value for 'rows'. Using max of %d instead.\n", (int)ds_extent_size, (int)ROW_MAX); - ds_extent_size = ROW_MAX; - } - log_output = new OutputModule(*log_file, log_series, log_type, ds_extent_size); - - return true; + return OpenLog(path); } @@ -416,18 +369,26 @@ bool DataSeries::DoFlush() return true; } -bool DataSeries::DoFinish() -{ - for(ExtentIterator iter = extents.begin(); - iter != extents.end(); ++iter) - { +void DataSeries::CloseLog() + { + for( ExtentIterator iter = extents.begin(); iter != extents.end(); ++iter ) delete iter->second; - } + extents.clear(); - // Don't delete the file before you delete the output, or bad things happen. + + // Don't delete the file before you delete the output, or bad things + // happen. delete log_output; delete log_file; + log_output = 0; + log_file = 0; + } + +bool DataSeries::DoFinish() +{ + CloseLog(); + return WriterBackend::DoFinish(); } @@ -453,8 +414,7 @@ bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, bool DataSeries::DoRotate(string rotated_path, double open, double close, bool terminating) { // Note that if DS files are rotated too often, the aggregate log size will be (much) larger. - - DoFinish(); + CloseLog(); string dsname = Path() + ".ds"; string nname = rotated_path + ".ds"; @@ -466,7 +426,7 @@ bool DataSeries::DoRotate(string rotated_path, double open, double close, bool t return false; } - return DoInit(Path(), NumFields(), Fields()); + return OpenLog(Path()); } bool DataSeries::DoSetBuf(bool enabled) diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index 5331975937..319cb72ec5 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -42,24 +42,83 @@ private: static const size_t THREAD_MAX = 128; // Maximum number of compression threads that DataSeries may spawn. static const size_t TIME_SCALE = 1000000; // Fixed-point multiplier for time values when converted to integers. + struct SchemaValue + { + string ds_type; + string bro_type; + string field_name; + string field_options; + }; + + /** + * Turns a log value into a std::string. Uses an ostringstream to do the + * heavy lifting, but still need to switch on the type to know which value + * in the union to give to the string string for processing. + * + * @param val The value we wish to convert to a string + * @return the string value of val + */ std::string LogValueToString(threading::Value *val); + /** + * Takes a field type and converts it to a relevant DataSeries type. + * + * @param field We extract the type from this and convert it into a relevant DS type. + * @return String representation of type that DataSeries can understand. + */ + string GetDSFieldType(const threading::Field *field); + + /** + * Are there any options we should put into the XML schema? + * + * @param field We extract the type from this and return any options that make sense for that type. + * @return Options that can be added directly to the XML (e.g. "pack_relative=\"yes\"") + */ + std::string GetDSOptionsForType(const threading::Field *field); + + /** + * Takes a list of types, a list of names, and a title, and uses it to construct a valid DataSeries XML schema + * thing, which is then returned as a std::string + * + * @param opts std::vector of strings containing a list of options to be appended to each field (e.g. "pack_relative=yes") + * @param sTitle Name of this schema. Ideally, these schemas would be aggregated and re-used. + */ + string BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle); + + /** + * Takes a field type and converts it to a readable string. + * + * @param field We extract the type from this and convert it into a readable string. + * @return String representation of the field's type + */ + string GetBroTypeString(const threading::Field *field); + + /** Closes the currently open file. */ + void CloseLog(); + + /** XXX */ + bool OpenLog(string path); + typedef std::map ExtentMap; typedef ExtentMap::iterator ExtentIterator; // Internal DataSeries structures we need to keep track of. - DataSeriesSink* log_file; + vector schema_list; ExtentTypeLibrary log_types; ExtentType *log_type; ExtentSeries log_series; - OutputModule* log_output; ExtentMap extents; + int compress_type; + + DataSeriesSink* log_file; + OutputModule* log_output; // Options set from the script-level. uint64 ds_extent_size; uint64 ds_num_threads; string ds_compression; bool ds_dump_schema; + bool ds_use_integer_for_time; }; } diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml new file mode 100644 index 0000000000..71ad5d70a0 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out new file mode 100644 index 0000000000..b6f05003f3 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out @@ -0,0 +1,380 @@ +test.2011-03-07-03-00-05.ds test 11-03-07_03.00.05 11-03-07_04.00.05 0 +test.2011-03-07-04-00-05.ds test 11-03-07_04.00.05 11-03-07_05.00.05 0 +test.2011-03-07-05-00-05.ds test 11-03-07_05.00.05 11-03-07_06.00.05 0 +test.2011-03-07-06-00-05.ds test 11-03-07_06.00.05 11-03-07_07.00.05 0 +test.2011-03-07-07-00-05.ds test 11-03-07_07.00.05 11-03-07_08.00.05 0 +test.2011-03-07-08-00-05.ds test 11-03-07_08.00.05 11-03-07_09.00.05 0 +test.2011-03-07-09-00-05.ds test 11-03-07_09.00.05 11-03-07_10.00.05 0 +test.2011-03-07-10-00-05.ds test 11-03-07_10.00.05 11-03-07_11.00.05 0 +test.2011-03-07-11-00-05.ds test 11-03-07_11.00.05 11-03-07_12.00.05 0 +test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 +> test.2011-03-07-03-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1024 +1.299e+09 10.0.0.2 20 10.0.0.3 0 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-04-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1025 +1.299e+09 10.0.0.2 20 10.0.0.3 1 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-05-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1026 +1.299e+09 10.0.0.2 20 10.0.0.3 2 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-06-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1027 +1.299e+09 10.0.0.2 20 10.0.0.3 3 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-07-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1028 +1.299e+09 10.0.0.2 20 10.0.0.3 4 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-08-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1029 +1.299e+09 10.0.0.2 20 10.0.0.3 5 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-09-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1030 +1.299e+09 10.0.0.2 20 10.0.0.3 6 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-10-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.299e+09 10.0.0.1 20 10.0.0.2 1031 +1.299e+09 10.0.0.2 20 10.0.0.3 7 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-11-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.3e+09 10.0.0.1 20 10.0.0.2 1032 +1.3e+09 10.0.0.2 20 10.0.0.3 8 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +> test.2011-03-07-12-00-05.ds +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex +# Extent, type='test' +t id.orig_h id.orig_p id.resp_h id.resp_p +1.3e+09 10.0.0.1 20 10.0.0.2 1033 +1.3e+09 10.0.0.2 20 10.0.0.3 9 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +360 test +468 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt new file mode 100644 index 0000000000..f66f40b701 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -0,0 +1,43 @@ +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +400 ssh +604 DataSeries: ExtentIndex +# Extent, type='ssh' +t id.orig_h id.orig_p id.resp_h id.resp_p status country +1.334e+09 1.2.3.4 1234 2.3.4.5 80 success unknown +1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure US +1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure UK +1.334e+09 1.2.3.4 1234 2.3.4.5 80 success BR +1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure MX +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +400 ssh +604 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt new file mode 100644 index 0000000000..e6294b1d71 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt @@ -0,0 +1,96 @@ +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +636 conn +2912 DataSeries: ExtentIndex +# Extent, type='conn' +ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +1300475167096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 +1300475167097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 +1300475167099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 +1300475168853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 435 0 89 SHR F 0 Cd 0 0 1 117 +1300475168854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 420 0 99 SHR F 0 Cd 0 0 1 127 +1300475168854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 391 0 183 SHR F 0 Cd 0 0 1 211 +1300475168857956 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 317 0 89 SHR F 0 Cd 0 0 1 117 +1300475168858306 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 343 0 99 SHR F 0 Cd 0 0 1 127 +1300475168858713 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 375 0 183 SHR F 0 Cd 0 0 1 211 +1300475168891644 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 339 0 89 SHR F 0 Cd 0 0 1 117 +1300475168892037 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 334 0 99 SHR F 0 Cd 0 0 1 127 +1300475168892414 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 420 0 183 SHR F 0 Cd 0 0 1 211 +1300475168893988 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 384 0 89 SHR F 0 Cd 0 0 1 117 +1300475168894422 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 316 0 99 SHR F 0 Cd 0 0 1 127 +1300475168894787 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 422 0 183 SHR F 0 Cd 0 0 1 211 +1300475168901749 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 402 0 131 SHR F 0 Cd 0 0 1 159 +1300475168902195 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 374 0 198 SHR F 0 Cd 0 0 1 226 +1300475169899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 +1300475170862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2613016 350 0 S0 F 0 D 7 546 0 0 +1300475171675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 100096 66 0 S0 F 0 D 2 162 0 0 +1300475171677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 100020 66 0 S0 F 0 D 2 122 0 0 +1300475173116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 99801 66 0 S0 F 0 D 2 162 0 0 +1300475173117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 99848 66 0 S0 F 0 D 2 122 0 0 +1300475173153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 +1300475168859163 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 215893 1130 734 S1 F 1130 ShACad 4 216 4 950 +1300475168652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 61328 0 350 OTH F 0 CdA 1 52 1 402 +1300475168895267 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 227283 1178 734 S1 F 1178 ShACad 4 216 4 950 +1300475168902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 120040 534 412 S1 F 534 ShACad 3 164 3 576 +1300475168892936 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 229603 1148 734 S1 F 1148 ShACad 4 216 4 950 +1300475168855305 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 218501 1171 733 S1 F 1171 ShACad 4 216 4 949 +1300475168892913 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 220960 1137 733 S1 F 1137 ShACad 4 216 4 949 +1300475169780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 +1300475168724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 119904 525 232 S1 F 525 ShACad 3 164 3 396 +1300475168855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 219720 1125 734 S1 F 1125 ShACad 4 216 4 950 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +636 conn +2912 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt new file mode 100644 index 0000000000..e85cf9337e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt @@ -0,0 +1,96 @@ +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +660 conn +2564 DataSeries: ExtentIndex +# Extent, type='conn' +ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes +1.3e+09 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 +1.3e+09 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 +1.3e+09 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 +1.3e+09 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.3e+09 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.3e+09 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.3e+09 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.3e+09 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.3e+09 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.3e+09 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.3e+09 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.3e+09 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.3e+09 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.3e+09 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.3e+09 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.3e+09 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0 0 131 SHR F 0 Cd 0 0 1 159 +1.3e+09 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0 0 198 SHR F 0 Cd 0 0 1 226 +1.3e+09 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 +1.3e+09 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 0 350 0 S0 F 0 D 7 546 0 0 +1.3e+09 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 +1.3e+09 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 +1.3e+09 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 +1.3e+09 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 +1.3e+09 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 +1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 0 1130 734 S1 F 1130 ShACad 4 216 4 950 +1.3e+09 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0 0 350 OTH F 0 CdA 1 52 1 402 +1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 0 1178 734 S1 F 1178 ShACad 4 216 4 950 +1.3e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0 534 412 S1 F 534 ShACad 3 164 3 576 +1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 0 1148 734 S1 F 1148 ShACad 4 216 4 950 +1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 0 1171 733 S1 F 1171 ShACad 4 216 4 949 +1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 0 1137 733 S1 F 1137 ShACad 4 216 4 949 +1.3e+09 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 +1.3e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0 525 232 S1 F 525 ShACad 3 164 3 396 +1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0 1125 734 S1 F 1125 ShACad 4 216 4 950 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +660 conn +2564 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt new file mode 100644 index 0000000000..49e431085c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -0,0 +1,90 @@ +# Extent Types ... + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +extent offset ExtentType +40 DataSeries: XmlType +756 http +1144 DataSeries: ExtentIndex +# Extent, type='http' +ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file +1.3e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 +1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 +1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +# Extent, type='DataSeries: ExtentIndex' +offset extenttype +40 DataSeries: XmlType +756 http +1144 DataSeries: ExtentIndex diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro new file mode 100644 index 0000000000..77ea32908a --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro @@ -0,0 +1,43 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# +# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES +# @TEST-EXEC: test -e ssh.ds.xml +# @TEST-EXEC: btest-diff ssh.ds.xml + +module SSH; + +redef LogDataSeries::dump_schema = T; + +# Haven't yet found a way to check for the effect of these. +redef LogDataSeries::compression = "bz2"; +redef LogDataSeries::extent_size = 1000; +redef LogDataSeries::num_threads = 5; + +# LogDataSeries::use_integer_for_time is tested separately. + +export { + redef enum Log::ID += { LOG }; + + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + } &log; +} + +event bro_init() +{ + Log::create_stream(SSH::LOG, [$columns=Log]); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + +} + diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro new file mode 100644 index 0000000000..639c7f3562 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro @@ -0,0 +1,33 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# +# @TEST-EXEC: bro -b -r %DIR/../rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out +# @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt $i; done >>out +# @TEST-EXEC: btest-diff out + +module Test; + +export { + # Create a new ID for our log stream + redef enum Log::ID += { LOG }; + + # Define a record with all the columns the log file can have. + # (I'm using a subset of fields from ssh-ext for demonstration.) + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + } &log; +} + +redef Log::default_rotation_interval = 1hr; +redef Log::default_rotation_postprocessor_cmd = "echo"; + +event bro_init() +{ + Log::create_stream(Test::LOG, [$columns=Log]); +} + +event new_connection(c: connection) + { + Log::write(Test::LOG, [$t=network_time(), $id=c$id]); + } diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro new file mode 100644 index 0000000000..c7f8a5618f --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro @@ -0,0 +1,34 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# +# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES +# @TEST-EXEC: ds2txt ssh.ds >ssh.ds.txt +# @TEST-EXEC: btest-diff ssh.ds.txt + +module SSH; + +export { + redef enum Log::ID += { LOG }; + + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + status: string &optional; + country: string &default="unknown"; + } &log; +} + +event bro_init() +{ + Log::create_stream(SSH::LOG, [$columns=Log]); + + local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp]; + + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]); + Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]); + +} + diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro new file mode 100644 index 0000000000..3a072998c0 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro @@ -0,0 +1,8 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# +# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES +# @TEST-EXEC: ds2txt conn.ds >conn.ds.txt +# @TEST-EXEC: btest-diff conn.ds.txt + +redef LogDataSeries::use_integer_for_time = T; diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro new file mode 100644 index 0000000000..4a4b70afc2 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro @@ -0,0 +1,8 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# +# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES +# @TEST-EXEC: ds2txt conn.ds >conn.ds.txt +# @TEST-EXEC: ds2txt http.ds >http.ds.txt +# @TEST-EXEC: btest-diff conn.ds.txt +# @TEST-EXEC: btest-diff http.ds.txt diff --git a/testing/scripts/has-writer b/testing/scripts/has-writer new file mode 100755 index 0000000000..683d31041f --- /dev/null +++ b/testing/scripts/has-writer @@ -0,0 +1,6 @@ +#! /usr/bin/env bash +# +# Returns true if Bro has been compiled with support for writer type +# $1. The type name must match what "bro --help" prints. + +bro --helper 2>&1 | grep -qi "Supported log formats:.*$1" From 891c53277501ab3e6c2dfa555859f4fda1a40486 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Apr 2012 14:48:33 -0700 Subject: [PATCH 04/51] DataSeries cleanup. --- src/Type.cc | 8 +- src/logging/writers/Ascii.cc | 17 +- src/logging/writers/DataSeries.cc | 267 ++++++++++++++---------------- src/logging/writers/DataSeries.h | 27 ++- src/threading/SerialTypes.cc | 14 ++ src/threading/SerialTypes.h | 10 +- 6 files changed, 162 insertions(+), 181 deletions(-) diff --git a/src/Type.cc b/src/Type.cc index 82221303af..d688b15376 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -15,10 +15,9 @@ extern int generate_documentation; +// Note: This function must be thread-safe. const char* type_name(TypeTag t) { - static char errbuf[512]; - static const char* type_names[int(NUM_TYPES)] = { "void", "bool", "int", "count", "counter", @@ -37,10 +36,7 @@ const char* type_name(TypeTag t) }; if ( int(t) >= NUM_TYPES ) - { - snprintf(errbuf, sizeof(errbuf), "%d: not a type tag", int(t)); - return errbuf; - } + return "type_name(): not a type tag"; return type_names[int(t)]; } diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 2f25ac418f..3a35eea380 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -86,6 +86,9 @@ bool Ascii::DoInit(string path, int num_fields, const Field* const * fields) if ( include_header ) { + string names; + string types; + string str = string(header_prefix, header_prefix_len) + "separator " // Always use space as separator here. + get_escaped_string(string(separator, separator_len), false) @@ -103,9 +106,6 @@ bool Ascii::DoInit(string path, int num_fields, const Field* const * fields) WriteHeaderField("path", get_escaped_string(path, false))) ) goto write_error; - string names; - string types; - for ( int i = 0; i < num_fields; ++i ) { if ( i > 0 ) @@ -114,15 +114,8 @@ bool Ascii::DoInit(string path, int num_fields, const Field* const * fields) types += string(separator, separator_len); } - const Field* field = fields[i]; - names += field->name; - types += type_name(field->type); - if ( (field->type == TYPE_TABLE) || (field->type == TYPE_VECTOR) ) - { - types += "["; - types += type_name(field->subtype); - types += "]"; - } + names += fields[i]->name; + types += fields[i]->TypeName(); } if ( ! (WriteHeaderField("fields", names) diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 5ee8a812da..f6b26dc494 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -15,17 +15,15 @@ using namespace logging; using namespace writer; std::string DataSeries::LogValueToString(threading::Value *val) -{ - const int strsz = 1024; - char strbuf[strsz]; - - // In some cases, no value is attached. If this is the case, return an empty string. - if(!val->present) + { + // In some cases, no value is attached. If this is the case, return + // an empty string. + if( ! val->present ) return ""; std::ostringstream ostr; - switch(val->type) - { + + switch(val->type) { case TYPE_BOOL: return (val->val.int_val ? "true" : "false"); @@ -40,19 +38,22 @@ std::string DataSeries::LogValueToString(threading::Value *val) return ostr.str(); case TYPE_SUBNET: - ostr << Render(val->val.subnet_val); + ostr << Render(val->val.subnet_val); return ostr.str(); case TYPE_ADDR: - ostr << Render(val->val.addr_val); + ostr << Render(val->val.addr_val); return ostr.str(); - // Note: These two cases are relatively special. We need to convert these values into their integer equivalents - // to maximize precision. At the moment, there won't be a noticeable effect (Bro uses the double format everywhere - // internally, so we've already lost the precision we'd gain here), but timestamps may eventually switch to this - // representation within Bro. + // Note: These two cases are relatively special. We need to convert + // these values into their integer equivalents to maximize precision. + // At the moment, there won't be a noticeable effect (Bro uses the + // double format everywhere internally, so we've already lost the + // precision we'd gain here), but timestamps may eventually switch to + // this representation within Bro. // - // in the near-term, this *should* lead to better pack_relative (and thus smaller output files). + // In the near-term, this *should* lead to better pack_relative (and + // thus smaller output files). case TYPE_TIME: case TYPE_INTERVAL: if ( ds_use_integer_for_time ) @@ -69,59 +70,57 @@ std::string DataSeries::LogValueToString(threading::Value *val) case TYPE_ENUM: case TYPE_STRING: case TYPE_FILE: - { - int size = val->val.string_val->size(); - string tmpString = ""; - if(size) - tmpString = string(val->val.string_val->data(), val->val.string_val->size()); - else - tmpString = string(""); - return tmpString; - } - case TYPE_TABLE: - { - if ( ! val->val.set_val.size ) - { + case TYPE_FUNC: + if ( ! val->val.string_val->size() ) + return ""; + + return string(val->val.string_val->data(), val->val.string_val->size()); + + case TYPE_TABLE: + { + if ( ! val->val.set_val.size ) return ""; - } string tmpString = ""; + for ( int j = 0; j < val->val.set_val.size; j++ ) { if ( j > 0 ) - tmpString += ":"; //TODO: Specify set separator char in configuration. + tmpString += ds_set_separator; tmpString += LogValueToString(val->val.set_val.vals[j]); } + return tmpString; - } + } + case TYPE_VECTOR: - { + { if ( ! val->val.vector_val.size ) - { return ""; - } string tmpString = ""; + for ( int j = 0; j < val->val.vector_val.size; j++ ) { if ( j > 0 ) - tmpString += ":"; //TODO: Specify set separator char in configuration. + tmpString += ds_set_separator; tmpString += LogValueToString(val->val.vector_val.vals[j]); } return tmpString; - } + } + default: - return "???"; + InternalError(Fmt("unknown type %s in DataSeries::LogValueToString", type_name(val->type))); + return "cannot be reached"; } } string DataSeries::GetDSFieldType(const threading::Field *field) { - switch(field->type) - { + switch(field->type) { case TYPE_BOOL: return "bool"; @@ -145,75 +144,49 @@ string DataSeries::GetDSFieldType(const threading::Field *field) case TYPE_FILE: case TYPE_TABLE: case TYPE_VECTOR: - default: + case TYPE_FUNC: return "variable32"; - } -} - -string DataSeries::GetBroTypeString(const threading::Field *field) -{ - switch(field->type) - { - case TYPE_BOOL: - return "bool"; - case TYPE_COUNT: - return "count"; - case TYPE_COUNTER: - return "counter"; - case TYPE_PORT: - return "port"; - case TYPE_INT: - return "int"; - case TYPE_TIME: - return "time"; - case TYPE_INTERVAL: - return "interval"; - case TYPE_DOUBLE: - return "double"; - case TYPE_SUBNET: - return "subnet"; - case TYPE_ADDR: - return "addr"; - case TYPE_ENUM: - return "enum"; - case TYPE_STRING: - return "string"; - case TYPE_FILE: - return "file"; - case TYPE_TABLE: - return "table"; - case TYPE_VECTOR: - return "vector"; default: - return "???"; + InternalError(Fmt("unknown type %s in DataSeries::GetDSFieldType", type_name(field->type))); + return "cannot be reached"; } } string DataSeries::BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle) -{ - if("" == sTitle) - { + { + if( ! sTitle.size() ) sTitle = "GenericBroStream"; - } - string xmlschema; - xmlschema = "\n"; - for(size_t i = 0; i < vals.size(); ++i) + + string xmlschema = "\n"; + + for( size_t i = 0; i < vals.size(); ++i ) { - xmlschema += "\t\n"; + xmlschema += "\t\n"; } + xmlschema += "\n"; - for(size_t i = 0; i < vals.size(); ++i) + + for( size_t i = 0; i < vals.size(); ++i ) { - xmlschema += "\n"; + xmlschema += "\n"; } + return xmlschema; } std::string DataSeries::GetDSOptionsForType(const threading::Field *field) { - switch(field->type) - { + switch( field->type ) { case TYPE_TIME: case TYPE_INTERVAL: { @@ -233,6 +206,7 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) case TYPE_TABLE: case TYPE_VECTOR: return "pack_unique=\"yes\""; + default: return ""; } @@ -242,11 +216,13 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) DataSeries::DataSeries(WriterFrontend* frontend) : WriterBackend(frontend) { - ds_compression = string((const char *)BifConst::LogDataSeries::compression->Bytes(), BifConst::LogDataSeries::compression->Len()); + ds_compression = string((const char *)BifConst::LogDataSeries::compression->Bytes(), + BifConst::LogDataSeries::compression->Len()); ds_dump_schema = BifConst::LogDataSeries::dump_schema; ds_extent_size = BifConst::LogDataSeries::extent_size; ds_num_threads = BifConst::LogDataSeries::num_threads; ds_use_integer_for_time = BifConst::LogDataSeries::use_integer_for_time; + ds_set_separator = ","; } DataSeries::~DataSeries() @@ -258,20 +234,23 @@ bool DataSeries::OpenLog(string path) log_file = new DataSeriesSink(path + ".ds", compress_type); log_file->writeExtentLibrary(log_types); - for(size_t i = 0; i < schema_list.size(); ++i) - extents.insert(std::make_pair(schema_list[i].field_name, GeneralField::create(log_series, schema_list[i].field_name))); + for( size_t i = 0; i < schema_list.size(); ++i ) + extents.insert(std::make_pair(schema_list[i].field_name, + GeneralField::create(log_series, schema_list[i].field_name))); - if(ds_extent_size < ROW_MIN) + if ( ds_extent_size < ROW_MIN ) { - fprintf(stderr, "%d is not a valid value for 'rows'. Using min of %d instead.\n", (int)ds_extent_size, (int)ROW_MIN); - ds_extent_size = ROW_MIN; + Warning(Fmt("%d is not a valid value for 'rows'. Using min of %d instead", (int)ds_extent_size, (int)ROW_MIN)); + ds_extent_size = ROW_MIN; } - else if(ds_extent_size > ROW_MAX) + + else if( ds_extent_size > ROW_MAX ) { - fprintf(stderr, "%d is not a valid value for 'rows'. Using max of %d instead.\n", (int)ds_extent_size, (int)ROW_MAX); - ds_extent_size = ROW_MAX; + Warning(Fmt("%d is not a valid value for 'rows'. Using max of %d instead", (int)ds_extent_size, (int)ROW_MAX)); + ds_extent_size = ROW_MAX; } - log_output = new OutputModule(*log_file, log_series, log_type, ds_extent_size); + + log_output = new OutputModule(*log_file, log_series, *log_type, ds_extent_size); return true; } @@ -283,22 +262,22 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con // use that schema to build our output logfile and prepare it to be // written to. - // Note: compressor count must be set *BEFORE* DataSeriesSink is instantiated. - if(ds_num_threads < THREAD_MIN && ds_num_threads != 0) + // Note: compressor count must be set *BEFORE* DataSeriesSink is + // instantiated. + if( ds_num_threads < THREAD_MIN && ds_num_threads != 0 ) { - fprintf(stderr, "%d is too few threads! Using %d instead\n", (int)ds_num_threads, (int)THREAD_MIN); + Warning(Fmt("%d is too few threads! Using %d instead", (int)ds_num_threads, (int)THREAD_MIN)); ds_num_threads = THREAD_MIN; } - if(ds_num_threads > THREAD_MAX) + + if( ds_num_threads > THREAD_MAX ) { - fprintf(stderr, "%d is too many threads! Dropping back to %d\n", (int)ds_num_threads, (int)THREAD_MAX); + Warning(Fmt("%d is too many threads! Dropping back to %d", (int)ds_num_threads, (int)THREAD_MAX)); ds_num_threads = THREAD_MAX; } - if(ds_num_threads > 0) - { + if( ds_num_threads > 0 ) DataSeriesSink::setCompressorCount(ds_num_threads); - } for ( int i = 0; i < num_fields; i++ ) { @@ -307,65 +286,59 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con val.ds_type = GetDSFieldType(field); val.field_name = string(field->name); val.field_options = GetDSOptionsForType(field); - val.bro_type = GetBroTypeString(field); + val.bro_type = field->TypeName(); schema_list.push_back(val); } + string schema = BuildDSSchemaFromFieldTypes(schema_list, path); - if(ds_dump_schema) + + if( ds_dump_schema ) { - FILE * pFile; - pFile = fopen ( string(path + ".ds.xml").c_str() , "wb" ); - if(NULL == pFile) + FILE* pFile = fopen ( string(path + ".ds.xml").c_str() , "wb" ); + + if( pFile ) { - perror("Could not dump schema"); + fwrite(schema.c_str(), 1, schema.length(), pFile); + fclose(pFile); } - fwrite (schema.c_str(), 1 , schema.length() , pFile ); - fclose (pFile); + + else + Error(Fmt("cannot dump schema: %s", strerror(errno))); } compress_type = Extent::compress_all; - if(ds_compression == "lzf") - { + if( ds_compression == "lzf" ) compress_type = Extent::compress_lzf; - } - else if(ds_compression == "lzo") - { + + else if( ds_compression == "lzo" ) compress_type = Extent::compress_lzo; - } - else if(ds_compression == "gz") - { + + else if( ds_compression == "gz" ) compress_type = Extent::compress_gz; - } - else if(ds_compression == "bz2") - { + + else if( ds_compression == "bz2" ) compress_type = Extent::compress_bz2; - } - else if(ds_compression == "none") - { + + else if( ds_compression == "none" ) compress_type = Extent::compress_none; - } - else if(ds_compression == "any") - { + + else if( ds_compression == "any" ) compress_type = Extent::compress_all; - } + else - { - fprintf(stderr, "%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'\n", ds_compression.c_str()); - fprintf(stderr, "Defaulting to 'any'\n"); - } + Warning(Fmt("%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'. Defaulting to 'any'", ds_compression.c_str())); log_type = const_cast(log_types.registerType(schema)); - log_series.setType(*log_type); return OpenLog(path); - } bool DataSeries::DoFlush() { - // Flushing is handled by DataSeries automatically, so this function doesn't do anything. + // Flushing is handled by DataSeries automatically, so this function + // doesn't do anything. return true; } @@ -377,7 +350,7 @@ void DataSeries::CloseLog() extents.clear(); // Don't delete the file before you delete the output, or bad things - // happen. + // will happen. delete log_output; delete log_file; @@ -396,14 +369,17 @@ bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, threading::Value** vals) { log_output->newRecord(); - for(size_t i = 0; i < (size_t)num_fields; ++i) + + for( size_t i = 0; i < (size_t)num_fields; ++i ) { ExtentIterator iter = extents.find(fields[i]->name); assert(iter != extents.end()); + if( iter != extents.end() ) { GeneralField *cField = iter->second; - if(vals[i]->present) + + if( vals[i]->present ) cField->set(LogValueToString(vals[i])); } } @@ -413,7 +389,8 @@ bool DataSeries::DoWrite(int num_fields, const threading::Field* const * fields, bool DataSeries::DoRotate(string rotated_path, double open, double close, bool terminating) { - // Note that if DS files are rotated too often, the aggregate log size will be (much) larger. + // Note that if DS files are rotated too often, the aggregate log + // size will be (much) larger. CloseLog(); string dsname = Path() + ".ds"; diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index 319cb72ec5..5faa87e1b2 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -6,13 +6,13 @@ #ifndef LOGGING_WRITER_DATA_SERIES_H #define LOGGING_WRITER_DATA_SERIES_H -#include "../WriterBackend.h" - #include #include #include #include +#include "../WriterBackend.h" + namespace logging { namespace writer { class DataSeries : public WriterBackend { @@ -24,6 +24,8 @@ public: { return new DataSeries(frontend); } protected: + // Overidden from WriterBackend. + virtual bool DoInit(string path, int num_fields, const threading::Field* const * fields); @@ -36,11 +38,11 @@ protected: virtual bool DoFinish(); private: - static const size_t ROW_MIN = 2048; // Minimum extent size. - static const size_t ROW_MAX = (1024 * 1024 * 100); // Maximum extent size. - static const size_t THREAD_MIN = 1; // Minimum number of compression threads that DataSeries may spawn. - static const size_t THREAD_MAX = 128; // Maximum number of compression threads that DataSeries may spawn. - static const size_t TIME_SCALE = 1000000; // Fixed-point multiplier for time values when converted to integers. + static const size_t ROW_MIN = 2048; // Minimum extent size. + static const size_t ROW_MAX = (1024 * 1024 * 100); // Maximum extent size. + static const size_t THREAD_MIN = 1; // Minimum number of compression threads that DataSeries may spawn. + static const size_t THREAD_MAX = 128; // Maximum number of compression threads that DataSeries may spawn. + static const size_t TIME_SCALE = 1000000; // Fixed-point multiplier for time values when converted to integers. struct SchemaValue { @@ -85,18 +87,10 @@ private: */ string BuildDSSchemaFromFieldTypes(const vector& vals, string sTitle); - /** - * Takes a field type and converts it to a readable string. - * - * @param field We extract the type from this and convert it into a readable string. - * @return String representation of the field's type - */ - string GetBroTypeString(const threading::Field *field); - /** Closes the currently open file. */ void CloseLog(); - /** XXX */ + /** Opens a new file. */ bool OpenLog(string path); typedef std::map ExtentMap; @@ -119,6 +113,7 @@ private: string ds_compression; bool ds_dump_schema; bool ds_use_integer_for_time; + string ds_set_separator; }; } diff --git a/src/threading/SerialTypes.cc b/src/threading/SerialTypes.cc index a5692b2ffd..5ab61b0d41 100644 --- a/src/threading/SerialTypes.cc +++ b/src/threading/SerialTypes.cc @@ -24,6 +24,20 @@ bool Field::Write(SerializationFormat* fmt) const return (fmt->Write(name, "name") && fmt->Write((int)type, "type") && fmt->Write((int)subtype, "subtype")); } +string Field::TypeName() const + { + string n = type_name(type); + + if ( (type == TYPE_TABLE) || (type == TYPE_VECTOR) ) + { + n += "["; + n += type_name(subtype); + n += "]"; + } + + return n; + } + Value::~Value() { if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE || type == TYPE_FUNC) diff --git a/src/threading/SerialTypes.h b/src/threading/SerialTypes.h index db7dc837bd..eee3b750fe 100644 --- a/src/threading/SerialTypes.h +++ b/src/threading/SerialTypes.h @@ -53,6 +53,12 @@ struct Field { * @return False if an error occured. */ bool Write(SerializationFormat* fmt) const; + + /** + * Returns a textual description of the field's type. This method is + * thread-safe. + */ + string TypeName() const; }; /** @@ -132,8 +138,8 @@ struct Value { /** * Returns true if the type can be represented by a Value. If - * `atomic_only` is true, will not permit composite types. - */ + * `atomic_only` is true, will not permit composite types. This + * method is thread-safe. */ static bool IsCompatibleType(BroType* t, bool atomic_only=false); private: From 08593c5147157511c5ca54872ad58c15dfd87431 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Apr 2012 15:19:14 -0700 Subject: [PATCH 05/51] In threads, an internal error now immediately aborts. Otherwise, the error won't make it back to the main thread for a while and subsequent code in the thread would still execute. --- src/threading/MsgThread.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/threading/MsgThread.cc b/src/threading/MsgThread.cc index 0b91f8790a..c5777042f3 100644 --- a/src/threading/MsgThread.cc +++ b/src/threading/MsgThread.cc @@ -222,7 +222,9 @@ void MsgThread::InternalWarning(const char* msg) void MsgThread::InternalError(const char* msg) { - SendOut(new ReporterMessage(ReporterMessage::INTERNAL_ERROR, this, msg)); + // This one aborts immediately. + fprintf(stderr, "internal error in thread: %s\n", msg); + abort(); } #ifdef DEBUG From 91a3ce951812083dc017116f080fbdd7c3d2ea1b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Apr 2012 15:20:10 -0700 Subject: [PATCH 06/51] Additional test output canonification for ds2txt's timestamps. --- .../ssh.ds.txt | 10 +++++----- .../http.ds.txt | 12 ++++++------ .../frameworks/logging/dataseries/test-logging.bro | 2 +- testing/external/subdir-btest.cfg | 2 +- testing/scripts/diff-remove-timestamps-dataseries | 6 ++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100755 testing/scripts/diff-remove-timestamps-dataseries diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt index f66f40b701..05026a24ef 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -31,11 +31,11 @@ extent offset ExtentType 604 DataSeries: ExtentIndex # Extent, type='ssh' t id.orig_h id.orig_p id.resp_h id.resp_p status country -1.334e+09 1.2.3.4 1234 2.3.4.5 80 success unknown -1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure US -1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure UK -1.334e+09 1.2.3.4 1234 2.3.4.5 80 success BR -1.334e+09 1.2.3.4 1234 2.3.4.5 80 failure MX +X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success unknown +X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure US +X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure UK +X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success BR +X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure MX # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt index 49e431085c..a0c6cbbff3 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -55,18 +55,18 @@ - + - + extent offset ExtentType 40 DataSeries: XmlType -756 http -1144 DataSeries: ExtentIndex +768 http +1156 DataSeries: ExtentIndex # Extent, type='http' ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file 1.3e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 @@ -86,5 +86,5 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri refer # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -756 http -1144 DataSeries: ExtentIndex +768 http +1156 DataSeries: ExtentIndex diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro index c7f8a5618f..76f2451477 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro @@ -2,7 +2,7 @@ # @TEST-REQUIRES: has-writer DataSeries && which ds2txt # # @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES -# @TEST-EXEC: ds2txt ssh.ds >ssh.ds.txt +# @TEST-EXEC: ds2txt ssh.ds | ${SCRIPTS}/diff-remove-timestamps-dataseries >ssh.ds.txt # @TEST-EXEC: btest-diff ssh.ds.txt module SSH; diff --git a/testing/external/subdir-btest.cfg b/testing/external/subdir-btest.cfg index c4e74f99fa..fba89fb724 100644 --- a/testing/external/subdir-btest.cfg +++ b/testing/external/subdir-btest.cfg @@ -10,7 +10,7 @@ BROPATH=`bash -c %(testbase)s/../../../build/bro-path-dev`:%(testbase)s/../scrip BRO_SEED_FILE=%(testbase)s/../random.seed TZ=UTC LC_ALL=C -PATH=%(testbase)s/../../../build/src:%(testbase)s/../../../aux/btest:%(default_path)s +PATH=%(testbase)s/../../../build/src:%(testbase)s/../../../aux/btest:%(testbase)s/../../scripts:%(default_path)s TEST_DIFF_CANONIFIER=%(testbase)s/../../scripts/diff-canonifier-external TEST_DIFF_BRIEF=1 TRACES=%(testbase)s/Traces diff --git a/testing/scripts/diff-remove-timestamps-dataseries b/testing/scripts/diff-remove-timestamps-dataseries new file mode 100755 index 0000000000..5b20f138af --- /dev/null +++ b/testing/scripts/diff-remove-timestamps-dataseries @@ -0,0 +1,6 @@ +#! /usr/bin/env bash +# +# Replace anything which looks like DataSeries timestamps (which is a double) with XXXs. + +sed 's/1\.[0-9]*e+09/X.XXXe+09/g' + From d1c6183620aa8ee73cd52ae8ac98b90213d093d8 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Apr 2012 16:07:38 -0700 Subject: [PATCH 07/51] Starting DataSeries HowTo. --- doc/logging-dataseries.rst | 102 +++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 doc/logging-dataseries.rst diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst new file mode 100644 index 0000000000..5289bbaea9 --- /dev/null +++ b/doc/logging-dataseries.rst @@ -0,0 +1,102 @@ + +============================= +Binary Output with DataSeries +============================= + +.. rst-class:: opening + + Bro's default ASCII log format is not exactly the most efficient + way for storing large volumes of data. An an alternative, Bro comes + with experimental support for `DataSeries + `_ + output, an efficient binary format for recording structured bulk + data. DataSeries is developed and maintained at HP Labs. + +.. contents:: + +Installing DataSeries +--------------------- + +To use DataSeries, its libraries must be available at compile-time, +along with the supporting *Lintel* package. Generally, both are +distributed on `HP Labs' web site +`_. Currently, however, you need +to use recent developments of both packages with Bro, which you can +download from github like this:: + + git clone http://github.com/eric-anderson/Lintel + git clone http://github.com/eric-anderson/DataSeries + +To then build and install the two into ````, do:: + + ( cd Lintel && mkdir build && cd build && cmake -DCMAKE_INSTALL_PREFIX= .. && make && make install ) + ( cd DataSeries && mkdir build && cd build && cmake -DCMAKE_INSTALL_PREFIX= .. && make && make install ) + +Please refer to the packages' documentation for more information about +the installation process. In particular, there's more information on +required and optional `dependencies for Lintel +`_ +and `dependencies for DataSeries +`_ + +Compiling Bro with DataSeries Support +------------------------------------- + +Once you have installed DataSeries, Bro's ``configure`` should pick it +up automatically as long as it finds it in a standard system location. +Alternatively, you can specify the DataSeries installation prefix +manually with ``--with-dataseries=``. Keep an eye on +``configure``'s summary output, if it looks like this, Bro will indeed +compile in the DataSeries support:: + + # ./configure --with-dataseries=/usr/local + [...] + ====================| Bro Build Summary |===================== + [...] + DataSeries: true + [...] + ================================================================ + +Activating DataSeries +--------------------- + +The direct way to use DataSeries is to switch *all* log files over to +the binary format. To do that, just add ``redef +Log::default_writer=Log::WRITER_DATASERIES;`` to your ``local.bro`. +For testing, you can also just pass that on the command line:: + + bro -r trace.pcap Log::default_writer=Log::WRITER_DATASERIES + +With that, Bro will now write all its output into DataSeries files +``*.ds``. You can inspect these using DataSeries's set of command line +tools, which its installation process will have installed into +``/bin``. For example, to convert a file back into an ASCII +representation:: + # ds2txt conn .log + [... We skip a bunch of meta data here ...] + ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts res + 1.3e+09 9CqElRsB9Q 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 + 1.3e+09 3bNPfUWuIhb fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 + 1.3e+09 ZoDDN7YuYx3 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 + [...] + +Note that is ASCII format is *not* equivalent to Bro's default format +as DataSeries uses a different internal representation. + +You can also switch only individual files over to DataSeries by adding +code like this to your ``local.bro``:: + + TODO + +Bro's DataSeries writer comes with a few tuning options, see +:doc:`scripts/base/frameworks/logging/writers/dataseries`. + +Working with DataSeries +======================= + +Here are few examples of using DataSeries command line tools to work +with the output files. + +TODO. + + From f85e0bfe9a97daacbe1d5011834ebe6289d9abf8 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Apr 2012 18:15:05 -0700 Subject: [PATCH 08/51] DataSeries TODO list with open issues/questions. --- doc/logging-dataseries.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 5289bbaea9..e530ba7c0b 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -99,4 +99,32 @@ with the output files. TODO. +TODO +==== + +* I'm seeing lots of warning on stderr:: + + Warning, while packing field ts of record 1, error was > 10%: + (1334620000 / 1000000 = 1334.62, round() = 1335) + Warning, while packing field not_valid_after of record 11, error was > 10%: + (1346460000 / 1000000 = 1346.46, round() = 1346) + +* The compiler warn about a depracated method and I'm not immediately + seeing how to avoid using that. + +* For testing our script-level options: + + - Can we get the extentsize from a ``.ds`` file? + - Can we get the compressio level from a ``.ds`` file? + +* ds2txt can apparently not read a file that is currently being + written. That's not good for the spool directory:: + + # ds2txt http.ds + **** Assertion failure in file + /DataSeriesSink.cpp, line 301 + **** Failed expression: tail[i] == 0xFF + **** Details: bad header for the tail of http.ds! + + Can that be worked around? From b933184b2590edc6e835bc93466e682e2318acc8 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 18 Apr 2012 13:13:56 -0500 Subject: [PATCH 09/51] Changes related to ICMPv6 Neighbor Discovery messages. - The 'icmp_conn' record now contains an 'hlim' field since hop limit in the IP header is an interesting field for at least these ND messages. - Changed 'icmp_router_advertisement' event parameters. 'router_lifetime' is now an interval. Fix 'reachable_time' and 'retrans_timer' using wrong internal Val type for intervals. Made more of the known router advertisement flags available through boolean parameters. - Changed 'icmp_neighbor_advertisement' event parameters to add more of the known boolean flags. --- scripts/base/init-bare.bro | 1 + src/ICMP.cc | 61 +++++++++++------- src/ICMP.h | 6 +- src/event.bif | 35 +++++++++- .../Baseline/core.icmp.icmp-context/output | 6 +- .../Baseline/core.icmp.icmp-events/output | 12 ++-- .../Baseline/core.icmp.icmp6-context/output | 8 +-- .../Baseline/core.icmp.icmp6-events/output | 49 ++++++++------ .../Traces/icmp/icmp6-router-advert.pcap | Bin 110 -> 110 bytes testing/btest/core/icmp/icmp6-events.test | 19 +++++- 10 files changed, 134 insertions(+), 63 deletions(-) diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index a40443edb9..8f428b8549 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -92,6 +92,7 @@ type icmp_conn: record { itype: count; ##< The ICMP type of the packet that triggered the instantiation of the record. icode: count; ##< The ICMP code of the packet that triggered the instantiation of the record. len: count; ##< The length of the ICMP payload of the packet that triggered the instantiation of the record. + hlim: count; ##< The encapsulating IP header's Hop Limit value. v6: bool; ##< True if it's an ICMPv6 packet. }; diff --git a/src/ICMP.cc b/src/ICMP.cc index 5e1eeb66e4..dd2108ebf0 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -131,7 +131,7 @@ void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int c break; default: - ICMPEvent(icmp_sent, icmpp, len, 0); + ICMPEvent(icmp_sent, icmpp, len, 0, ip_hdr); break; } } @@ -181,23 +181,25 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c case MLD_LISTENER_REDUCTION: #endif default: - ICMPEvent(icmp_sent, icmpp, len, 1); + ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); break; } } -void ICMP_Analyzer::ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, int len, int icmpv6) +void ICMP_Analyzer::ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, + int len, int icmpv6, const IP_Hdr* ip_hdr) { if ( ! f ) return; val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6)); + vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); ConnectionEvent(f, vl); } -RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6) +RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, + int icmpv6, const IP_Hdr* ip_hdr) { if ( ! icmp_conn_val ) { @@ -208,7 +210,8 @@ RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, int ic icmp_conn_val->Assign(2, new Val(icmpp->icmp_type, TYPE_COUNT)); icmp_conn_val->Assign(3, new Val(icmpp->icmp_code, TYPE_COUNT)); icmp_conn_val->Assign(4, new Val(len, TYPE_COUNT)); - icmp_conn_val->Assign(5, new Val(icmpv6, TYPE_BOOL)); + icmp_conn_val->Assign(5, new Val(ip_hdr->TTL(), TYPE_COUNT)); + icmp_conn_val->Assign(6, new Val(icmpv6, TYPE_BOOL)); } Ref(icmp_conn_val); @@ -494,7 +497,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP)); + vl->append(BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr)); vl->append(new Val(iid, TYPE_COUNT)); vl->append(new Val(iseq, TYPE_COUNT)); vl->append(new StringVal(payload)); @@ -504,7 +507,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* /*ip_hdr*/) + int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_router_advertisement; uint32 reachable, retrans; @@ -514,19 +517,24 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); - vl->append(new Val(icmpp->icmp_num_addrs, TYPE_COUNT)); - vl->append(new Val(icmpp->icmp_wpa & 0x80, TYPE_BOOL)); - vl->append(new Val(htons(icmpp->icmp_lifetime), TYPE_COUNT)); - vl->append(new Val(reachable, TYPE_INTERVAL)); - vl->append(new Val(retrans, TYPE_INTERVAL)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); + vl->append(new Val(icmpp->icmp_num_addrs, TYPE_COUNT)); // Cur Hop Limit + vl->append(new Val(icmpp->icmp_wpa & 0x80, TYPE_BOOL)); // Managed + vl->append(new Val(icmpp->icmp_wpa & 0x40, TYPE_BOOL)); // Other + vl->append(new Val(icmpp->icmp_wpa & 0x20, TYPE_BOOL)); // Home Agent + vl->append(new Val((icmpp->icmp_wpa & 0x18)>>3, TYPE_COUNT)); // Pref + vl->append(new Val(icmpp->icmp_wpa & 0x04, TYPE_BOOL)); // Proxy + vl->append(new Val(icmpp->icmp_wpa & 0x02, TYPE_COUNT)); // Reserved + vl->append(new IntervalVal((double)ntohs(icmpp->icmp_lifetime), Seconds)); + vl->append(new IntervalVal((double)ntohl(reachable), Milliseconds)); + vl->append(new IntervalVal((double)ntohl(retrans), Milliseconds)); ConnectionEvent(f, vl); } void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* /*ip_hdr*/) + int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_advertisement; in6_addr tgtaddr; @@ -535,7 +543,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); + vl->append(new Val(icmpp->icmp_num_addrs & 0x80, TYPE_BOOL)); // Router + vl->append(new Val(icmpp->icmp_num_addrs & 0x40, TYPE_BOOL)); // Solicited + vl->append(new Val(icmpp->icmp_num_addrs & 0x20, TYPE_BOOL)); // Override vl->append(new AddrVal(IPAddr(tgtaddr))); ConnectionEvent(f, vl); @@ -543,7 +554,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* /*ip_hdr*/) + int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_neighbor_solicitation; in6_addr tgtaddr; @@ -552,7 +563,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); vl->append(new AddrVal(IPAddr(tgtaddr))); ConnectionEvent(f, vl); @@ -560,7 +571,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* /*ip_hdr*/) + int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = icmp_redirect; in6_addr tgtaddr, dstaddr; @@ -570,7 +581,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); vl->append(new AddrVal(IPAddr(tgtaddr))); vl->append(new AddrVal(IPAddr(dstaddr))); @@ -579,7 +590,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len, void ICMP_Analyzer::Router(double t, const struct icmp* icmpp, int len, - int caplen, const u_char*& data, const IP_Hdr* /*ip_hdr*/) + int caplen, const u_char*& data, const IP_Hdr* ip_hdr) { EventHandlerPtr f = 0; @@ -590,13 +601,13 @@ void ICMP_Analyzer::Router(double t, const struct icmp* icmpp, int len, break; case ICMP6_ROUTER_RENUMBERING: default: - ICMPEvent(icmp_sent, icmpp, len, 1); + ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); return; } val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); ConnectionEvent(f, vl); } @@ -622,7 +633,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp, { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 0)); + vl->append(BuildICMPVal(icmpp, len, 0, ip_hdr)); vl->append(new Val(icmpp->icmp_code, TYPE_COUNT)); vl->append(ExtractICMP4Context(caplen, data)); ConnectionEvent(f, vl); @@ -658,7 +669,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, { val_list* vl = new val_list; vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, 1)); + vl->append(BuildICMPVal(icmpp, len, 1, ip_hdr)); vl->append(new Val(icmpp->icmp_code, TYPE_COUNT)); vl->append(ExtractICMP6Context(caplen, data)); ConnectionEvent(f, vl); diff --git a/src/ICMP.h b/src/ICMP.h index 59a399f74f..33773b9762 100644 --- a/src/ICMP.h +++ b/src/ICMP.h @@ -33,7 +33,8 @@ protected: virtual bool IsReuse(double t, const u_char* pkt); virtual unsigned int MemoryAllocation() const; - void ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, int len, int icmpv6); + void ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, int len, + int icmpv6, const IP_Hdr* ip_hdr); void Echo(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr); @@ -52,7 +53,8 @@ protected: void Describe(ODesc* d) const; - RecordVal* BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6); + RecordVal* BuildICMPVal(const struct icmp* icmpp, int len, int icmpv6, + const IP_Hdr* ip_hdr); void NextICMP4(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr ); diff --git a/src/event.bif b/src/event.bif index 1ce8907f0b..5ef3e8f04b 100644 --- a/src/event.bif +++ b/src/event.bif @@ -960,9 +960,24 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn%); ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## cur_hop_limit: The default value that should be placed in Hop Count field +## for outgoing IP packets. +## +## managed: Managed address configuration flag, :rfc:`4861`. +## +## other: Other stateful configuration flag, :rfc:`4861`. +## +## home_agent: Mobile IPv6 home agent flag, :rfc:`3775`. +## +## pref: Router selection preferences, :rfc:`4191`. +## +## proxy: Neighbor discovery proxy flag, :rfc:`4389`. +## +## rsv: Remaining two reserved bits of router advertisement flags. +## ## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent ## icmp_time_exceeded icmp_unreachable -event icmp_router_advertisement%(c: connection, icmp: icmp_conn, hop_limit: count, managed: bool, router_lifetime: count, reachable_time: interval, retrans_timer: interval%); +event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval%); ## Generated for ICMP *neighbor solicitation* messages. ## @@ -975,6 +990,8 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, hop_limit: coun ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## tgt: The IP address of the target of the solicitation. +## ## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent ## icmp_time_exceeded icmp_unreachable event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); @@ -990,9 +1007,18 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## router: Flag indicating the sender is a router. +## +## solicited: Flag indicating advertisement is in response to a solicitation. +## +## override: Flag indicating advertisement should override existing caches. +## +## tgt: the Target Address in the soliciting message or the address whose +## link-layer address has changed for unsolicited adverts. +## ## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent ## icmp_time_exceeded icmp_unreachable -event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, tgt:addr%); +event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt:addr%); ## Generated for ICMP *redirect* messages. ## @@ -1005,6 +1031,11 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, tgt:addr%); ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## +## tgt: The address that is supposed to be a better first hop to use for +## ICMP Destination Address. +## +## dest: The address of the destination which is redirected to the target. +## ## a: The new destination address the message is redirecting to. ## ## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent diff --git a/testing/btest/Baseline/core.icmp.icmp-context/output b/testing/btest/Baseline/core.icmp.icmp-context/output index 9e252d8c38..40dc778d8b 100644 --- a/testing/btest/Baseline/core.icmp.icmp-context/output +++ b/testing/btest/Baseline/core.icmp.icmp-context/output @@ -1,12 +1,12 @@ icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F] icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, v6=F] + icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp-events/output b/testing/btest/Baseline/core.icmp.icmp-events/output index 9d8f484921..c8c8eb317f 100644 --- a/testing/btest/Baseline/core.icmp.icmp-events/output +++ b/testing/btest/Baseline/core.icmp.icmp-events/output @@ -1,20 +1,20 @@ icmp_unreachable (code=3) conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp] - icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, v6=F] + icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F] icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, hlim=64, v6=F] icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567) conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp] - icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F] + icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-context/output b/testing/btest/Baseline/core.icmp.icmp6-context/output index 4b75210a18..7a83679018 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-context/output +++ b/testing/btest/Baseline/core.icmp.icmp6-context/output @@ -1,16 +1,16 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T] icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index 1ff26ff889..81075b716a 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -1,55 +1,68 @@ icmp_unreachable (code=0) conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_packet_too_big (code=0) conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_parameter_problem (code=0) conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T] icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, v6=T] -icmp_router_advertisement (hop_limit=0, managed=F, rlifetime=1800, reachable=0.000000, retrans=0.000000) + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] +icmp_router_advertisement + cur_hop_limit=13 + managed=T + other=F + home_agent=T + pref=3 + proxy=F + rsv=0 + router_lifetime=30.0 mins + reachable_time=3.0 secs 700.0 msecs + retrans_timer=1.0 sec 300.0 msecs conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] icmp_neighbor_advertisement (tgt=fe80::babe) + router=T + solicited=F + override=T conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] icmp_router_solicitation conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] icmp_neighbor_solicitation (tgt=fe80::babe) conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, v6=T] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] diff --git a/testing/btest/Traces/icmp/icmp6-router-advert.pcap b/testing/btest/Traces/icmp/icmp6-router-advert.pcap index 9c3e557a9d26e12d1e8a1a3e8b2a818612a1dded..38de434c2f5264ad6fd14f9870eaefd09ca7a8f6 100644 GIT binary patch delta 30 lcmd1Hn;^li`>D^rG@oapyd&SXv%EXlIT#rDN*EYeMF5|O2x$NS delta 30 gcmd1Hn;^md_jIejjTiGoc}Kn*tPC9N91KtZ0F(CyqyPW_ diff --git a/testing/btest/core/icmp/icmp6-events.test b/testing/btest/core/icmp/icmp6-events.test index 64c14920ff..052ba91ee6 100644 --- a/testing/btest/core/icmp/icmp6-events.test +++ b/testing/btest/core/icmp/icmp6-events.test @@ -88,9 +88,12 @@ event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr) print " icmp_conn: " + fmt("%s", icmp); } -event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, tgt:addr) +event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr) { print "icmp_neighbor_advertisement (tgt=" + fmt("%s", tgt) + ")"; + print " router=" + fmt("%s", router); + print " solicited=" + fmt("%s", solicited); + print " override=" + fmt("%s", override); print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); } @@ -102,9 +105,19 @@ event icmp_router_solicitation(c: connection, icmp: icmp_conn) print " icmp_conn: " + fmt("%s", icmp); } -event icmp_router_advertisement(c: connection, icmp: icmp_conn, hop_limit: count, managed: bool, router_lifetime: count, reachable_time: interval, retrans_timer: interval) +event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval) { - print "icmp_router_advertisement (hop_limit=" + fmt("%d", hop_limit) + ", managed=" + fmt("%s", managed) + ", rlifetime=" + fmt("%d", router_lifetime) + ", reachable=" + fmt("%f", reachable_time) + ", retrans=" + fmt("%f", retrans_timer) + ")"; + print "icmp_router_advertisement"; + print " cur_hop_limit=" + fmt("%s", cur_hop_limit); + print " managed=" + fmt("%s", managed); + print " other=" + fmt("%s", other); + print " home_agent=" + fmt("%s", home_agent); + print " pref=" + fmt("%s", pref); + print " proxy=" + fmt("%s", proxy); + print " rsv=" + fmt("%s", rsv); + print " router_lifetime=" + fmt("%s", router_lifetime); + print " reachable_time=" + fmt("%s", reachable_time); + print " retrans_timer=" + fmt("%s", retrans_timer); print " conn_id: " + fmt("%s", c$id); print " icmp_conn: " + fmt("%s", icmp); } From 1fba55f4f3eb37ca5b46095891416ebc720b469e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 18 Apr 2012 14:59:42 -0700 Subject: [PATCH 10/51] Removing an unnecessary const cast. --- src/logging/writers/DataSeries.cc | 4 +--- src/logging/writers/DataSeries.h | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index f6b26dc494..3c88c65653 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -212,8 +212,6 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) } } -// ************************ CLASS IMPL ********************************* - DataSeries::DataSeries(WriterFrontend* frontend) : WriterBackend(frontend) { ds_compression = string((const char *)BifConst::LogDataSeries::compression->Bytes(), @@ -329,7 +327,7 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con else Warning(Fmt("%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'. Defaulting to 'any'", ds_compression.c_str())); - log_type = const_cast(log_types.registerType(schema)); + log_type = log_types.registerType(schema); log_series.setType(*log_type); return OpenLog(path); diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index 5faa87e1b2..bd2eb418f6 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -99,7 +99,7 @@ private: // Internal DataSeries structures we need to keep track of. vector schema_list; ExtentTypeLibrary log_types; - ExtentType *log_type; + const ExtentType *log_type; ExtentSeries log_series; ExtentMap extents; int compress_type; From 18aa41c62b943ceb949107c883e182c4ab672220 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Apr 2012 10:41:01 -0700 Subject: [PATCH 11/51] Extending log post-processor call to include the name of the writer. --- scripts/base/frameworks/logging/main.bro | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index 2c36b3001e..4093a3b429 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -376,13 +376,16 @@ function run_rotation_postprocessor_cmd(info: RotationInfo, npath: string) : boo if ( pp_cmd == "" ) return T; + # Turn, e.g., Log::WRITER_ASCII into "ascii". + local writer = subst_string(to_lower(fmt("%s", info$writer)), "log::writer_", ""); + # The date format is hard-coded here to provide a standardized # script interface. - system(fmt("%s %s %s %s %s %d", + system(fmt("%s %s %s %s %s %d %s", pp_cmd, npath, info$path, strftime("%y-%m-%d_%H.%M.%S", info$open), strftime("%y-%m-%d_%H.%M.%S", info$close), - info$terminating)); + info$terminating, writer)); return T; } From 4b70adcb4b08d2c9357a734ddc30a6007ffaaf93 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 19 Apr 2012 10:41:24 -0700 Subject: [PATCH 12/51] Tweaking DataSeries support. --- doc/logging-dataseries.rst | 14 ------------- src/logging/writers/DataSeries.cc | 10 +++++++++- src/logging/writers/DataSeries.h | 1 + .../out | 20 +++++++++---------- .../conn.ds.txt | 12 +++++------ .../frameworks/logging/dataseries/options.bro | 1 + .../frameworks/logging/dataseries/rotate.bro | 1 + .../logging/dataseries/test-logging.bro | 1 + .../logging/dataseries/time-as-int.bro | 1 + .../logging/dataseries/wikipedia.bro | 1 + 10 files changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index e530ba7c0b..6eef223a90 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -109,22 +109,8 @@ TODO Warning, while packing field not_valid_after of record 11, error was > 10%: (1346460000 / 1000000 = 1346.46, round() = 1346) -* The compiler warn about a depracated method and I'm not immediately - seeing how to avoid using that. - * For testing our script-level options: - Can we get the extentsize from a ``.ds`` file? - Can we get the compressio level from a ``.ds`` file? -* ds2txt can apparently not read a file that is currently being - written. That's not good for the spool directory:: - - # ds2txt http.ds - **** Assertion failure in file - /DataSeriesSink.cpp, line 301 - **** Failed expression: tail[i] == 0xFF - **** Details: bad header for the tail of http.ds! - - Can that be worked around? - diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 3c88c65653..aacef01f80 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -194,6 +194,8 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) if ( ! ds_use_integer_for_time ) s += " pack_scale=\"1000000\""; + else + s += string(" units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; return s; } @@ -327,7 +329,13 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con else Warning(Fmt("%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'. Defaulting to 'any'", ds_compression.c_str())); - log_type = log_types.registerType(schema); + const ExtentType& type = log_types.registerTypeR(schema); + + // Note: This is a bit dicey as it depends on the implementation of + // registerTypeR(), but its what the DataSeries guys recommended + // given that we function we originally used has been deprecated. + log_type = &type; + log_series.setType(*log_type); return OpenLog(path); diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index bd2eb418f6..ab2bcec88c 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -43,6 +43,7 @@ private: static const size_t THREAD_MIN = 1; // Minimum number of compression threads that DataSeries may spawn. static const size_t THREAD_MAX = 128; // Maximum number of compression threads that DataSeries may spawn. static const size_t TIME_SCALE = 1000000; // Fixed-point multiplier for time values when converted to integers. + const char* TIME_UNIT() { return "microseconds"; } // DS name for time resolution when converted to integers. Must match TIME_SCALE. struct SchemaValue { diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out index b6f05003f3..a12fed36e1 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out @@ -1,13 +1,13 @@ -test.2011-03-07-03-00-05.ds test 11-03-07_03.00.05 11-03-07_04.00.05 0 -test.2011-03-07-04-00-05.ds test 11-03-07_04.00.05 11-03-07_05.00.05 0 -test.2011-03-07-05-00-05.ds test 11-03-07_05.00.05 11-03-07_06.00.05 0 -test.2011-03-07-06-00-05.ds test 11-03-07_06.00.05 11-03-07_07.00.05 0 -test.2011-03-07-07-00-05.ds test 11-03-07_07.00.05 11-03-07_08.00.05 0 -test.2011-03-07-08-00-05.ds test 11-03-07_08.00.05 11-03-07_09.00.05 0 -test.2011-03-07-09-00-05.ds test 11-03-07_09.00.05 11-03-07_10.00.05 0 -test.2011-03-07-10-00-05.ds test 11-03-07_10.00.05 11-03-07_11.00.05 0 -test.2011-03-07-11-00-05.ds test 11-03-07_11.00.05 11-03-07_12.00.05 0 -test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 +test.2011-03-07-03-00-05.ds test 11-03-07_03.00.05 11-03-07_04.00.05 0 dataseries +test.2011-03-07-04-00-05.ds test 11-03-07_04.00.05 11-03-07_05.00.05 0 dataseries +test.2011-03-07-05-00-05.ds test 11-03-07_05.00.05 11-03-07_06.00.05 0 dataseries +test.2011-03-07-06-00-05.ds test 11-03-07_06.00.05 11-03-07_07.00.05 0 dataseries +test.2011-03-07-07-00-05.ds test 11-03-07_07.00.05 11-03-07_08.00.05 0 dataseries +test.2011-03-07-08-00-05.ds test 11-03-07_08.00.05 11-03-07_09.00.05 0 dataseries +test.2011-03-07-09-00-05.ds test 11-03-07_09.00.05 11-03-07_10.00.05 0 dataseries +test.2011-03-07-10-00-05.ds test 11-03-07_10.00.05 11-03-07_11.00.05 0 dataseries +test.2011-03-07-11-00-05.ds test 11-03-07_11.00.05 11-03-07_12.00.05 0 dataseries +test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataseries > test.2011-03-07-03-00-05.ds # Extent Types ... diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt index e6294b1d71..65d4ba0a67 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt @@ -9,7 +9,7 @@ - + @@ -17,7 +17,7 @@ - + @@ -51,8 +51,8 @@ extent offset ExtentType 40 DataSeries: XmlType -636 conn -2912 DataSeries: ExtentIndex +672 conn +2948 DataSeries: ExtentIndex # Extent, type='conn' ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes 1300475167096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 @@ -92,5 +92,5 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -636 conn -2912 DataSeries: ExtentIndex +672 conn +2948 DataSeries: ExtentIndex diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro index 77ea32908a..fc3752a168 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/options.bro @@ -1,5 +1,6 @@ # # @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES # @TEST-EXEC: test -e ssh.ds.xml diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro index 639c7f3562..6a0cee5888 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro @@ -1,5 +1,6 @@ # # @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b -r %DIR/../rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out # @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt $i; done >>out diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro index 76f2451477..d04b0acf44 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro @@ -1,5 +1,6 @@ # # @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES # @TEST-EXEC: ds2txt ssh.ds | ${SCRIPTS}/diff-remove-timestamps-dataseries >ssh.ds.txt diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro index 3a072998c0..e4dd6a5431 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro @@ -1,5 +1,6 @@ # # @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-GROUP: dataseries # # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES # @TEST-EXEC: ds2txt conn.ds >conn.ds.txt diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro index 4a4b70afc2..38726a8b10 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro @@ -1,5 +1,6 @@ # # @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-GROUP: dataseries # # @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES # @TEST-EXEC: ds2txt conn.ds >conn.ds.txt From faa89913dee1e6fbc09ca5feaab724c0dfb8222c Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 19 Apr 2012 13:45:20 -0500 Subject: [PATCH 13/51] Don't print the various "weird" events to stderr Fixes #805. --- src/Reporter.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Reporter.cc b/src/Reporter.cc index 37470cd690..18f39ce4af 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -149,7 +149,7 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add va_list ap; va_start(ap, fmt_name); - DoLog("weird", event, stderr, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap); va_end(ap); delete vl; @@ -163,7 +163,7 @@ void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const cha va_list ap; va_start(ap, fmt_name); - DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap); + DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap); va_end(ap); delete vl; @@ -326,7 +326,8 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne s += buffer; s += "\n"; - fprintf(out, "%s", s.c_str()); + if ( out ) + fprintf(out, "%s", s.c_str()); if ( addl ) { From 6e2205aa686cb1c77da8d2b56ed9a1881cb72e7a Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sat, 21 Apr 2012 14:33:14 -0400 Subject: [PATCH 14/51] Fix problem with extracting FTP passwords. - Added "ftpuser" as another anonymous username. - Problem discovered by Patrik Lundin. --- scripts/base/protocols/ftp/main.bro | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index e6c0131337..aa7d82469e 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -22,7 +22,7 @@ export { const default_capture_password = F &redef; ## User IDs that can be considered "anonymous". - const guest_ids = { "anonymous", "ftp", "guest" } &redef; + const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef; type Info: record { ## Time when the command was sent. @@ -160,8 +160,12 @@ function ftp_message(s: Info) # or it's a deliberately logged command. if ( |s$tags| > 0 || (s?$cmdarg && s$cmdarg$cmd in logged_commands) ) { - if ( s?$password && to_lower(s$user) !in guest_ids ) + if ( s?$password && + !s$capture_password && + to_lower(s$user) !in guest_ids ) + { s$password = ""; + } local arg = s$cmdarg$arg; if ( s$cmdarg$cmd in file_cmds ) From 65eb974f5db90a6c52820899dcd54a2514db37bb Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Mon, 23 Apr 2012 11:17:13 -0500 Subject: [PATCH 15/51] Added an option to specify the 'etc' directory Addresses #801. --- configure | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configure b/configure index 3c1cca8c9d..64b0090204 100755 --- a/configure +++ b/configure @@ -24,6 +24,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --prefix=PREFIX installation directory [/usr/local/bro] --scriptdir=PATH root installation directory for Bro scripts [PREFIX/share/bro] + --conf-files-dir=PATH config files installation directory [PREFIX/etc] Optional Features: --enable-debug compile in debugging mode @@ -91,6 +92,7 @@ append_cache_entry CMAKE_INSTALL_PREFIX PATH /usr/local/bro append_cache_entry BRO_ROOT_DIR PATH /usr/local/bro append_cache_entry PY_MOD_INSTALL_DIR PATH /usr/local/bro/lib/broctl append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING /usr/local/bro/share/bro +append_cache_entry BRO_ETC_INSTALL_DIR PATH /usr/local/bro/etc append_cache_entry ENABLE_DEBUG BOOL false append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false append_cache_entry BinPAC_SKIP_INSTALL BOOL true @@ -126,11 +128,18 @@ while [ $# -ne 0 ]; do if [ "$user_set_scriptdir" != "true" ]; then append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg/share/bro fi + if [ "$user_set_conffilesdir" != "true" ]; then + append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg/etc + fi ;; --scriptdir=*) append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg user_set_scriptdir="true" ;; + --conf-files-dir=*) + append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg + user_set_conffilesdir="true" + ;; --enable-debug) append_cache_entry ENABLE_DEBUG BOOL true ;; From c10ff6fd69dc0c912f5137d205be0490d1f8fa1b Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Tue, 24 Apr 2012 16:58:03 -0400 Subject: [PATCH 16/51] Add some extra TLS extension values. - extended_random is an expired draft rfc, but we see it in live traffic. - http://tools.ietf.org/html/draft-rescorla-tls-extended-random-01 - heartbeat RFC was ratified in Feb. 2012. - http://tools.ietf.org/html/rfc6520 --- scripts/base/protocols/ssl/consts.bro | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index ab130c4318..6c33e6e438 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -77,7 +77,9 @@ export { [12] = "srp", [13] = "signature_algorithms", [14] = "use_srtp", + [15] = "heartbeat", [35] = "SessionTicket TLS", + [40] = "extended_random", [13172] = "next_protocol_negotiation", [65281] = "renegotiation_info" } &default=function(i: count):string { return fmt("unknown-%d", i); }; From bdbb6d8068f70b03b8839c608587d97ff469a4e5 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Apr 2012 14:52:09 -0700 Subject: [PATCH 17/51] Updating submodule(s). [nomail] --- aux/broccoli | 2 +- aux/broctl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index bead1168ae..827a2e76a5 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit bead1168ae9c2d2ae216dd58522fbc05498ff2c8 +Subproject commit 827a2e76a527f17e15faf3be5eb8849f1045e887 diff --git a/aux/broctl b/aux/broctl index 19d7956c89..55c317607b 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 19d7956c89ddd8d74d2759dee8cf46983fed3c9b +Subproject commit 55c317607bf89753ddd790c9350556a7ca46578e From 8766a2e2fc5fa4636ac5127d313ff215660194ef Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Apr 2012 15:04:39 -0700 Subject: [PATCH 18/51] Updating submodule(s). [nomail] --- aux/broccoli | 2 +- aux/broctl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index 827a2e76a5..55f368b0ad 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 827a2e76a527f17e15faf3be5eb8849f1045e887 +Subproject commit 55f368b0ad283b2e7d68ef72922b5d9683e2a880 diff --git a/aux/broctl b/aux/broctl index 55c317607b..ff35c3c144 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 55c317607bf89753ddd790c9350556a7ca46578e +Subproject commit ff35c3c144885902c898bf8b47e351c7b8d55e10 From c91563fe7590d88e1609609668b71a070ed00768 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 24 Apr 2012 17:57:05 -0700 Subject: [PATCH 19/51] DataSeries tuning. - Now using the new DS interface from git to remove warning. - New leak tests, not yet tried, --- doc/logging-dataseries.rst | 9 +++-- src/logging/writers/DataSeries.cc | 8 +---- src/logging/writers/DataSeries.h | 2 +- .../btest/core/leaks/dataseries-rotate.bro | 34 +++++++++++++++++++ testing/btest/core/leaks/dataseries.bro | 9 +++++ 5 files changed, 52 insertions(+), 10 deletions(-) create mode 100644 testing/btest/core/leaks/dataseries-rotate.bro create mode 100644 testing/btest/core/leaks/dataseries.bro diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 6eef223a90..67f95ecf3b 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -24,8 +24,8 @@ distributed on `HP Labs' web site to use recent developments of both packages with Bro, which you can download from github like this:: - git clone http://github.com/eric-anderson/Lintel - git clone http://github.com/eric-anderson/DataSeries + git clone http://github.com/dataseries/Lintel + git clone http://github.com/dataseries/DataSeries To then build and install the two into ````, do:: @@ -109,8 +109,13 @@ TODO Warning, while packing field not_valid_after of record 11, error was > 10%: (1346460000 / 1000000 = 1346.46, round() = 1346) + See Eric's mail. + * For testing our script-level options: - Can we get the extentsize from a ``.ds`` file? - Can we get the compressio level from a ``.ds`` file? + See Eric's mail. + +* Do we have a leak? diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index aacef01f80..a3d193be97 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -329,13 +329,7 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con else Warning(Fmt("%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'. Defaulting to 'any'", ds_compression.c_str())); - const ExtentType& type = log_types.registerTypeR(schema); - - // Note: This is a bit dicey as it depends on the implementation of - // registerTypeR(), but its what the DataSeries guys recommended - // given that we function we originally used has been deprecated. - log_type = &type; - + log_type = log_types.registerTypePtr(schema); log_series.setType(*log_type); return OpenLog(path); diff --git a/src/logging/writers/DataSeries.h b/src/logging/writers/DataSeries.h index ab2bcec88c..0d9ab67e95 100644 --- a/src/logging/writers/DataSeries.h +++ b/src/logging/writers/DataSeries.h @@ -100,7 +100,7 @@ private: // Internal DataSeries structures we need to keep track of. vector schema_list; ExtentTypeLibrary log_types; - const ExtentType *log_type; + ExtentType::Ptr log_type; ExtentSeries log_series; ExtentMap extents; int compress_type; diff --git a/testing/btest/core/leaks/dataseries-rotate.bro b/testing/btest/core/leaks/dataseries-rotate.bro new file mode 100644 index 0000000000..188de9717b --- /dev/null +++ b/testing/btest/core/leaks/dataseries-rotate.bro @@ -0,0 +1,34 @@ +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-GROUP: leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r %DIR/../rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES + +module Test; + +export { + # Create a new ID for our log stream + redef enum Log::ID += { LOG }; + + # Define a record with all the columns the log file can have. + # (I'm using a subset of fields from ssh-ext for demonstration.) + type Log: record { + t: time; + id: conn_id; # Will be rolled out into individual columns. + } &log; +} + +redef Log::default_rotation_interval = 1hr; +redef Log::default_rotation_postprocessor_cmd = "echo"; + +event bro_init() +{ + Log::create_stream(Test::LOG, [$columns=Log]); +} + +event new_connection(c: connection) + { + Log::write(Test::LOG, [$t=network_time(), $id=c$id]); + } diff --git a/testing/btest/core/leaks/dataseries.bro b/testing/btest/core/leaks/dataseries.bro new file mode 100644 index 0000000000..886ee54dd9 --- /dev/null +++ b/testing/btest/core/leaks/dataseries.bro @@ -0,0 +1,9 @@ +# Needs perftools support. +# +# @TEST-REQUIRES: has-writer DataSeries && which ds2txt +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES From 8c14b5a911edff7b1ad8dfe1b33fd2c6766aec6d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 25 Apr 2012 14:38:11 -0400 Subject: [PATCH 20/51] Added Carrier Grade NAT CIDR and link local IPv6 to "private_address_space" --- scripts/base/utils/site.bro | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.bro index 4aeb70fe3f..e8db91f3d1 100644 --- a/scripts/base/utils/site.bro +++ b/scripts/base/utils/site.bro @@ -10,8 +10,10 @@ export { const private_address_space: set[subnet] = { 10.0.0.0/8, 192.168.0.0/16, + 172.16.0.0/12, + 100.64.0.0/10, # RFC6598 Carrier Grade NAT 127.0.0.0/8, - 172.16.0.0/12 + [fe80::]/16, } &redef; ## Networks that are considered "local". From c561a44326f696826011f5212501ca09251856fc Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 26 Apr 2012 10:45:28 -0400 Subject: [PATCH 21/51] Fixed a problem where cluster workers were still processing notices in some cases. --- scripts/base/frameworks/notice/cluster.bro | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/base/frameworks/notice/cluster.bro b/scripts/base/frameworks/notice/cluster.bro index 281901cf31..087c3ead51 100644 --- a/scripts/base/frameworks/notice/cluster.bro +++ b/scripts/base/frameworks/notice/cluster.bro @@ -23,7 +23,10 @@ redef Cluster::worker2manager_events += /Notice::cluster_notice/; @if ( Cluster::local_node_type() != Cluster::MANAGER ) # The notice policy is completely handled by the manager and shouldn't be # done by workers or proxies to save time for packet processing. -redef policy = {}; +event bro_init() &priority=-11 + { + Notice::policy = table(); + } event Notice::begin_suppression(n: Notice::Info) { From 8f91ecee7197329ba7ddc0dbf4cf01831b86e17a Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 27 Apr 2012 01:24:41 -0400 Subject: [PATCH 22/51] Fixed IPv6 link local unicast CIDR and added IPv6 loopback to private address space. --- scripts/base/utils/site.bro | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.bro index e8db91f3d1..e6afd1c6a5 100644 --- a/scripts/base/utils/site.bro +++ b/scripts/base/utils/site.bro @@ -13,7 +13,8 @@ export { 172.16.0.0/12, 100.64.0.0/10, # RFC6598 Carrier Grade NAT 127.0.0.0/8, - [fe80::]/16, + [fe80::]/10, + [::1]/128, } &redef; ## Networks that are considered "local". From 88807df269d2fab91777b44a3e63e7e8ba0bd8ce Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Fri, 27 Apr 2012 11:32:29 -0400 Subject: [PATCH 23/51] Fixed parsing of TLS server extensions. --- src/ssl-protocol.pac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl-protocol.pac b/src/ssl-protocol.pac index 627645e4da..5bfa2c51f1 100644 --- a/src/ssl-protocol.pac +++ b/src/ssl-protocol.pac @@ -425,6 +425,10 @@ type ServerHello(rec: SSLRecord) = record { session_id : uint8[session_len]; cipher_suite : uint16[1]; compression_method : uint8; + # This weirdness is to deal with the possible existence or absence + # of the following fields. + ext_len: uint16[] &until($element == 0 || $element != 0); + extensions : SSLExtension(rec)[] &until($input.length() == 0); } &let { state_changed : bool = $context.connection.transition(STATE_CLIENT_HELLO_RCVD, From bff3cba129720f208a8931d59861b9e2ba841e83 Mon Sep 17 00:00:00 2001 From: Bernhard Amann Date: Fri, 27 Apr 2012 16:18:14 -0700 Subject: [PATCH 24/51] Add two more TLS extension values that we see in live traffic. - origin_bound_certificates is a current draft http://tools.ietf.org/html/draft-balfanz-tls-obc-01 - encrypted client certificates is a draft that expired yesterday. http://tools.ietf.org/html/draft-agl-tls-encryptedclientcerts-00 --- scripts/base/protocols/ssl/consts.bro | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 6c33e6e438..42989a4cb9 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -81,6 +81,8 @@ export { [35] = "SessionTicket TLS", [40] = "extended_random", [13172] = "next_protocol_negotiation", + [13175] = "origin_bound_certificates", + [13180] = "encrypted_client_certificates", [65281] = "renegotiation_info" } &default=function(i: count):string { return fmt("unknown-%d", i); }; From 0a6104fe6615822376db875dce0ee11df38c6f3c Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 3 May 2012 10:52:24 -0400 Subject: [PATCH 25/51] More bugfixs, cleanup, and test for SSL analyzer - SSL related files and classes renamed to remove the "binpac" term. - A small fix for DPD scripts to make the DPD log more helpful if there are multiple continued failures. Also, fixed the SSL analyzer to make it stop doing repeated violation messages for some handshake failures. - Added a $issuer_subject to the SSL log. - Created a basic test for SSL. --- scripts/base/frameworks/dpd/main.bro | 3 + scripts/base/protocols/ssl/main.bro | 3 + src/Analyzer.cc | 6 +- src/CMakeLists.txt | 2 +- src/{SSL-binpac.cc => SSL.cc} | 17 +++--- src/{SSL-binpac.h => SSL.h} | 13 ++-- src/ssl-analyzer.pac | 56 ++++++++++-------- src/ssl-defs.pac | 29 --------- src/ssl-protocol.pac | 23 ------- .../scripts.base.protocols.ssl.basic/ssl.log | 8 +++ .../Traces/tls-conn-with-extensions.trace | Bin 0 -> 24111 bytes .../scripts/base/protocols/ssl/basic.test | 4 ++ 12 files changed, 68 insertions(+), 96 deletions(-) rename src/{SSL-binpac.cc => SSL.cc} (66%) rename src/{SSL-binpac.h => SSL.h} (74%) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log create mode 100644 testing/btest/Traces/tls-conn-with-extensions.trace create mode 100644 testing/btest/scripts/base/protocols/ssl/basic.test diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro index e8488c3ec1..9eb0b467f8 100644 --- a/scripts/base/frameworks/dpd/main.bro +++ b/scripts/base/frameworks/dpd/main.bro @@ -105,5 +105,8 @@ event protocol_violation(c: connection, atype: count, aid: count, reason: string) &priority=-5 { if ( c?$dpd ) + { Log::write(DPD::LOG, c$dpd); + delete c$dpd; + } } diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 0b280a6bcf..b5f74d5122 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -24,6 +24,8 @@ export { session_id: string &log &optional; ## Subject of the X.509 certificate offered by the server. subject: string &log &optional; + ## Subject of the signer of the X.509 certificate offered by the server. + issuer_subject: string &log &optional; ## NotValidBefore field value from the server certificate. not_valid_before: time &log &optional; ## NotValidAfter field value from the serve certificate. @@ -146,6 +148,7 @@ event x509_certificate(c: connection, is_orig: bool, cert: X509, chain_idx: coun # Also save other certificate information about the primary cert. c$ssl$subject = cert$subject; + c$ssl$issuer_subject = cert$issuer; c$ssl$not_valid_before = cert$not_valid_before; c$ssl$not_valid_after = cert$not_valid_after; } diff --git a/src/Analyzer.cc b/src/Analyzer.cc index 92ca3ecc50..a2a35490e8 100644 --- a/src/Analyzer.cc +++ b/src/Analyzer.cc @@ -34,7 +34,7 @@ #include "Portmap.h" #include "POP3.h" #include "SSH.h" -#include "SSL-binpac.h" +#include "SSL.h" #include "Syslog-binpac.h" #include "ConnSizeAnalyzer.h" @@ -121,8 +121,8 @@ const Analyzer::Config Analyzer::analyzer_configs[] = { HTTP_Analyzer_binpac::InstantiateAnalyzer, HTTP_Analyzer_binpac::Available, 0, false }, { AnalyzerTag::SSL, "SSL", - SSL_Analyzer_binpac::InstantiateAnalyzer, - SSL_Analyzer_binpac::Available, 0, false }, + SSL_Analyzer::InstantiateAnalyzer, + SSL_Analyzer::Available, 0, false }, { AnalyzerTag::SYSLOG_BINPAC, "SYSLOG_BINPAC", Syslog_Analyzer_binpac::InstantiateAnalyzer, Syslog_Analyzer_binpac::Available, 0, false }, diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ce1b25dd42..9f9eb8a60f 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -376,7 +376,7 @@ set(bro_SRCS SMB.cc SMTP.cc SSH.cc - SSL-binpac.cc + SSL.cc Scope.cc SerializationFormat.cc SerialObj.cc diff --git a/src/SSL-binpac.cc b/src/SSL.cc similarity index 66% rename from src/SSL-binpac.cc rename to src/SSL.cc index db9a7004d6..218b17080b 100644 --- a/src/SSL-binpac.cc +++ b/src/SSL.cc @@ -1,21 +1,21 @@ -#include "SSL-binpac.h" +#include "SSL.h" #include "TCP_Reassembler.h" #include "Reporter.h" #include "util.h" -SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c) +SSL_Analyzer::SSL_Analyzer(Connection* c) : TCP_ApplicationAnalyzer(AnalyzerTag::SSL, c) { interp = new binpac::SSL::SSL_Conn(this); had_gap = false; } -SSL_Analyzer_binpac::~SSL_Analyzer_binpac() +SSL_Analyzer::~SSL_Analyzer() { delete interp; } -void SSL_Analyzer_binpac::Done() +void SSL_Analyzer::Done() { TCP_ApplicationAnalyzer::Done(); @@ -23,23 +23,22 @@ void SSL_Analyzer_binpac::Done() interp->FlowEOF(false); } -void SSL_Analyzer_binpac::EndpointEOF(TCP_Reassembler* endp) +void SSL_Analyzer::EndpointEOF(TCP_Reassembler* endp) { TCP_ApplicationAnalyzer::EndpointEOF(endp); interp->FlowEOF(endp->IsOrig()); } -void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) +void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); assert(TCP()); - if ( TCP()->IsPartial() ) return; if ( had_gap ) - // XXX: If only one side had a content gap, we could still try to + // If only one side had a content gap, we could still try to // deliver data to the other side if the script layer can handle this. return; @@ -53,7 +52,7 @@ void SSL_Analyzer_binpac::DeliverStream(int len, const u_char* data, bool orig) } } -void SSL_Analyzer_binpac::Undelivered(int seq, int len, bool orig) +void SSL_Analyzer::Undelivered(int seq, int len, bool orig) { TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; diff --git a/src/SSL-binpac.h b/src/SSL.h similarity index 74% rename from src/SSL-binpac.h rename to src/SSL.h index 8dab19d00c..c9f8d9be91 100644 --- a/src/SSL-binpac.h +++ b/src/SSL.h @@ -1,14 +1,13 @@ -#ifndef ssl_binpac_h -#define ssl_binpac_h +#ifndef ssl_h +#define ssl_h #include "TCP.h" - #include "ssl_pac.h" -class SSL_Analyzer_binpac : public TCP_ApplicationAnalyzer { +class SSL_Analyzer : public TCP_ApplicationAnalyzer { public: - SSL_Analyzer_binpac(Connection* conn); - virtual ~SSL_Analyzer_binpac(); + SSL_Analyzer(Connection* conn); + virtual ~SSL_Analyzer(); // Overriden from Analyzer. virtual void Done(); @@ -19,7 +18,7 @@ public: virtual void EndpointEOF(TCP_Reassembler* endp); static Analyzer* InstantiateAnalyzer(Connection* conn) - { return new SSL_Analyzer_binpac(conn); } + { return new SSL_Analyzer(conn); } static bool Available() { diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index f41fb8639b..32f060adf4 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -25,6 +25,7 @@ string orig_label(bool is_orig); void free_X509(void *); X509* d2i_X509_binpac(X509** px, const uint8** in, int len); + string handshake_type_label(int type); %} %code{ @@ -46,6 +47,27 @@ string orig_label(bool is_orig) return d2i_X509(px, (u_char**) in, len); #endif } + + string handshake_type_label(int type) + { + switch ( type ) { + case HELLO_REQUEST: return string("HELLO_REQUEST"); + case CLIENT_HELLO: return string("CLIENT_HELLO"); + case SERVER_HELLO: return string("SERVER_HELLO"); + case SESSION_TICKET: return string("SESSION_TICKET"); + case CERTIFICATE: return string("CERTIFICATE"); + case SERVER_KEY_EXCHANGE: return string("SERVER_KEY_EXCHANGE"); + case CERTIFICATE_REQUEST: return string("CERTIFICATE_REQUEST"); + case SERVER_HELLO_DONE: return string("SERVER_HELLO_DONE"); + case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY"); + case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE"); + case FINISHED: return string("FINISHED"); + case CERTIFICATE_URL: return string("CERTIFICATE_URL"); + case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS"); + default: return string(fmt("UNKNOWN (%d)", type)); + } + } + %} @@ -88,15 +110,15 @@ refine connection SSL_Conn += { eof=0; %} - %eof{ - if ( ! eof && - state_ != STATE_CONN_ESTABLISHED && - state_ != STATE_TRACK_LOST && - state_ != STATE_INITIAL ) - bro_analyzer()->ProtocolViolation(fmt("unexpected end of connection in state %s", - state_label(state_).c_str())); - ++eof; - %} + #%eof{ + # if ( ! eof && + # state_ != STATE_CONN_ESTABLISHED && + # state_ != STATE_TRACK_LOST && + # state_ != STATE_INITIAL ) + # bro_analyzer()->ProtocolViolation(fmt("unexpected end of connection in state %s", + # state_label(state_).c_str())); + # ++eof; + #%} %cleanup{ %} @@ -133,11 +155,6 @@ refine connection SSL_Conn += { cipher_suites16 : uint16[], cipher_suites24 : uint24[]) : bool %{ - if ( state_ == STATE_TRACK_LOST ) - bro_analyzer()->ProtocolViolation(fmt("unexpected client hello message from %s in state %s", - orig_label(${rec.is_orig}).c_str(), - state_label(old_state_).c_str())); - if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); @@ -175,11 +192,6 @@ refine connection SSL_Conn += { cipher_suites24 : uint24[], comp_method : uint8) : bool %{ - if ( state_ == STATE_TRACK_LOST ) - bro_analyzer()->ProtocolViolation(fmt("unexpected server hello message from %s in state %s", - orig_label(${rec.is_orig}).c_str(), - state_label(old_state_).c_str())); - if ( ! version_ok(version) ) bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); else @@ -229,11 +241,6 @@ refine connection SSL_Conn += { function proc_certificate(rec: SSLRecord, certificates : bytestring[]) : bool %{ - if ( state_ == STATE_TRACK_LOST ) - bro_analyzer()->ProtocolViolation(fmt("unexpected certificate message from %s in state %s", - orig_label(${rec.is_orig}).c_str(), - state_label(old_state_).c_str())); - if ( certificates->size() == 0 ) return true; @@ -362,6 +369,7 @@ refine connection SSL_Conn += { handshake_type_label(${hs.msg_type}).c_str(), orig_label(is_orig).c_str(), state_label(old_state_).c_str())); + return true; %} diff --git a/src/ssl-defs.pac b/src/ssl-defs.pac index 31d90338f5..b13b7c4881 100644 --- a/src/ssl-defs.pac +++ b/src/ssl-defs.pac @@ -17,35 +17,6 @@ enum ContentType { UNKNOWN_OR_V2_ENCRYPTED = 400 }; -%code{ - string* record_type_label(int type) - { - switch ( type ) { - case CHANGE_CIPHER_SPEC: - return new string("CHANGE_CIPHER_SPEC"); - case ALERT: - return new string("ALERT"); - case HANDSHAKE: - return new string("HANDSHAKE"); - case APPLICATION_DATA: - return new string("APPLICATION_DATA"); - case V2_ERROR: - return new string("V2_ERROR"); - case V2_CLIENT_HELLO: - return new string("V2_CLIENT_HELLO"); - case V2_CLIENT_MASTER_KEY: - return new string("V2_CLIENT_MASTER_KEY"); - case V2_SERVER_HELLO: - return new string("V2_SERVER_HELLO"); - case UNKNOWN_OR_V2_ENCRYPTED: - return new string("UNKNOWN_OR_V2_ENCRYPTED"); - - default: - return new string(fmt("UNEXPECTED (%d)", type)); - } - } -%} - enum SSLVersions { UNKNOWN_VERSION = 0x0000, SSLv20 = 0x0002, diff --git a/src/ssl-protocol.pac b/src/ssl-protocol.pac index 5bfa2c51f1..0019478518 100644 --- a/src/ssl-protocol.pac +++ b/src/ssl-protocol.pac @@ -23,7 +23,6 @@ type uint24 = record { string state_label(int state_nr); double get_time_from_asn1(const ASN1_TIME * atime); - string handshake_type_label(int type); %} extern type to_int; @@ -268,28 +267,6 @@ enum HandshakeType { CERTIFICATE_STATUS = 22, # RFC 3546 }; -%code{ - string handshake_type_label(int type) - { - switch ( type ) { - case HELLO_REQUEST: return string("HELLO_REQUEST"); - case CLIENT_HELLO: return string("CLIENT_HELLO"); - case SERVER_HELLO: return string("SERVER_HELLO"); - case SESSION_TICKET: return string("SESSION_TICKET"); - case CERTIFICATE: return string("CERTIFICATE"); - case SERVER_KEY_EXCHANGE: return string("SERVER_KEY_EXCHANGE"); - case CERTIFICATE_REQUEST: return string("CERTIFICATE_REQUEST"); - case SERVER_HELLO_DONE: return string("SERVER_HELLO_DONE"); - case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY"); - case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE"); - case FINISHED: return string("FINISHED"); - case CERTIFICATE_URL: return string("CERTIFICATE_URL"); - case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS"); - default: return string(fmt("UNKNOWN (%d)", type)); - } - } -%} - ###################################################################### # V3 Change Cipher Spec Protocol (7.1.) diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log new file mode 100644 index 0000000000..74156362e5 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log @@ -0,0 +1,8 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher server_name session_id subject issuer_subject not_valid_before not_valid_after last_alert +#types time string addr port addr port string string string string string string time time string +1335538392.319381 UWkUyAuUGXf 192.168.1.105 62045 74.125.224.79 443 TLSv10 TLS_ECDHE_RSA_WITH_RC4_128_SHA ssl.gstatic.com - CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority,O=Google Inc,C=US 1334102677.000000 1365639277.000000 - diff --git a/testing/btest/Traces/tls-conn-with-extensions.trace b/testing/btest/Traces/tls-conn-with-extensions.trace new file mode 100644 index 0000000000000000000000000000000000000000..a3b724b3a184e320a93fb23db4c361672e96bdc5 GIT binary patch literal 24111 zcmb@NWmH|s^7aqz?iSqL-JPI81A*WY++Bl9g1c*QcXtcH-62>A65M&u$=uBU&g9N~ zdb3uqus7#acRyA2tM1;LnckWlZ~!FW*T3gy000blu~3t$q#g?iPz3%AY5)w>C?W^* zPu92=$gluO06^riNCY4Pt<2W-3Cu#ydqe3=7pzq&;s_D+;VSUw=aeP@02~sk4h#YU z3=9kwUT{@(1@t>e@IS0qu0jIjfY+e*huuH=09q#j2rLi-0Nl_WnIOxc9>7}9bc5wj z%78r}WutQ&=PLZPo(KsJ3(w@ikPWg9>4vYlQxcOB6Hf|)K z^>RPd0Qz7OpaOr4_XK1aWHDhK5^w=D25P@q-1WKzS)AbepB8Zg=yh@aY7rX(3{Vaf zxflXWDYa%{m>YH6E%Ukrd2%%^a(1*|t$68aIF2=CR!nIg0Fdc|@4^Ix0zv@10G=+C zE+{}CfU^sx3$6>T3j^o~34kep9l+Lw*oE8$-USIr1c(CN2?b#8g6%>FU;{9^kh&nA zo&oUSz#h4Q!^Z@m0{|$Fj#f-&j!p(n7Dh})w${&JAg{v%U;)qo8~`o=4}bsweSsVR zV0Ze%Uli<6f2#VMzc?01e)_B6Z~iI=`m56q6>tI_`-cWVMVo=XIsvH~EC2=g37a9OS3-aY3^F{zbLIA+P|1(=uXh%C^cV;$Nb0;S|W>zLvpk-(+1OT)e09pkA zk;D=J5yuh${*Vm;4h9Ym&vm(^3Nodv$ASb6M;9y;e2oMK1_cFRkzz$)frExnhlIue zS65}lU_k?2z+=Em+uE90nUKiZ7_pMEkbrJNVBr0E)5*la#>9z4)Y-}0*1^Kbo#h1% z5-S@E2P-QJ3kwH3w>I#S{f|pl&?Sr6|Lg}A176&~%EHvv!N$UX6`KVU)DH{>l7g+X zjgx_e4T*+@iR=F!)PFt z;c7

0saKRqAiTI=Wo%Ykf}={U(yWo|Tp|$g&0v&kWy*6lU$rB8eUTJfY%Z zgkeBmb?k_voyd0g^4rbmicrN{OnH5rt2~jHbM_^fum~Kk$w9e~w--GFF&e9dx-_wE z!gk!6Hp66fNqb|}6s9=fK=*^?1%R2b1b`W^5CJDkLJv7AO89Y{EuHF zLt;Z>_BeEXSq%7^BA2RGZcjv~miXY`G5_IIS(`t6`ln0(={}Q@gB6SE zuYrPrL29#Tv1t6dW&!{I*pCwnKWGwYkQ^**0e|�K$KfApnz($=bxp0mzB}y8GX8 z01R~qU;u!{#ZO^>$&EFsVP@1*e5ftVNdKs=oQ^t1u@jsU2={(j=ezUJ+&;ab!2KHi z$0qvsjRvSA0EpSKrd_Qg5!Q%LciF-QYn5DnrCeX|i%K}gYuj0L$Mph9+JAh350a_C zqu%ChH9D$6y68X1#pgGo4|ijvuk(>6i5vT>_Cp#50A2^o$|_*P`y(?U5X|iVHcl4B zzorT*3o=jyU`oPB+B;jA8o04Cve1L>AYf4Z=MIUgiIKB|35mFggOi1+g^_`i$zM~G zg_nhkg$J0Q>}>x@O)eI0R^FeN|KAYsZ<#lI)R-TUuDKT|B;p--@p01LNHt~8-3hZ& zB88nKHp+8{2C=2wO4jH7TaMR?@E$B<6Z3tVl1H;8bB3yxjxyd zNTiL-k-Tzjqzd7Dw_Ln4^SXfk!3>Z0E)EyhYHgJ=9GM+cy5|H;+5PLI#bi-e*_Nj5 zADQQ$$Ks#;Q%)if+hv5H05U)tgWBKO4$ikg24Z_##$VZf$^Elh-~vw6fJ+Wg4gOUv zP{6>RAt8ahh5oP9{hyin->ECJYko^VRg*9;y+BTas>Gfgoi)RP4vKmVkUdxyXyAXq zD#yYHxX26lczrst^hMS6RyhFV4am%d=s(d4# zviL@w_O?JpjEQfQC(@07^yWSxq^&LbR+$Y{2uFd-ut5j_jwmF(JB)5|w%t?6E^<8PlmP9&kGCCTP)YI8Kjdwina*^Vm98cl0g9<=#b$MUXjh%hbz z{B&~;r%LylxXEhC3(DD40Gam_Y5cyQP5MW4`4I6!?1tx`X3X5h9m<7?ZIki^*ilhT zH^vV(Iczw|#*G@Da03=cMoPOqOCb|6dvOl^mLrAh*kL_zJ?VORMEgd24y4}jkJ(Dd29_6ZP?hm##~)T z7X$n5$-T_!w!bn1e9`q|vD6J{AAV@F3O1SPgB=z32(N@-9;nf6j&r?FX@M$tE3B`% znIFah8e<98cl=P{xW28tHLYKjre+XGVd#M1=wOp$9K+H(9)c-9dS9D&xaHorniQGN zRFVS{=~xd6Fai_^)P57G4Qd4>l2pK7MLLfCDLYW4ON76Q1RMs~d+&`R>6;ac69|9W zFy_41Yv$o`f|@abm)tqo-ivZ&y%bHFDi@TGykGCss(EB09izYOV=p-sNYgC87s?^9 zfqg?zbNrqxUK|PKRi9?BAqEru(`kNe*C$c^@=-rQjp9)@y?MieUZ&F*kwcN_!rhIf zy{ksKNARLCJi_{F6Q2=h+E%O@$+lsN4klD263Oy&6T!IT_ft4j4Aqstn*;8jb>6by zPa7ZS8}|C#D_TIfYeIMI^nOLq?YC;()Vk-jkM(Ss!N%ASPCeMc@KXrxW27iCvk!k^ zFO{%55%@NV;JOT93=1E8ih)A&1f#iF6-S%=`99>Od-DhbMm?ItFwVqT3C%DQ6Z<#+ zZi2wD7Pz;icFwU7&D4NMAzwgWDEDxCxq?$F!lJ9>y^eZ^{iWXoMBly35}*gLxG@j1f$4d56d4= zkjtU$%WQl}cea{Q1hUQ`&t7-`UqbyI)BuhJ;06G=4a@y2sILW;B2MxBP{B|ifO+^I zP_GKEiXnq6QVc=?D1dPSYJax~hP^-mve@4FKP}>dp*|)2X>ko?5fuLw!2M|n04%Hv zkniR#nmuhumAliYm(@S#pp~HTR57BZwV{M9q648P8o^y(Au8x(d1<@vo)d1i^=77a zhe2o|^>hO*pmQ{~Drk$+_;?nU@U`9oKhoo@S5LyFS>==Rq*aDLk)c)=TfWZRg zPro|;)eASoKm7{yg6R5Ry#N9SO?4w1>>AqY8$M0~WK%f2!7QttvZykFfrbba6HQYM z0!`7twY->^U{LoH!0!KfLd%n&2{~Z?j|s^G_u!Zw*uPKc_6rn17#LEZ_V)>au`W>k z46DBd>W%!b3CSP*IiYn>Sb-*V)ANP-jbE>-B4^LOfKX@l;zg$b;F^auK0urfaz((0 z&#IjkXYaZhjhNAU5CvuI78}c98-4mF7KzR2nK8r}K`+5jxv3m~AKVWo(zxZz2L4`L zxYF5vDED&XKip(9pWl3a0yMbhDl8D+EO!D!Ai8Ig>+Ny<*pCSg+|686?5iedDn zb;6a48yi>W#c~57r%oxtA}O0wLp_J=CL-0Ks679fB^(&!Bsg_e#++B*fk968mC^GF zYzv+#WNG@Cq~YLaJFbn!Mb551VVqR*YRwR9YN48=W!9-c~JYi zgP=SXs6h^D*7|G2-OB!QkkgCb9Yolo<=o@E)#red)%xA@B8joZfl<-K%AH>L2wooO zK`4@g052B(l~;7@S|?#(%w8q-X(ie}LGIn(w`|~v zJ>F=NjiB%b+ci_9lSAGFDOZgf=Ewx$$Ow-!Dq?$|NcGsD^^W!v)oPUMn&EOZ|CPNCOtWy{eB5Wv`dM^Odyhw8Jtu zU*poUJ;cddfn7a#=Xct<)ZU}imk;NzpK?}I8l?s&1vJEBppZ6Q-4C&=C=KU{F-|l* z3;Sxsae1wToJBzGN*pq98Qm?rHcb!2@4rmvp;a2~vt66-mAx_MdPVeAj88v5QL9zF z!Mk~vEg&X+t2e6p3^h>mTp;b1<`W;zq_`ug?mCAAf(w%fOA$ACB{p$h#$rmnPs4(Z z+^c;C4EM1g@qfg31^8G z79NkL0Zj5Ey=J>%GJeLsEe8F2yRdgst&O1=v-pRe%y6Xi&n&e(qrx-C5wQs`ce)L{ zXNFYBIQt?s;g|=AEjyJvsjFJ(=3Ju_lEb|TX>j`_v?;f~;hxzLKoF$PJ=Iz!pmy1} zyj3R=O-pE=W8I;o*m%`?HvD1nwBA_~!!)8vb-SX;jz>-@x_ znRtMR%2g4*eqclaA(GTtFF3sbhuhN)C7NC-{!FoDu|>Op|8BRQu;aeq0#ehWm0d&c z`j-ADZE6f8t6}+p=87AmX(Na)*`G3G2CzrJRg$2jzaz_7l3_hpeINLw_hpM;>b@&8 zNC~DM9;Rc=%!#_9b!+}bsX)3GDgbGdz~S-KqAUo0xFHqs%<53yWhZp{B9p`^tP1wB zK71`!Pa4|_GJ?R&GbA^JHQ6_`Jd=P2-n}fCM(_>yx37l&8@L+w!Ku@xv{Bd0LP?k% z$q^SbVPyeGea?il$EIPCZv$!@!8zJ1;IOkKD_Y7Z2k;ip6Hv;nldhaA>}J=&_?ryg zo5XCN;=mthdG!w^bRN24vlSL#a!IsXd18;BHwDbc<@}sYW7mZi)dDrz)=w zy{@H=>%^9Ln!!1#LsCtx^huVlvSfiQ;CPMF8JL;RqraRFeu7VZF&)y=XX@y2Fh3jV ze0ih z#QM$6lb(IZo~D(N71irm3Wrrl62m;gm<2{^DD^UInHN#0V2Q~VD9G)LE_ccPJ2Op_ z(=m35i(}(q3E&3X`K-Rnov!vNDW(tz!v zMAE#1*y|{*e0aI-BA0r_x_WxF-Oml;vL2Aj|6GbAM?j?SCitE7PapkIeM4Pz{v1&cphpaUZ0>)RVkl7<+%?iViRLu>bJN66CZC=;tu$<9 za-i=PHmwjjK5aHtqY*ygOJw2Heuo}^eyRBlihR&ybi0tTQrK?RD@^z^Hch@DJO^im zVZ7w6($geVK|VIetMy$7Cb(9@k_{(1BG&#QxiO+TRhkD%pM+Stu9Af`_3x=I9X-)+ zvPQcxJ#a=Z}@bL+tUaDXAokpt5m(?RBW2)j7EMglK=s$CSbo|M5;CVsk3Jt&90HD< zP~#ilGqbhT4s$hkvl}hNgwlw78z)hXn`Aa5Hh)d9y&Eu-AjE}EqhqVeqsub8YuYV_V&nZ+J>eU7TdvqSBtBD+1pXi-_VoFj z!?59=d(vB0QJY!^dB*8<`+Y;C`vti{lK{IalHkk&jl1m`(bZUx?rIG-M2n)bs{^@= z-1&FnHXg4SqK^}b{#BjbnOXXtHioM>RbXQB;EbQ6C8;e=vAixD4KJNbVLC3agDX#0 zo7x0kHwHDd%V??2z@BNv*ZknOQbo1^!*l6{;Of;g)~8x-FD|Y&OzENy{PB6du#GTf z=DcQCHap{^-vM6of=Na~j%1r& z^JPvn{pc_XX9-gFlIpsv&JPQN4fxd(CzA=A5xuf*sg5$#_sJxo7&7u#54Tf36gjI?^<0aGj8L+_ zridFA(bvyuHC*%O$i|?lSbIF%G4*zU#}?4rG^ewlw*XLhcpyipXrIbkvt7$mOjT1g zMCa01O|+|o=Hz?mjf6-#dQxgG8*9Tr?7Dmi^*VhEWi8kShxDZwe5fJ&?Q(y`ed8ou zy70soYwKz@O}*JIV>Eu2Vbo*ipmdK71vFP4!d@ZC^8q%$uI#tG(f#{SI(|!cv#)Y1 zMS~u#cBO(_=|^{Y+&1A-qhJf`DG|SW(mfLQ@ZwR(x5`zi3wR%3(}*w4lpZIWXBzrD zKeSvIJHJ454u<%4+QDTMQ}+!Tej>}1O~;Hu!5j`;6&FN$XCRmVne?2wAkyPX{6=~O z2;ln1H`E^MchbLE{8!QgpP>QQ^csI5JeL zc!Cv~h3*^L<9<Sp*pxI2=+G@vL&E`Ji+AS9Z}i8gx4hE&63a4W4|(pv7?z&-4m~;uW#)d| zywZ;ljCvqO27h0VC1*(cL~X`GX3ehCvPB73J$WR2@OXQ*FNQYSLSJBKH(i`_cWeEH z-?Ynpd?odXar7HLUJ&6ZtCd8IXl?yjzs!a@{{HTT#>;mxmM^;Hu+Gucst4_8iJ@Ib zR=ZyDd~9wtWgS5d)GH#-dzMNbSZzc?=z)rykg-ZbE_=HwNQCO)-Z#178s30@i1A$v z6{DEQ-1rN&(Vez}ZYSf@SHcN5-hy~WCvdw3(v}K>95rk9Qymqdez;qA5{<@*$`5eh z8%6TZiboo~-S@d7oWuMbVjKq11Gpz2bnMJ$I;FbZ0bKdJ8Wq`cG1P6og!I<_llV6E zu|t*D2+VdAg$ud3TF9svH8T8)zI%M=+h^aT?YcPYVlCUy0!~6scZ*ihIZ&fjs_h3A za=pQrbo+S2X0*@PQPx(~!Y;@K1$Om3YTjN_k)6-XWe^y{RlwsM3!31Q#iRVN%FK&+ z>jiJm8PN<0zg0yQ%ME<6YUfk7u=ccUy(kC%S?S0ukSMTfu)ajyV^L)@tJe&^>W+d| zKUk!wnDv8=!wZii-^ZEiFh#1^!&7pCsB`uFwSJZ4w#}OmM&`9PUYr}7d&aCUO<9Q) zm}R0oLqduUH_E=AUgk>NC*Nne3Cn+&U&M@NJ=ulVwXQ_)xyU9^Zq0q;^Sr@l;3@rP zg9XM^Bqx2}QjAImGwPX@tl9YKMZ@cycUDitwmX3v9$9D5*aiWnzA3i3GEpivy1{fj z2QLzPvM&UdZC`<1ZO`~^8mDvmCw?E8(Ok=zzWT73lne!!)IMIBtF*ezSY`Y8t1H%PR_6-m0bW& zMjDYSI_tfpQHJByU@7**6BGha7RKRgx!L8JJAc}8M|soT;|`!Rj>_~A5E9&SB=3-n zq|ONBDmBH(ikc{=sdi`)go%iD6d9sb8GUlZFSW6#{Q-?{{Dand`>v@lzM+({`ZK`` zzGeacYBq`3aOT(yJ+o(IZ05V~aSG&tWBOd5WU|%BcMSumBH`2CpdO*A)*n{&q+liC z3K?5j4qfmp^w``Fn7!Mw-MOwf*AUGRSeMGLKeF37@obSuqz^#$I@D7ZcH)m)#uKz4^}&2207YkS_Q)sRTG>0CPPbt#?42Q3dwtYm)O?7LWAwdNJ` zR7Eqo+i|B)NxJU!r3!+yMZ|a4xCDz^%rNxSL zs%){qnVns#!WGlaY1TasyA!e7PF4w9-RPcfaaX|;L%{8sz@^C9p=RgBw1j3&ydDBf zO>vqiNOY3E@nb~^jR7y5hX~QWIt}IeNO@ClaZ4rpHc!6tCAqp^`WS~Mfm(%1OL(Xt zxej&90O$~q^qL&K?d5k9v?L*0=Q6Q(qerd*>GC?&iitaJb~lh%tYk=zfv)=GO zpMQwM{|~+QfTv~s=Ka6xjlTY`m6iTyWmWr|-h03FUd{SlZ$cTtA6tn=Ar6PBdLOm{ zo$*=G>Moexnrt4kZ=8OfmSu1{z$dNaw|wPd#|R2i_)w9m7)MhU?vVBgP^B!89cZhU zXsHU%krJ449C$9$X{zMC`n>Ri%CB9E< zIM2ALaJ*%ny^cj+BfIpoe9!2N^uk6%>Sux6`u4WjpyVk&EHrgY?!g^VL5IouuWq$+ z>SNUDD|UC>%t~x4*x?QtWm)YN(lL9jcQrO|L){-SlmjbqFwu1<5D6bFx% zyhOUmKDIZ`>lUBb5Gv5@{%W^!<+XC=OcedeJ-)SGq?~Y@WzeK-PBOsrUG$*4dsSC< z^_Zw=A-20+t~6o>HiLBNt3X#izxYV$R8NX*i6}COr<)%}?=Cn#a}kuN+#QtmP^F7q zsD^m_&@7ToxT`^CobybeUS*!poJ{Roq#K!=rSho59;R9)zQ{FA8-i`|xM}drRQ_)J zwWqGlKeiM0Kwzb4WbGOZBEm}N$h~R)D>iTcOWDJj-mM2$S81Cfvmw+p%Bwd>J402d z;E41JU$|&uxfIfM?PHdRz|LBVlzWM5L~HE*M`kW>A)bOJ24CQJLT|G14GL{pJU@5Z zxG1wj*q^P{CZ1rR;zA3@Pg3Y%_jEzco^RdL5BO%F{NPJBgDrCeujbcS`9 zBDQEjpkFsii3$BAUhYTP!ZPJ#N-I(dEtp3duy7?u7W??}S~9^d&5;=de{=&^hZjAF z)pm`&uzXwr(BCuA@xroL)GtoyjSPloajQEYC5Sb^-YKts%=OIl0P(N5L1w2B*)=E_s- zuR=_@+eCf0?h5Xyt??J9W0#!N4W-8H8pkR+Cmtk@njK#d{QNFfF&J`^a3y!kJ$rmf z#!JpDB%|rI+w=<42&MYgdq3xVB!6GGUr0+*4<8!d;ew5znbY@zI^WiV9gi~kqlBM= zED|Kk)2`S?QRZ+#>5UlAVn2A0$JexI=32}ZTz{uQ{$sh-y9CQoHlJ9dJT+Swj~sCV z3iS|OCZ-m{#LOP=Aol*6RoEsCQSy(xj~QC3Beun)JO$GcFUEKJ#&=2>p0~Ms1(s4W zT}>HxvM}SzHPqzaqyxI?QrTriVx9DTi@2hfZWNmcN3^3Vaz|SO^rxcn*2@;OINQwlVfAxz89J>Uvex+P zzLknJ(i^Tr&_UdTr7m zhUbHxnDo_tYk*ZIH_|ocdzg0jHmUVCBj=+8E*3sZB zOg^J_$j!yZDPE~E2ErFHgoKoKNNr4P3mU3Q*Xqk$ze`JLV?#T4`)<*-LZ_kAGgPs* zhlHSfY8Qnf-L)#U^8=rXATd4Aid7-kNNSI$RogNU8QfY3Q2KzT|-> zRwsAafR^+?yIwdZOvG)M;+P}2kAORkVieNHcuv3sCLn^D1$Cj=vQKdma!|{*S)PUu zB04|e1r&j^`kkW|F+l;G(TyP) z?;%J&QCeR_Y8qfTOSnaU%ZSwvNK#1&XMpHc*I3blXMLqYP$Uu;ywEqpG3|;-Czz=r zK2@_b=zsh2o%cROKtaXl?uZK*iL@l<K;vePDm3|D$>fxSz&AmxUqjlBJiR#FX$0XLy;8ntSF8Qehc4A8@^a(QAOt-_EP6L6Pwc$MgEpGD{3!OM~%QOe6Ux^(v5SH2^N zVxn0hGcQgqBS%}cS1hMX7k*W+TdOn7Xn`!pT)_bIaPHaC9_;}M8yu|LM(CF13-zo( zu{?YB@P(Pn*>csp=PH?yyn;@0>9d)s`QhBgX^W};<-E8eZgn)4A6=qz2qI{;vdd&_ zpQ%JohC2#$F&`jng{MFH0aWo6cWMvVon-Q7*#VdWo@}}Ubi=Q;j?#R=mo8qj%aMVF zBeIBx${)j(u^*D!bvujob_Va{P&9Hfk&e!!YFo-a_K}}=>@!alfW?Z+2Ey|x(r11L z3&iica#t{cJ?%)*g08=xsuyaO7Ad;Jpxee8VJ(0vQ__~;)2jaji^Y=nz6;WKt!^tT zuOJ87uBK0{v@wPeC5by{ zexJqAQ08J9>^@w&=SnSc$mdAmbDI`qN#@;!w>IMis+7{-U7ypm-0jafPI^p75b5>*!)4&h1Ps4O@3sH0q-Xp|`d5D?J*ML?(pRzn57Org-Zi_7@t@@R z!CTR%RjpU<&CZZ9FiV$RDXs}3UnEr7E?CamrmKq@>p8HBfx{Fx(S*wa#0!_^U>_1i zA&6Rr{Mwe_6<+#+XVO(_c5&T{2a6_MagDW8?L3EB3+|jRwaSc~-OjKQ)SoL+k)#N7 z%Evz16)|p#K9W4+e?Gp1fujDn#~*$jCiNk@T?D`FN?Eq>$1a|mu`5=W1kxRz$(yP7 zOi}dnh}Vfz0Zk-9H&2Rov&agly}_UDy}SWfypnW8`0i-4?`bbq<`OKMC?oU0zlWEb za!1Wigk~gib?yql6_7+5A?2(>nF(A!NmUJ#_uBElgw~60!1*|-!^n) z8Nu^LE2+%3pWXj$61wK&6B3e2gSKEmCHr{S8~wMI8}{;Ned<(R$(Kn_YHE1sk(BI2 zLFEOuG@ma9yqDk|4XH&%x4!mRpp%G&*5?sY2jjxlX z3xJ-dY#X2o#t8n1I?%H&kTV{Zyv9Gvbe%)tGl*;r9R{X(O(0K1jr?x1ZnWI5DW>0f zJuUDR*~Mo#_iO8BLBHV-`M8c^Hjqw~nV)j=P7rwH{d+1a=aWUY8*E>X^pb4wFX6o+ZD;{&MkH?$w5#EiSMkT(hGTd!` zcBz`~!y;sV3p`ei!_`B5_RSqQT*mGGN{`t7h-b`}u?_l7Fp-&BUS^OhTU()xeuvj< za|M;YVeY(`h)h7d`hoxjP743~9JGEN$7hKTFAk%R_aOST-)G}pRuWjM@IA6?07{#6 zpsZDFCrMV0A1hj)HhZ2Lx8tt^EuDkhl4PloeF`v$Ghn6nmKpAOw|T2eaQI!GCb1oK zUJcc+AA6MNLnDYO5&sx@+JfT`jBK?(tfirAp9ma(d55MihUbFB_hF7|Sk+sNQzn{U zY$MjhC8{kg4e&$a<@b-4v$Mmut zCN)eEMEQU%dTE*v;Z_bO+PY!L61gu0n=(8l@tohshv*^|C-tw_~X_g?|>4L*C3w}c-noF&ZC|C4~fm}$DB>lFyS<|F> z{Z+c{wN0&>6SC9WIAPKk5$<}Mtl_%KPz~j8wD#^#(9Z`3`xer>6@A{_xIR)g;>bMr z=NXE-tILjoMUxd8`hJm_u9$fRt7M?~j1=HLA5F|OGNJoH;*N0q86^dPWl&AmZKoLf zu*?2E$RYXaQ{#vLUKM?rK{tn6&0W;^uG$Awjn6ad2e{hw=g)1--aK)tVnG!_@GHBo za8K;NnkSlyh6$lB^JUgNu10EQBu>7y8<$tgGb!T33}m2o4h!faWc!5m;X0S#v|y6V z>D8ImGJ0EMcv3gb*}0#dzqp~jVOgh~qf(h7Jg-8KWm`c7I-hK2@1bOL266+{)SP$$ zq5!e$d(qERY1m%k2n5bu&F*!(XEIbS81!g&Bhc;f6muMY|QS;3(a_0WJP``Ny}ODRfzQ<^~z&O0TrU^rS=BNG@}U;RiuBZJt# zipMsZKe^EbyPJHuTu1uW6aTpq#OZ}rppwt5Qd zSuw!@twBvShts!)8e3>p=(*$=q!9L+0)w=K$m8AuEDoO?78>QIQP|Q! zU-NY*BcHW!aS`oRMX6oX+H4l}jFGz8mz?ZIW_*^t9C%e_Sj9FM(^gvseB^%Ta`)P-66@HSO9!cNe0)_9(;^g5?CKx}T}W9sY4xk(ZIz7rGfwdk2S~=!6iqrNl7?hK;U0b(=d@ z#bG6)`I1z_pE#tlMxe^4RPl9tJ0U?)=u(2*;Ns$UPvT0)Itk2J<^a@5bTq?5*VZ{O zzpD8qh~7cy`ydqsfdzSlc>!7nCt1nM>LOA(sne3$%9pC8?^TCLkiU7Nqif)1f?e)> zg>x0`?SQ#Z2wZ+ca8L(EVyDpU`Hr#>H);Uk#USk^slMQX%bKM7u*7?*9vS33Tpb)K z&q)Q`1uqBbvTIX5LF}f*i~fg!>k0GEIEA)%;9T=gI-i2dvU^rEiJ+-!&c0~N6r)IX zOGWAqnbT^0tu%|+t5G`hN0)(Fkas}kbuVWa?sF+CF(#T8zRIgiVcXn}$>NR_3iGC~ zagocZnHw>xV!&>n>p;n_PXD1@?{tE*f>s;>kv)z^z`I+%lb zl58hx@qsrV(rCCym^5MI=0#^e*Gr1l(I?z7=euA2 z0Hqm18}w;i=nE#@=dsieXE^>;OKr@fdewqO>N0~?Ha@q-!D@H$bMmjz!pEKuv|lc* zlfC&UdOi$MNyKN+iz_l+!$3jA0JWY2skKv2F7{dcf-YTSBttcC(^+|I*;R(|sIxPQ zcm=Z=oHBTAG|Rzt_99{x5H3$cZ{#Gad4iWuz-V1GN}Qx7pWEarf&}L&p~m4l)EITk zI^apQL?qQg63OMhvYt)o13Aq6aIivb?CoNCvu?lVJZWf1D~pHr^f_dI{RC(25N75O za4sZSf|x*U?u^{-gGV116YQuj4z(LSBBHflW6t^lb?GJZ5 z9208JJ0rV~>={LYw+pEf=0>gd-rJA`G402b)&zT7#XdsCX)UlC171AsFHDNz9!yNW zmTu3R9Ma}i1kj}kEOD6aaD*pwoTs+>Tq$(Dd@-YTe>Sr^HY=`0R3!0s3%jZ}h(ghe zZXup5Sc<9cm2x0LDV%Q8=<_;GM7HIZFs65rWarI7#bDdr4!%8P=jtKYL1}mAOZ0HE zscEJB*jmm`*3B{dG!+W{`Oga$xK8?0-$eR?+UZcD@*)P#3QW8ulM3!K9mHro$U27>lO`#$47->;J1U{5?vO2f8B9D8sRG9M^EL)O62#xzH@zmw$313J?{0a zB$4&lWjYe=4%?=CA#n~L2YcG}pih_rw%+NnK zn?YWuLltdeZ9vg|8W5j(-n#@CgKs5_q2U`CoThN}Wli1FhTQj5mJrbw%5!VrK$@=H zvoh}|(cNMRFJ{u%_aF9FU3yUUbcb1y>*#FO9v_azU2TKU7g=N@7bk@R$W9?%T&qYhGr+28z@ zxlJp5-nZNtY!*yIh@7ugJ>e-qIMP#VwZ-uwi#xiouy(_R=5Y4WDZSJ2oOi(t#8kh;ni>g!;r_*Q|z1hE`0NVz+s16{_vFCXp`&gHkIpaVFs|rJ1@^t(r5^Hxdb=x_wZ6uP8eFlo z;b^2C@5%_pey#Zf0)2M`|5!A5tk%Df%CxQ^Y%_O-<6+H6;{y~a-hJQKEp+?lQ?HL^ zBK@{L%WHeRKO#@u)4%gOhQ?_qqm`ThK6VLz?K|#Y?BY2j%-a6r>KUigr1b23UIvRST&6cyH^$du<>m9S}r`)6;TjYdro zXo|h%r%}T~2n5;M07aY88{0Rc4g3kC4ts~hD0I;rSmrbP6~5Br-8lr1if_1rK%`d# za`~T04_E?`UIFoU(o>>=NUt>YC+S&!k)D|o`rrOug!L!s75_?lO0-|3uS)-u^tZsB z0u^YiL6d*L#TGkGqW~uU@Vk6`(f2A&Zw?p5B(Oq2C zBxKAToe+@7d!Tg%z^ol%y_adHaP@yqoo2N~Mv&3j*Iku$h0Up+!wvaC@I%emTBH0!11uRkVi+lXk1X{TX>b|(Pup=cw{{? z!;ILG=fiK&^TE|o6dEdqku4qBo$&ppR16?tuLTejB%Qx;9n(m9pJ@?3^_e*>($Tn zMJh7RqU%9X>#XN-6ljhz>~~X4%U-l z8J`q>?!%$&Zf$!Aa;W3iPPOlRs0Y5QUn~v7^n&h4RP{jG4m#4V38R~v>@@s?Q`IwT zb9A=U-f7fHVH9AuHVv%ZA|Hil`4`UfsUEAvFfOs^26O2cyOtZDsG1^c8kGYz=d?17%B)SHa|b8mlnImNW>G zo=|VMOC?Zo=5Z5U@vpx}SmclWyppgdIBHZvRvlE(( zNSiBe<3pagJ?#(k!L00cFn<_bJRu$q<2gUn^c6W9k<@eujFe;IEX2)Gf?$ zfQmC+jr2PcesYNN%RLxG)J*#pcM zCBv>&GVr1$pSm5zYP?&s*ftM`a#9-vtIavOlc}R8Ds2mJpo|3g#4jQ#m%sAJk=QEp z?5s0?mkKysplh0gNNppAer^)Bbsv_buX@zxfK_azU4sU*JfQHM|^Exx^C#?!GRBh{o^$6-6z>Q$S9uTC;>pia#ujXhaOKQ3*3aqQ;b#>fUM zP;F5C=CbUha3&(`kZ8FK6^8>4kx$zXe&e<%0gVcgxs*o|X;%mGpF) zzeryZ@Ehp?A@O{2gAdz&nATi$I>tF=wnKeZ=3|kh-=U=K^KYExA(p2VbojM3)LbFK z3!`*;8A2+NV98o_D8uF7FVWJQ)EWb}|XY;1%1L{I&?)Xl8x72IBMJL!wEhdYu7>OSdVaUOdY9c&$)q;Bqy zAa%}x>io0bM!g`tzmff}H$6G%v`kw2cfHT~{5l;UY@G*OocZ?dNHP^aEi-51-`y8R6O2aD@{5-LR4%hu>Lw+PTrF$Rc z(A}bJTS`>HCh>L)zp$epi(PC8LO4R-=HI#?WpTcEgiP(nWZ*-zB6n&;$c5faa^aMJ z3Erl#wg*yubIo zjq}Fb3l=@ox?+2!12nlaCZCrv$Fgo4Y;$tI)L7M~s6eb3b+JD!OS-&JH_s_DIow8U ztAYi^LL%G)h*^xM6fv##W{KZlztWrE_)fzfSEiZpnfv}$!xo1&CuRrS87OMLU^p4` znl7+YY#C|*P#ILmHHOshbatQ~-Mg(?F$-W_w7lm$(0z23fux5WsgG0?VoyQ8q#%Mw z(O!5#dpPH$16MR>T_e7&9M`mNX{*uC5eDI46LEr@j%lTH7el&L2b3&`>)(wOPkC&- zxJCl5mX7Uqer!)9@&zWsn|MUD$I%xQGx>$5%(hZp#LMftU!q2*t{uE;|GxDuP4rp$ z`d3$`jX>}24KvkdUn~tiO5c;69F6xv6;G%nUtyVl%PaSR7@4OP1Ky!qzFLW9`w|5S z0Z`6st1A?)RK5on&e8nyx??poW1C4r`p|EQ&iENlE01eb|Q5)cHsO~ zMpd1k7L--ze=z25$1A^0LL0Me6$jhy-tyBAC_iVn*$=!2s;?i!K}j!b<}K5tjtYIV zrt~$0jKq=#c`>G);Z4)0w5)@5fvOmssaV$*TsbT|Kt9}eaxq_7J8QeA0`x=s10E{68jrxmPpHNe?;O8 ztYOYq+Wc7QU7lK(c5YBP_ri<(UP6B0wi!YOxMo>LM!6`=uTN=TKy0!LEmP5o_2x|S znxkp5mYar^1ZL?p(NxIxSQ6`xRUM)ND*-CFP-+jR7Tn|23`#BKYh{`}9vVO6rB!X7 zOuf0iRu=i-F2AR^+POcUr}Id#t}D>0D~^l|VlNJ6C&OGGeLzg>EWNJWa-b?rw7LkG zQK90ZG2-+=EL`njqL=Gwrmp%iDpBqF;63#{?ybGc{G5`FY!Uji$y`&#e}3BTPET{E zBW`TA*3>aEj)^g0%d|*KDXG+D0H=+()HlnVFE8W1@MP<5MY8Q%rG&G>De~Az{mMfV zS?}iL`fVkvixN*OJe)dPlJ4$;>7Ka{$Dpy%`aA2-X(mQTtL%~AaUOq6(=+JoPL?lz zjsV(tdEZzrSD-Xt&K67C>BwD5!_MRse_`|%7oamYFO_?cBBVs~y|Bz)7(%;^3B50J zRdXOrR6KLr=@P`vQz0(Oqdh+lB1cin?(dS^$^T@lRo=*_*OMmknHNaN2MT*VWXsGE z)%QMnA3XfP$XaH;-5P6XD3RH?%41La(+_02>C|dITa0LL@bJ$e&8@)&z764dDB+sk zD{1`R`#xn%lA`uIvIEm#B0l#?R#q2oUB!1bM)I5caQ;>o`{tgix8q>a3yXB*J(1p6 zpXJc~>mbICx?0k+?W51r`B+tWBt$5i^NQ*Zvj|R4C;e|upV~uk`YO89PJhjju(K*@ z|LyehCp)XX+`l@#=&{qQ{nP2MIi5Iuslut9^^8K;gy7xl^Rx{zKtsd56`RXZwYeEJ z6Hd=|oP8+1p|&Ef?)tUkv~F7S3>T=&xBh%2nGV~Yt~d&!hlYR{&~IDF(Ot|* zCMKUQ7e>y;O(oJj+|Ky=m~!h|=t}h&+Lv?sWKF6CA4OG7{&ct1)BUdADx2*~UKIA; zW+~=jG@tnEjooO5MeITMY@bNJO*Cb$rBuo*DpVSCkzn||MfFzaBiqtC`@5yi6XujG z4pVTEwDIW%>Cmjg{sn*dO*Ikvk-}keI1E|&-OcEc=DjPOv2NSTR+!1pukC`W`{7kl zIy5M#FIk;MSme;WdZ-K|0vNCJJ?R>C*qD~2O3!!bA!lXSi)_JuwnCZytVB`8WSROm z_lx>8Qe8{RC?S_LGd5Je<=+onc@7zG7Z77SFQN|ed>*JC#n!-SQZQ^x~6E&a^9wfN*XwFQCs6_fc{0$vhD}A1lG(qx|5>bba!X!L)5A}GY*o4$L7oSBH3-pk zXh9J-OI8@*Xe0_1)c-x0pxD)+F5}*K!t}sv()C8 z97(EanK_aPB7G_GM$<@klk)?c-6kr=7*@aW&sygIu{e%2|Mjv_G>;_8BN3D&JB`Av)JQh;Y55_H!ZDs|$g71l<%TYv|1s=CO zKw;6y@Fq1C4WO;5cN*u_`*LBVZN0#;Y&8oP7o&N9^+#J6T#s`vc}j-l3(dGDx%O3*P87U|_P zJ7P9}e{i6Gc*7{=E>Gams7Jokv~ts(tHErm!f>-95vBWdMOCq>8^xi-4l`g2_GQ&} zMXChJ%-bFmMlrU~goIt>S5F>z?##{ysk8!AOG-JpUd?&?81TY-m}IX)1-0!H=Ap73 zcyMzv4#6$>@XCeo#KH?tB6k#6fjF!FrS2omhpFaQ&U$eR#6S+8qzW$e zSrt`dD`C=!1~sJs!>;q>1->4lO;>W;0)uR8dsv`BIuWY1_4za$`6($BL6733C%AqB zOgMdNnL0lRT-&UiqA7HPoaYadx$^~N6)zb3pj&?5ahvqPncaeIP)jOoO==0H#(Ptd zyv8yuc|^&KdMziM#LVFhNy}R7z5L4zcF>kX4EF&Imgo*WYV1WlEaJ?xYQ`Au!^%9# zOMu#u`1mMCp!$Y|8Deg`7bD)>QmywURn+Q{Up&F-^YOm?`!l`WAi?PusZTq-SSi8j zp%kZ`-W5s)kiq|(Ls+N&&k?|i9p9mn|LOE%r6*2LyMD^)0o%pkwwe(=vuitAtT!E$ zV*3^WTGI-0XjH_Uos-pY>b_;RSy=Gako3w-adMX=9}s!KB+++sD*304AxX&`mdHn{ zag~bHORcU8X&3+2G9K_IR6wz%4Z>(cqznqM`GG(LF}c4ai`H$5FHITNSYBP0$^a*R zsaW1{6&LIj!xi+${c*M$`dMO>Il^t8V|GSG)`k)A4L@X)SL=b|jUS4J0fQ^Bk~;rQ z+b22NHb+Kr6fFkB&kckWNe+g3NO@r5ul0}#?Xb%&QAEXWaFd6)crSf*teOikOqF;q zy0QO(^Ph<`OZ{Ov^N3y}l&MgQ$oLCFc2e+K{ysZc6d^m_LZ`DMUWC7Kl}IoCogD?j zK0Jg+Jh*cPfS*TuyndaJ1~BPF5D=d*{9i=;e6&r(3F6Hr0wUp7$=O)DUJBqUpX8{! z*q=k*cq=ydjW=ISyRs8bR&!rk=mH_EM%n+u{#q0O6RbF)C_Xs-vna%i@I?WAf*y-APSp2AEy!LXxXy1j`K8K(^Jm*Avi38a&^>xA{tGVlC za^Y$o>J0q=%{C?Yv?XFJfN1L6jrz?JVX%bPf+!DEvyV0BkZwB9!~)yJfWN;$-ks2A%Y-kwZ$)@=7ecTaNyHK!u5BWGynqr z5(fmt2p19n{{7DJI>p%ld;OTR%Rf0waGY=^`tJdjfOf)}Z53c%=ZT5p1Uw3XGqkhP zm*&^oFqNWb^BNz;5<+I8vPvHbv@J)js=3Q`7Yufl;l{h$V8sVen7yH3h1={V%jstR4N+yOr_mHRg>F`37 zSqKPbN(k%d`MF Fe*mm9@-P4Z literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/ssl/basic.test b/testing/btest/scripts/base/protocols/ssl/basic.test new file mode 100644 index 0000000000..94b0e87ec1 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/basic.test @@ -0,0 +1,4 @@ +# This tests a normal SSL connection and the log it outputs. + +# @TEST-EXEC: bro -r $TRACES/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: btest-diff ssl.log From bbac44a6a4b234405a5335dfe8c8ea2beef3f8d6 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 3 May 2012 13:13:58 -0500 Subject: [PATCH 26/51] Changes to open-file caching limits and uncached file unserialization. - Unserializing files that were previously kicked out of the open-file cache would cause them to be fopen'd with the original access permissions which is usually 'w' and causes truncation. They are now opened in 'a' mode. (addresses #780) - Add 'max_files_in_cache' script option to manually set the maximum amount of opened files to keep cached. Mainly this just helped to create a simple test case for the above change. - Remove unused NO_HAVE_SETRLIMIT preprocessor switch. - On systems that don't enforce a limit on number of files opened for the process, raise default max size of open-file cache from 32 to 512. --- scripts/base/init-bare.bro | 5 ++ src/File.cc | 20 ++++---- src/File.h | 8 ++- src/NetVar.cc | 2 + src/NetVar.h | 1 + .../core.file-caching-serialization/one0 | 4 ++ .../core.file-caching-serialization/one1 | 4 ++ .../core.file-caching-serialization/one2 | 4 ++ .../core.file-caching-serialization/two0 | 6 +++ .../core.file-caching-serialization/two1 | 6 +++ .../core.file-caching-serialization/two2 | 6 +++ .../core/file-caching-serialization.test | 49 +++++++++++++++++++ 12 files changed, 104 insertions(+), 11 deletions(-) create mode 100644 testing/btest/Baseline/core.file-caching-serialization/one0 create mode 100644 testing/btest/Baseline/core.file-caching-serialization/one1 create mode 100644 testing/btest/Baseline/core.file-caching-serialization/one2 create mode 100644 testing/btest/Baseline/core.file-caching-serialization/two0 create mode 100644 testing/btest/Baseline/core.file-caching-serialization/two1 create mode 100644 testing/btest/Baseline/core.file-caching-serialization/two2 create mode 100644 testing/btest/core/file-caching-serialization.test diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 8f428b8549..20ce7b8ff5 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -2329,6 +2329,11 @@ type bt_tracker_headers: table[string] of string; ## BPF filter the user has set via the -f command line options. Empty if none. const cmd_line_bpf_filter = "" &redef; +## The maximum number of open files to keep cached at a given time. +## If set to zero, this is automatically determined by inspecting +## the current/maximum limit on open files for the process. +const max_files_in_cache = 0 &redef; + ## Deprecated. const log_rotate_interval = 0 sec &redef; diff --git a/src/File.cc b/src/File.cc index d4e31bcc16..4f45c70a58 100644 --- a/src/File.cc +++ b/src/File.cc @@ -74,9 +74,8 @@ void RotateTimer::Dispatch(double t, int is_expire) // The following could in principle be part of a "file manager" object. -#define MAX_FILE_CACHE_SIZE 32 +#define MAX_FILE_CACHE_SIZE 512 static int num_files_in_cache = 0; -static int max_files_in_cache = 0; static BroFile* head = 0; static BroFile* tail = 0; @@ -87,9 +86,6 @@ double BroFile::default_rotation_size = 0; // that we should use for the cache. static int maximize_num_fds() { -#ifdef NO_HAVE_SETRLIMIT - return MAX_FILE_CACHE_SIZE; -#else struct rlimit rl; if ( getrlimit(RLIMIT_NOFILE, &rl) < 0 ) reporter->InternalError("maximize_num_fds(): getrlimit failed"); @@ -111,7 +107,6 @@ static int maximize_num_fds() reporter->InternalError("maximize_num_fds(): setrlimit failed"); return rl.rlim_cur / 2; -#endif } @@ -172,7 +167,7 @@ const char* BroFile::Name() const return 0; } -bool BroFile::Open(FILE* file) +bool BroFile::Open(FILE* file, const char* mode) { open_time = network_time ? network_time : current_time(); @@ -196,7 +191,12 @@ bool BroFile::Open(FILE* file) InstallRotateTimer(); if ( ! f ) - f = fopen(name, access); + { + if ( ! mode ) + f = fopen(name, access); + else + f = fopen(name, mode); + } SetBuf(buffered); @@ -846,8 +846,8 @@ BroFile* BroFile::Unserialize(UnserialInfo* info) } } - // Otherwise, open. - if ( ! file->Open() ) + // Otherwise, open, but don't clobber. + if ( ! file->Open(0, "a") ) { info->s->Error(fmt("cannot open %s: %s", file->name, strerror(errno))); diff --git a/src/File.h b/src/File.h index 444d6209e2..37f844867b 100644 --- a/src/File.h +++ b/src/File.h @@ -87,7 +87,13 @@ protected: BroFile() { Init(); } void Init(); - bool Open(FILE* f = 0); // if file is given, it's an open file to use + + /** + * If file is given, it's an open file to use already. + * If file is not given and mode is, the filename will be opened with that + * access mode. + */ + bool Open(FILE* f = 0, const char* mode = 0); BroFile* Prev() { return prev; } BroFile* Next() { return next; } diff --git a/src/NetVar.cc b/src/NetVar.cc index 59cc1cc633..bdb566b20b 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -167,6 +167,7 @@ TableVal* preserve_orig_addr; TableVal* preserve_resp_addr; TableVal* preserve_other_addr; +int max_files_in_cache; double log_rotate_interval; double log_max_size; RecordType* rotate_info; @@ -257,6 +258,7 @@ void init_general_global_var() state_dir = internal_val("state_dir")->AsStringVal(); state_write_delay = opt_internal_double("state_write_delay"); + max_files_in_cache = opt_internal_int("max_files_in_cache"); log_rotate_interval = opt_internal_double("log_rotate_interval"); log_max_size = opt_internal_double("log_max_size"); rotate_info = internal_type("rotate_info")->AsRecordType(); diff --git a/src/NetVar.h b/src/NetVar.h index 425ea93e09..a7e750dc59 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -170,6 +170,7 @@ extern double connection_status_update_interval; extern StringVal* state_dir; extern double state_write_delay; +extern int max_files_in_cache; extern double log_rotate_interval; extern double log_max_size; extern RecordType* rotate_info; diff --git a/testing/btest/Baseline/core.file-caching-serialization/one0 b/testing/btest/Baseline/core.file-caching-serialization/one0 new file mode 100644 index 0000000000..abfe9a2af6 --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/one0 @@ -0,0 +1,4 @@ +opened +write 0 +write 3 +write 6 diff --git a/testing/btest/Baseline/core.file-caching-serialization/one1 b/testing/btest/Baseline/core.file-caching-serialization/one1 new file mode 100644 index 0000000000..d53edaed28 --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/one1 @@ -0,0 +1,4 @@ +opened +write 1 +write 4 +write 7 diff --git a/testing/btest/Baseline/core.file-caching-serialization/one2 b/testing/btest/Baseline/core.file-caching-serialization/one2 new file mode 100644 index 0000000000..5b5c9bc130 --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/one2 @@ -0,0 +1,4 @@ +opened +write 2 +write 5 +write 8 diff --git a/testing/btest/Baseline/core.file-caching-serialization/two0 b/testing/btest/Baseline/core.file-caching-serialization/two0 new file mode 100644 index 0000000000..88e273032e --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/two0 @@ -0,0 +1,6 @@ +opened +write 0 +opened +write 3 +opened +write 6 diff --git a/testing/btest/Baseline/core.file-caching-serialization/two1 b/testing/btest/Baseline/core.file-caching-serialization/two1 new file mode 100644 index 0000000000..b2f9350bc4 --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/two1 @@ -0,0 +1,6 @@ +opened +write 1 +opened +write 4 +opened +write 7 diff --git a/testing/btest/Baseline/core.file-caching-serialization/two2 b/testing/btest/Baseline/core.file-caching-serialization/two2 new file mode 100644 index 0000000000..94a971c7db --- /dev/null +++ b/testing/btest/Baseline/core.file-caching-serialization/two2 @@ -0,0 +1,6 @@ +opened +write 2 +opened +write 5 +opened +write 8 diff --git a/testing/btest/core/file-caching-serialization.test b/testing/btest/core/file-caching-serialization.test new file mode 100644 index 0000000000..7ff1d8be8d --- /dev/null +++ b/testing/btest/core/file-caching-serialization.test @@ -0,0 +1,49 @@ +# This checks that the interactions between open-file caching and +# serialization works ok. In the first case, all files can fit +# in the cache, but get serialized before every write. In the +# second case, files are eventually forced out of the cache and +# undergo serialization, which requires re-opening. + +# @TEST-EXEC: bro -b %INPUT "test_file_prefix=one" +# @TEST-EXEC: btest-diff one0 +# @TEST-EXEC: btest-diff one1 +# @TEST-EXEC: btest-diff one2 +# @TEST-EXEC: bro -b %INPUT "test_file_prefix=two" "max_files_in_cache=2" +# @TEST-EXEC: btest-diff two0 +# @TEST-EXEC: btest-diff two1 +# @TEST-EXEC: btest-diff two2 + +const test_file_prefix = "" &redef; +global file_table: table[string] of file; +global iterations: vector of count = vector(0,1,2,3,4,5,6,7,8); + +function write_to_file(c: count) + { + local f: file; + # Take turns writing across three output files. + local filename = fmt("%s%s", test_file_prefix, c % 3 ); + + if ( filename in file_table ) + f = file_table[filename]; + else + { + f = open(filename); + file_table[filename] = f; + } + + # This when block is a trick to get the frame cloned + # and thus serialize the local file value + when ( local s = fmt("write %d", c) ) + print f, s; + } + +event file_opened(f: file) + { + print f, "opened"; + } + +event bro_init() + { + for ( i in iterations ) + write_to_file(iterations[i]); + } From c9b53706a15db9a0077bdffde2865bd36ad621b7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 3 May 2012 11:45:11 -0700 Subject: [PATCH 27/51] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 22df444f54..76e6bd4b18 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 22df444f54d8cbc05976ef4a5524c73a45ab6372 +Subproject commit 76e6bd4b182e9ff43456890e08aeaf451f9e4615 From 5984564946de035c5f26a5ab5b2378a21ad2d712 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 4 May 2012 11:21:18 -0500 Subject: [PATCH 28/51] Change IPv6 address/prefix output format to be bracketed. Also add a test case for content extraction. --- scripts/base/protocols/ftp/main.bro | 7 +- src/IPAddr.cc | 2 +- src/logging/WriterBackend.cc | 7 +- .../bifs.addr_count_conversion/output | 2 +- .../Baseline/bifs.ptr_name_to_addr/output | 2 +- .../bifs.routing0_data_to_addrs/output | 2 +- testing/btest/Baseline/bifs.to_addr/output | 2 +- testing/btest/Baseline/bifs.to_subnet/output | 4 +- testing/btest/Baseline/core.conn-uid/output | 6 +- testing/btest/Baseline/core.discarder/output | 10 +- .../Baseline/core.icmp.icmp-context/output | 2 +- .../Baseline/core.icmp.icmp6-context/output | 24 +- .../Baseline/core.icmp.icmp6-events/output | 82 +++--- .../Baseline/core.ipv6-atomic-frag/output | 8 +- testing/btest/Baseline/core.ipv6-frag/dns.log | 4 +- testing/btest/Baseline/core.ipv6-frag/output | 10 +- testing/btest/Baseline/core.ipv6_esp/output | 240 +++++++++--------- .../Baseline/core.ipv6_ext_headers/output | 6 +- .../core.mobile-ipv6-home-addr/output | 4 +- .../Baseline/core.mobile-ipv6-routing/output | 4 +- .../btest/Baseline/core.mobility_msg/output | 16 +- .../Baseline/istate.broccoli-ipv6/bro..stdout | 8 +- .../Baseline/istate.pybroccoli/bro..stdout | 6 +- .../istate.pybroccoli/python..stdout.filtered | 6 +- .../Baseline/language.expire_func/output | 14 +- .../Baseline/language.ipv6-literals/output | 46 ++-- testing/btest/Baseline/language.sizeof/output | 2 +- .../local.log | 8 +- .../remote.log | 6 +- ...]:49185-[2001:470:4867:99::21]:21_orig.dat | 22 ++ ...]:49185-[2001:470:4867:99::21]:21_resp.dat | 73 ++++++ .../conn.log | 12 +- .../ftp.log | 4 +- .../conn/contents-default-extract.test | 3 + 34 files changed, 374 insertions(+), 280 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat create mode 100644 testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat create mode 100644 testing/btest/scripts/base/protocols/conn/contents-default-extract.test diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 14f4307e5e..809ab61360 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -169,12 +169,7 @@ function ftp_message(s: Info) local arg = s$cmdarg$arg; if ( s$cmdarg$cmd in file_cmds ) - { - if ( is_v4_addr(s$id$resp_h) ) - arg = fmt("ftp://%s%s", s$id$resp_h, build_path_compressed(s$cwd, arg)); - else - arg = fmt("ftp://[%s]%s", s$id$resp_h, build_path_compressed(s$cwd, arg)); - } + arg = fmt("ftp://%s%s", s$id$resp_h, build_path_compressed(s$cwd, arg)); s$ts=s$cmdarg$ts; s$command=s$cmdarg$cmd; diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 0ba5589fff..8d88cebc25 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -172,7 +172,7 @@ string IPAddr::AsString() const if ( ! bro_inet_ntop(AF_INET6, in6.s6_addr, s, INET6_ADDRSTRLEN) ) return ""; else return s; @@ -257,10 +258,10 @@ string WriterBackend::Render(const threading::Value::addr_t& addr) const { char s[INET6_ADDRSTRLEN]; - if ( inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) == NULL ) + if ( ! bro_inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) ) return ""; else - return s; + return string("[") + s + "]"; } } diff --git a/testing/btest/Baseline/bifs.addr_count_conversion/output b/testing/btest/Baseline/bifs.addr_count_conversion/output index 08a74512d3..c63e64b735 100644 --- a/testing/btest/Baseline/bifs.addr_count_conversion/output +++ b/testing/btest/Baseline/bifs.addr_count_conversion/output @@ -1,4 +1,4 @@ [536939960, 2242052096, 35374, 57701172] -2001:db8:85a3::8a2e:370:7334 +[2001:db8:85a3::8a2e:370:7334] [16909060] 1.2.3.4 diff --git a/testing/btest/Baseline/bifs.ptr_name_to_addr/output b/testing/btest/Baseline/bifs.ptr_name_to_addr/output index 7c290027aa..ebc4c15823 100644 --- a/testing/btest/Baseline/bifs.ptr_name_to_addr/output +++ b/testing/btest/Baseline/bifs.ptr_name_to_addr/output @@ -1,2 +1,2 @@ -2607:f8b0:4009:802::1012 +[2607:f8b0:4009:802::1012] 74.125.225.52 diff --git a/testing/btest/Baseline/bifs.routing0_data_to_addrs/output b/testing/btest/Baseline/bifs.routing0_data_to_addrs/output index c79aef89d0..7e37c7b77a 100644 --- a/testing/btest/Baseline/bifs.routing0_data_to_addrs/output +++ b/testing/btest/Baseline/bifs.routing0_data_to_addrs/output @@ -1 +1 @@ -[2001:78:1:32::1, 2001:78:1:32::2] +[[2001:78:1:32::1], [2001:78:1:32::2]] diff --git a/testing/btest/Baseline/bifs.to_addr/output b/testing/btest/Baseline/bifs.to_addr/output index ff277498f8..084261a8fd 100644 --- a/testing/btest/Baseline/bifs.to_addr/output +++ b/testing/btest/Baseline/bifs.to_addr/output @@ -6,4 +6,4 @@ to_addr(10.20.30.40) = 10.20.30.40 (SUCCESS) to_addr(100.200.30.40) = 100.200.30.40 (SUCCESS) to_addr(10.0.0.0) = 10.0.0.0 (SUCCESS) to_addr(10.00.00.000) = 10.0.0.0 (SUCCESS) -to_addr(not an IP) = :: (SUCCESS) +to_addr(not an IP) = [::] (SUCCESS) diff --git a/testing/btest/Baseline/bifs.to_subnet/output b/testing/btest/Baseline/bifs.to_subnet/output index 0775063f89..526c3d66b2 100644 --- a/testing/btest/Baseline/bifs.to_subnet/output +++ b/testing/btest/Baseline/bifs.to_subnet/output @@ -1,3 +1,3 @@ 10.0.0.0/8, T -2607:f8b0::/32, T -::/0, T +[2607:f8b0::]/32, T +[::]/0, T diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index c77eda4f04..a98469d075 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,5 +1,5 @@ [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg +[orig_h=[fe80::217:f2ff:fed7:cf65], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], arKYeMETxOg [orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif @@ -36,8 +36,8 @@ [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf -[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp], zno26fFZkrh [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l -[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1 +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp], eWZCH7OONC1 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7 diff --git a/testing/btest/Baseline/core.discarder/output b/testing/btest/Baseline/core.discarder/output index 82b4b3e622..56b85cb83e 100644 --- a/testing/btest/Baseline/core.discarder/output +++ b/testing/btest/Baseline/core.discarder/output @@ -15,10 +15,10 @@ [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp] [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp] ################ UDP Discarder ################ -[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp] -[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp] -[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp] -[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp] -[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp] +[orig_h=[fe80::217:f2ff:fed7:cf65], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp] +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp] +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp] +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp] +[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp] ################ ICMP Discarder ################ Discard icmp packet: [icmp_type=3] diff --git a/testing/btest/Baseline/core.icmp.icmp-context/output b/testing/btest/Baseline/core.icmp.icmp-context/output index 40dc778d8b..0820488cf8 100644 --- a/testing/btest/Baseline/core.icmp.icmp-context/output +++ b/testing/btest/Baseline/core.icmp.icmp-context/output @@ -1,7 +1,7 @@ icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F] - icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + icmp_context: [id=[orig_h=[::], orig_p=0/unknown, resp_h=[::], resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-context/output b/testing/btest/Baseline/core.icmp.icmp6-context/output index 7a83679018..75b51ab697 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-context/output +++ b/testing/btest/Baseline/core.icmp.icmp6-context/output @@ -1,16 +1,16 @@ icmp_unreachable (code=0) - conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T] - icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=0, hlim=64, v6=T] + icmp_context: [id=[orig_h=[::], orig_p=0/unknown, resp_h=[::], resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=40, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=0/unknown, resp_h=[fe80::dead], resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=48, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=0/unknown, resp_h=[fe80::dead], resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index 81075b716a..8b41827dc0 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -1,46 +1,46 @@ icmp_unreachable (code=0) - conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_packet_too_big (code=0) - conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=2/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=2, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) - conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=3/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=3, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_parameter_problem (code=0) - conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=[fe80::dead], orig_p=4/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=4, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] - icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] -icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) - conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] + conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] + icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] +icmp_redirect (tgt=[fe80::cafe], dest=[fe80::babe]) + conn_id: [orig_h=[fe80::dead], orig_p=137/icmp, resp_h=[fe80::beef], resp_p=0/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=137, icode=0, len=32, hlim=255, v6=T] icmp_router_advertisement cur_hop_limit=13 managed=T @@ -52,17 +52,17 @@ icmp_router_advertisement router_lifetime=30.0 mins reachable_time=3.0 secs 700.0 msecs retrans_timer=1.0 sec 300.0 msecs - conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] -icmp_neighbor_advertisement (tgt=fe80::babe) + conn_id: [orig_h=[fe80::dead], orig_p=134/icmp, resp_h=[fe80::beef], resp_p=133/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=134, icode=0, len=8, hlim=255, v6=T] +icmp_neighbor_advertisement (tgt=[fe80::babe]) router=T solicited=F override=T - conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] + conn_id: [orig_h=[fe80::dead], orig_p=136/icmp, resp_h=[fe80::beef], resp_p=135/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=136, icode=0, len=16, hlim=255, v6=T] icmp_router_solicitation - conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] -icmp_neighbor_solicitation (tgt=fe80::babe) - conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] - icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] + conn_id: [orig_h=[fe80::dead], orig_p=133/icmp, resp_h=[fe80::beef], resp_p=134/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=133, icode=0, len=0, hlim=255, v6=T] +icmp_neighbor_solicitation (tgt=[fe80::babe]) + conn_id: [orig_h=[fe80::dead], orig_p=135/icmp, resp_h=[fe80::beef], resp_p=136/icmp] + icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=135, icode=0, len=16, hlim=255, v6=T] diff --git a/testing/btest/Baseline/core.ipv6-atomic-frag/output b/testing/btest/Baseline/core.ipv6-atomic-frag/output index 4a628a4bdc..b634ae11db 100644 --- a/testing/btest/Baseline/core.ipv6-atomic-frag/output +++ b/testing/btest/Baseline/core.ipv6-atomic-frag/output @@ -1,4 +1,4 @@ -[orig_h=2001:db8:1::2, orig_p=36951/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] -[orig_h=2001:db8:1::2, orig_p=59694/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] -[orig_h=2001:db8:1::2, orig_p=27393/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] -[orig_h=2001:db8:1::2, orig_p=45805/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] +[orig_h=[2001:db8:1::2], orig_p=36951/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] +[orig_h=[2001:db8:1::2], orig_p=59694/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] +[orig_h=[2001:db8:1::2], orig_p=27393/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] +[orig_h=[2001:db8:1::2], orig_p=45805/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] diff --git a/testing/btest/Baseline/core.ipv6-frag/dns.log b/testing/btest/Baseline/core.ipv6-frag/dns.log index 251f35d789..ccf9f4b73d 100644 --- a/testing/btest/Baseline/core.ipv6-frag/dns.log +++ b/testing/btest/Baseline/core.ipv6-frag/dns.log @@ -5,5 +5,5 @@ #path dns #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] -1331084278.438444 UWkUyAuUGXf 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 -1331084293.592245 arKYeMETxOg 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 +1331084278.438444 UWkUyAuUGXf [2001:470:1f11:81f:d138:5f55:6d4:1fe2] 51850 [2607:f740:b::f93] 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 +1331084293.592245 arKYeMETxOg [2001:470:1f11:81f:d138:5f55:6d4:1fe2] 51851 [2607:f740:b::f93] 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 diff --git a/testing/btest/Baseline/core.ipv6-frag/output b/testing/btest/Baseline/core.ipv6-frag/output index 12dfc3a841..3ab244254b 100644 --- a/testing/btest/Baseline/core.ipv6-frag/output +++ b/testing/btest/Baseline/core.ipv6-frag/output @@ -1,5 +1,5 @@ -ip6=[class=0, flow=0, len=81, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51850/udp, dport=53/udp, ulen=81] -ip6=[class=0, flow=0, len=331, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51850/udp, ulen=331] -ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] -ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] -ip6=[class=0, flow=0, len=3238, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51851/udp, ulen=3238] +ip6=[class=0, flow=0, len=81, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51850/udp, dport=53/udp, ulen=81] +ip6=[class=0, flow=0, len=331, nxt=17, hlim=53, src=[2607:f740:b::f93], dst=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], exts=[]], udp = [sport=53/udp, dport=51850/udp, ulen=331] +ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] +ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] +ip6=[class=0, flow=0, len=3238, nxt=17, hlim=53, src=[2607:f740:b::f93], dst=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], exts=[]], udp = [sport=53/udp, dport=51851/udp, ulen=3238] diff --git a/testing/btest/Baseline/core.ipv6_esp/output b/testing/btest/Baseline/core.ipv6_esp/output index 02fb7e154f..834a3cd56e 100644 --- a/testing/btest/Baseline/core.ipv6_esp/output +++ b/testing/btest/Baseline/core.ipv6_esp/output @@ -1,120 +1,120 @@ -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=1], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=2], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=3], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=4], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=5], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=6], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=7], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=8], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=9], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=10], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=1], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=2], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=3], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=4], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=5], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=6], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=7], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=8], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=9], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=10], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=1], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=2], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=3], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=4], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=5], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=6], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=7], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=8], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=9], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=10], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=1], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=2], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=3], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=4], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=5], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=6], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=7], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=8], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=9], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=10], mobility=]]] diff --git a/testing/btest/Baseline/core.ipv6_ext_headers/output b/testing/btest/Baseline/core.ipv6_ext_headers/output index b4cd249371..e6ac3de822 100644 --- a/testing/btest/Baseline/core.ipv6_ext_headers/output +++ b/testing/btest/Baseline/core.ipv6_ext_headers/output @@ -1,3 +1,3 @@ -weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2 -[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp] -[ip=, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=, routing=, fragment=, ah=, esp=, mobility=], [id=43, hopopts=, dstopts=, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=] +weird routing0_hdr from [2001:4f8:4:7:2e0:81ff:fe52:ffff] to [2001:78:1:32::2] +[orig_h=[2001:4f8:4:7:2e0:81ff:fe52:ffff], orig_p=53/udp, resp_h=[2001:78:1:32::2], resp_p=53/udp] +[ip=, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=, routing=, fragment=, ah=, esp=, mobility=], [id=43, hopopts=, dstopts=, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=] diff --git a/testing/btest/Baseline/core.mobile-ipv6-home-addr/output b/testing/btest/Baseline/core.mobile-ipv6-home-addr/output index 88cbe0cb16..63e3fb92f9 100644 --- a/testing/btest/Baseline/core.mobile-ipv6-home-addr/output +++ b/testing/btest/Baseline/core.mobile-ipv6-home-addr/output @@ -1,2 +1,2 @@ -[orig_h=2001:78:1:32::1, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] -[ip=, ip6=[class=0, flow=0, len=36, nxt=60, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=60, hopopts=, dstopts=[nxt=17, len=2, options=[[otype=1, len=2, data=\0\0], [otype=201, len=16, data= ^A\0x\0^A\02\0\0\0\0\0\0\0^A]]], routing=, fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] +[orig_h=[2001:78:1:32::1], orig_p=30000/udp, resp_h=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], resp_p=13000/udp] +[ip=, ip6=[class=0, flow=0, len=36, nxt=60, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=60, hopopts=, dstopts=[nxt=17, len=2, options=[[otype=1, len=2, data=\0\0], [otype=201, len=16, data= ^A\0x\0^A\02\0\0\0\0\0\0\0^A]]], routing=, fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] diff --git a/testing/btest/Baseline/core.mobile-ipv6-routing/output b/testing/btest/Baseline/core.mobile-ipv6-routing/output index 04292caaa7..e1cd99da1c 100644 --- a/testing/btest/Baseline/core.mobile-ipv6-routing/output +++ b/testing/btest/Baseline/core.mobile-ipv6-routing/output @@ -1,2 +1,2 @@ -[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:78:1:32::1, resp_p=13000/udp] -[ip=, ip6=[class=0, flow=0, len=36, nxt=43, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=43, hopopts=, dstopts=, routing=[nxt=17, len=2, rtype=2, segleft=1, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] +[orig_h=[2001:4f8:4:7:2e0:81ff:fe52:ffff], orig_p=30000/udp, resp_h=[2001:78:1:32::1], resp_p=13000/udp] +[ip=, ip6=[class=0, flow=0, len=36, nxt=43, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=43, hopopts=, dstopts=, routing=[nxt=17, len=2, rtype=2, segleft=1, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] diff --git a/testing/btest/Baseline/core.mobility_msg/output b/testing/btest/Baseline/core.mobility_msg/output index 6f8d6a1699..64315bf370 100644 --- a/testing/btest/Baseline/core.mobility_msg/output +++ b/testing/btest/Baseline/core.mobility_msg/output @@ -1,16 +1,16 @@ Binding ACK: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=6, rsv=0, chksum=53722, msg=[id=6, brr=, hoti=, coti=, hot=, cot=, bu=, back=[status=0, k=T, seq=42, life=8, options=[[otype=1, len=2, data=\0\0]]], be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=6, rsv=0, chksum=53722, msg=[id=6, brr=, hoti=, coti=, hot=, cot=, bu=, back=[status=0, k=T, seq=42, life=8, options=[[otype=1, len=2, data=\0\0]]], be=]]]]] Binding Error: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=7, rsv=0, chksum=45272, msg=[id=7, brr=, hoti=, coti=, hot=, cot=, bu=, back=, be=[status=1, hoa=2001:78:1:32::1, options=[]]]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=7, rsv=0, chksum=45272, msg=[id=7, brr=, hoti=, coti=, hot=, cot=, bu=, back=, be=[status=1, hoa=[2001:78:1:32::1], options=[]]]]]]] Binding Refresh Request: -[class=0, flow=0, len=8, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=0, mh_type=0, rsv=0, chksum=55703, msg=[id=0, brr=[rsv=0, options=[]], hoti=, coti=, hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=8, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=0, mh_type=0, rsv=0, chksum=55703, msg=[id=0, brr=[rsv=0, options=[]], hoti=, coti=, hot=, cot=, bu=, back=, be=]]]]] Binding Update: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=5, rsv=0, chksum=868, msg=[id=5, brr=, hoti=, coti=, hot=, cot=, bu=[seq=37, a=T, h=T, l=F, k=T, life=3, options=[[otype=1, len=2, data=\0\0]]], back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=5, rsv=0, chksum=868, msg=[id=5, brr=, hoti=, coti=, hot=, cot=, bu=[seq=37, a=T, h=T, l=F, k=T, life=3, options=[[otype=1, len=2, data=\0\0]]], back=, be=]]]]] Care-of Test: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=4, rsv=0, chksum=54378, msg=[id=4, brr=, hoti=, coti=, hot=, cot=[nonce_idx=13, cookie=15, token=255, options=[]], bu=, back=, be=]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=4, rsv=0, chksum=54378, msg=[id=4, brr=, hoti=, coti=, hot=, cot=[nonce_idx=13, cookie=15, token=255, options=[]], bu=, back=, be=]]]]] Care-of Test Init: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=2, rsv=0, chksum=55181, msg=[id=2, brr=, hoti=, coti=[rsv=0, cookie=1, options=[]], hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=2, rsv=0, chksum=55181, msg=[id=2, brr=, hoti=, coti=[rsv=0, cookie=1, options=[]], hot=, cot=, bu=, back=, be=]]]]] Home Test: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=3, rsv=0, chksum=54634, msg=[id=3, brr=, hoti=, coti=, hot=[nonce_idx=13, cookie=15, token=255, options=[]], cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=3, rsv=0, chksum=54634, msg=[id=3, brr=, hoti=, coti=, hot=[nonce_idx=13, cookie=15, token=255, options=[]], cot=, bu=, back=, be=]]]]] Home Test Init: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=1, rsv=0, chksum=55437, msg=[id=1, brr=, hoti=[rsv=0, cookie=1, options=[]], coti=, hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=1, rsv=0, chksum=55437, msg=[id=1, brr=, hoti=[rsv=0, cookie=1, options=[]], coti=, hot=, cot=, bu=, back=, be=]]]]] diff --git a/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout b/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout index 0a7bac52c5..5114999813 100644 --- a/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout +++ b/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout @@ -1,9 +1,9 @@ handshake done with peer bro_addr(1.2.3.4) bro_subnet(10.0.0.0/16) -bro_addr(2607:f8b0:4009:802::1014) -bro_subnet(2607:f8b0::/32) +bro_addr([2607:f8b0:4009:802::1014]) +bro_subnet([2607:f8b0::]/32) broccoli_addr(1.2.3.4) broccoli_subnet(10.0.0.0/16) -broccoli_addr(2607:f8b0:4009:802::1014) -broccoli_subnet(2607:f8b0::/32) +broccoli_addr([2607:f8b0:4009:802::1014]) +broccoli_subnet([2607:f8b0::]/32) diff --git a/testing/btest/Baseline/istate.pybroccoli/bro..stdout b/testing/btest/Baseline/istate.pybroccoli/bro..stdout index 70ca69dd98..9c4637125e 100644 --- a/testing/btest/Baseline/istate.pybroccoli/bro..stdout +++ b/testing/btest/Baseline/istate.pybroccoli/bro..stdout @@ -1,16 +1,16 @@ ==== atomic -10 2 -1330035434.516896 +1336148094.497041 2.0 mins F 1.5 Servus 5555/tcp 6.7.6.5 -2001:db8:85a3::8a2e:370:7334 +[2001:db8:85a3::8a2e:370:7334] 192.168.0.0/16 -2001:db8:85a3::/48 +[2001:db8:85a3::]/48 ==== record [a=42, b=6.6.7.7] 42, 6.6.7.7 diff --git a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered index 5d98e2d759..5d1ca261c4 100644 --- a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered +++ b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered @@ -1,7 +1,7 @@ ==== atomic a 1 ==== -4L -4 42 42 -1330035434.5180 +1336148094.5020 60.0 True True 3.14 @@ -14,7 +14,7 @@ True True ==== atomic a 2 ==== -10L -10 2 2 -1330035434.5169 +1336148094.4970 120.0 False False 1.5 @@ -27,7 +27,7 @@ False False ==== atomic b 2 ==== -10L -10 2 - 1330035434.5169 + 1336148094.4970 120.0 False False 1.5 diff --git a/testing/btest/Baseline/language.expire_func/output b/testing/btest/Baseline/language.expire_func/output index 91cd2bad16..13be712d8a 100644 --- a/testing/btest/Baseline/language.expire_func/output +++ b/testing/btest/Baseline/language.expire_func/output @@ -16,7 +16,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], am } { @@ -25,7 +25,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], am } { @@ -34,7 +34,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -45,7 +45,7 @@ i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -57,7 +57,7 @@ i, here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -70,7 +70,7 @@ i, here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], +[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -82,7 +82,7 @@ expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53 expired here expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp] expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp] -expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp] +expired [orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp] expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp] expired am { diff --git a/testing/btest/Baseline/language.ipv6-literals/output b/testing/btest/Baseline/language.ipv6-literals/output index 8542af7f91..a540fe999b 100644 --- a/testing/btest/Baseline/language.ipv6-literals/output +++ b/testing/btest/Baseline/language.ipv6-literals/output @@ -1,24 +1,24 @@ -::1 -::ffff -::255.255.255.255 -::10.10.255.255 -1::1 -1::a -1::1:1 -1::1:a -a::a -a::1 -a::a:a -a::a:1 -a:a::a -aaaa::ffff +[::1] +[::ffff] +[::255.255.255.255] +[::10.10.255.255] +[1::1] +[1::a] +[1::1:1] +[1::1:a] +[a::a] +[a::1] +[a::a:a] +[a::a:1] +[a:a::a] +[aaaa::ffff] 192.168.1.100 -ffff::c0a8:164 -::192.168.1.100 -::ffff:0:192.168.1.100 -805b:2d9d:dc28::fc57:d4c8:1fff -aaaa::bbbb -aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222 -aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222 -aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222 -aaaa:bbbb:cccc:dddd:eeee::2222 +[ffff::c0a8:164] +[::192.168.1.100] +[::ffff:0:192.168.1.100] +[805b:2d9d:dc28::fc57:d4c8:1fff] +[aaaa::bbbb] +[aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222] +[aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222] +[aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222] +[aaaa:bbbb:cccc:dddd:eeee::2222] diff --git a/testing/btest/Baseline/language.sizeof/output b/testing/btest/Baseline/language.sizeof/output index 43cb73f763..160ea9ab4c 100644 --- a/testing/btest/Baseline/language.sizeof/output +++ b/testing/btest/Baseline/language.sizeof/output @@ -1,5 +1,5 @@ IPv4 Address 1.2.3.4: 32 -IPv6 Address ::1: 128 +IPv6 Address [::1]: 128 Boolean T: 1 Count 10: 10 Double -1.23: 1.230000 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log index 291909b80a..c2c69f3153 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log @@ -5,15 +5,15 @@ #path local #fields ts id.orig_h #types time addr -1300475168.855330 141.142.220.118 +1300475168.859163 141.142.220.118 1300475168.652003 141.142.220.118 1300475168.895267 141.142.220.118 +1300475168.902635 141.142.220.118 +1300475168.892936 141.142.220.118 1300475168.855305 141.142.220.118 -1300475168.859163 141.142.220.118 1300475168.892913 141.142.220.118 1300475168.724007 141.142.220.118 -1300475168.892936 141.142.220.118 -1300475168.902635 141.142.220.118 +1300475168.855330 141.142.220.118 1300475168.891644 141.142.220.118 1300475170.862384 141.142.220.226 1300475168.853899 141.142.220.118 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log index b396c3fc2d..ed0636bc4a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log @@ -6,6 +6,6 @@ #fields ts id.orig_h #types time addr 1300475169.780331 173.192.163.128 -1300475167.097012 fe80::217:f2ff:fed7:cf65 -1300475171.675372 fe80::3074:17d5:2052:c324 -1300475173.116749 fe80::3074:17d5:2052:c324 +1300475167.097012 [fe80::217:f2ff:fed7:cf65] +1300475171.675372 [fe80::3074:17d5:2052:c324] +1300475173.116749 [fe80::3074:17d5:2052:c324] diff --git a/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat new file mode 100644 index 0000000000..056ab8a44c --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat @@ -0,0 +1,22 @@ +USER anonymous +PASS test +SYST +FEAT +PWD +EPSV +LIST +EPSV +NLST +TYPE I +SIZE robots.txt +EPSV +RETR robots.txt +MDTM robots.txt +SIZE robots.txt +EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49189| +RETR robots.txt +MDTM robots.txt +TYPE A +EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49190| +LIST +QUIT diff --git a/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat new file mode 100644 index 0000000000..05fe8b57d8 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat @@ -0,0 +1,73 @@ +220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready. +331 Guest login ok, type your name as password. +230- + The NetBSD Project FTP Server located in Redwood City, CA, USA + 1 Gbps connectivity courtesy of , , + Internet Systems Consortium WELCOME! /( )` + \ \___ / | + +--- Currently Supported Platforms ----+ /- _ `-/ ' + | acorn[26,32], algor, alpha, amd64, | (/\/ \ \ /\ + | amiga[,ppc], arc, atari, bebox, | / / | ` \ + | cats, cesfic, cobalt, dreamcast, | O O ) / | + | evb[arm,mips,ppc,sh3], hp[300,700], | `-^--'`< ' + | hpc[arm,mips,sh], i386, | (_.) _ ) / + | ibmnws, iyonix, luna68k, | .___/` / + | mac[m68k,ppc], mipsco, mmeye, | `-----' / + | mvme[m68k,ppc], netwinders, | <----. __ / __ \ + | news[m68k,mips], next68k, ofppc, | <----|====O)))==) \) /==== + | playstation2, pmax, prep, sandpoint, | <----' `--' `.__,' \ + | sbmips, sgimips, shark, sparc[,64], | | | + | sun[2,3], vax, x68k, xen | \ / + +--------------------------------------+ ______( (_ / \_____ + See our website at http://www.NetBSD.org/ ,' ,-----' | \ + We log all FTP transfers and commands. `--{__________) (FL) \/ +230- + EXPORT NOTICE + + Please note that portions of this FTP site contain cryptographic + software controlled under the Export Administration Regulations (EAR). + + None of this software may be downloaded or otherwise exported or + re-exported into (or to a national or resident of) Cuba, Iran, Libya, + Sudan, North Korea, Syria or any other country to which the U.S. has + embargoed goods. + + By downloading or using said software, you are agreeing to the + foregoing and you are representing and warranting that you are not + located in, under the control of, or a national or resident of any + such country or on any such list. +230 Guest login ok, access restrictions apply. +215 UNIX Type: L8 Version: NetBSD-ftpd 20100320 +211-Features supported + MDTM + MLST Type*;Size*;Modify*;Perm*;Unique*; + REST STREAM + SIZE + TVFS +211 End +257 "/" is the current directory. +229 Entering Extended Passive Mode (|||57086|) +150 Opening ASCII mode data connection for '/bin/ls'. +226 Transfer complete. +229 Entering Extended Passive Mode (|||57087|) +150 Opening ASCII mode data connection for 'file list'. +226 Transfer complete. +200 Type set to I. +213 77 +229 Entering Extended Passive Mode (|||57088|) +150 Opening BINARY mode data connection for 'robots.txt' (77 bytes). +226 Transfer complete. +213 20090816112038 +213 77 +200 EPRT command successful. +150 Opening BINARY mode data connection for 'robots.txt' (77 bytes). +226 Transfer complete. +213 20090816112038 +200 Type set to A. +200 EPRT command successful. +150 Opening ASCII mode data connection for '/bin/ls'. +226 Transfer complete. +221- + Data traffic for this session was 154 bytes in 2 files. + Total traffic for this session was 4512 bytes in 5 transfers. +221 Thank you for using the FTP service on ftp.NetBSD.org. diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log index c4a515710d..e398020a87 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log @@ -5,9 +5,9 @@ #path conn #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes #types time string addr port addr port enum string interval count count string bool count string count count count count -1329327783.316897 arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 -1329327786.524332 k6kgXLOoSKl 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 -1329327787.289095 nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 -1329327795.571921 j4u32Pc5bif 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 -1329327777.822004 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 -1329327800.017649 TEfuqmmG4bh 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 +1329327783.316897 arKYeMETxOg [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49186 [2001:470:4867:99::21] 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 +1329327786.524332 k6kgXLOoSKl [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49187 [2001:470:4867:99::21] 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 +1329327787.289095 nQcgTWjvg4c [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49188 [2001:470:4867:99::21] 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 +1329327795.571921 j4u32Pc5bif [2001:470:4867:99::21] 55785 [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 +1329327777.822004 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 +1329327800.017649 TEfuqmmG4bh [2001:470:4867:99::21] 55647 [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log index 8bc2ef2cb7..61375d7233 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log @@ -5,5 +5,5 @@ #path ftp #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file #types time string addr port addr port string string string string string string count count string table[string] file -1329327787.396984 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - -1329327795.463946 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - +1329327787.396984 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - +1329327795.463946 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test new file mode 100644 index 0000000000..82f46b62c8 --- /dev/null +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T" +# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat +# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat From 79afc834ce4218ac986c16dffa5f835fa3b7b6a2 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 4 May 2012 16:09:05 -0500 Subject: [PATCH 29/51] Add SHA1 and SHA256 hashing BIFs. (addresses #542) Also refactor all internal MD5 stuff to use OpenSSL's. --- src/Anon.cc | 1 - src/CMakeLists.txt | 6 +- src/DFA.cc | 15 +- src/Func.cc | 1 - src/MIME.cc | 5 +- src/MIME.h | 5 +- src/bro.bif | 301 ++++++++++++++++- src/digest.h | 92 ++++++ src/main.cc | 5 +- src/md5.c | 380 ---------------------- src/md5.h | 90 ----- src/util.cc | 27 +- src/util.h | 4 - testing/btest/Baseline/bifs.md5/output | 4 + testing/btest/Baseline/bifs.sha1/output | 4 + testing/btest/Baseline/bifs.sha256/output | 4 + testing/btest/bifs/md5.test | 16 + testing/btest/bifs/sha1.test | 16 + testing/btest/bifs/sha256.test | 16 + 19 files changed, 461 insertions(+), 531 deletions(-) create mode 100644 src/digest.h delete mode 100644 src/md5.c delete mode 100644 src/md5.h create mode 100644 testing/btest/Baseline/bifs.md5/output create mode 100644 testing/btest/Baseline/bifs.sha1/output create mode 100644 testing/btest/Baseline/bifs.sha256/output create mode 100644 testing/btest/bifs/md5.test create mode 100644 testing/btest/bifs/sha1.test create mode 100644 testing/btest/bifs/sha256.test diff --git a/src/Anon.cc b/src/Anon.cc index d2a28a0e08..f58057b2fc 100644 --- a/src/Anon.cc +++ b/src/Anon.cc @@ -5,7 +5,6 @@ #include "util.h" #include "net_util.h" -#include "md5.h" #include "Anon.h" #include "Val.h" #include "NetVar.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ce1b25dd42..4e73ad69b4 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -247,7 +247,6 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} ) -set(dns_SRCS nb_dns.c) set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS -fno-strict-aliasing) @@ -403,7 +402,6 @@ set(bro_SRCS bsd-getopt-long.c bro_inet_ntop.c cq.c - md5.c patricia.c setsignal.c PacketDumper.cc @@ -421,8 +419,8 @@ set(bro_SRCS logging/writers/Ascii.cc logging/writers/None.cc - ${dns_SRCS} - ${openssl_SRCS} + nb_dns.c + digest.h ) collect_headers(bro_HEADERS ${bro_SRCS}) diff --git a/src/DFA.cc b/src/DFA.cc index e58ea260e5..06ccfd9342 100644 --- a/src/DFA.cc +++ b/src/DFA.cc @@ -2,9 +2,10 @@ #include "config.h" +#include + #include "EquivClass.h" #include "DFA.h" -#include "md5.h" int dfa_state_cache_size = 10000; @@ -312,8 +313,8 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, { // We assume that state ID's don't exceed 10 digits, plus // we allow one more character for the delimiter. - md5_byte_t id_tag[nfas.length() * 11 + 1]; - md5_byte_t* p = id_tag; + u_char id_tag[nfas.length() * 11 + 1]; + u_char* p = id_tag; for ( int i = 0; i < nfas.length(); ++i ) { @@ -335,12 +336,8 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, // We use the short MD5 instead of the full string for the // HashKey because the data is copied into the key. - md5_state_t state; - md5_byte_t digest[16]; - - md5_init(&state); - md5_append(&state, id_tag, p - id_tag); - md5_finish(&state, digest); + u_char digest[16]; + MD5(id_tag, p - id_tag, digest); *hash = new HashKey(&digest, sizeof(digest)); CacheEntry* e = states.Lookup(*hash); diff --git a/src/Func.cc b/src/Func.cc index 65cb22b09d..ecb341e3e0 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -29,7 +29,6 @@ #include -#include "md5.h" #include "Base64.h" #include "Stmt.h" #include "Scope.h" diff --git a/src/MIME.cc b/src/MIME.cc index 103cf149ef..4a7c0268b0 100644 --- a/src/MIME.cc +++ b/src/MIME.cc @@ -4,6 +4,7 @@ #include "MIME.h" #include "Event.h" #include "Reporter.h" +#include "digest.h" // Here are a few things to do: // @@ -1008,7 +1009,7 @@ void MIME_Mail::Done() if ( compute_content_hash && mime_content_hash ) { u_char* digest = new u_char[16]; - md5_finish(&md5_hash, digest); + md5_final(&md5_hash, digest); val_list* vl = new val_list; vl->append(analyzer->BuildConnVal()); @@ -1096,7 +1097,7 @@ void MIME_Mail::SubmitData(int len, const char* buf) if ( compute_content_hash ) { content_hash_length += len; - md5_append(&md5_hash, (const u_char*) buf, len); + md5_update(&md5_hash, (const u_char*) buf, len); } if ( mime_entity_data || mime_all_data ) diff --git a/src/MIME.h b/src/MIME.h index 52d943fb15..ffff30e387 100644 --- a/src/MIME.h +++ b/src/MIME.h @@ -2,13 +2,12 @@ #define mime_h #include - +#include #include #include #include using namespace std; -#include "md5.h" #include "Base64.h" #include "BroString.h" #include "Analyzer.h" @@ -248,7 +247,7 @@ protected: int buffer_offset; int compute_content_hash; int content_hash_length; - md5_state_t md5_hash; + MD5_CTX md5_hash; vector entity_content; vector all_content; diff --git a/src/bro.bif b/src/bro.bif index f76704cfe6..15740a83c7 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -6,13 +6,13 @@ %%{ // C segment #include - #include #include #include #include #include +#include "digest.h" #include "Reporter.h" #include "IPAddr.h" @@ -530,7 +530,7 @@ function piped_exec%(program: string, to_write: string%): bool %%{ static void hash_md5_val(val_list& vlist, unsigned char digest[16]) { - md5_state_s h; + MD5_CTX h; md5_init(&h); loop_over_list(vlist, i) @@ -539,16 +539,16 @@ static void hash_md5_val(val_list& vlist, unsigned char digest[16]) if ( v->Type()->Tag() == TYPE_STRING ) { const BroString* str = v->AsString(); - md5_append(&h, str->Bytes(), str->Len()); + md5_update(&h, str->Bytes(), str->Len()); } else { ODesc d(DESC_BINARY); v->Describe(&d); - md5_append(&h, (const md5_byte_t *) d.Bytes(), d.Len()); + md5_update(&h, (const u_char *) d.Bytes(), d.Len()); } } - md5_finish(&h, digest); + md5_final(&h, digest); } static void hmac_md5_val(val_list& vlist, unsigned char digest[16]) @@ -556,7 +556,53 @@ static void hmac_md5_val(val_list& vlist, unsigned char digest[16]) hash_md5_val(vlist, digest); for ( int i = 0; i < 16; ++i ) digest[i] = digest[i] ^ shared_hmac_md5_key[i]; - hash_md5(16, digest, digest); + MD5(digest, 16, digest); + } + +static void hash_sha1_val(val_list& vlist, unsigned char digest[20]) + { + SHA_CTX h; + + sha1_init(&h); + loop_over_list(vlist, i) + { + Val* v = vlist[i]; + if ( v->Type()->Tag() == TYPE_STRING ) + { + const BroString* str = v->AsString(); + sha1_update(&h, str->Bytes(), str->Len()); + } + else + { + ODesc d(DESC_BINARY); + v->Describe(&d); + sha1_update(&h, (const u_char *) d.Bytes(), d.Len()); + } + } + sha1_final(&h, digest); + } + +static void hash_sha256_val(val_list& vlist, unsigned char digest[32]) + { + SHA256_CTX h; + + sha256_init(&h); + loop_over_list(vlist, i) + { + Val* v = vlist[i]; + if ( v->Type()->Tag() == TYPE_STRING ) + { + const BroString* str = v->AsString(); + sha256_update(&h, str->Bytes(), str->Len()); + } + else + { + ODesc d(DESC_BINARY); + v->Describe(&d); + sha256_update(&h, (const u_char *) d.Bytes(), d.Len()); + } + } + sha256_final(&h, digest); } %%} @@ -565,6 +611,8 @@ static void hmac_md5_val(val_list& vlist, unsigned char digest[16]) ## Returns: The MD5 hash value of the concatenated arguments. ## ## .. bro:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish ## ## .. note:: ## @@ -578,6 +626,46 @@ function md5_hash%(...%): string return new StringVal(md5_digest_print(digest)); %} +## Computes the SHA1 hash value of the provided list of arguments. +## +## Returns: The SHA1 hash value of the concatenated arguments. +## +## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish +## +## .. note:: +## +## This function performs a one-shot computation of its arguments. +## For incremental hash computation, see :bro:id:`sha1_hash_init` and +## friends. +function sha1_hash%(...%): string + %{ + unsigned char digest[20]; + hash_sha1_val(@ARG@, digest); + return new StringVal(sha1_digest_print(digest)); + %} + +## Computes the SHA256 hash value of the provided list of arguments. +## +## Returns: The SHA256 hash value of the concatenated arguments. +## +## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash_init sha256_hash_update sha256_hash_finish +## +## .. note:: +## +## This function performs a one-shot computation of its arguments. +## For incremental hash computation, see :bro:id:`sha256_hash_init` and +## friends. +function sha256_hash%(...%): string + %{ + unsigned char digest[32]; + hash_sha256_val(@ARG@, digest); + return new StringVal(sha256_digest_print(digest)); + %} + ## Computes an HMAC-MD5 hash value of the provided list of arguments. The HMAC ## secret key is generated from available entropy when Bro starts up, or it can ## be specified for repeatability using the ``-K`` command line flag. @@ -585,6 +673,8 @@ function md5_hash%(...%): string ## Returns: The HMAC-MD5 hash value of the concatenated arguments. ## ## .. bro:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hmac%(...%): string %{ unsigned char digest[16]; @@ -593,7 +683,9 @@ function md5_hmac%(...%): string %} %%{ -static map md5_states; +static map md5_states; +static map sha1_states; +static map sha256_states; BroString* convert_index_to_string(Val* index) { @@ -618,7 +710,9 @@ BroString* convert_index_to_string(Val* index) ## ## index: The unique identifier to associate with this hash computation. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_update md5_hash_finish +## .. bro:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_init%(index: any%): bool %{ BroString* s = convert_index_to_string(index); @@ -626,7 +720,7 @@ function md5_hash_init%(index: any%): bool if ( md5_states.count(*s) < 1 ) { - md5_state_s h; + MD5_CTX h; md5_init(&h); md5_states[*s] = h; status = 1; @@ -636,6 +730,75 @@ function md5_hash_init%(index: any%): bool return new Val(status, TYPE_BOOL); %} +## Initializes SHA1 state to enable incremental hash computation. After +## initializing the SHA1 state with this function, you can feed data to +## :bro:id:`sha1_hash_update` and finally need to call +## :bro:id:`sha1_hash_finish` to finish the computation and get the final hash +## value. +## +## For example, when computing incremental SHA1 values of transferred files in +## multiple concurrent HTTP connections, one would call ``sha1_hash_init(c$id)`` +## once before invoking ``sha1_hash_update(c$id, some_more_data)`` in the +## :bro:id:`http_entity_data` event handler. When all data has arrived, a call +## to :bro:id:`sha1_hash_finish` returns the final hash value. +## +## index: The unique identifier to associate with this hash computation. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish +function sha1_hash_init%(index: any%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( sha1_states.count(*s) < 1 ) + { + SHA_CTX h; + sha1_init(&h); + sha1_states[*s] = h; + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + +## Initializes SHA256 state to enable incremental hash computation. After +## initializing the SHA256 state with this function, you can feed data to +## :bro:id:`sha256_hash_update` and finally need to call +## :bro:id:`sha256_hash_finish` to finish the computation and get the final hash +## value. +## +## For example, when computing incremental SHA256 values of transferred files in +## multiple concurrent HTTP connections, one would call +## ``sha256_hash_init(c$id)`` once before invoking +## ``sha256_hash_update(c$id, some_more_data)`` in the +## :bro:id:`http_entity_data` event handler. When all data has arrived, a call +## to :bro:id:`sha256_hash_finish` returns the final hash value. +## +## index: The unique identifier to associate with this hash computation. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_update sha256_hash_finish +function sha256_hash_init%(index: any%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( sha256_states.count(*s) < 1 ) + { + SHA256_CTX h; + sha256_init(&h); + sha256_states[*s] = h; + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + ## Update the MD5 value associated with a given index. It is required to ## call :bro:id:`md5_hash_init` once before calling this ## function. @@ -644,7 +807,9 @@ function md5_hash_init%(index: any%): bool ## ## data: The data to add to the hash computation. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_finish +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_update%(index: any, data: string%): bool %{ BroString* s = convert_index_to_string(index); @@ -652,7 +817,59 @@ function md5_hash_update%(index: any, data: string%): bool if ( md5_states.count(*s) > 0 ) { - md5_append(&md5_states[*s], data->Bytes(), data->Len()); + md5_update(&md5_states[*s], data->Bytes(), data->Len()); + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + +## Update the SHA1 value associated with a given index. It is required to +## call :bro:id:`sha1_hash_init` once before calling this +## function. +## +## index: The unique identifier to associate with this hash computation. +## +## data: The data to add to the hash computation. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish +function sha1_hash_update%(index: any, data: string%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( sha1_states.count(*s) > 0 ) + { + sha1_update(&sha1_states[*s], data->Bytes(), data->Len()); + status = 1; + } + + delete s; + return new Val(status, TYPE_BOOL); + %} + +## Update the SHA256 value associated with a given index. It is required to +## call :bro:id:`sha256_hash_init` once before calling this +## function. +## +## index: The unique identifier to associate with this hash computation. +## +## data: The data to add to the hash computation. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_finish +function sha256_hash_update%(index: any, data: string%): bool + %{ + BroString* s = convert_index_to_string(index); + int status = 0; + + if ( sha256_states.count(*s) > 0 ) + { + sha256_update(&sha256_states[*s], data->Bytes(), data->Len()); status = 1; } @@ -666,7 +883,9 @@ function md5_hash_update%(index: any, data: string%): bool ## ## Returns: The hash value associated with the computation at *index*. ## -## .. bro:see:: md5_hash md5_hmac md5_hash_init md5_hash_update +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hash_finish%(index: any%): string %{ BroString* s = convert_index_to_string(index); @@ -675,7 +894,7 @@ function md5_hash_finish%(index: any%): string if ( md5_states.count(*s) > 0 ) { unsigned char digest[16]; - md5_finish(&md5_states[*s], digest); + md5_final(&md5_states[*s], digest); md5_states.erase(*s); printable_digest = new StringVal(md5_digest_print(digest)); } @@ -686,6 +905,62 @@ function md5_hash_finish%(index: any%): string return printable_digest; %} +## Returns the final SHA1 digest of an incremental hash computation. +## +## index: The unique identifier of this hash computation. +## +## Returns: The hash value associated with the computation at *index*. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update +## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish +function sha1_hash_finish%(index: any%): string + %{ + BroString* s = convert_index_to_string(index); + StringVal* printable_digest; + + if ( sha1_states.count(*s) > 0 ) + { + unsigned char digest[20]; + sha1_final(&sha1_states[*s], digest); + sha1_states.erase(*s); + printable_digest = new StringVal(sha1_digest_print(digest)); + } + else + printable_digest = new StringVal(""); + + delete s; + return printable_digest; + %} + +## Returns the final SHA256 digest of an incremental hash computation. +## +## index: The unique identifier of this hash computation. +## +## Returns: The hash value associated with the computation at *index*. +## +## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish +## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish +## sha256_hash sha256_hash_init sha256_hash_update +function sha256_hash_finish%(index: any%): string + %{ + BroString* s = convert_index_to_string(index); + StringVal* printable_digest; + + if ( sha256_states.count(*s) > 0 ) + { + unsigned char digest[32]; + sha256_final(&sha256_states[*s], digest); + sha256_states.erase(*s); + printable_digest = new StringVal(sha256_digest_print(digest)); + } + else + printable_digest = new StringVal(""); + + delete s; + return printable_digest; + %} + ## Generates a random number. ## ## max: The maximum value the random number. diff --git a/src/digest.h b/src/digest.h new file mode 100644 index 0000000000..ef52ba059a --- /dev/null +++ b/src/digest.h @@ -0,0 +1,92 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +/** + * Wrapper and helper functions for MD5/SHA digest algorithms. + */ + +#ifndef bro_digest_h +#define bro_digest_h + +#include +#include + +#include "Reporter.h" + +static inline const char* digest_print(const u_char* digest, size_t n) + { + static char buf[256]; // big enough for any of md5/sha1/sha256 + for ( size_t i = 0; i < n; ++i ) + snprintf(buf + i * 2, 3, "%02x", digest[i]); + return buf; + } + +inline const char* md5_digest_print(const u_char digest[MD5_DIGEST_LENGTH]) + { + return digest_print(digest, MD5_DIGEST_LENGTH); + } + +inline const char* sha1_digest_print(const u_char digest[SHA_DIGEST_LENGTH]) + { + return digest_print(digest, SHA_DIGEST_LENGTH); + } + +inline const char* sha256_digest_print(const u_char digest[SHA256_DIGEST_LENGTH]) + { + return digest_print(digest, SHA256_DIGEST_LENGTH); + } + +inline void md5_init(MD5_CTX* c) + { + if ( ! MD5_Init(c) ) + reporter->InternalError("MD5_Init failed"); + } + +inline void md5_update(MD5_CTX* c, const void* data, unsigned long len) + { + if ( ! MD5_Update(c, data, len) ) + reporter->InternalError("MD5_Update failed"); + } + +inline void md5_final(MD5_CTX* c, u_char md[MD5_DIGEST_LENGTH]) + { + if ( ! MD5_Final(md, c) ) + reporter->InternalError("MD5_Final failed"); + } + +inline void sha1_init(SHA_CTX* c) + { + if ( ! SHA1_Init(c) ) + reporter->InternalError("SHA_Init failed"); + } + +inline void sha1_update(SHA_CTX* c, const void* data, unsigned long len) + { + if ( ! SHA1_Update(c, data, len) ) + reporter->InternalError("SHA_Update failed"); + } + +inline void sha1_final(SHA_CTX* c, u_char md[SHA_DIGEST_LENGTH]) + { + if ( ! SHA1_Final(md, c) ) + reporter->InternalError("SHA_Final failed"); + } + +inline void sha256_init(SHA256_CTX* c) + { + if ( ! SHA256_Init(c) ) + reporter->InternalError("SHA256_Init failed"); + } + +inline void sha256_update(SHA256_CTX* c, const void* data, unsigned long len) + { + if ( ! SHA256_Update(c, data, len) ) + reporter->InternalError("SHA256_Update failed"); + } + +inline void sha256_final(SHA256_CTX* c, u_char md[SHA256_DIGEST_LENGTH]) + { + if ( ! SHA256_Final(md, c) ) + reporter->InternalError("SHA256_Final failed"); + } + +#endif //bro_digest_h diff --git a/src/main.cc b/src/main.cc index ff33a3859d..89783031bf 100644 --- a/src/main.cc +++ b/src/main.cc @@ -18,6 +18,8 @@ extern "C" { } #endif +#include + extern "C" void OPENSSL_add_all_algorithms_conf(void); #include "bsd-getopt-long.h" @@ -570,8 +572,7 @@ int main(int argc, char** argv) break; case 'K': - hash_md5(strlen(optarg), (const u_char*) optarg, - shared_hmac_md5_key); + MD5((const u_char*) optarg, strlen(optarg), shared_hmac_md5_key); hmac_key_set = 1; break; diff --git a/src/md5.c b/src/md5.c deleted file mode 100644 index 888993b9c4..0000000000 --- a/src/md5.c +++ /dev/null @@ -1,380 +0,0 @@ -/* - Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved. - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - L. Peter Deutsch - ghost@aladdin.com - - */ -/* - Independent implementation of MD5 (RFC 1321). - - This code implements the MD5 Algorithm defined in RFC 1321, whose - text is available at - http://www.ietf.org/rfc/rfc1321.txt - The code is derived from the text of the RFC, including the test suite - (section A.5) but excluding the rest of Appendix A. It does not include - any code or documentation that is identified in the RFC as being - copyrighted. - - The original and principal author of md5.c is L. Peter Deutsch - . Other authors are noted in the change history - that follows (in reverse chronological order): - - 2002-04-13 lpd Clarified derivation from RFC 1321; now handles byte order - either statically or dynamically; added missing #include - in library. - 2002-03-11 lpd Corrected argument list for main(), and added int return - type, in test program and T value program. - 2002-02-21 lpd Added missing #include in test program. - 2000-07-03 lpd Patched to eliminate warnings about "constant is - unsigned in ANSI C, signed in traditional"; made test program - self-checking. - 1999-11-04 lpd Edited comments slightly for automatic TOC extraction. - 1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5). - 1999-05-03 lpd Original version. - */ - -#include "md5.h" -#include - -#undef BYTE_ORDER /* 1 = big-endian, -1 = little-endian, 0 = unknown */ -#ifdef ARCH_IS_BIG_ENDIAN -# define BYTE_ORDER (ARCH_IS_BIG_ENDIAN ? 1 : -1) -#else -# define BYTE_ORDER 0 -#endif - -#define T_MASK ((md5_word_t)~0) -#define T1 /* 0xd76aa478 */ (T_MASK ^ 0x28955b87) -#define T2 /* 0xe8c7b756 */ (T_MASK ^ 0x173848a9) -#define T3 0x242070db -#define T4 /* 0xc1bdceee */ (T_MASK ^ 0x3e423111) -#define T5 /* 0xf57c0faf */ (T_MASK ^ 0x0a83f050) -#define T6 0x4787c62a -#define T7 /* 0xa8304613 */ (T_MASK ^ 0x57cfb9ec) -#define T8 /* 0xfd469501 */ (T_MASK ^ 0x02b96afe) -#define T9 0x698098d8 -#define T10 /* 0x8b44f7af */ (T_MASK ^ 0x74bb0850) -#define T11 /* 0xffff5bb1 */ (T_MASK ^ 0x0000a44e) -#define T12 /* 0x895cd7be */ (T_MASK ^ 0x76a32841) -#define T13 0x6b901122 -#define T14 /* 0xfd987193 */ (T_MASK ^ 0x02678e6c) -#define T15 /* 0xa679438e */ (T_MASK ^ 0x5986bc71) -#define T16 0x49b40821 -#define T17 /* 0xf61e2562 */ (T_MASK ^ 0x09e1da9d) -#define T18 /* 0xc040b340 */ (T_MASK ^ 0x3fbf4cbf) -#define T19 0x265e5a51 -#define T20 /* 0xe9b6c7aa */ (T_MASK ^ 0x16493855) -#define T21 /* 0xd62f105d */ (T_MASK ^ 0x29d0efa2) -#define T22 0x02441453 -#define T23 /* 0xd8a1e681 */ (T_MASK ^ 0x275e197e) -#define T24 /* 0xe7d3fbc8 */ (T_MASK ^ 0x182c0437) -#define T25 0x21e1cde6 -#define T26 /* 0xc33707d6 */ (T_MASK ^ 0x3cc8f829) -#define T27 /* 0xf4d50d87 */ (T_MASK ^ 0x0b2af278) -#define T28 0x455a14ed -#define T29 /* 0xa9e3e905 */ (T_MASK ^ 0x561c16fa) -#define T30 /* 0xfcefa3f8 */ (T_MASK ^ 0x03105c07) -#define T31 0x676f02d9 -#define T32 /* 0x8d2a4c8a */ (T_MASK ^ 0x72d5b375) -#define T33 /* 0xfffa3942 */ (T_MASK ^ 0x0005c6bd) -#define T34 /* 0x8771f681 */ (T_MASK ^ 0x788e097e) -#define T35 0x6d9d6122 -#define T36 /* 0xfde5380c */ (T_MASK ^ 0x021ac7f3) -#define T37 /* 0xa4beea44 */ (T_MASK ^ 0x5b4115bb) -#define T38 0x4bdecfa9 -#define T39 /* 0xf6bb4b60 */ (T_MASK ^ 0x0944b49f) -#define T40 /* 0xbebfbc70 */ (T_MASK ^ 0x4140438f) -#define T41 0x289b7ec6 -#define T42 /* 0xeaa127fa */ (T_MASK ^ 0x155ed805) -#define T43 /* 0xd4ef3085 */ (T_MASK ^ 0x2b10cf7a) -#define T44 0x04881d05 -#define T45 /* 0xd9d4d039 */ (T_MASK ^ 0x262b2fc6) -#define T46 /* 0xe6db99e5 */ (T_MASK ^ 0x1924661a) -#define T47 0x1fa27cf8 -#define T48 /* 0xc4ac5665 */ (T_MASK ^ 0x3b53a99a) -#define T49 /* 0xf4292244 */ (T_MASK ^ 0x0bd6ddbb) -#define T50 0x432aff97 -#define T51 /* 0xab9423a7 */ (T_MASK ^ 0x546bdc58) -#define T52 /* 0xfc93a039 */ (T_MASK ^ 0x036c5fc6) -#define T53 0x655b59c3 -#define T54 /* 0x8f0ccc92 */ (T_MASK ^ 0x70f3336d) -#define T55 /* 0xffeff47d */ (T_MASK ^ 0x00100b82) -#define T56 /* 0x85845dd1 */ (T_MASK ^ 0x7a7ba22e) -#define T57 0x6fa87e4f -#define T58 /* 0xfe2ce6e0 */ (T_MASK ^ 0x01d3191f) -#define T59 /* 0xa3014314 */ (T_MASK ^ 0x5cfebceb) -#define T60 0x4e0811a1 -#define T61 /* 0xf7537e82 */ (T_MASK ^ 0x08ac817d) -#define T62 /* 0xbd3af235 */ (T_MASK ^ 0x42c50dca) -#define T63 0x2ad7d2bb -#define T64 /* 0xeb86d391 */ (T_MASK ^ 0x14792c6e) - - -static void -md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/) -{ - md5_word_t - a = pms->abcd[0], b = pms->abcd[1], - c = pms->abcd[2], d = pms->abcd[3]; - md5_word_t t; -#if BYTE_ORDER > 0 - /* Define storage only for big-endian CPUs. */ - md5_word_t X[16]; -#else - /* Define storage for little-endian or both types of CPUs. */ - md5_word_t xbuf[16]; - const md5_word_t *X; -#endif - - { -#if BYTE_ORDER == 0 - /* - * Determine dynamically whether this is a big-endian or - * little-endian machine, since we can use a more efficient - * algorithm on the latter. - */ - static const int w = 1; - - if (*((const md5_byte_t *)&w)) /* dynamic little-endian */ -#endif -#if BYTE_ORDER <= 0 /* little-endian */ - { - /* - * On little-endian machines, we can process properly aligned - * data without copying it. - */ - if (!((data - (const md5_byte_t *)0) & 3)) { - /* data are properly aligned */ - X = (const md5_word_t *)data; - } else { - /* not aligned */ - memcpy(xbuf, data, 64); - X = xbuf; - } - } -#endif -#if BYTE_ORDER == 0 - else /* dynamic big-endian */ -#endif -#if BYTE_ORDER >= 0 /* big-endian */ - { - /* - * On big-endian machines, we must arrange the bytes in the - * right order. - */ - const md5_byte_t *xp = data; - int i; - -# if BYTE_ORDER == 0 - X = xbuf; /* (dynamic only) */ -# else -# define xbuf X /* (static only) */ -# endif - for (i = 0; i < 16; ++i, xp += 4) - xbuf[i] = xp[0] + (xp[1] << 8) + (xp[2] << 16) + (xp[3] << 24); - } -#endif - } - -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) - - /* Round 1. */ - /* Let [abcd k s i] denote the operation - a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ -#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define SET(a, b, c, d, k, s, Ti)\ - t = a + F(b,c,d) + X[k] + Ti;\ - a = ROTATE_LEFT(t, s) + b - /* Do the following 16 operations. */ - SET(a, b, c, d, 0, 7, T1); - SET(d, a, b, c, 1, 12, T2); - SET(c, d, a, b, 2, 17, T3); - SET(b, c, d, a, 3, 22, T4); - SET(a, b, c, d, 4, 7, T5); - SET(d, a, b, c, 5, 12, T6); - SET(c, d, a, b, 6, 17, T7); - SET(b, c, d, a, 7, 22, T8); - SET(a, b, c, d, 8, 7, T9); - SET(d, a, b, c, 9, 12, T10); - SET(c, d, a, b, 10, 17, T11); - SET(b, c, d, a, 11, 22, T12); - SET(a, b, c, d, 12, 7, T13); - SET(d, a, b, c, 13, 12, T14); - SET(c, d, a, b, 14, 17, T15); - SET(b, c, d, a, 15, 22, T16); -#undef SET - - /* Round 2. */ - /* Let [abcd k s i] denote the operation - a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ -#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) -#define SET(a, b, c, d, k, s, Ti)\ - t = a + G(b,c,d) + X[k] + Ti;\ - a = ROTATE_LEFT(t, s) + b - /* Do the following 16 operations. */ - SET(a, b, c, d, 1, 5, T17); - SET(d, a, b, c, 6, 9, T18); - SET(c, d, a, b, 11, 14, T19); - SET(b, c, d, a, 0, 20, T20); - SET(a, b, c, d, 5, 5, T21); - SET(d, a, b, c, 10, 9, T22); - SET(c, d, a, b, 15, 14, T23); - SET(b, c, d, a, 4, 20, T24); - SET(a, b, c, d, 9, 5, T25); - SET(d, a, b, c, 14, 9, T26); - SET(c, d, a, b, 3, 14, T27); - SET(b, c, d, a, 8, 20, T28); - SET(a, b, c, d, 13, 5, T29); - SET(d, a, b, c, 2, 9, T30); - SET(c, d, a, b, 7, 14, T31); - SET(b, c, d, a, 12, 20, T32); -#undef SET - - /* Round 3. */ - /* Let [abcd k s t] denote the operation - a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define SET(a, b, c, d, k, s, Ti)\ - t = a + H(b,c,d) + X[k] + Ti;\ - a = ROTATE_LEFT(t, s) + b - /* Do the following 16 operations. */ - SET(a, b, c, d, 5, 4, T33); - SET(d, a, b, c, 8, 11, T34); - SET(c, d, a, b, 11, 16, T35); - SET(b, c, d, a, 14, 23, T36); - SET(a, b, c, d, 1, 4, T37); - SET(d, a, b, c, 4, 11, T38); - SET(c, d, a, b, 7, 16, T39); - SET(b, c, d, a, 10, 23, T40); - SET(a, b, c, d, 13, 4, T41); - SET(d, a, b, c, 0, 11, T42); - SET(c, d, a, b, 3, 16, T43); - SET(b, c, d, a, 6, 23, T44); - SET(a, b, c, d, 9, 4, T45); - SET(d, a, b, c, 12, 11, T46); - SET(c, d, a, b, 15, 16, T47); - SET(b, c, d, a, 2, 23, T48); -#undef SET - - /* Round 4. */ - /* Let [abcd k s t] denote the operation - a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ -#define I(x, y, z) ((y) ^ ((x) | ~(z))) -#define SET(a, b, c, d, k, s, Ti)\ - t = a + I(b,c,d) + X[k] + Ti;\ - a = ROTATE_LEFT(t, s) + b - /* Do the following 16 operations. */ - SET(a, b, c, d, 0, 6, T49); - SET(d, a, b, c, 7, 10, T50); - SET(c, d, a, b, 14, 15, T51); - SET(b, c, d, a, 5, 21, T52); - SET(a, b, c, d, 12, 6, T53); - SET(d, a, b, c, 3, 10, T54); - SET(c, d, a, b, 10, 15, T55); - SET(b, c, d, a, 1, 21, T56); - SET(a, b, c, d, 8, 6, T57); - SET(d, a, b, c, 15, 10, T58); - SET(c, d, a, b, 6, 15, T59); - SET(b, c, d, a, 13, 21, T60); - SET(a, b, c, d, 4, 6, T61); - SET(d, a, b, c, 11, 10, T62); - SET(c, d, a, b, 2, 15, T63); - SET(b, c, d, a, 9, 21, T64); -#undef SET - - /* Then perform the following additions. (That is increment each - of the four registers by the value it had before this block - was started.) */ - pms->abcd[0] += a; - pms->abcd[1] += b; - pms->abcd[2] += c; - pms->abcd[3] += d; -} - -void -md5_init(md5_state_t *pms) -{ - pms->count[0] = pms->count[1] = 0; - pms->abcd[0] = 0x67452301; - pms->abcd[1] = /*0xefcdab89*/ T_MASK ^ 0x10325476; - pms->abcd[2] = /*0x98badcfe*/ T_MASK ^ 0x67452301; - pms->abcd[3] = 0x10325476; -} - -void -md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes) -{ - const md5_byte_t *p = data; - int left = nbytes; - int offset = (pms->count[0] >> 3) & 63; - md5_word_t nbits = (md5_word_t)(nbytes << 3); - - if (nbytes <= 0) - return; - - /* Update the message length. */ - pms->count[1] += nbytes >> 29; - pms->count[0] += nbits; - if (pms->count[0] < nbits) - pms->count[1]++; - - /* Process an initial partial block. */ - if (offset) { - int copy = (offset + nbytes > 64 ? 64 - offset : nbytes); - - memcpy(pms->buf + offset, p, copy); - if (offset + copy < 64) - return; - p += copy; - left -= copy; - md5_process(pms, pms->buf); - } - - /* Process full blocks. */ - for (; left >= 64; p += 64, left -= 64) - md5_process(pms, p); - - /* Process a final partial block. */ - if (left) - memcpy(pms->buf, p, left); -} - -void -md5_finish(md5_state_t *pms, md5_byte_t digest[16]) -{ - static const md5_byte_t pad[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - md5_byte_t data[8]; - int i; - - /* Save the length before padding. */ - for (i = 0; i < 8; ++i) - data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3)); - /* Pad to 56 bytes mod 64. */ - md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1); - /* Append the length. */ - md5_append(pms, data, 8); - for (i = 0; i < 16; ++i) - digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3)); -} diff --git a/src/md5.h b/src/md5.h deleted file mode 100644 index 2806b5b9b5..0000000000 --- a/src/md5.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - Copyright (C) 1999, 2002 Aladdin Enterprises. All rights reserved. - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - L. Peter Deutsch - ghost@aladdin.com - - */ -/* - Independent implementation of MD5 (RFC 1321). - - This code implements the MD5 Algorithm defined in RFC 1321, whose - text is available at - http://www.ietf.org/rfc/rfc1321.txt - The code is derived from the text of the RFC, including the test suite - (section A.5) but excluding the rest of Appendix A. It does not include - any code or documentation that is identified in the RFC as being - copyrighted. - - The original and principal author of md5.h is L. Peter Deutsch - . Other authors are noted in the change history - that follows (in reverse chronological order): - - 2002-04-13 lpd Removed support for non-ANSI compilers; removed - references to Ghostscript; clarified derivation from RFC 1321; - now handles byte order either statically or dynamically. - 1999-11-04 lpd Edited comments slightly for automatic TOC extraction. - 1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5); - added conditionalization for C++ compilation from Martin - Purschke . - 1999-05-03 lpd Original version. - */ - -#ifndef md5_INCLUDED -# define md5_INCLUDED - -/* - * This package supports both compile-time and run-time determination of CPU - * byte order. If ARCH_IS_BIG_ENDIAN is defined as 0, the code will be - * compiled to run only on little-endian CPUs; if ARCH_IS_BIG_ENDIAN is - * defined as non-zero, the code will be compiled to run only on big-endian - * CPUs; if ARCH_IS_BIG_ENDIAN is not defined, the code will be compiled to - * run on either big- or little-endian CPUs, but will run slightly less - * efficiently on either one than if ARCH_IS_BIG_ENDIAN is defined. - */ - -typedef unsigned char md5_byte_t; /* 8-bit byte */ -typedef unsigned int md5_word_t; /* 32-bit word */ - -/* Define the state of the MD5 Algorithm. */ -typedef struct md5_state_s { - md5_word_t count[2]; /* message length in bits, lsw first */ - md5_word_t abcd[4]; /* digest buffer */ - md5_byte_t buf[64]; /* accumulate block */ -} md5_state_t; - -#ifdef __cplusplus -extern "C" -{ -#endif - -/* Initialize the algorithm. */ -void md5_init(md5_state_t *pms); - -/* Append a string to the message. */ -void md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes); - -/* Finish the message and return the digest. */ -void md5_finish(md5_state_t *pms, md5_byte_t digest[16]); - -#ifdef __cplusplus -} /* end extern "C" */ -#endif - -#endif /* md5_INCLUDED */ diff --git a/src/util.cc b/src/util.cc index 856e90d156..90143923f1 100644 --- a/src/util.cc +++ b/src/util.cc @@ -27,6 +27,8 @@ #include #include #include +#include +#include #ifdef HAVE_MALLINFO # include @@ -35,7 +37,6 @@ #include "input.h" #include "util.h" #include "Obj.h" -#include "md5.h" #include "Val.h" #include "NetVar.h" #include "Net.h" @@ -546,24 +547,6 @@ bool is_dir(const char* path) return S_ISDIR(st.st_mode); } -void hash_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]) - { - md5_state_s h; - md5_init(&h); - md5_append(&h, bytes, size); - md5_finish(&h, digest); - } - -const char* md5_digest_print(const unsigned char digest[16]) - { - static char digest_print[256]; - - for ( int i = 0; i < 16; ++i ) - snprintf(digest_print + i * 2, 3, "%02x", digest[i]); - - return digest_print; - } - int hmac_key_set = 0; uint8 shared_hmac_md5_key[16]; @@ -572,12 +555,12 @@ void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]) if ( ! hmac_key_set ) reporter->InternalError("HMAC-MD5 invoked before the HMAC key is set"); - hash_md5(size, bytes, digest); + MD5(bytes, size, digest); for ( int i = 0; i < 16; ++i ) digest[i] ^= shared_hmac_md5_key[i]; - hash_md5(16, digest, digest); + MD5(digest, 16, digest); } static bool read_random_seeds(const char* read_file, uint32* seed, @@ -724,7 +707,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file if ( ! hmac_key_set ) { - hash_md5(sizeof(buf), (u_char*) buf, shared_hmac_md5_key); + MD5((const u_char*) buf, sizeof(buf), shared_hmac_md5_key); hmac_key_set = 1; } diff --git a/src/util.h b/src/util.h index a4e3aa71b8..6b237edfd8 100644 --- a/src/util.h +++ b/src/util.h @@ -136,16 +136,12 @@ extern bool ensure_dir(const char *dirname); bool is_dir(const char* path); extern uint8 shared_hmac_md5_key[16]; -extern void hash_md5(size_t size, const unsigned char* bytes, - unsigned char digest[16]); extern int hmac_key_set; extern unsigned char shared_hmac_md5_key[16]; extern void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16]); -extern const char* md5_digest_print(const unsigned char digest[16]); - // Initializes RNGs for bro_random() and MD5 usage. If seed is given, then // it is used (to provide determinism). If load_file is given, the seeds // (both random & MD5) are loaded from that file. This takes precedence diff --git a/testing/btest/Baseline/bifs.md5/output b/testing/btest/Baseline/bifs.md5/output new file mode 100644 index 0000000000..71c0fbfcb8 --- /dev/null +++ b/testing/btest/Baseline/bifs.md5/output @@ -0,0 +1,4 @@ +f97c5d29941bfb1b2fdab0874906ab82 +7b0391feb2e0cd271f1cf39aafb4376f +f97c5d29941bfb1b2fdab0874906ab82 +7b0391feb2e0cd271f1cf39aafb4376f diff --git a/testing/btest/Baseline/bifs.sha1/output b/testing/btest/Baseline/bifs.sha1/output new file mode 100644 index 0000000000..ddcf9060b9 --- /dev/null +++ b/testing/btest/Baseline/bifs.sha1/output @@ -0,0 +1,4 @@ +fe05bcdcdc4928012781a5f1a2a77cbb5398e106 +3e949019500deb1369f13d9644d420d3a920aa5e +fe05bcdcdc4928012781a5f1a2a77cbb5398e106 +3e949019500deb1369f13d9644d420d3a920aa5e diff --git a/testing/btest/Baseline/bifs.sha256/output b/testing/btest/Baseline/bifs.sha256/output new file mode 100644 index 0000000000..5bd6a63fa4 --- /dev/null +++ b/testing/btest/Baseline/bifs.sha256/output @@ -0,0 +1,4 @@ +7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed +4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801 +7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed +4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801 diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test new file mode 100644 index 0000000000..2632d76cb4 --- /dev/null +++ b/testing/btest/bifs/md5.test @@ -0,0 +1,16 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +print md5_hash("one"); +print md5_hash("one", "two", "three"); + +md5_hash_init("a"); +md5_hash_init("b"); + +md5_hash_update("a", "one"); +md5_hash_update("b", "one"); +md5_hash_update("b", "two"); +md5_hash_update("b", "three"); + +print md5_hash_finish("a"); +print md5_hash_finish("b"); diff --git a/testing/btest/bifs/sha1.test b/testing/btest/bifs/sha1.test new file mode 100644 index 0000000000..85c8df99c5 --- /dev/null +++ b/testing/btest/bifs/sha1.test @@ -0,0 +1,16 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +print sha1_hash("one"); +print sha1_hash("one", "two", "three"); + +sha1_hash_init("a"); +sha1_hash_init("b"); + +sha1_hash_update("a", "one"); +sha1_hash_update("b", "one"); +sha1_hash_update("b", "two"); +sha1_hash_update("b", "three"); + +print sha1_hash_finish("a"); +print sha1_hash_finish("b"); diff --git a/testing/btest/bifs/sha256.test b/testing/btest/bifs/sha256.test new file mode 100644 index 0000000000..7451f2fad3 --- /dev/null +++ b/testing/btest/bifs/sha256.test @@ -0,0 +1,16 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +print sha256_hash("one"); +print sha256_hash("one", "two", "three"); + +sha256_hash_init("a"); +sha256_hash_init("b"); + +sha256_hash_update("a", "one"); +sha256_hash_update("b", "one"); +sha256_hash_update("b", "two"); +sha256_hash_update("b", "three"); + +print sha256_hash_finish("a"); +print sha256_hash_finish("b"); From a0575158efffba2ebb6ae0308fb7af6fdee25e4c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 4 May 2012 21:50:20 -0700 Subject: [PATCH 30/51] DataSeries updates and fixes. --- doc/logging-dataseries.rst | 16 -- src/logging/WriterBackend.cc | 7 +- src/logging/WriterBackend.h | 8 + src/logging/writers/Ascii.cc | 7 +- src/logging/writers/DataSeries.cc | 34 +++-- .../ssh.ds.xml | 2 +- .../out | 140 +++++++++--------- .../ssh.ds.txt | 10 +- .../conn.ds.txt | 80 +++++----- .../http.ds.txt | 38 ++--- 10 files changed, 169 insertions(+), 173 deletions(-) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 67f95ecf3b..1a5f4ae520 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -102,20 +102,4 @@ TODO. TODO ==== -* I'm seeing lots of warning on stderr:: - - Warning, while packing field ts of record 1, error was > 10%: - (1334620000 / 1000000 = 1334.62, round() = 1335) - Warning, while packing field not_valid_after of record 11, error was > 10%: - (1346460000 / 1000000 = 1346.46, round() = 1346) - - See Eric's mail. - -* For testing our script-level options: - - - Can we get the extentsize from a ``.ds`` file? - - Can we get the compressio level from a ``.ds`` file? - - See Eric's mail. - * Do we have a leak? diff --git a/src/logging/WriterBackend.cc b/src/logging/WriterBackend.cc index 28b623988c..09970f02c6 100644 --- a/src/logging/WriterBackend.cc +++ b/src/logging/WriterBackend.cc @@ -267,4 +267,9 @@ string WriterBackend::Render(const threading::Value::subnet_t& subnet) const return s; } - +string WriterBackend::Render(double d) const + { + char buf[256]; + modp_dtoa(d, buf, 6); + return buf; + } diff --git a/src/logging/WriterBackend.h b/src/logging/WriterBackend.h index 8fbf0c9e71..fa12613e6d 100644 --- a/src/logging/WriterBackend.h +++ b/src/logging/WriterBackend.h @@ -165,6 +165,14 @@ public: */ string Render(const threading::Value::subnet_t& subnet) const; + /** Helper method to render a double in Bro's standard precision. + * + * @param d The double. + * + * @return An ASCII representation of the double. + */ + string Render(double d) const; + protected: friend class FinishMessage; diff --git a/src/logging/writers/Ascii.cc b/src/logging/writers/Ascii.cc index 3a35eea380..efc001aa97 100644 --- a/src/logging/writers/Ascii.cc +++ b/src/logging/writers/Ascii.cc @@ -176,14 +176,9 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field) desc->Add(Render(val->val.addr_val)); break; + case TYPE_DOUBLE: case TYPE_TIME: case TYPE_INTERVAL: - char buf[256]; - modp_dtoa(val->val.double_val, buf, 6); - desc->Add(buf); - break; - - case TYPE_DOUBLE: desc->Add(val->val.double_val); break; diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index a3d193be97..bd1da57403 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -21,29 +21,31 @@ std::string DataSeries::LogValueToString(threading::Value *val) if( ! val->present ) return ""; - std::ostringstream ostr; - switch(val->type) { case TYPE_BOOL: return (val->val.int_val ? "true" : "false"); case TYPE_INT: + { + std::ostringstream ostr; ostr << val->val.int_val; return ostr.str(); + } case TYPE_COUNT: case TYPE_COUNTER: case TYPE_PORT: + { + std::ostringstream ostr; ostr << val->val.uint_val; return ostr.str(); + } case TYPE_SUBNET: - ostr << Render(val->val.subnet_val); - return ostr.str(); + return Render(val->val.subnet_val); case TYPE_ADDR: - ostr << Render(val->val.addr_val); - return ostr.str(); + return Render(val->val.addr_val); // Note: These two cases are relatively special. We need to convert // these values into their integer equivalents to maximize precision. @@ -57,15 +59,16 @@ std::string DataSeries::LogValueToString(threading::Value *val) case TYPE_TIME: case TYPE_INTERVAL: if ( ds_use_integer_for_time ) + { + std::ostringstream ostr; ostr << (unsigned long)(DataSeries::TIME_SCALE * val->val.double_val); + return ostr.str(); + } else - ostr << val->val.double_val; - - return ostr.str(); + return Render(val->val.double_val); case TYPE_DOUBLE: - ostr << val->val.double_val; - return ostr.str(); + return Render(val->val.double_val); case TYPE_ENUM: case TYPE_STRING: @@ -190,10 +193,11 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) case TYPE_TIME: case TYPE_INTERVAL: { - std::string s = "pack_relative=\"" + std::string(field->name) + "\""; + std::string s; + s += "pack_relative=\"" + std::string(field->name) + "\""; if ( ! ds_use_integer_for_time ) - s += " pack_scale=\"1000000\""; + s += " pack_scale=\"1000\" pack_scale_warn=\"no\""; else s += string(" units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; @@ -250,7 +254,7 @@ bool DataSeries::OpenLog(string path) ds_extent_size = ROW_MAX; } - log_output = new OutputModule(*log_file, log_series, *log_type, ds_extent_size); + log_output = new OutputModule(*log_file, log_series, log_type, ds_extent_size); return true; } @@ -330,7 +334,7 @@ bool DataSeries::DoInit(string path, int num_fields, const threading::Field* con Warning(Fmt("%s is not a valid compression type. Valid types are: 'lzf', 'lzo', 'gz', 'bz2', 'none', 'any'. Defaulting to 'any'", ds_compression.c_str())); log_type = log_types.registerTypePtr(schema); - log_series.setType(*log_type); + log_series.setType(log_type); return OpenLog(path); } diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml index 71ad5d70a0..9862ae606f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml @@ -1,5 +1,5 @@ - + diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out index a12fed36e1..76e7e77c77 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out @@ -20,7 +20,7 @@ test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataserie - + @@ -34,17 +34,17 @@ test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataserie extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1024 -1.299e+09 10.0.0.2 20 10.0.0.3 0 +1.299467e+09 10.0.0.1 20 10.0.0.2 1024 +1.299471e+09 10.0.0.2 20 10.0.0.3 0 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-04-00-05.ds # Extent Types ... @@ -57,7 +57,7 @@ offset extenttype - + @@ -71,17 +71,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1025 -1.299e+09 10.0.0.2 20 10.0.0.3 1 +1.29947e+09 10.0.0.1 20 10.0.0.2 1025 +1.299474e+09 10.0.0.2 20 10.0.0.3 1 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-05-00-05.ds # Extent Types ... @@ -94,7 +94,7 @@ offset extenttype - + @@ -108,17 +108,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1026 -1.299e+09 10.0.0.2 20 10.0.0.3 2 +1.299474e+09 10.0.0.1 20 10.0.0.2 1026 +1.299478e+09 10.0.0.2 20 10.0.0.3 2 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-06-00-05.ds # Extent Types ... @@ -131,7 +131,7 @@ offset extenttype - + @@ -145,17 +145,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1027 -1.299e+09 10.0.0.2 20 10.0.0.3 3 +1.299478e+09 10.0.0.1 20 10.0.0.2 1027 +1.299482e+09 10.0.0.2 20 10.0.0.3 3 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-07-00-05.ds # Extent Types ... @@ -168,7 +168,7 @@ offset extenttype - + @@ -182,17 +182,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1028 -1.299e+09 10.0.0.2 20 10.0.0.3 4 +1.299481e+09 10.0.0.1 20 10.0.0.2 1028 +1.299485e+09 10.0.0.2 20 10.0.0.3 4 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-08-00-05.ds # Extent Types ... @@ -205,7 +205,7 @@ offset extenttype - + @@ -219,17 +219,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1029 -1.299e+09 10.0.0.2 20 10.0.0.3 5 +1.299485e+09 10.0.0.1 20 10.0.0.2 1029 +1.299489e+09 10.0.0.2 20 10.0.0.3 5 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-09-00-05.ds # Extent Types ... @@ -242,7 +242,7 @@ offset extenttype - + @@ -256,17 +256,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1030 -1.299e+09 10.0.0.2 20 10.0.0.3 6 +1.299488e+09 10.0.0.1 20 10.0.0.2 1030 +1.299492e+09 10.0.0.2 20 10.0.0.3 6 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-10-00-05.ds # Extent Types ... @@ -279,7 +279,7 @@ offset extenttype - + @@ -293,17 +293,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299e+09 10.0.0.1 20 10.0.0.2 1031 -1.299e+09 10.0.0.2 20 10.0.0.3 7 +1.299492e+09 10.0.0.1 20 10.0.0.2 1031 +1.299496e+09 10.0.0.2 20 10.0.0.3 7 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-11-00-05.ds # Extent Types ... @@ -316,7 +316,7 @@ offset extenttype - + @@ -330,17 +330,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.3e+09 10.0.0.1 20 10.0.0.2 1032 -1.3e+09 10.0.0.2 20 10.0.0.3 8 +1.299496e+09 10.0.0.1 20 10.0.0.2 1032 +1.2995e+09 10.0.0.2 20 10.0.0.3 8 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex > test.2011-03-07-12-00-05.ds # Extent Types ... @@ -353,7 +353,7 @@ offset extenttype - + @@ -367,14 +367,14 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.3e+09 10.0.0.1 20 10.0.0.2 1033 -1.3e+09 10.0.0.2 20 10.0.0.3 9 +1.299499e+09 10.0.0.1 20 10.0.0.2 1033 +1.299503e+09 10.0.0.2 20 10.0.0.3 9 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -360 test -468 DataSeries: ExtentIndex +372 test +484 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt index 05026a24ef..8cb1293772 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -9,7 +9,7 @@ - + @@ -27,8 +27,8 @@ extent offset ExtentType 40 DataSeries: XmlType -400 ssh -604 DataSeries: ExtentIndex +416 ssh +624 DataSeries: ExtentIndex # Extent, type='ssh' t id.orig_h id.orig_p id.resp_h id.resp_p status country X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success unknown @@ -39,5 +39,5 @@ X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure MX # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -400 ssh -604 DataSeries: ExtentIndex +416 ssh +624 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt index e85cf9337e..7a4af6776b 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt @@ -9,7 +9,7 @@ - + @@ -17,7 +17,7 @@ - + @@ -51,46 +51,46 @@ extent offset ExtentType 40 DataSeries: XmlType -660 conn -2564 DataSeries: ExtentIndex +680 conn +2592 DataSeries: ExtentIndex # Extent, type='conn' ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes -1.3e+09 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 -1.3e+09 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 -1.3e+09 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 -1.3e+09 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.3e+09 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.3e+09 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.3e+09 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.3e+09 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.3e+09 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.3e+09 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.3e+09 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.3e+09 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.3e+09 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.3e+09 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.3e+09 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.3e+09 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0 0 131 SHR F 0 Cd 0 0 1 159 -1.3e+09 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0 0 198 SHR F 0 Cd 0 0 1 226 -1.3e+09 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 -1.3e+09 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 0 350 0 S0 F 0 D 7 546 0 0 -1.3e+09 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 -1.3e+09 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 -1.3e+09 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 -1.3e+09 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 -1.3e+09 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 -1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 0 1130 734 S1 F 1130 ShACad 4 216 4 950 -1.3e+09 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0 0 350 OTH F 0 CdA 1 52 1 402 -1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 0 1178 734 S1 F 1178 ShACad 4 216 4 950 -1.3e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0 534 412 S1 F 534 ShACad 3 164 3 576 -1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 0 1148 734 S1 F 1148 ShACad 4 216 4 950 -1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 0 1171 733 S1 F 1171 ShACad 4 216 4 949 -1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 0 1137 733 S1 F 1137 ShACad 4 216 4 949 -1.3e+09 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 -1.3e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0 525 232 S1 F 525 ShACad 3 164 3 396 -1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0 1125 734 S1 F 1125 ShACad 4 216 4 950 +1.300475e+09 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 +1.300475e+09 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 +1.300475e+09 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 +1.300475e+09 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.300475e+09 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.300475e+09 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.300475e+09 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.300475e+09 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.300475e+09 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.300475e+09 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.300475e+09 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.300475e+09 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.300475e+09 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 +1.300475e+09 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 +1.300475e+09 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 +1.300475e+09 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0 0 131 SHR F 0 Cd 0 0 1 159 +1.300475e+09 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0 0 198 SHR F 0 Cd 0 0 1 226 +1.300475e+09 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 +1.300475e+09 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 0 350 0 S0 F 0 D 7 546 0 0 +1.300475e+09 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 +1.300475e+09 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 +1.300475e+09 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 +1.300475e+09 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 +1.300475e+09 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 +1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 0 1130 734 S1 F 1130 ShACad 4 216 4 950 +1.300475e+09 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0 0 350 OTH F 0 CdA 1 52 1 402 +1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 0 1178 734 S1 F 1178 ShACad 4 216 4 950 +1.300475e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0 534 412 S1 F 534 ShACad 3 164 3 576 +1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 0 1148 734 S1 F 1148 ShACad 4 216 4 950 +1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 0 1171 733 S1 F 1171 ShACad 4 216 4 949 +1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 0 1137 733 S1 F 1137 ShACad 4 216 4 949 +1.300475e+09 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 +1.300475e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0 525 232 S1 F 525 ShACad 3 164 3 396 +1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0 1125 734 S1 F 1125 ShACad 4 216 4 950 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -660 conn -2564 DataSeries: ExtentIndex +680 conn +2592 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt index a0c6cbbff3..0b16a69a6f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -9,7 +9,7 @@ - + @@ -65,26 +65,26 @@ extent offset ExtentType 40 DataSeries: XmlType -768 http -1156 DataSeries: ExtentIndex +784 http +1172 DataSeries: ExtentIndex # Extent, type='http' ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -1.3e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 -1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 -1.3e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.3e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 +1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 +1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -768 http -1156 DataSeries: ExtentIndex +784 http +1172 DataSeries: ExtentIndex From 905e4d3a14f05fc5ff2970e05ddceb29384ee3b7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 7 May 2012 12:55:54 -0500 Subject: [PATCH 31/51] Change IPv6 output format to no longer automatically be bracketed. Instead, the `addr_to_uri` script-level function can be used to explicitly add brackets to an address if it's IPv6 and will be included in a URI or when a ":" needs to be appended to it. --- scripts/base/protocols/ftp/main.bro | 3 +- scripts/base/protocols/http/utils.bro | 3 +- scripts/base/utils/addrs.bro | 15 ++ scripts/base/utils/files.bro | 5 +- src/IPAddr.cc | 2 +- src/logging/WriterBackend.cc | 2 +- .../bifs.addr_count_conversion/output | 2 +- .../Baseline/bifs.ptr_name_to_addr/output | 2 +- .../bifs.routing0_data_to_addrs/output | 2 +- testing/btest/Baseline/bifs.to_addr/output | 2 +- testing/btest/Baseline/bifs.to_subnet/output | 4 +- testing/btest/Baseline/core.conn-uid/output | 6 +- testing/btest/Baseline/core.discarder/output | 10 +- .../Baseline/core.icmp.icmp-context/output | 2 +- .../Baseline/core.icmp.icmp6-context/output | 24 +- .../Baseline/core.icmp.icmp6-events/output | 82 +++--- .../Baseline/core.ipv6-atomic-frag/output | 8 +- testing/btest/Baseline/core.ipv6-frag/dns.log | 4 +- testing/btest/Baseline/core.ipv6-frag/output | 10 +- testing/btest/Baseline/core.ipv6_esp/output | 240 +++++++++--------- .../Baseline/core.ipv6_ext_headers/output | 6 +- .../core.mobile-ipv6-home-addr/output | 4 +- .../Baseline/core.mobile-ipv6-routing/output | 4 +- .../btest/Baseline/core.mobility_msg/output | 16 +- .../Baseline/istate.broccoli-ipv6/bro..stdout | 8 +- .../Baseline/istate.pybroccoli/bro..stdout | 6 +- .../istate.pybroccoli/python..stdout.filtered | 6 +- .../Baseline/language.expire_func/output | 14 +- .../Baseline/language.ipv6-literals/output | 46 ++-- testing/btest/Baseline/language.sizeof/output | 2 +- .../remote.log | 6 +- .../conn.log | 12 +- .../ftp.log | 4 +- 33 files changed, 290 insertions(+), 272 deletions(-) diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 809ab61360..7c5bbaefdc 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -6,6 +6,7 @@ @load ./utils-commands @load base/utils/paths @load base/utils/numbers +@load base/utils/addrs module FTP; @@ -169,7 +170,7 @@ function ftp_message(s: Info) local arg = s$cmdarg$arg; if ( s$cmdarg$cmd in file_cmds ) - arg = fmt("ftp://%s%s", s$id$resp_h, build_path_compressed(s$cwd, arg)); + arg = fmt("ftp://%s%s", addr_to_uri(s$id$resp_h), build_path_compressed(s$cwd, arg)); s$ts=s$cmdarg$ts; s$command=s$cmdarg$cmd; diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.bro index 0f2666fade..a74a2fe696 100644 --- a/scripts/base/protocols/http/utils.bro +++ b/scripts/base/protocols/http/utils.bro @@ -1,6 +1,7 @@ ##! Utilities specific for HTTP processing. @load ./main +@load base/utils/addrs module HTTP; @@ -51,7 +52,7 @@ function extract_keys(data: string, kv_splitter: pattern): string_vec function build_url(rec: Info): string { local uri = rec?$uri ? rec$uri : "/"; - local host = rec?$host ? rec$host : fmt("%s", rec$id$resp_h); + local host = rec?$host ? rec$host : addr_to_uri(rec$id$resp_h); if ( rec$id$resp_p != 80/tcp ) host = fmt("%s:%s", host, rec$id$resp_p); return fmt("%s%s", host, uri); diff --git a/scripts/base/utils/addrs.bro b/scripts/base/utils/addrs.bro index 415b9adfa9..08efd5281a 100644 --- a/scripts/base/utils/addrs.bro +++ b/scripts/base/utils/addrs.bro @@ -98,3 +98,18 @@ function find_ip_addresses(input: string): string_array } return output; } + +## Returns the string representation of an IP address suitable for inclusion +## in a URI. For IPv4, this does no special formatting, but for IPv6, the +## address is included in square brackets. +## +## a: the address to make suitable for URI inclusion. +## +## Returns: the string representation of *a* suitable for URI inclusion. +function addr_to_uri(a: addr): string + { + if ( is_v4_addr(a) ) + return fmt("%s", a); + else + return fmt("[%s]", a); + } diff --git a/scripts/base/utils/files.bro b/scripts/base/utils/files.bro index 8111245c24..ccd03df0e6 100644 --- a/scripts/base/utils/files.bro +++ b/scripts/base/utils/files.bro @@ -1,10 +1,11 @@ +@load ./addrs ## This function can be used to generate a consistent filename for when ## contents of a file, stream, or connection are being extracted to disk. function generate_extraction_filename(prefix: string, c: connection, suffix: string): string { - local conn_info = fmt("%s:%d-%s:%d", - c$id$orig_h, c$id$orig_p, c$id$resp_h, c$id$resp_p); + local conn_info = fmt("%s:%d-%s:%d", addr_to_uri(c$id$orig_h), c$id$orig_p, + addr_to_uri(c$id$resp_h), c$id$resp_p); if ( prefix != "" ) conn_info = fmt("%s_%s", prefix, conn_info); diff --git a/src/IPAddr.cc b/src/IPAddr.cc index 8d88cebc25..0ba5589fff 100644 --- a/src/IPAddr.cc +++ b/src/IPAddr.cc @@ -172,7 +172,7 @@ string IPAddr::AsString() const if ( ! bro_inet_ntop(AF_INET6, in6.s6_addr, s, INET6_ADDRSTRLEN) ) return ""; else - return string("[") + s + "]"; + return s; } } diff --git a/testing/btest/Baseline/bifs.addr_count_conversion/output b/testing/btest/Baseline/bifs.addr_count_conversion/output index c63e64b735..08a74512d3 100644 --- a/testing/btest/Baseline/bifs.addr_count_conversion/output +++ b/testing/btest/Baseline/bifs.addr_count_conversion/output @@ -1,4 +1,4 @@ [536939960, 2242052096, 35374, 57701172] -[2001:db8:85a3::8a2e:370:7334] +2001:db8:85a3::8a2e:370:7334 [16909060] 1.2.3.4 diff --git a/testing/btest/Baseline/bifs.ptr_name_to_addr/output b/testing/btest/Baseline/bifs.ptr_name_to_addr/output index ebc4c15823..7c290027aa 100644 --- a/testing/btest/Baseline/bifs.ptr_name_to_addr/output +++ b/testing/btest/Baseline/bifs.ptr_name_to_addr/output @@ -1,2 +1,2 @@ -[2607:f8b0:4009:802::1012] +2607:f8b0:4009:802::1012 74.125.225.52 diff --git a/testing/btest/Baseline/bifs.routing0_data_to_addrs/output b/testing/btest/Baseline/bifs.routing0_data_to_addrs/output index 7e37c7b77a..c79aef89d0 100644 --- a/testing/btest/Baseline/bifs.routing0_data_to_addrs/output +++ b/testing/btest/Baseline/bifs.routing0_data_to_addrs/output @@ -1 +1 @@ -[[2001:78:1:32::1], [2001:78:1:32::2]] +[2001:78:1:32::1, 2001:78:1:32::2] diff --git a/testing/btest/Baseline/bifs.to_addr/output b/testing/btest/Baseline/bifs.to_addr/output index 084261a8fd..ff277498f8 100644 --- a/testing/btest/Baseline/bifs.to_addr/output +++ b/testing/btest/Baseline/bifs.to_addr/output @@ -6,4 +6,4 @@ to_addr(10.20.30.40) = 10.20.30.40 (SUCCESS) to_addr(100.200.30.40) = 100.200.30.40 (SUCCESS) to_addr(10.0.0.0) = 10.0.0.0 (SUCCESS) to_addr(10.00.00.000) = 10.0.0.0 (SUCCESS) -to_addr(not an IP) = [::] (SUCCESS) +to_addr(not an IP) = :: (SUCCESS) diff --git a/testing/btest/Baseline/bifs.to_subnet/output b/testing/btest/Baseline/bifs.to_subnet/output index 526c3d66b2..0775063f89 100644 --- a/testing/btest/Baseline/bifs.to_subnet/output +++ b/testing/btest/Baseline/bifs.to_subnet/output @@ -1,3 +1,3 @@ 10.0.0.0/8, T -[2607:f8b0::]/32, T -[::]/0, T +2607:f8b0::/32, T +::/0, T diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output index a98469d075..c77eda4f04 100644 --- a/testing/btest/Baseline/core.conn-uid/output +++ b/testing/btest/Baseline/core.conn-uid/output @@ -1,5 +1,5 @@ [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=[fe80::217:f2ff:fed7:cf65], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], arKYeMETxOg +[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg [orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif @@ -36,8 +36,8 @@ [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp], zno26fFZkrh +[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp], eWZCH7OONC1 +[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7 diff --git a/testing/btest/Baseline/core.discarder/output b/testing/btest/Baseline/core.discarder/output index 56b85cb83e..82b4b3e622 100644 --- a/testing/btest/Baseline/core.discarder/output +++ b/testing/btest/Baseline/core.discarder/output @@ -15,10 +15,10 @@ [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp] [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp] ################ UDP Discarder ################ -[orig_h=[fe80::217:f2ff:fed7:cf65], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp] -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp] -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=65373/udp, resp_h=[ff02::1:3], resp_p=5355/udp] -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp] -[orig_h=[fe80::3074:17d5:2052:c324], orig_p=54213/udp, resp_h=[ff02::1:3], resp_p=5355/udp] +[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp] +[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp] +[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp] +[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp] +[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp] ################ ICMP Discarder ################ Discard icmp packet: [icmp_type=3] diff --git a/testing/btest/Baseline/core.icmp.icmp-context/output b/testing/btest/Baseline/core.icmp.icmp-context/output index 0820488cf8..40dc778d8b 100644 --- a/testing/btest/Baseline/core.icmp.icmp-context/output +++ b/testing/btest/Baseline/core.icmp.icmp-context/output @@ -1,7 +1,7 @@ icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F] - icmp_context: [id=[orig_h=[::], orig_p=0/unknown, resp_h=[::], resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp] icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-context/output b/testing/btest/Baseline/core.icmp.icmp6-context/output index 75b51ab697..7a83679018 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-context/output +++ b/testing/btest/Baseline/core.icmp.icmp6-context/output @@ -1,16 +1,16 @@ icmp_unreachable (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=0, hlim=64, v6=T] - icmp_context: [id=[orig_h=[::], orig_p=0/unknown, resp_h=[::], resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T] + icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=40, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=0/unknown, resp_h=[fe80::dead], resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=60, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_unreachable (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=48, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=0/unknown, resp_h=[fe80::dead], resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F] diff --git a/testing/btest/Baseline/core.icmp.icmp6-events/output b/testing/btest/Baseline/core.icmp.icmp6-events/output index 8b41827dc0..81075b716a 100644 --- a/testing/btest/Baseline/core.icmp.icmp6-events/output +++ b/testing/btest/Baseline/core.icmp.icmp6-events/output @@ -1,46 +1,46 @@ icmp_unreachable (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=1/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=1, icode=0, len=60, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_packet_too_big (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=2/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=2, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_time_exceeded (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=3/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=3, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_parameter_problem (code=0) - conn_id: [orig_h=[fe80::dead], orig_p=4/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=4, icode=0, len=52, hlim=64, v6=T] - icmp_context: [id=[orig_h=[fe80::beef], orig_p=30000/udp, resp_h=[fe80::dead], resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] + conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T] + icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F] icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi) - conn_id: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], orig_p=128/icmp, resp_h=[2001:4860:8006::63], resp_p=129/icmp] - icmp_conn: [orig_h=[2620:0:e00:400e:d1d:db37:beb:5aac], resp_h=[2001:4860:8006::63], itype=128, icode=0, len=32, hlim=128, v6=T] -icmp_redirect (tgt=[fe80::cafe], dest=[fe80::babe]) - conn_id: [orig_h=[fe80::dead], orig_p=137/icmp, resp_h=[fe80::beef], resp_p=0/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=137, icode=0, len=32, hlim=255, v6=T] + conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp] + icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T] +icmp_redirect (tgt=fe80::cafe, dest=fe80::babe) + conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T] icmp_router_advertisement cur_hop_limit=13 managed=T @@ -52,17 +52,17 @@ icmp_router_advertisement router_lifetime=30.0 mins reachable_time=3.0 secs 700.0 msecs retrans_timer=1.0 sec 300.0 msecs - conn_id: [orig_h=[fe80::dead], orig_p=134/icmp, resp_h=[fe80::beef], resp_p=133/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=134, icode=0, len=8, hlim=255, v6=T] -icmp_neighbor_advertisement (tgt=[fe80::babe]) + conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T] +icmp_neighbor_advertisement (tgt=fe80::babe) router=T solicited=F override=T - conn_id: [orig_h=[fe80::dead], orig_p=136/icmp, resp_h=[fe80::beef], resp_p=135/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=136, icode=0, len=16, hlim=255, v6=T] + conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T] icmp_router_solicitation - conn_id: [orig_h=[fe80::dead], orig_p=133/icmp, resp_h=[fe80::beef], resp_p=134/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=133, icode=0, len=0, hlim=255, v6=T] -icmp_neighbor_solicitation (tgt=[fe80::babe]) - conn_id: [orig_h=[fe80::dead], orig_p=135/icmp, resp_h=[fe80::beef], resp_p=136/icmp] - icmp_conn: [orig_h=[fe80::dead], resp_h=[fe80::beef], itype=135, icode=0, len=16, hlim=255, v6=T] + conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T] +icmp_neighbor_solicitation (tgt=fe80::babe) + conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp] + icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T] diff --git a/testing/btest/Baseline/core.ipv6-atomic-frag/output b/testing/btest/Baseline/core.ipv6-atomic-frag/output index b634ae11db..4a628a4bdc 100644 --- a/testing/btest/Baseline/core.ipv6-atomic-frag/output +++ b/testing/btest/Baseline/core.ipv6-atomic-frag/output @@ -1,4 +1,4 @@ -[orig_h=[2001:db8:1::2], orig_p=36951/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] -[orig_h=[2001:db8:1::2], orig_p=59694/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] -[orig_h=[2001:db8:1::2], orig_p=27393/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] -[orig_h=[2001:db8:1::2], orig_p=45805/tcp, resp_h=[2001:db8:1::1], resp_p=80/tcp] +[orig_h=2001:db8:1::2, orig_p=36951/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] +[orig_h=2001:db8:1::2, orig_p=59694/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] +[orig_h=2001:db8:1::2, orig_p=27393/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] +[orig_h=2001:db8:1::2, orig_p=45805/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp] diff --git a/testing/btest/Baseline/core.ipv6-frag/dns.log b/testing/btest/Baseline/core.ipv6-frag/dns.log index ccf9f4b73d..251f35d789 100644 --- a/testing/btest/Baseline/core.ipv6-frag/dns.log +++ b/testing/btest/Baseline/core.ipv6-frag/dns.log @@ -5,5 +5,5 @@ #path dns #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] -1331084278.438444 UWkUyAuUGXf [2001:470:1f11:81f:d138:5f55:6d4:1fe2] 51850 [2607:f740:b::f93] 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 -1331084293.592245 arKYeMETxOg [2001:470:1f11:81f:d138:5f55:6d4:1fe2] 51851 [2607:f740:b::f93] 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 +1331084278.438444 UWkUyAuUGXf 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51850 2607:f740:b::f93 53 udp 3903 txtpadding_323.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 +1331084293.592245 arKYeMETxOg 2001:470:1f11:81f:d138:5f55:6d4:1fe2 51851 2607:f740:b::f93 53 udp 40849 txtpadding_3230.n1.netalyzr.icsi.berkeley.edu 1 C_INTERNET 16 TXT 0 NOERROR T F T F 0 This TXT record should be ignored 1.000000 diff --git a/testing/btest/Baseline/core.ipv6-frag/output b/testing/btest/Baseline/core.ipv6-frag/output index 3ab244254b..12dfc3a841 100644 --- a/testing/btest/Baseline/core.ipv6-frag/output +++ b/testing/btest/Baseline/core.ipv6-frag/output @@ -1,5 +1,5 @@ -ip6=[class=0, flow=0, len=81, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51850/udp, dport=53/udp, ulen=81] -ip6=[class=0, flow=0, len=331, nxt=17, hlim=53, src=[2607:f740:b::f93], dst=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], exts=[]], udp = [sport=53/udp, dport=51850/udp, ulen=331] -ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] -ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], dst=[2607:f740:b::f93], exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] -ip6=[class=0, flow=0, len=3238, nxt=17, hlim=53, src=[2607:f740:b::f93], dst=[2001:470:1f11:81f:d138:5f55:6d4:1fe2], exts=[]], udp = [sport=53/udp, dport=51851/udp, ulen=3238] +ip6=[class=0, flow=0, len=81, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51850/udp, dport=53/udp, ulen=81] +ip6=[class=0, flow=0, len=331, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51850/udp, ulen=331] +ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] +ip6=[class=0, flow=0, len=82, nxt=17, hlim=64, src=2001:470:1f11:81f:d138:5f55:6d4:1fe2, dst=2607:f740:b::f93, exts=[]], udp = [sport=51851/udp, dport=53/udp, ulen=82] +ip6=[class=0, flow=0, len=3238, nxt=17, hlim=53, src=2607:f740:b::f93, dst=2001:470:1f11:81f:d138:5f55:6d4:1fe2, exts=[]], udp = [sport=53/udp, dport=51851/udp, ulen=3238] diff --git a/testing/btest/Baseline/core.ipv6_esp/output b/testing/btest/Baseline/core.ipv6_esp/output index 834a3cd56e..02fb7e154f 100644 --- a/testing/btest/Baseline/core.ipv6_esp/output +++ b/testing/btest/Baseline/core.ipv6_esp/output @@ -1,120 +1,120 @@ -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::2], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::3], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::4], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::5], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] -[class=0, flow=0, len=116, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::12], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::13], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] -[class=0, flow=0, len=100, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::14], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::15], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=1], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=2], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=3], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=4], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=5], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=6], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=7], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=8], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=9], mobility=]]] -[class=0, flow=0, len=104, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::22], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::23], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=10], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=1], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=2], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=3], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=4], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=5], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=6], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=7], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=8], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=9], mobility=]]] -[class=0, flow=0, len=88, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::24], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=10], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=1], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=2], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=3], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=4], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=5], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=6], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=7], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=8], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=9], mobility=]]] -[class=0, flow=0, len=76, nxt=50, hlim=64, src=[3ffe::1], dst=[3ffe::25], exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=10], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::2, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::3, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::4, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::5, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=1], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=2], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=3], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=4], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=5], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=6], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=7], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=8], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=9], mobility=]]] +[class=0, flow=0, len=116, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::12, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=10, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::13, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=11, seq=10], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=1], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=2], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=3], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=4], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=5], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=6], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=7], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=8], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=9], mobility=]]] +[class=0, flow=0, len=100, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::14, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=12, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::15, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=13, seq=10], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=1], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=2], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=3], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=4], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=5], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=6], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=7], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=8], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=9], mobility=]]] +[class=0, flow=0, len=104, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::22, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=20, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::23, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=21, seq=10], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=1], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=2], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=3], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=4], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=5], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=6], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=7], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=8], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=9], mobility=]]] +[class=0, flow=0, len=88, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::24, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=22, seq=10], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=1], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=2], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=3], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=4], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=5], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=6], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=7], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=8], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=9], mobility=]]] +[class=0, flow=0, len=76, nxt=50, hlim=64, src=3ffe::1, dst=3ffe::25, exts=[[id=50, hopopts=, dstopts=, routing=, fragment=, ah=, esp=[spi=23, seq=10], mobility=]]] diff --git a/testing/btest/Baseline/core.ipv6_ext_headers/output b/testing/btest/Baseline/core.ipv6_ext_headers/output index e6ac3de822..b4cd249371 100644 --- a/testing/btest/Baseline/core.ipv6_ext_headers/output +++ b/testing/btest/Baseline/core.ipv6_ext_headers/output @@ -1,3 +1,3 @@ -weird routing0_hdr from [2001:4f8:4:7:2e0:81ff:fe52:ffff] to [2001:78:1:32::2] -[orig_h=[2001:4f8:4:7:2e0:81ff:fe52:ffff], orig_p=53/udp, resp_h=[2001:78:1:32::2], resp_p=53/udp] -[ip=, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=, routing=, fragment=, ah=, esp=, mobility=], [id=43, hopopts=, dstopts=, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=] +weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2 +[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp] +[ip=, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=, routing=, fragment=, ah=, esp=, mobility=], [id=43, hopopts=, dstopts=, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=] diff --git a/testing/btest/Baseline/core.mobile-ipv6-home-addr/output b/testing/btest/Baseline/core.mobile-ipv6-home-addr/output index 63e3fb92f9..88cbe0cb16 100644 --- a/testing/btest/Baseline/core.mobile-ipv6-home-addr/output +++ b/testing/btest/Baseline/core.mobile-ipv6-home-addr/output @@ -1,2 +1,2 @@ -[orig_h=[2001:78:1:32::1], orig_p=30000/udp, resp_h=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], resp_p=13000/udp] -[ip=, ip6=[class=0, flow=0, len=36, nxt=60, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=60, hopopts=, dstopts=[nxt=17, len=2, options=[[otype=1, len=2, data=\0\0], [otype=201, len=16, data= ^A\0x\0^A\02\0\0\0\0\0\0\0^A]]], routing=, fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] +[orig_h=2001:78:1:32::1, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp] +[ip=, ip6=[class=0, flow=0, len=36, nxt=60, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=60, hopopts=, dstopts=[nxt=17, len=2, options=[[otype=1, len=2, data=\0\0], [otype=201, len=16, data= ^A\0x\0^A\02\0\0\0\0\0\0\0^A]]], routing=, fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] diff --git a/testing/btest/Baseline/core.mobile-ipv6-routing/output b/testing/btest/Baseline/core.mobile-ipv6-routing/output index e1cd99da1c..04292caaa7 100644 --- a/testing/btest/Baseline/core.mobile-ipv6-routing/output +++ b/testing/btest/Baseline/core.mobile-ipv6-routing/output @@ -1,2 +1,2 @@ -[orig_h=[2001:4f8:4:7:2e0:81ff:fe52:ffff], orig_p=30000/udp, resp_h=[2001:78:1:32::1], resp_p=13000/udp] -[ip=, ip6=[class=0, flow=0, len=36, nxt=43, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=43, hopopts=, dstopts=, routing=[nxt=17, len=2, rtype=2, segleft=1, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] +[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:78:1:32::1, resp_p=13000/udp] +[ip=, ip6=[class=0, flow=0, len=36, nxt=43, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=43, hopopts=, dstopts=, routing=[nxt=17, len=2, rtype=2, segleft=1, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=] diff --git a/testing/btest/Baseline/core.mobility_msg/output b/testing/btest/Baseline/core.mobility_msg/output index 64315bf370..6f8d6a1699 100644 --- a/testing/btest/Baseline/core.mobility_msg/output +++ b/testing/btest/Baseline/core.mobility_msg/output @@ -1,16 +1,16 @@ Binding ACK: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=6, rsv=0, chksum=53722, msg=[id=6, brr=, hoti=, coti=, hot=, cot=, bu=, back=[status=0, k=T, seq=42, life=8, options=[[otype=1, len=2, data=\0\0]]], be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=6, rsv=0, chksum=53722, msg=[id=6, brr=, hoti=, coti=, hot=, cot=, bu=, back=[status=0, k=T, seq=42, life=8, options=[[otype=1, len=2, data=\0\0]]], be=]]]]] Binding Error: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=7, rsv=0, chksum=45272, msg=[id=7, brr=, hoti=, coti=, hot=, cot=, bu=, back=, be=[status=1, hoa=[2001:78:1:32::1], options=[]]]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=7, rsv=0, chksum=45272, msg=[id=7, brr=, hoti=, coti=, hot=, cot=, bu=, back=, be=[status=1, hoa=2001:78:1:32::1, options=[]]]]]]] Binding Refresh Request: -[class=0, flow=0, len=8, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=0, mh_type=0, rsv=0, chksum=55703, msg=[id=0, brr=[rsv=0, options=[]], hoti=, coti=, hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=8, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=0, mh_type=0, rsv=0, chksum=55703, msg=[id=0, brr=[rsv=0, options=[]], hoti=, coti=, hot=, cot=, bu=, back=, be=]]]]] Binding Update: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=5, rsv=0, chksum=868, msg=[id=5, brr=, hoti=, coti=, hot=, cot=, bu=[seq=37, a=T, h=T, l=F, k=T, life=3, options=[[otype=1, len=2, data=\0\0]]], back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=5, rsv=0, chksum=868, msg=[id=5, brr=, hoti=, coti=, hot=, cot=, bu=[seq=37, a=T, h=T, l=F, k=T, life=3, options=[[otype=1, len=2, data=\0\0]]], back=, be=]]]]] Care-of Test: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=4, rsv=0, chksum=54378, msg=[id=4, brr=, hoti=, coti=, hot=, cot=[nonce_idx=13, cookie=15, token=255, options=[]], bu=, back=, be=]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=4, rsv=0, chksum=54378, msg=[id=4, brr=, hoti=, coti=, hot=, cot=[nonce_idx=13, cookie=15, token=255, options=[]], bu=, back=, be=]]]]] Care-of Test Init: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=2, rsv=0, chksum=55181, msg=[id=2, brr=, hoti=, coti=[rsv=0, cookie=1, options=[]], hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=2, rsv=0, chksum=55181, msg=[id=2, brr=, hoti=, coti=[rsv=0, cookie=1, options=[]], hot=, cot=, bu=, back=, be=]]]]] Home Test: -[class=0, flow=0, len=24, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=3, rsv=0, chksum=54634, msg=[id=3, brr=, hoti=, coti=, hot=[nonce_idx=13, cookie=15, token=255, options=[]], cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=24, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=2, mh_type=3, rsv=0, chksum=54634, msg=[id=3, brr=, hoti=, coti=, hot=[nonce_idx=13, cookie=15, token=255, options=[]], cot=, bu=, back=, be=]]]]] Home Test Init: -[class=0, flow=0, len=16, nxt=135, hlim=64, src=[2001:4f8:4:7:2e0:81ff:fe52:ffff], dst=[2001:4f8:4:7:2e0:81ff:fe52:9a6b], exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=1, rsv=0, chksum=55437, msg=[id=1, brr=, hoti=[rsv=0, cookie=1, options=[]], coti=, hot=, cot=, bu=, back=, be=]]]]] +[class=0, flow=0, len=16, nxt=135, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=135, hopopts=, dstopts=, routing=, fragment=, ah=, esp=, mobility=[nxt=59, len=1, mh_type=1, rsv=0, chksum=55437, msg=[id=1, brr=, hoti=[rsv=0, cookie=1, options=[]], coti=, hot=, cot=, bu=, back=, be=]]]]] diff --git a/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout b/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout index 5114999813..0a7bac52c5 100644 --- a/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout +++ b/testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout @@ -1,9 +1,9 @@ handshake done with peer bro_addr(1.2.3.4) bro_subnet(10.0.0.0/16) -bro_addr([2607:f8b0:4009:802::1014]) -bro_subnet([2607:f8b0::]/32) +bro_addr(2607:f8b0:4009:802::1014) +bro_subnet(2607:f8b0::/32) broccoli_addr(1.2.3.4) broccoli_subnet(10.0.0.0/16) -broccoli_addr([2607:f8b0:4009:802::1014]) -broccoli_subnet([2607:f8b0::]/32) +broccoli_addr(2607:f8b0:4009:802::1014) +broccoli_subnet(2607:f8b0::/32) diff --git a/testing/btest/Baseline/istate.pybroccoli/bro..stdout b/testing/btest/Baseline/istate.pybroccoli/bro..stdout index 9c4637125e..a5d20b1f2a 100644 --- a/testing/btest/Baseline/istate.pybroccoli/bro..stdout +++ b/testing/btest/Baseline/istate.pybroccoli/bro..stdout @@ -1,16 +1,16 @@ ==== atomic -10 2 -1336148094.497041 +1336411585.166009 2.0 mins F 1.5 Servus 5555/tcp 6.7.6.5 -[2001:db8:85a3::8a2e:370:7334] +2001:db8:85a3::8a2e:370:7334 192.168.0.0/16 -[2001:db8:85a3::]/48 +2001:db8:85a3::/48 ==== record [a=42, b=6.6.7.7] 42, 6.6.7.7 diff --git a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered index 5d1ca261c4..a44a95bd69 100644 --- a/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered +++ b/testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered @@ -1,7 +1,7 @@ ==== atomic a 1 ==== -4L -4 42 42 -1336148094.5020 +1336411585.1711 60.0 True True 3.14 @@ -14,7 +14,7 @@ True True ==== atomic a 2 ==== -10L -10 2 2 -1336148094.4970 +1336411585.1660 120.0 False False 1.5 @@ -27,7 +27,7 @@ False False ==== atomic b 2 ==== -10L -10 2 - 1336148094.4970 + 1336411585.1660 120.0 False False 1.5 diff --git a/testing/btest/Baseline/language.expire_func/output b/testing/btest/Baseline/language.expire_func/output index 13be712d8a..91cd2bad16 100644 --- a/testing/btest/Baseline/language.expire_func/output +++ b/testing/btest/Baseline/language.expire_func/output @@ -16,7 +16,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], am } { @@ -25,7 +25,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], am } { @@ -34,7 +34,7 @@ am i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -45,7 +45,7 @@ i, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -57,7 +57,7 @@ i, here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -70,7 +70,7 @@ i, here, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], -[orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp], +[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], am } @@ -82,7 +82,7 @@ expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53 expired here expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp] expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp] -expired [orig_h=[fe80::20c:29ff:febd:6f01], orig_p=5353/udp, resp_h=[ff02::fb], resp_p=5353/udp] +expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp] expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp] expired am { diff --git a/testing/btest/Baseline/language.ipv6-literals/output b/testing/btest/Baseline/language.ipv6-literals/output index a540fe999b..8542af7f91 100644 --- a/testing/btest/Baseline/language.ipv6-literals/output +++ b/testing/btest/Baseline/language.ipv6-literals/output @@ -1,24 +1,24 @@ -[::1] -[::ffff] -[::255.255.255.255] -[::10.10.255.255] -[1::1] -[1::a] -[1::1:1] -[1::1:a] -[a::a] -[a::1] -[a::a:a] -[a::a:1] -[a:a::a] -[aaaa::ffff] +::1 +::ffff +::255.255.255.255 +::10.10.255.255 +1::1 +1::a +1::1:1 +1::1:a +a::a +a::1 +a::a:a +a::a:1 +a:a::a +aaaa::ffff 192.168.1.100 -[ffff::c0a8:164] -[::192.168.1.100] -[::ffff:0:192.168.1.100] -[805b:2d9d:dc28::fc57:d4c8:1fff] -[aaaa::bbbb] -[aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222] -[aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222] -[aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222] -[aaaa:bbbb:cccc:dddd:eeee::2222] +ffff::c0a8:164 +::192.168.1.100 +::ffff:0:192.168.1.100 +805b:2d9d:dc28::fc57:d4c8:1fff +aaaa::bbbb +aaaa:bbbb:cccc:dddd:eeee:ffff:1111:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:1:2222 +aaaa:bbbb:cccc:dddd:eeee:ffff:0:2222 +aaaa:bbbb:cccc:dddd:eeee::2222 diff --git a/testing/btest/Baseline/language.sizeof/output b/testing/btest/Baseline/language.sizeof/output index 160ea9ab4c..43cb73f763 100644 --- a/testing/btest/Baseline/language.sizeof/output +++ b/testing/btest/Baseline/language.sizeof/output @@ -1,5 +1,5 @@ IPv4 Address 1.2.3.4: 32 -IPv6 Address [::1]: 128 +IPv6 Address ::1: 128 Boolean T: 1 Count 10: 10 Double -1.23: 1.230000 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log index ed0636bc4a..b396c3fc2d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log @@ -6,6 +6,6 @@ #fields ts id.orig_h #types time addr 1300475169.780331 173.192.163.128 -1300475167.097012 [fe80::217:f2ff:fed7:cf65] -1300475171.675372 [fe80::3074:17d5:2052:c324] -1300475173.116749 [fe80::3074:17d5:2052:c324] +1300475167.097012 fe80::217:f2ff:fed7:cf65 +1300475171.675372 fe80::3074:17d5:2052:c324 +1300475173.116749 fe80::3074:17d5:2052:c324 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log index e398020a87..c4a515710d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log @@ -5,9 +5,9 @@ #path conn #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes #types time string addr port addr port enum string interval count count string bool count string count count count count -1329327783.316897 arKYeMETxOg [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49186 [2001:470:4867:99::21] 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 -1329327786.524332 k6kgXLOoSKl [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49187 [2001:470:4867:99::21] 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 -1329327787.289095 nQcgTWjvg4c [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49188 [2001:470:4867:99::21] 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 -1329327795.571921 j4u32Pc5bif [2001:470:4867:99::21] 55785 [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 -1329327777.822004 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 -1329327800.017649 TEfuqmmG4bh [2001:470:4867:99::21] 55647 [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 +1329327783.316897 arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 +1329327786.524332 k6kgXLOoSKl 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 +1329327787.289095 nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 +1329327795.571921 j4u32Pc5bif 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 +1329327777.822004 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 +1329327800.017649 TEfuqmmG4bh 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 diff --git a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log index 61375d7233..8bc2ef2cb7 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/ftp.log @@ -5,5 +5,5 @@ #path ftp #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type mime_desc file_size reply_code reply_msg tags extraction_file #types time string addr port addr port string string string string string string count count string table[string] file -1329327787.396984 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - -1329327795.463946 UWkUyAuUGXf [2001:470:1f11:81f:c999:d94:aa7c:2e3e] 49185 [2001:470:4867:99::21] 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - +1329327787.396984 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - +1329327795.463946 UWkUyAuUGXf 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 anonymous test RETR ftp://[2001:470:4867:99::21]/robots.txt - - 77 226 Transfer complete. - - From 98394a698d4a9963718fcbf22994aebd0970b6cf Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 10 May 2012 15:50:19 -0500 Subject: [PATCH 32/51] Generate icmp_error_message event for ICMPv6 error msgs Use the (previously unused) icmp_error_message event for ICMPv6 error messages that don't have a dedicated event. Previously, icmp_sent was being generated, but icmp_error_message contains more info (icmp_sent is still being used as a fallback for other icmp messages that don't have a dedicated event). Also improved documentation comments for all icmp-related events. --- src/ICMP.cc | 9 ++++- src/event.bif | 93 +++++++++++++++++++++++++++------------------------ 2 files changed, 57 insertions(+), 45 deletions(-) diff --git a/src/ICMP.cc b/src/ICMP.cc index dd2108ebf0..2f11337d8a 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -181,7 +181,10 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c case MLD_LISTENER_REDUCTION: #endif default: - ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); + if ( icmpp->icmp_type < 128 ) + Context6(t, icmpp, len, caplen, data, ip_hdr); + else + ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); break; } } @@ -663,6 +666,10 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp, case ICMP6_PACKET_TOO_BIG: f = icmp_packet_too_big; break; + + default: + f = icmp_error_message; + break; } if ( f ) diff --git a/src/event.bif b/src/event.bif index 5ef3e8f04b..ded054dd53 100644 --- a/src/event.bif +++ b/src/event.bif @@ -762,10 +762,9 @@ event udp_contents%(u: connection, is_orig: bool, contents: string%); ## .. bro:see:: udp_contents udp_reply udp_request event udp_session_done%(u: connection%); -## Generated for all ICMP messages that are not handled separetely with dedicated -## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly -## with dedicated events. This handlers acts as a fallback for those it doesn't. -## The *icmp* record provides more information about the message. +## Generated for all ICMP messages that are not handled separately with dedicated +## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly +## with dedicated events. This event acts as a fallback for those it doesn't. ## ## See `Wikipedia ## `__ for more @@ -776,8 +775,7 @@ event udp_session_done%(u: connection%); ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_error_message event icmp_sent%(c: connection, icmp: icmp_conn%); ## Generated for ICMP *echo request* messages. @@ -798,8 +796,7 @@ event icmp_sent%(c: connection, icmp: icmp_conn%); ## payload: The message-specific data of the packet payload, i.e., everything after ## the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_reply icmp_redirect icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_echo_reply event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); ## Generated for ICMP *echo reply* messages. @@ -820,26 +817,30 @@ event icmp_echo_request%(c: connection, icmp: icmp_conn, id: count, seq: count, ## payload: The message-specific data of the packet payload, i.e., everything after ## the first 8 bytes of the ICMP header. ## -## .. bro:see:: icmp_echo_request icmp_redirect icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_echo_request event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, payload: string%); -## Generated for all ICMP error messages that are not handled separately with dedicated -## ICMP events. Bro's ICMP analyzer handles a number of ICMP messages directly -## with dedicated events. This handler acts as a fallback for those it doesn't. -## The *icmp* record provides more information about the message. +## Generated for all ICMPv6 error messages that are not handled +## separately with dedicated events. Bro's ICMP analyzer handles a number +## of ICMP error messages directly with dedicated events. This event acts +## as a fallback for those it doesn't. ## ## See `Wikipedia -## `__ for more -## information about the ICMP protocol. +## `__ for more +## information about the ICMPv6 protocol. ## ## c: The connection record for the corresponding ICMP flow. ## ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect -## icmp_time_exceeded icmp_unreachable +## code: The ICMP code of the error message. +## +## context: A record with specifics of the original packet that the message refers +## to. +## +## .. bro:see:: icmp_unreachable icmp_packet_too_big +## icmp_time_exceeded icmp_parameter_problem event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); ## Generated for ICMP *destination unreachable* messages. @@ -861,15 +862,15 @@ event icmp_error_message%(c: connection, icmp: icmp_conn, code: count, context: ## that if the *unreachable* includes only a partial IP header for some reason, no ## fields of *context* will be filled out. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent -## icmp_time_exceeded +## .. bro:see:: icmp_error_message icmp_packet_too_big +## icmp_time_exceeded icmp_parameter_problem event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); -## Generated for ICMP *packet too big* messages. +## Generated for ICMPv6 *packet too big* messages. ## ## See `Wikipedia -## `__ for more -## information about the ICMP protocol. +## `__ for more +## information about the ICMPv6 protocol. ## ## c: The connection record for the corresponding ICMP flow. ## @@ -884,8 +885,8 @@ event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: ic ## that if the *too big* includes only a partial IP header for some reason, no ## fields of *context* will be filled out. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent -## icmp_time_exceeded +## .. bro:see:: icmp_error_message icmp_unreachable +## icmp_time_exceeded icmp_parameter_problem event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); ## Generated for ICMP *time exceeded* messages. @@ -907,15 +908,15 @@ event icmp_packet_too_big%(c: connection, icmp: icmp_conn, code: count, context: ## if the *exceeded* includes only a partial IP header for some reason, no fields ## of *context* will be filled out. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent -## icmp_unreachable +## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## icmp_parameter_problem event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); -## Generated for ICMP *parameter problem* messages. +## Generated for ICMPv6 *parameter problem* messages. ## ## See `Wikipedia -## `__ for more -## information about the ICMP protocol. +## `__ for more +## information about the ICMPv6 protocol. ## ## c: The connection record for the corresponding ICMP flow. ## @@ -930,8 +931,8 @@ event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: ## if the *parameter problem* includes only a partial IP header for some reason, no fields ## of *context* will be filled out. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_redirect icmp_sent -## icmp_unreachable +## .. bro:see:: icmp_error_message icmp_unreachable icmp_packet_too_big +## icmp_time_exceeded event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); ## Generated for ICMP *router solicitation* messages. @@ -945,8 +946,8 @@ event icmp_parameter_problem%(c: connection, icmp: icmp_conn, code: count, conte ## icmp: Additional ICMP-specific information augmenting the standard connection ## record *c*. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_router_advertisement +## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_solicitation%(c: connection, icmp: icmp_conn%); ## Generated for ICMP *router advertisement* messages. @@ -975,8 +976,14 @@ event icmp_router_solicitation%(c: connection, icmp: icmp_conn%); ## ## rsv: Remaining two reserved bits of router advertisement flags. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent -## icmp_time_exceeded icmp_unreachable +## router_lifetime: How long this router should be used as a default router. +## +## reachable_time: How long a neighbor should be considered reachable. +## +## retrans_timer: How long a host should wait before retransmitting. +## +## .. bro:see:: icmp_router_solicitation +## icmp_neighbor_solicitation icmp_neighbor_advertisement icmp_redirect event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval%); ## Generated for ICMP *neighbor solicitation* messages. @@ -992,8 +999,8 @@ event icmp_router_advertisement%(c: connection, icmp: icmp_conn, cur_hop_limit: ## ## tgt: The IP address of the target of the solicitation. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## icmp_neighbor_advertisement icmp_redirect event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); ## Generated for ICMP *neighbor advertisement* messages. @@ -1016,8 +1023,8 @@ event icmp_neighbor_solicitation%(c: connection, icmp: icmp_conn, tgt:addr%); ## tgt: the Target Address in the soliciting message or the address whose ## link-layer address has changed for unsolicited adverts. ## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## icmp_neighbor_solicitation icmp_redirect event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt:addr%); ## Generated for ICMP *redirect* messages. @@ -1036,10 +1043,8 @@ event icmp_neighbor_advertisement%(c: connection, icmp: icmp_conn, router: bool, ## ## dest: The address of the destination which is redirected to the target. ## -## a: The new destination address the message is redirecting to. -## -## .. bro:see:: icmp_echo_reply icmp_echo_request icmp_sent -## icmp_time_exceeded icmp_unreachable +## .. bro:see:: icmp_router_solicitation icmp_router_advertisement +## icmp_neighbor_solicitation icmp_neighbor_advertisement event icmp_redirect%(c: connection, icmp: icmp_conn, tgt: addr, dest: addr%); ## Generated when a TCP connection terminated, passing on statistics about the From 508d39457a7b9ea1c63acb71f753520c0b01eac6 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Fri, 11 May 2012 17:09:01 -0500 Subject: [PATCH 33/51] Update tests (use weird.log instead of stderr) --- testing/btest/Baseline/core.checksums/bad.out | 96 ++++++++++++++++--- .../btest/Baseline/core.checksums/good.out | 59 +++++++++++- .../Baseline/core.disable-mobile-ipv6/output | 1 - .../core.disable-mobile-ipv6/weird.log | 8 ++ testing/btest/Baseline/core.truncation/output | 27 +++++- testing/btest/core/checksums.test | 57 +++++++---- testing/btest/core/disable-mobile-ipv6.test | 4 +- testing/btest/core/truncation.test | 9 +- 8 files changed, 217 insertions(+), 44 deletions(-) delete mode 100644 testing/btest/Baseline/core.disable-mobile-ipv6/output create mode 100644 testing/btest/Baseline/core.disable-mobile-ipv6/weird.log diff --git a/testing/btest/Baseline/core.checksums/bad.out b/testing/btest/Baseline/core.checksums/bad.out index 57089a72a6..44a27f7f0f 100644 --- a/testing/btest/Baseline/core.checksums/bad.out +++ b/testing/btest/Baseline/core.checksums/bad.out @@ -1,13 +1,83 @@ -1332784981.078396 weird: bad_IP_checksum -1332784885.686428 weird: bad_TCP_checksum -1332784933.501023 weird: bad_UDP_checksum -1334075363.536871 weird: bad_ICMP_checksum -1332785210.013051 weird: routing0_hdr -1332785210.013051 weird: bad_TCP_checksum -1332782580.798420 weird: routing0_hdr -1332782580.798420 weird: bad_UDP_checksum -1334075111.800086 weird: routing0_hdr -1334075111.800086 weird: bad_ICMP_checksum -1332785250.469132 weird: bad_TCP_checksum -1332781342.923813 weird: bad_UDP_checksum -1334074939.467194 weird: bad_ICMP_checksum +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332784981.078396 - - - - - bad_IP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332784885.686428 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332784933.501023 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075363.536871 UWkUyAuUGXf 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332785210.013051 - - - - - routing0_hdr - F bro +1332785210.013051 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332782580.798420 - - - - - routing0_hdr - F bro +1332782580.798420 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075111.800086 - - - - - routing0_hdr - F bro +1334075111.800086 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332785250.469132 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332781342.923813 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro diff --git a/testing/btest/Baseline/core.checksums/good.out b/testing/btest/Baseline/core.checksums/good.out index 4330967d8d..0010974b7f 100644 --- a/testing/btest/Baseline/core.checksums/good.out +++ b/testing/btest/Baseline/core.checksums/good.out @@ -1,3 +1,56 @@ -1332785125.596793 weird: routing0_hdr -1332782508.592037 weird: routing0_hdr -1334075027.053380 weird: routing0_hdr +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332785125.596793 - - - - - routing0_hdr - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1332782508.592037 - - - - - routing0_hdr - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075027.053380 - - - - - routing0_hdr - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075027.053380 - - - - - routing0_hdr - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075027.053380 - - - - - routing0_hdr - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334075027.053380 - - - - - routing0_hdr - F bro diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/output b/testing/btest/Baseline/core.disable-mobile-ipv6/output deleted file mode 100644 index b156353f74..0000000000 --- a/testing/btest/Baseline/core.disable-mobile-ipv6/output +++ /dev/null @@ -1 +0,0 @@ -1333663011.602839 weird: unknown_protocol_135 diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log new file mode 100644 index 0000000000..478cfe8667 --- /dev/null +++ b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log @@ -0,0 +1,8 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1333663011.602839 - - - - - unknown_protocol_135 - F bro diff --git a/testing/btest/Baseline/core.truncation/output b/testing/btest/Baseline/core.truncation/output index ba8d3eedee..f3d64b8b28 100644 --- a/testing/btest/Baseline/core.truncation/output +++ b/testing/btest/Baseline/core.truncation/output @@ -1,3 +1,24 @@ -1334160095.895421 weird: truncated_IP -1334156241.519125 weird: truncated_IP -1334094648.590126 weird: truncated_IP +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334160095.895421 - - - - - truncated_IP - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334156241.519125 - - - - - truncated_IP - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1334094648.590126 - - - - - truncated_IP - F bro diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test index f5b3230686..77fe2a62d3 100644 --- a/testing/btest/core/checksums.test +++ b/testing/btest/core/checksums.test @@ -1,23 +1,42 @@ -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1 +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap +# @TEST-EXEC: mv weird.log bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap +# @TEST-EXEC: mv weird.log good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap +# @TEST-EXEC: test ! -e weird.log +# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap +# @TEST-EXEC: test ! -e weird.log +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap +# @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1 # @TEST-EXEC: btest-diff bad.out # @TEST-EXEC: btest-diff good.out diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test index 84dc43dae8..5151a12b38 100644 --- a/testing/btest/core/disable-mobile-ipv6.test +++ b/testing/btest/core/disable-mobile-ipv6.test @@ -1,6 +1,6 @@ # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h -# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1 -# @TEST-EXEC: btest-diff output +# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT +# @TEST-EXEC: btest-diff weird.log event mobile_ipv6_message(p: pkt_hdr) { diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index 16a60fe6db..ee8bdd5bf9 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -1,6 +1,9 @@ # Truncated IP packet's should not be analyzed, and generate truncated_IP weird -# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1 +# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap +# @TEST-EXEC: mv weird.log output +# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap +# @TEST-EXEC: cat weird.log >> output +# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap +# @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output From 751cc1cd5105014c307d15602493e1801d636803 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Mon, 14 May 2012 18:34:25 -0500 Subject: [PATCH 34/51] Fix typos and improve INSTALL document Updated the list of required and optional libraries and tools. Rewrote the paragraph about the "aux" tools to more accurately describe what actually gets installed. --- INSTALL | 56 ++++++++++++++++++++++++++++++++----------------------- configure | 2 +- 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/INSTALL b/INSTALL index d4aa93d11f..d9f7963ec4 100644 --- a/INSTALL +++ b/INSTALL @@ -5,34 +5,44 @@ Installing Bro Prerequisites ============= -Bro relies on the following libraries and tools, which need to be installed +Bro requires the following libraries and tools to be installed before you begin: * CMake 2.6.3 or greater http://www.cmake.org - * Libpcap (headers and libraries) http://www.tcpdump.org + * Perl (used only during the Bro build process) - * OpenSSL (headers and libraries) http://www.openssl.org + * Libpcap headers and libraries http://www.tcpdump.org - * SWIG http://www.swig.org + * OpenSSL headers and libraries http://www.openssl.org + + * BIND8 headers and libraries * Libmagic * Libz -Bro can make uses of some optional libraries if they are found at -installation time: + * SWIG http://www.swig.org - * LibGeoIP For geo-locating IP addresses. - -Bro also needs the following tools, but on most systems they will -already come preinstalled: - - * Bash (For Bro Control). - * BIND8 (headers and libraries) * Bison (GNU Parser Generator) + * Flex (Fast Lexical Analyzer) - * Perl (Used only during the Bro build process) + + * Bash (for BroControl) + + +Bro can make use of some optional libraries and tools if they are found at +build time: + + * LibGeoIP (for geo-locating IP addresses) + + * gperftools (tcmalloc is used to improve memory and CPU usage) + + * sendmail (for BroControl) + + * ipsumdump (for trace-summary) http://www.cs.ucla.edu/~kohler/ipsumdump + + * Ruby executable, library, and headers (for Broccoli Ruby bindings) Installation @@ -44,7 +54,7 @@ To build and install into ``/usr/local/bro``:: make make install -This will first build Bro into a directory inside the distribution +This will first build Bro in a directory inside the distribution called ``build/``, using default build options. It then installs all required files into ``/usr/local/bro``, including the Bro binary in ``/usr/local/bro/bin/bro``. @@ -60,22 +70,22 @@ choices unless you are creating such a package. Run ``./configure --help`` for more options. Depending on the Bro package you downloaded, there may be auxiliary -tools and libraries available in the ``aux/`` directory. All of them -except for ``aux/bro-aux`` will also be built and installed by doing -``make install``. To install the programs that come in the -``aux/bro-aux`` directory, use ``make install-aux``. There are +tools and libraries available in the ``aux/`` directory. Some of them +will be automatically built and installed along with Bro. There are ``--disable-*`` options that can be given to the configure script to -turn off unwanted auxiliary projects. +turn off unwanted auxiliary projects that would otherwise be installed +automatically. Finally, use ``make install-aux`` to install some of +the other programs that are in the ``aux/bro-aux`` directory. -OpenBSD users, please see our `FAQ -` if you are having +OpenBSD users, please see our FAQ at +http://www.bro-ids.org/documentation/faq.html if you are having problems installing Bro. Running Bro =========== Bro is a complex program and it takes a bit of time to get familiar -with it. A good place for newcomers to start is the Quickstart Guide +with it. A good place for newcomers to start is the Quick Start Guide at http://www.bro-ids.org/documentation/quickstart.html. For developers that wish to run Bro directly from the ``build/`` diff --git a/configure b/configure index b6af505ffe..85b6af2d7d 100755 --- a/configure +++ b/configure @@ -32,7 +32,7 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --enable-perftools-debug use Google's perftools for debugging --disable-broccoli don't build or install the Broccoli library --disable-broctl don't install Broctl - --disable-auxtools don't build or install auxilliary tools + --disable-auxtools don't build or install auxiliary tools --disable-python don't try to build python bindings for broccoli --disable-ruby don't try to build ruby bindings for broccoli From c0257c55213237caa1fe5972f5db7ecb8a0b8308 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 16:50:48 -0700 Subject: [PATCH 35/51] Switching to new btest command TEST-SERIALIZE for communication tests. --- testing/btest/istate/broccoli-ipv6.bro | 2 +- testing/btest/istate/broccoli.bro | 2 +- testing/btest/istate/events-ssl.bro | 2 +- testing/btest/istate/events.bro | 2 +- testing/btest/istate/pybroccoli.py | 2 +- testing/btest/istate/sync.bro | 2 +- testing/btest/scripts/base/frameworks/cluster/start-it-up.bro | 2 +- .../frameworks/communication/communication_log_baseline.bro | 2 +- .../scripts/base/frameworks/control/configuration_update.bro | 2 +- testing/btest/scripts/base/frameworks/control/id_value.bro | 2 +- testing/btest/scripts/base/frameworks/control/shutdown.bro | 2 +- testing/btest/scripts/base/frameworks/logging/remote-types.bro | 2 +- testing/btest/scripts/base/frameworks/logging/remote.bro | 2 +- testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro | 2 +- .../base/frameworks/metrics/cluster-intermediate-update.bro | 2 +- testing/btest/scripts/base/frameworks/notice/cluster.bro | 2 +- .../scripts/base/frameworks/notice/suppression-cluster.bro | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/testing/btest/istate/broccoli-ipv6.bro b/testing/btest/istate/broccoli-ipv6.bro index b7ab5bdb05..cd0b546ce7 100644 --- a/testing/btest/istate/broccoli-ipv6.bro +++ b/testing/btest/istate/broccoli-ipv6.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib # diff --git a/testing/btest/istate/broccoli.bro b/testing/btest/istate/broccoli.bro index 235ff9119c..2bae5dc080 100644 --- a/testing/btest/istate/broccoli.bro +++ b/testing/btest/istate/broccoli.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib # diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index 25aa2dc8fb..03784addef 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run sender bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index 81a1d765db..81d9cc61b6 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run sender bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro diff --git a/testing/btest/istate/pybroccoli.py b/testing/btest/istate/pybroccoli.py index 1a5830b41a..9f26efca31 100644 --- a/testing/btest/istate/pybroccoli.py +++ b/testing/btest/istate/pybroccoli.py @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so diff --git a/testing/btest/istate/sync.bro b/testing/btest/istate/sync.bro index db5ea0bbb4..776ddfd2fa 100644 --- a/testing/btest/istate/sync.bro +++ b/testing/btest/istate/sync.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run sender bro %INPUT ../sender.bro # @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro b/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro index d7b552d962..a1069d1bd0 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT # @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT diff --git a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro index 85b23dbdc0..3d80ef7777 100644 --- a/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro +++ b/testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro # @TEST-EXEC: btest-bg-run sender bro -b ../sender.bro diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.bro index d09105ca7a..920a162503 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro index 7235521034..c5d1d063f5 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.bro +++ b/testing/btest/scripts/base/frameworks/control/id_value.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.bro index ec1ca6da16..7b6e5713f8 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.bro +++ b/testing/btest/scripts/base/frameworks/control/shutdown.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown diff --git a/testing/btest/scripts/base/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro index ce93495bc8..f1ef4f0c31 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro # @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro diff --git a/testing/btest/scripts/base/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro index bb1e5b8ce3..8375d7915a 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro # @TEST-EXEC: sleep 1 diff --git a/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro b/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro index b801074b33..09479b7a2f 100644 --- a/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT # @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT diff --git a/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro b/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro index 701d2ea378..654e42976a 100644 --- a/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro +++ b/testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT # @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.bro b/testing/btest/scripts/base/frameworks/notice/cluster.bro index 97470eaa7f..8d54a27eaf 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.bro +++ b/testing/btest/scripts/base/frameworks/notice/cluster.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT # @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro index d56d940e8e..b812c6451d 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro @@ -1,4 +1,4 @@ -# @TEST-GROUP: comm +# @TEST-SERIALIZE: comm # # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT # @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT From 0197a9a55144a1f5f2463b2da9038fd34fd669c7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 17:52:00 -0700 Subject: [PATCH 36/51] Updating submodule(s). [nomail] --- aux/broctl | 2 +- aux/btest | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broctl b/aux/broctl index 76e6bd4b18..5137c63751 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 76e6bd4b182e9ff43456890e08aeaf451f9e4615 +Subproject commit 5137c6375162f121348095205aaaec04a86de632 diff --git a/aux/btest b/aux/btest index 054d656aa3..76876ce0e7 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 054d656aa3c3827762c07bf62f31e0930fb84a0c +Subproject commit 76876ce0e7da4888c91b3aea024c5cfd36405310 From 99f59dc5c0b100208e378a1cdfa7d38df0650f2f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 18:17:03 -0700 Subject: [PATCH 37/51] Quieting external test output somehwat. --- VERSION | 2 +- testing/external/Makefile | 4 ++-- testing/external/scripts/update-traces | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/VERSION b/VERSION index 88c99ebbf5..b59cb1ff9b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-336 +2.0-338 diff --git a/testing/external/Makefile b/testing/external/Makefile index b705734003..9715b3d669 100644 --- a/testing/external/Makefile +++ b/testing/external/Makefile @@ -6,11 +6,11 @@ DIAG=diag.log all: @rm -f $(DIAG) - @for repo in $(REPOS); do (cd $$repo && make ); done + @for repo in $(REPOS); do (cd $$repo && make -s ); done brief: @rm -f $(DIAG) - @for repo in $(REPOS); do (cd $$repo && make brief ); done + @for repo in $(REPOS); do (cd $$repo && make -s brief ); done init: git clone $(PUBLIC_REPO) diff --git a/testing/external/scripts/update-traces b/testing/external/scripts/update-traces index 8c27fb055e..8dd8d09e9c 100755 --- a/testing/external/scripts/update-traces +++ b/testing/external/scripts/update-traces @@ -69,9 +69,9 @@ cat $cfg | while read line; do eval "$proxy curl $auth -f --anyauth $url -o $file" echo mv $fp.tmp $fp - else - echo "`basename $file` already available." - fi + #else + # echo "`basename $file` already available." + fi rm -f $fp.tmp From 00b592f933b69079afcab527c8be5387b625fddd Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 21:38:27 -0700 Subject: [PATCH 38/51] Adding format specifier to DS spec to print out double as %.6f. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/btest | 2 +- cmake | 2 +- src/logging/writers/DataSeries.cc | 7 ++++--- 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/aux/binpac b/aux/binpac index 56ae73ab99..dd1a3a95f0 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 56ae73ab995dda665d8918d1a6b3af39b15991e3 +Subproject commit dd1a3a95f07082efcd5274b21104a038d523d132 diff --git a/aux/bro-aux b/aux/bro-aux index 12d32194c1..a59b35bdad 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 12d32194c19d2dce06818588a2aeccf234de1889 +Subproject commit a59b35bdada8f70fb1a59bf7bb2976534c86d378 diff --git a/aux/broccoli b/aux/broccoli index 60898666ba..a4046c2f79 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 60898666ba1df1913c08ad5045b1e56f974060cc +Subproject commit a4046c2f79b6ab0ac19ae8be94b79c6ce578bea7 diff --git a/aux/broctl b/aux/broctl index d50e0efe13..c86b7e990b 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit d50e0efe133c50d824753c86d068467e54a3c47d +Subproject commit c86b7e990b4d39cd48c0cb692077aa081b418149 diff --git a/aux/btest b/aux/btest index 1897d224ce..c8e8fe477b 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit 1897d224ce295e91d20e458851759c99734a0a74 +Subproject commit c8e8fe477b5dec635e5ce00f3f764fad069c549c diff --git a/cmake b/cmake index d394eadf12..60b2873937 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit d394eadf123f9ff972be4508d34b9614ebcc32a4 +Subproject commit 60b28739379da75f26c5c2a312b7886f5209a1cc diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index bd1da57403..32a93a5dd4 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -194,12 +194,13 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) case TYPE_INTERVAL: { std::string s; - s += "pack_relative=\"" + std::string(field->name) + "\""; + s += "pack_relative=\"" + std::string(field->name) + "\" "; + s += "print_format=\"%.6f\" "; if ( ! ds_use_integer_for_time ) - s += " pack_scale=\"1000\" pack_scale_warn=\"no\""; + s += "pack_scale=\"1000\" pack_scale_warn=\"no\""; else - s += string(" units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; + s += string("units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; return s; } From fabe891d4fbff62831de1dba677d252e984e2b30 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 21:58:58 -0700 Subject: [PATCH 39/51] Fixing pack_scale and time-as-int. Also removing now unneccessary canonifier script, and updating test baselines. --- src/logging/writers/DataSeries.cc | 7 +- .../ssh.ds.xml | 2 +- .../out | 140 +++++++++--------- .../ssh.ds.txt | 20 +-- .../conn.ds.txt | 80 +++++----- .../http.ds.txt | 38 ++--- .../logging/dataseries/test-logging.bro | 2 +- .../scripts/diff-remove-timestamps-dataseries | 6 - 8 files changed, 144 insertions(+), 151 deletions(-) delete mode 100755 testing/scripts/diff-remove-timestamps-dataseries diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 32a93a5dd4..a7908a8e04 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -194,13 +194,12 @@ std::string DataSeries::GetDSOptionsForType(const threading::Field *field) case TYPE_INTERVAL: { std::string s; - s += "pack_relative=\"" + std::string(field->name) + "\" "; - s += "print_format=\"%.6f\" "; + s += "pack_relative=\"" + std::string(field->name) + "\""; if ( ! ds_use_integer_for_time ) - s += "pack_scale=\"1000\" pack_scale_warn=\"no\""; + s += " pack_scale=\"1e-6\" print_format=\"%.6f\" pack_scale_warn=\"no\""; else - s += string("units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; + s += string(" units=\"") + TIME_UNIT() + "\" epoch=\"unix\""; return s; } diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml index 9862ae606f..cacc3b0ea4 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml @@ -1,5 +1,5 @@ - + diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out index 76e7e77c77..ed2aff0164 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out @@ -20,7 +20,7 @@ test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataserie - + @@ -34,17 +34,17 @@ test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataserie extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +508 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299467e+09 10.0.0.1 20 10.0.0.2 1024 -1.299471e+09 10.0.0.2 20 10.0.0.3 0 +1299466805.000000 10.0.0.1 20 10.0.0.2 1024 +1299470395.000000 10.0.0.2 20 10.0.0.3 0 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +508 DataSeries: ExtentIndex > test.2011-03-07-04-00-05.ds # Extent Types ... @@ -57,7 +57,7 @@ offset extenttype - + @@ -71,17 +71,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.29947e+09 10.0.0.1 20 10.0.0.2 1025 -1.299474e+09 10.0.0.2 20 10.0.0.3 1 +1299470405.000000 10.0.0.1 20 10.0.0.2 1025 +1299473995.000000 10.0.0.2 20 10.0.0.3 1 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-05-00-05.ds # Extent Types ... @@ -94,7 +94,7 @@ offset extenttype - + @@ -108,17 +108,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299474e+09 10.0.0.1 20 10.0.0.2 1026 -1.299478e+09 10.0.0.2 20 10.0.0.3 2 +1299474005.000000 10.0.0.1 20 10.0.0.2 1026 +1299477595.000000 10.0.0.2 20 10.0.0.3 2 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-06-00-05.ds # Extent Types ... @@ -131,7 +131,7 @@ offset extenttype - + @@ -145,17 +145,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299478e+09 10.0.0.1 20 10.0.0.2 1027 -1.299482e+09 10.0.0.2 20 10.0.0.3 3 +1299477605.000000 10.0.0.1 20 10.0.0.2 1027 +1299481195.000000 10.0.0.2 20 10.0.0.3 3 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-07-00-05.ds # Extent Types ... @@ -168,7 +168,7 @@ offset extenttype - + @@ -182,17 +182,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +512 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299481e+09 10.0.0.1 20 10.0.0.2 1028 -1.299485e+09 10.0.0.2 20 10.0.0.3 4 +1299481205.000000 10.0.0.1 20 10.0.0.2 1028 +1299484795.000000 10.0.0.2 20 10.0.0.3 4 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +512 DataSeries: ExtentIndex > test.2011-03-07-08-00-05.ds # Extent Types ... @@ -205,7 +205,7 @@ offset extenttype - + @@ -219,17 +219,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299485e+09 10.0.0.1 20 10.0.0.2 1029 -1.299489e+09 10.0.0.2 20 10.0.0.3 5 +1299484805.000000 10.0.0.1 20 10.0.0.2 1029 +1299488395.000000 10.0.0.2 20 10.0.0.3 5 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-09-00-05.ds # Extent Types ... @@ -242,7 +242,7 @@ offset extenttype - + @@ -256,17 +256,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299488e+09 10.0.0.1 20 10.0.0.2 1030 -1.299492e+09 10.0.0.2 20 10.0.0.3 6 +1299488405.000000 10.0.0.1 20 10.0.0.2 1030 +1299491995.000000 10.0.0.2 20 10.0.0.3 6 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-10-00-05.ds # Extent Types ... @@ -279,7 +279,7 @@ offset extenttype - + @@ -293,17 +293,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299492e+09 10.0.0.1 20 10.0.0.2 1031 -1.299496e+09 10.0.0.2 20 10.0.0.3 7 +1299492005.000000 10.0.0.1 20 10.0.0.2 1031 +1299495595.000000 10.0.0.2 20 10.0.0.3 7 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-11-00-05.ds # Extent Types ... @@ -316,7 +316,7 @@ offset extenttype - + @@ -330,17 +330,17 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299496e+09 10.0.0.1 20 10.0.0.2 1032 -1.2995e+09 10.0.0.2 20 10.0.0.3 8 +1299495605.000000 10.0.0.1 20 10.0.0.2 1032 +1299499195.000000 10.0.0.2 20 10.0.0.3 8 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex > test.2011-03-07-12-00-05.ds # Extent Types ... @@ -353,7 +353,7 @@ offset extenttype - + @@ -367,14 +367,14 @@ offset extenttype extent offset ExtentType 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p -1.299499e+09 10.0.0.1 20 10.0.0.2 1033 -1.299503e+09 10.0.0.2 20 10.0.0.3 9 +1299499205.000000 10.0.0.1 20 10.0.0.2 1033 +1299502795.000000 10.0.0.2 20 10.0.0.3 9 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -372 test -484 DataSeries: ExtentIndex +392 test +516 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt index 8cb1293772..245bdcd9be 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -9,7 +9,7 @@ - + @@ -27,17 +27,17 @@ extent offset ExtentType 40 DataSeries: XmlType -416 ssh -624 DataSeries: ExtentIndex +436 ssh +644 DataSeries: ExtentIndex # Extent, type='ssh' t id.orig_h id.orig_p id.resp_h id.resp_p status country -X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success unknown -X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure US -X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure UK -X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 success BR -X.XXXe+09 1.2.3.4 1234 2.3.4.5 80 failure MX +1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success unknown +1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure US +1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure UK +1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success BR +1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure MX # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -416 ssh -624 DataSeries: ExtentIndex +436 ssh +644 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt index 7a4af6776b..104831f027 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt @@ -9,7 +9,7 @@ - + @@ -17,7 +17,7 @@ - + @@ -51,46 +51,46 @@ extent offset ExtentType 40 DataSeries: XmlType -680 conn -2592 DataSeries: ExtentIndex +700 conn +2860 DataSeries: ExtentIndex # Extent, type='conn' ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes -1.300475e+09 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 -1.300475e+09 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 -1.300475e+09 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 -1.300475e+09 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.300475e+09 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.300475e+09 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.300475e+09 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.300475e+09 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.300475e+09 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.300475e+09 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.300475e+09 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.300475e+09 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.300475e+09 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0 0 89 SHR F 0 Cd 0 0 1 117 -1.300475e+09 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0 0 99 SHR F 0 Cd 0 0 1 127 -1.300475e+09 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0 0 183 SHR F 0 Cd 0 0 1 211 -1.300475e+09 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0 0 131 SHR F 0 Cd 0 0 1 159 -1.300475e+09 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0 0 198 SHR F 0 Cd 0 0 1 226 -1.300475e+09 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 -1.300475e+09 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 0 350 0 S0 F 0 D 7 546 0 0 -1.300475e+09 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 -1.300475e+09 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 -1.300475e+09 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0 66 0 S0 F 0 D 2 162 0 0 -1.300475e+09 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0 66 0 S0 F 0 D 2 122 0 0 -1.300475e+09 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 -1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 0 1130 734 S1 F 1130 ShACad 4 216 4 950 -1.300475e+09 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0 0 350 OTH F 0 CdA 1 52 1 402 -1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 0 1178 734 S1 F 1178 ShACad 4 216 4 950 -1.300475e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0 534 412 S1 F 534 ShACad 3 164 3 576 -1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 0 1148 734 S1 F 1148 ShACad 4 216 4 950 -1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 0 1171 733 S1 F 1171 ShACad 4 216 4 949 -1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 0 1137 733 S1 F 1137 ShACad 4 216 4 949 -1.300475e+09 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 -1.300475e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0 525 232 S1 F 525 ShACad 3 164 3 396 -1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0 1125 734 S1 F 1125 ShACad 4 216 4 950 +1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 +1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0.000000 0 0 S0 F 0 D 1 199 0 0 +1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0.000000 0 0 S0 F 0 D 1 179 0 0 +1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 0 89 SHR F 0 Cd 0 0 1 117 +1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 0 99 SHR F 0 Cd 0 0 1 127 +1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 0 183 SHR F 0 Cd 0 0 1 211 +1300475168.857956 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 0 89 SHR F 0 Cd 0 0 1 117 +1300475168.858306 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 0 99 SHR F 0 Cd 0 0 1 127 +1300475168.858713 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 0 183 SHR F 0 Cd 0 0 1 211 +1300475168.891644 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 0 89 SHR F 0 Cd 0 0 1 117 +1300475168.892037 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 0 99 SHR F 0 Cd 0 0 1 127 +1300475168.892414 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 0 183 SHR F 0 Cd 0 0 1 211 +1300475168.893988 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 0 89 SHR F 0 Cd 0 0 1 117 +1300475168.894422 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 0 99 SHR F 0 Cd 0 0 1 127 +1300475168.894787 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 0 183 SHR F 0 Cd 0 0 1 211 +1300475168.901749 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 0 131 SHR F 0 Cd 0 0 1 159 +1300475168.902195 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 0 198 SHR F 0 Cd 0 0 1 226 +1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 85 0 0 +1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 F 0 D 7 546 0 0 +1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 F 0 D 2 162 0 0 +1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 F 0 D 2 122 0 0 +1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 F 0 D 2 162 0 0 +1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 F 0 D 2 122 0 0 +1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0.000000 0 0 S0 F 0 D 1 78 0 0 +1300475168.859163 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp 0.215893 1130 734 S1 F 1130 ShACad 4 216 4 950 +1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0.061329 0 350 OTH F 0 CdA 1 52 1 402 +1300475168.895267 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp 0.227284 1178 734 S1 F 1178 ShACad 4 216 4 950 +1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0.120041 534 412 S1 F 534 ShACad 3 164 3 576 +1300475168.892936 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp 0.229603 1148 734 S1 F 1148 ShACad 4 216 4 950 +1300475168.855305 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp 0.218501 1171 733 S1 F 1171 ShACad 4 216 4 949 +1300475168.892913 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp 0.220961 1137 733 S1 F 1137 ShACad 4 216 4 949 +1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0.000000 0 0 OTH F 0 h 0 0 1 48 +1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0.119905 525 232 S1 F 525 ShACad 3 164 3 396 +1300475168.855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0.219720 1125 734 S1 F 1125 ShACad 4 216 4 950 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -680 conn -2592 DataSeries: ExtentIndex +700 conn +2860 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt index 0b16a69a6f..0f1eebd251 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -9,7 +9,7 @@ - + @@ -65,26 +65,26 @@ extent offset ExtentType 40 DataSeries: XmlType -784 http -1172 DataSeries: ExtentIndex +804 http +1252 DataSeries: ExtentIndex # Extent, type='http' ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -1.300475e+09 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 -1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 -1.300475e+09 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1.300475e+09 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475168.843894 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 +1300475168.975800 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475168.976327 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475168.979160 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.012666 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.012730 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.014860 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.022665 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 +1300475169.036294 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.036798 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.039923 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.074793 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.074938 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475169.075065 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 # Extent, type='DataSeries: ExtentIndex' offset extenttype 40 DataSeries: XmlType -784 http -1172 DataSeries: ExtentIndex +804 http +1252 DataSeries: ExtentIndex diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro index d04b0acf44..0c5c52460b 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro @@ -3,7 +3,7 @@ # @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES -# @TEST-EXEC: ds2txt ssh.ds | ${SCRIPTS}/diff-remove-timestamps-dataseries >ssh.ds.txt +# @TEST-EXEC: ds2txt ssh.ds >ssh.ds.txt # @TEST-EXEC: btest-diff ssh.ds.txt module SSH; diff --git a/testing/scripts/diff-remove-timestamps-dataseries b/testing/scripts/diff-remove-timestamps-dataseries deleted file mode 100755 index 5b20f138af..0000000000 --- a/testing/scripts/diff-remove-timestamps-dataseries +++ /dev/null @@ -1,6 +0,0 @@ -#! /usr/bin/env bash -# -# Replace anything which looks like DataSeries timestamps (which is a double) with XXXs. - -sed 's/1\.[0-9]*e+09/X.XXXe+09/g' - From ac09bae7d59a6794a02ae40197c9ea0c7cb40f1a Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 14 May 2012 22:14:31 -0700 Subject: [PATCH 40/51] Updating doc. --- doc/logging-dataseries.rst | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 1a5f4ae520..5f1ad7f7c6 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -72,12 +72,15 @@ With that, Bro will now write all its output into DataSeries files tools, which its installation process will have installed into ``/bin``. For example, to convert a file back into an ASCII representation:: - # ds2txt conn .log + # ds2txt conn.log [... We skip a bunch of meta data here ...] - ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts res - 1.3e+09 9CqElRsB9Q 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 - 1.3e+09 3bNPfUWuIhb fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 - 1.3e+09 ZoDDN7YuYx3 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 + ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes + 1300475167.096535 CRCC5OdDlXe 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 + 1300475167.097012 o7XBsfvo3U1 fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0.000000 0 0 S0 F 0 D 1 199 0 0 + 1300475167.099816 pXPi1kPMgxb 141.142.220.50 5353 224.0.0.251 5353 udp 0.000000 0 0 S0 F 0 D 1 179 0 0 + 1300475168.853899 R7sOc16woCj 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F 0 Dd 1 66 1 117 + 1300475168.854378 Z6dfHVmt0X7 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F 0 Dd 1 80 1 127 + 1300475168.854837 k6T92WxgNAh 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F 0 Dd 1 66 1 211 [...] Note that is ASCII format is *not* equivalent to Bro's default format From d6fdc10242a409bc58829830dd48b0b6b5503f7b Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 15 May 2012 10:19:56 -0500 Subject: [PATCH 41/51] Add a comment to explain the ICMPv6 error message types --- src/ICMP.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ICMP.cc b/src/ICMP.cc index 2f11337d8a..05a6b67dff 100644 --- a/src/ICMP.cc +++ b/src/ICMP.cc @@ -181,6 +181,9 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c case MLD_LISTENER_REDUCTION: #endif default: + // Error messages (i.e., ICMPv6 type < 128) all have + // the same structure for their context, and are + // handled by the same function. if ( icmpp->icmp_type < 128 ) Context6(t, icmpp, len, caplen, data, ip_hdr); else From 4fe11cf50361321597177e8d78ce25ffa5ea6f1b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 16 May 2012 17:54:38 -0700 Subject: [PATCH 42/51] Extending DS docs with some examples. --- doc/logging-dataseries.rst | 75 ++++++++++++++++++++++++++++++++++---- 1 file changed, 68 insertions(+), 7 deletions(-) diff --git a/doc/logging-dataseries.rst b/doc/logging-dataseries.rst index 5f1ad7f7c6..8c797dd46c 100644 --- a/doc/logging-dataseries.rst +++ b/doc/logging-dataseries.rst @@ -62,7 +62,7 @@ Activating DataSeries The direct way to use DataSeries is to switch *all* log files over to the binary format. To do that, just add ``redef -Log::default_writer=Log::WRITER_DATASERIES;`` to your ``local.bro`. +Log::default_writer=Log::WRITER_DATASERIES;`` to your ``local.bro``. For testing, you can also just pass that on the command line:: bro -r trace.pcap Log::default_writer=Log::WRITER_DATASERIES @@ -72,7 +72,8 @@ With that, Bro will now write all its output into DataSeries files tools, which its installation process will have installed into ``/bin``. For example, to convert a file back into an ASCII representation:: - # ds2txt conn.log + + $ ds2txt conn.log [... We skip a bunch of meta data here ...] ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes 1300475167.096535 CRCC5OdDlXe 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 @@ -83,13 +84,22 @@ representation:: 1300475168.854837 k6T92WxgNAh 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F 0 Dd 1 66 1 211 [...] +(``--skip-all`` suppresses the meta data.) + Note that is ASCII format is *not* equivalent to Bro's default format as DataSeries uses a different internal representation. You can also switch only individual files over to DataSeries by adding code like this to your ``local.bro``:: - TODO +.. code:: bro + + event bro_init() + { + local f = Log::get_filter(Conn::LOG, "default"); # Get default filter for connection log. + f$writer = Log::WRITER_DATASERIES; # Change writer type. + Log::add_filter(Conn::LOG, f); # Replace filter with adapted version. + } Bro's DataSeries writer comes with a few tuning options, see :doc:`scripts/base/frameworks/logging/writers/dataseries`. @@ -100,9 +110,60 @@ Working with DataSeries Here are few examples of using DataSeries command line tools to work with the output files. -TODO. +* Printing CSV:: -TODO -==== + $ ds2txt --csv conn.log + ts,uid,id.orig_h,id.orig_p,id.resp_h,id.resp_p,proto,service,duration,orig_bytes,resp_bytes,conn_state,local_orig,missed_bytes,history,orig_pkts,orig_ip_bytes,resp_pkts,resp_ip_bytes + 1258790493.773208,ZTtgbHvf4s3,192.168.1.104,137,192.168.1.255,137,udp,dns,3.748891,350,0,S0,F,0,D,7,546,0,0 + 1258790451.402091,pOY6Rw7lhUd,192.168.1.106,138,192.168.1.255,138,udp,,0.000000,0,0,S0,F,0,D,1,229,0,0 + 1258790493.787448,pn5IiEslca9,192.168.1.104,138,192.168.1.255,138,udp,,2.243339,348,0,S0,F,0,D,2,404,0,0 + 1258790615.268111,D9slyIu3hFj,192.168.1.106,137,192.168.1.255,137,udp,dns,3.764626,350,0,S0,F,0,D,7,546,0,0 + [...] -* Do we have a leak? + Add ``--separator=X`` to set a different separator. + +* Extracting a subset of columns:: + + $ ds2txt --select '*' ts,id.resp_h,id.resp_p --skip-all conn.log + 1258790493.773208 192.168.1.255 137 + 1258790451.402091 192.168.1.255 138 + 1258790493.787448 192.168.1.255 138 + 1258790615.268111 192.168.1.255 137 + 1258790615.289842 192.168.1.255 138 + [...] + +* Filtering rows:: + + $ ds2txt --where '*' 'duration > 5 && id.resp_p > 1024' --skip-all conn.ds + 1258790631.532888 V8mV5WLITu5 192.168.1.105 55890 239.255.255.250 1900 udp 15.004568 798 0 S0 F 0 D 6 966 0 0 + 1258792413.439596 tMcWVWQptvd 192.168.1.105 55890 239.255.255.250 1900 udp 15.004581 798 0 S0 F 0 D 6 966 0 0 + 1258794195.346127 cQwQMRdBrKa 192.168.1.105 55890 239.255.255.250 1900 udp 15.005071 798 0 S0 F 0 D 6 966 0 0 + 1258795977.253200 i8TEjhWd2W8 192.168.1.105 55890 239.255.255.250 1900 udp 15.004824 798 0 S0 F 0 D 6 966 0 0 + 1258797759.160217 MsLsBA8Ia49 192.168.1.105 55890 239.255.255.250 1900 udp 15.005078 798 0 S0 F 0 D 6 966 0 0 + 1258799541.068452 TsOxRWJRGwf 192.168.1.105 55890 239.255.255.250 1900 udp 15.004082 798 0 S0 F 0 D 6 966 0 0 + [...] + +* Calculate some statistics: + + Mean/stdev/min/max over a column:: + + $ dsstatgroupby '*' basic duration from conn.ds + # Begin DSStatGroupByModule + # processed 2159 rows, where clause eliminated 0 rows + # count(*), mean(duration), stddev, min, max + 2159, 42.7938, 1858.34, 0, 86370 + [...] + + Quantiles of total connection volume:: + + > dsstatgroupby '*' quantile 'orig_bytes + resp_bytes' from conn.ds + [...] + 2159 data points, mean 24616 +- 343295 [0,1.26615e+07] + quantiles about every 216 data points: + 10%: 0, 124, 317, 348, 350, 350, 601, 798, 1469 + tails: 90%: 1469, 95%: 7302, 99%: 242629, 99.5%: 1226262 + [...] + +The ``man`` pages for these tool show further options, and their +``-h`` option gives some more information (either can be a bit cryptic +unfortunately though). From 99db264775cfc2d1aae5f0c8cd264deb37f497e3 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 16 May 2012 18:00:44 -0700 Subject: [PATCH 43/51] Portability fixes. - Fix for time-as-int on 32-bit systems. - Skipping ds2txt's index output for test diffing, as it seems non-portable. --- src/logging/writers/DataSeries.cc | 2 +- .../out | 90 ------------------- .../ssh.ds.txt | 19 ++-- .../conn.ds.txt | 9 -- .../conn.ds.txt | 9 -- .../http.ds.txt | 9 -- .../btest/core/leaks/dataseries-rotate.bro | 1 + testing/btest/core/leaks/dataseries.bro | 1 + .../frameworks/logging/dataseries/rotate.bro | 2 +- .../logging/dataseries/test-logging.bro | 2 +- .../logging/dataseries/time-as-int.bro | 2 +- .../logging/dataseries/wikipedia.bro | 4 +- 12 files changed, 13 insertions(+), 137 deletions(-) diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index a7908a8e04..9f19028be3 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -61,7 +61,7 @@ std::string DataSeries::LogValueToString(threading::Value *val) if ( ds_use_integer_for_time ) { std::ostringstream ostr; - ostr << (unsigned long)(DataSeries::TIME_SCALE * val->val.double_val); + ostr << (uint64_t)(DataSeries::TIME_SCALE * val->val.double_val); return ostr.str(); } else diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out index ed2aff0164..1e5e1b05c6 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out @@ -32,19 +32,10 @@ test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataserie -extent offset ExtentType -40 DataSeries: XmlType -392 test -508 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299466805.000000 10.0.0.1 20 10.0.0.2 1024 1299470395.000000 10.0.0.2 20 10.0.0.3 0 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -508 DataSeries: ExtentIndex > test.2011-03-07-04-00-05.ds # Extent Types ... @@ -69,19 +60,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299470405.000000 10.0.0.1 20 10.0.0.2 1025 1299473995.000000 10.0.0.2 20 10.0.0.3 1 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-05-00-05.ds # Extent Types ... @@ -106,19 +88,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299474005.000000 10.0.0.1 20 10.0.0.2 1026 1299477595.000000 10.0.0.2 20 10.0.0.3 2 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-06-00-05.ds # Extent Types ... @@ -143,19 +116,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299477605.000000 10.0.0.1 20 10.0.0.2 1027 1299481195.000000 10.0.0.2 20 10.0.0.3 3 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-07-00-05.ds # Extent Types ... @@ -180,19 +144,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -512 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299481205.000000 10.0.0.1 20 10.0.0.2 1028 1299484795.000000 10.0.0.2 20 10.0.0.3 4 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -512 DataSeries: ExtentIndex > test.2011-03-07-08-00-05.ds # Extent Types ... @@ -217,19 +172,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299484805.000000 10.0.0.1 20 10.0.0.2 1029 1299488395.000000 10.0.0.2 20 10.0.0.3 5 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-09-00-05.ds # Extent Types ... @@ -254,19 +200,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299488405.000000 10.0.0.1 20 10.0.0.2 1030 1299491995.000000 10.0.0.2 20 10.0.0.3 6 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-10-00-05.ds # Extent Types ... @@ -291,19 +228,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299492005.000000 10.0.0.1 20 10.0.0.2 1031 1299495595.000000 10.0.0.2 20 10.0.0.3 7 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-11-00-05.ds # Extent Types ... @@ -328,19 +256,10 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299495605.000000 10.0.0.1 20 10.0.0.2 1032 1299499195.000000 10.0.0.2 20 10.0.0.3 8 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex > test.2011-03-07-12-00-05.ds # Extent Types ... @@ -365,16 +284,7 @@ offset extenttype -extent offset ExtentType -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex # Extent, type='test' t id.orig_h id.orig_p id.resp_h id.resp_p 1299499205.000000 10.0.0.1 20 10.0.0.2 1033 1299502795.000000 10.0.0.2 20 10.0.0.3 9 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -392 test -516 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt index 245bdcd9be..e9640dfd9d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt @@ -25,19 +25,10 @@ -extent offset ExtentType -40 DataSeries: XmlType -436 ssh -644 DataSeries: ExtentIndex # Extent, type='ssh' t id.orig_h id.orig_p id.resp_h id.resp_p status country -1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success unknown -1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure US -1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure UK -1337058239.030366 1.2.3.4 1234 2.3.4.5 80 success BR -1337058239.030366 1.2.3.4 1234 2.3.4.5 80 failure MX -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -436 ssh -644 DataSeries: ExtentIndex +1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success unknown +1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure US +1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure UK +1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success BR +1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure MX diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt index 65d4ba0a67..1d7cba3b3c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt @@ -49,10 +49,6 @@ -extent offset ExtentType -40 DataSeries: XmlType -672 conn -2948 DataSeries: ExtentIndex # Extent, type='conn' ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes 1300475167096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 @@ -89,8 +85,3 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475169780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 1300475168724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 119904 525 232 S1 F 525 ShACad 3 164 3 396 1300475168855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 219720 1125 734 S1 F 1125 ShACad 4 216 4 950 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -672 conn -2948 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt index 104831f027..3cafa078de 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt @@ -49,10 +49,6 @@ -extent offset ExtentType -40 DataSeries: XmlType -700 conn -2860 DataSeries: ExtentIndex # Extent, type='conn' ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes 1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 @@ -89,8 +85,3 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0.000000 0 0 OTH F 0 h 0 0 1 48 1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0.119905 525 232 S1 F 525 ShACad 3 164 3 396 1300475168.855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp 0.219720 1125 734 S1 F 1125 ShACad 4 216 4 950 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -700 conn -2860 DataSeries: ExtentIndex diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt index 0f1eebd251..adb7bb3f7b 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -63,10 +63,6 @@ -extent offset ExtentType -40 DataSeries: XmlType -804 http -1252 DataSeries: ExtentIndex # Extent, type='http' ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file 1300475168.843894 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 @@ -83,8 +79,3 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri refer 1300475169.074793 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 1300475169.074938 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 1300475169.075065 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 -# Extent, type='DataSeries: ExtentIndex' -offset extenttype -40 DataSeries: XmlType -804 http -1252 DataSeries: ExtentIndex diff --git a/testing/btest/core/leaks/dataseries-rotate.bro b/testing/btest/core/leaks/dataseries-rotate.bro index 188de9717b..1afc517d1a 100644 --- a/testing/btest/core/leaks/dataseries-rotate.bro +++ b/testing/btest/core/leaks/dataseries-rotate.bro @@ -3,6 +3,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks +# @TEST-GROUP: dataseries # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r %DIR/../rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES diff --git a/testing/btest/core/leaks/dataseries.bro b/testing/btest/core/leaks/dataseries.bro index 886ee54dd9..01dc3ffd79 100644 --- a/testing/btest/core/leaks/dataseries.bro +++ b/testing/btest/core/leaks/dataseries.bro @@ -4,6 +4,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-GROUP: leaks +# @TEST-GROUP: dataseries # # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro index 6a0cee5888..652a4596fb 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro @@ -3,7 +3,7 @@ # @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b -r %DIR/../rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out -# @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt $i; done >>out +# @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt --skip-index $i; done >>out # @TEST-EXEC: btest-diff out module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro index 0c5c52460b..ee0426ae55 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro @@ -3,7 +3,7 @@ # @TEST-GROUP: dataseries # # @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES -# @TEST-EXEC: ds2txt ssh.ds >ssh.ds.txt +# @TEST-EXEC: ds2txt --skip-index ssh.ds >ssh.ds.txt # @TEST-EXEC: btest-diff ssh.ds.txt module SSH; diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro index e4dd6a5431..5e3f864b33 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro @@ -3,7 +3,7 @@ # @TEST-GROUP: dataseries # # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES -# @TEST-EXEC: ds2txt conn.ds >conn.ds.txt +# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt # @TEST-EXEC: btest-diff conn.ds.txt redef LogDataSeries::use_integer_for_time = T; diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro index 38726a8b10..ee1342c470 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro @@ -3,7 +3,7 @@ # @TEST-GROUP: dataseries # # @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES -# @TEST-EXEC: ds2txt conn.ds >conn.ds.txt -# @TEST-EXEC: ds2txt http.ds >http.ds.txt +# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt +# @TEST-EXEC: ds2txt --skip-index http.ds >http.ds.txt # @TEST-EXEC: btest-diff conn.ds.txt # @TEST-EXEC: btest-diff http.ds.txt From 5dae925f670c1f9976ae6a344fb60293f34a6df2 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 16 May 2012 18:24:55 -0700 Subject: [PATCH 44/51] Fixing a rotation race condition at termination. Noticed with DS, but could just as well happen with ASCII. --- src/logging/Manager.cc | 13 +++++++++++++ src/logging/Manager.h | 1 + src/threading/Manager.h | 6 ++++++ 3 files changed, 20 insertions(+) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index 7f785e1080..a4dea1c909 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -7,6 +7,7 @@ #include "../NetVar.h" #include "../Net.h" +#include "threading/Manager.h" #include "threading/SerialTypes.h" #include "Manager.h" @@ -124,6 +125,7 @@ Manager::Stream::~Stream() Manager::Manager() { + rotations_pending = 0; } Manager::~Manager() @@ -1127,6 +1129,13 @@ bool Manager::Flush(EnumVal* id) void Manager::Terminate() { + // Make sure we process all the pending rotations. + while ( rotations_pending ) + { + thread_mgr->ForceProcessing(); // A blatant layering violation ... + usleep(1000); + } + for ( vector::iterator s = streams.begin(); s != streams.end(); ++s ) { if ( ! *s ) @@ -1235,6 +1244,8 @@ void Manager::Rotate(WriterInfo* winfo) // Trigger the rotation. winfo->writer->Rotate(tmp, winfo->open_time, network_time, terminating); + + ++rotations_pending; } bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string old_name, @@ -1243,6 +1254,8 @@ bool Manager::FinishedRotation(WriterFrontend* writer, string new_name, string o DBG_LOG(DBG_LOGGING, "Finished rotating %s at %.6f, new name %s", writer->Path().c_str(), network_time, new_name.c_str()); + --rotations_pending; + WriterInfo* winfo = FindWriter(writer); if ( ! winfo ) return true; diff --git a/src/logging/Manager.h b/src/logging/Manager.h index 5af3e55b4a..f5e62b0683 100644 --- a/src/logging/Manager.h +++ b/src/logging/Manager.h @@ -200,6 +200,7 @@ private: WriterInfo* FindWriter(WriterFrontend* writer); vector streams; // Indexed by stream enum. + int rotations_pending; // Number of rotations not yet finished. }; } diff --git a/src/threading/Manager.h b/src/threading/Manager.h index 7d9ba766d4..ab8189f39d 100644 --- a/src/threading/Manager.h +++ b/src/threading/Manager.h @@ -77,6 +77,12 @@ public: */ int NumThreads() const { return all_threads.size(); } + /** Manually triggers processing of any thread input. This can be useful + * if the main thread is waiting for a specific message from a child. + * Usually, though, one should avoid using it. + */ + void ForceProcessing() { Process(); } + protected: friend class BasicThread; friend class MsgThread; From 122f6ee4c64b46cd5264ea0964ba366ddc73446c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 16 May 2012 18:28:51 -0700 Subject: [PATCH 45/51] Moving trace for rotation test into traces directory. --- .../frameworks/logging => Traces}/rotation.trace | Bin testing/btest/core/leaks/dataseries-rotate.bro | 2 +- .../base/frameworks/logging/dataseries/rotate.bro | 2 +- .../scripts/base/frameworks/logging/rotate.bro | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename testing/btest/{scripts/base/frameworks/logging => Traces}/rotation.trace (100%) diff --git a/testing/btest/scripts/base/frameworks/logging/rotation.trace b/testing/btest/Traces/rotation.trace similarity index 100% rename from testing/btest/scripts/base/frameworks/logging/rotation.trace rename to testing/btest/Traces/rotation.trace diff --git a/testing/btest/core/leaks/dataseries-rotate.bro b/testing/btest/core/leaks/dataseries-rotate.bro index 1afc517d1a..f0a5f3079d 100644 --- a/testing/btest/core/leaks/dataseries-rotate.bro +++ b/testing/btest/core/leaks/dataseries-rotate.bro @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # @TEST-GROUP: dataseries # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r %DIR/../rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES module Test; diff --git a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro index 652a4596fb..7b708473e3 100644 --- a/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro @@ -2,7 +2,7 @@ # @TEST-REQUIRES: has-writer DataSeries && which ds2txt # @TEST-GROUP: dataseries # -# @TEST-EXEC: bro -b -r %DIR/../rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out +# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out # @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt --skip-index $i; done >>out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/scripts/base/frameworks/logging/rotate.bro b/testing/btest/scripts/base/frameworks/logging/rotate.bro index 14123c56c6..212dba3bf7 100644 --- a/testing/btest/scripts/base/frameworks/logging/rotate.bro +++ b/testing/btest/scripts/base/frameworks/logging/rotate.bro @@ -1,5 +1,5 @@ # -# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out +# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 | grep "test" >out # @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out # @TEST-EXEC: btest-diff out From e34f27b928667eefdd9b6aa92457d4a345c25f68 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 17 May 2012 09:54:30 -0700 Subject: [PATCH 46/51] Updating submodule(s). [nomail] --- CHANGES | 6 ++++++ VERSION | 2 +- aux/broctl | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index da527a60f6..6471dbe4be 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.0-341 | 2012-05-17 09:54:30 -0700 + + * Add a comment to explain the ICMPv6 error message types. (Daniel Thayer) + + * Quieting external test output somehwat. (Robin Sommer) + 2.0-336 | 2012-05-14 17:15:44 -0700 * Don't print the various "weird" events to stderr. Address #805. diff --git a/VERSION b/VERSION index b59cb1ff9b..358412b7a2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-338 +2.0-341 diff --git a/aux/broctl b/aux/broctl index 5137c63751..519d2e21ee 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 5137c6375162f121348095205aaaec04a86de632 +Subproject commit 519d2e21ee375833c89eb6f7dc95c1eac3de17ab From ea2bd659f3b206eb4d6001c8f5b290b9e0cd3e06 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 17 May 2012 12:41:10 -0700 Subject: [PATCH 47/51] Adding target update-doc-sources to top-level Makefile that runs genDocSourcesList.sh. --- DocSourcesList.cmake | 144 ++++++++++++++++++++++++++++++++ Makefile | 3 + testing/btest/coverage/doc.test | 5 +- 3 files changed, 151 insertions(+), 1 deletion(-) create mode 100644 DocSourcesList.cmake diff --git a/DocSourcesList.cmake b/DocSourcesList.cmake new file mode 100644 index 0000000000..1743b0258f --- /dev/null +++ b/DocSourcesList.cmake @@ -0,0 +1,144 @@ +# DO NOT EDIT +# This file is auto-generated from the genDocSourcesList.sh script. +# +# This is a list of Bro script sources for which to generate reST documentation. +# It will be included inline in the CMakeLists.txt found in the same directory +# in order to create Makefile targets that define how to generate reST from +# a given Bro script. +# +# Note: any path prefix of the script (2nd argument of rest_target macro) +# will be used to derive what path under scripts/ the generated documentation +# will be placed. + +set(psd ${PROJECT_SOURCE_DIR}/scripts) + +rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal) +rest_target(${psd} base/init-default.bro internal) +rest_target(${psd} base/init-bare.bro internal) + +rest_target(${CMAKE_BINARY_DIR}/src base/bro.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/const.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/event.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/logging.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/reporter.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/strings.bif.bro) +rest_target(${CMAKE_BINARY_DIR}/src base/types.bif.bro) +rest_target(${psd} base/frameworks/cluster/main.bro) +rest_target(${psd} base/frameworks/cluster/nodes/manager.bro) +rest_target(${psd} base/frameworks/cluster/nodes/proxy.bro) +rest_target(${psd} base/frameworks/cluster/nodes/worker.bro) +rest_target(${psd} base/frameworks/cluster/setup-connections.bro) +rest_target(${psd} base/frameworks/communication/main.bro) +rest_target(${psd} base/frameworks/control/main.bro) +rest_target(${psd} base/frameworks/dpd/main.bro) +rest_target(${psd} base/frameworks/intel/main.bro) +rest_target(${psd} base/frameworks/logging/main.bro) +rest_target(${psd} base/frameworks/logging/postprocessors/scp.bro) +rest_target(${psd} base/frameworks/logging/postprocessors/sftp.bro) +rest_target(${psd} base/frameworks/logging/writers/ascii.bro) +rest_target(${psd} base/frameworks/logging/writers/dataseries.bro) +rest_target(${psd} base/frameworks/metrics/cluster.bro) +rest_target(${psd} base/frameworks/metrics/main.bro) +rest_target(${psd} base/frameworks/metrics/non-cluster.bro) +rest_target(${psd} base/frameworks/notice/actions/add-geodata.bro) +rest_target(${psd} base/frameworks/notice/actions/drop.bro) +rest_target(${psd} base/frameworks/notice/actions/email_admin.bro) +rest_target(${psd} base/frameworks/notice/actions/page.bro) +rest_target(${psd} base/frameworks/notice/actions/pp-alarms.bro) +rest_target(${psd} base/frameworks/notice/cluster.bro) +rest_target(${psd} base/frameworks/notice/extend-email/hostnames.bro) +rest_target(${psd} base/frameworks/notice/main.bro) +rest_target(${psd} base/frameworks/notice/weird.bro) +rest_target(${psd} base/frameworks/packet-filter/main.bro) +rest_target(${psd} base/frameworks/packet-filter/netstats.bro) +rest_target(${psd} base/frameworks/reporter/main.bro) +rest_target(${psd} base/frameworks/signatures/main.bro) +rest_target(${psd} base/frameworks/software/main.bro) +rest_target(${psd} base/protocols/conn/contents.bro) +rest_target(${psd} base/protocols/conn/inactivity.bro) +rest_target(${psd} base/protocols/conn/main.bro) +rest_target(${psd} base/protocols/dns/consts.bro) +rest_target(${psd} base/protocols/dns/main.bro) +rest_target(${psd} base/protocols/ftp/file-extract.bro) +rest_target(${psd} base/protocols/ftp/main.bro) +rest_target(${psd} base/protocols/ftp/utils-commands.bro) +rest_target(${psd} base/protocols/http/file-extract.bro) +rest_target(${psd} base/protocols/http/file-hash.bro) +rest_target(${psd} base/protocols/http/file-ident.bro) +rest_target(${psd} base/protocols/http/main.bro) +rest_target(${psd} base/protocols/http/utils.bro) +rest_target(${psd} base/protocols/irc/dcc-send.bro) +rest_target(${psd} base/protocols/irc/main.bro) +rest_target(${psd} base/protocols/smtp/entities-excerpt.bro) +rest_target(${psd} base/protocols/smtp/entities.bro) +rest_target(${psd} base/protocols/smtp/main.bro) +rest_target(${psd} base/protocols/ssh/main.bro) +rest_target(${psd} base/protocols/ssl/consts.bro) +rest_target(${psd} base/protocols/ssl/main.bro) +rest_target(${psd} base/protocols/ssl/mozilla-ca-list.bro) +rest_target(${psd} base/protocols/syslog/consts.bro) +rest_target(${psd} base/protocols/syslog/main.bro) +rest_target(${psd} base/utils/addrs.bro) +rest_target(${psd} base/utils/conn-ids.bro) +rest_target(${psd} base/utils/directions-and-hosts.bro) +rest_target(${psd} base/utils/files.bro) +rest_target(${psd} base/utils/numbers.bro) +rest_target(${psd} base/utils/paths.bro) +rest_target(${psd} base/utils/patterns.bro) +rest_target(${psd} base/utils/site.bro) +rest_target(${psd} base/utils/strings.bro) +rest_target(${psd} base/utils/thresholds.bro) +rest_target(${psd} policy/frameworks/communication/listen.bro) +rest_target(${psd} policy/frameworks/control/controllee.bro) +rest_target(${psd} policy/frameworks/control/controller.bro) +rest_target(${psd} policy/frameworks/dpd/detect-protocols.bro) +rest_target(${psd} policy/frameworks/dpd/packet-segment-logging.bro) +rest_target(${psd} policy/frameworks/metrics/conn-example.bro) +rest_target(${psd} policy/frameworks/metrics/http-example.bro) +rest_target(${psd} policy/frameworks/metrics/ssl-example.bro) +rest_target(${psd} policy/frameworks/software/version-changes.bro) +rest_target(${psd} policy/frameworks/software/vulnerable.bro) +rest_target(${psd} policy/integration/barnyard2/main.bro) +rest_target(${psd} policy/integration/barnyard2/types.bro) +rest_target(${psd} policy/misc/analysis-groups.bro) +rest_target(${psd} policy/misc/capture-loss.bro) +rest_target(${psd} policy/misc/loaded-scripts.bro) +rest_target(${psd} policy/misc/profiling.bro) +rest_target(${psd} policy/misc/stats.bro) +rest_target(${psd} policy/misc/trim-trace-file.bro) +rest_target(${psd} policy/protocols/conn/known-hosts.bro) +rest_target(${psd} policy/protocols/conn/known-services.bro) +rest_target(${psd} policy/protocols/conn/weirds.bro) +rest_target(${psd} policy/protocols/dns/auth-addl.bro) +rest_target(${psd} policy/protocols/dns/detect-external-names.bro) +rest_target(${psd} policy/protocols/ftp/detect.bro) +rest_target(${psd} policy/protocols/ftp/software.bro) +rest_target(${psd} policy/protocols/http/detect-MHR.bro) +rest_target(${psd} policy/protocols/http/detect-intel.bro) +rest_target(${psd} policy/protocols/http/detect-sqli.bro) +rest_target(${psd} policy/protocols/http/detect-webapps.bro) +rest_target(${psd} policy/protocols/http/header-names.bro) +rest_target(${psd} policy/protocols/http/software-browser-plugins.bro) +rest_target(${psd} policy/protocols/http/software.bro) +rest_target(${psd} policy/protocols/http/var-extraction-cookies.bro) +rest_target(${psd} policy/protocols/http/var-extraction-uri.bro) +rest_target(${psd} policy/protocols/smtp/blocklists.bro) +rest_target(${psd} policy/protocols/smtp/detect-suspicious-orig.bro) +rest_target(${psd} policy/protocols/smtp/software.bro) +rest_target(${psd} policy/protocols/ssh/detect-bruteforcing.bro) +rest_target(${psd} policy/protocols/ssh/geo-data.bro) +rest_target(${psd} policy/protocols/ssh/interesting-hostnames.bro) +rest_target(${psd} policy/protocols/ssh/software.bro) +rest_target(${psd} policy/protocols/ssl/cert-hash.bro) +rest_target(${psd} policy/protocols/ssl/expiring-certs.bro) +rest_target(${psd} policy/protocols/ssl/extract-certs-pem.bro) +rest_target(${psd} policy/protocols/ssl/known-certs.bro) +rest_target(${psd} policy/protocols/ssl/validate-certs.bro) +rest_target(${psd} policy/tuning/defaults/packet-fragments.bro) +rest_target(${psd} policy/tuning/defaults/warnings.bro) +rest_target(${psd} policy/tuning/track-all-assets.bro) +rest_target(${psd} site/local-manager.bro) +rest_target(${psd} site/local-proxy.bro) +rest_target(${psd} site/local-worker.bro) +rest_target(${psd} site/local.bro) +rest_target(${psd} test-all-policy.bro) diff --git a/Makefile b/Makefile index 455fa6ed88..8633c736a4 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,9 @@ broxygen: configured broxygenclean: configured $(MAKE) -C $(BUILD) $@ +update-doc-sources: + ./doc/scripts/genDocSourcesList.sh ./doc/scripts/DocSourcesList.cmake + dist: @rm -rf $(VERSION_FULL) $(VERSION_FULL).tgz @rm -rf $(VERSION_MIN) $(VERSION_MIN).tgz diff --git a/testing/btest/coverage/doc.test b/testing/btest/coverage/doc.test index 18ed13e6fa..d99122575d 100644 --- a/testing/btest/coverage/doc.test +++ b/testing/btest/coverage/doc.test @@ -1,7 +1,10 @@ # This tests that we're generating bro script documentation for all the # available bro scripts. If this fails, then the genDocSources.sh needs # to be run to produce a new DocSourcesList.cmake or genDocSources.sh needs -# to be updated to blacklist undesired scripts. +# to be updated to blacklist undesired scripts. To update, run the +# top-level Makefile: +# +# make update-doc-sources # # @TEST-EXEC: $DIST/doc/scripts/genDocSourcesList.sh # @TEST-EXEC: cmp $DIST/doc/scripts/DocSourcesList.cmake ./DocSourcesList.cmake From 1824808dcc73aa4a63ff48cf4de4b606042d1dda Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 17 May 2012 12:42:30 -0700 Subject: [PATCH 48/51] Updating submodule(s). [nomail] --- CHANGES | 26 ++++++++++++++++++++++++++ VERSION | 2 +- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 6 files changed, 31 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 6471dbe4be..9ea16475af 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,30 @@ +2.0-367 | 2012-05-17 12:42:30 -0700 + + * Adding support for binary output via DataSeries. See + logging-dataseries.rst for more information. (Gilbert Clark and + Robin Sommer) + + * Adding target update-doc-sources to top-level Makefile that runs + genDocSourcesList.sh. (Robin Sommer) + + * Moving trace for rotation test into traces directory. (Robin Sommer) + + * Fixing a rotation race condition at termination. (Robin Sommer) + + * Extending log post-processor call to include the name of the + writer. (Robin Sommer) + + * In threads, an internal error now immediately aborts. Otherwise, + the error won't make it back to the main thread for a while and + subsequent code in the thread would still execute. (Robin Sommer) + + * DataSeries cleanup. (Robin Sommer) + + * Fixing threads' DoFinish() method. It wasn't called reliably. Now, + it's always called before the thread is destroyed (assuming + processing has went normally so far). (Robin Sommer) + 2.0-341 | 2012-05-17 09:54:30 -0700 * Add a comment to explain the ICMPv6 error message types. (Daniel Thayer) diff --git a/VERSION b/VERSION index 358412b7a2..c3d8a81658 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-341 +2.0-367 diff --git a/aux/binpac b/aux/binpac index 71c37019bc..b4094cb75e 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 71c37019bc371eb7863fb6aa47a7daa4540f4f1f +Subproject commit b4094cb75e0a7769123f7db1f5d73f3f9f1c3977 diff --git a/aux/bro-aux b/aux/bro-aux index d885987e79..2038e3de04 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit d885987e7968669e34504b0403ac89bd13928e9a +Subproject commit 2038e3de042115c3caa706426e16c830c1fd1e9e diff --git a/aux/broccoli b/aux/broccoli index 157c18427c..95c93494d7 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 157c18427cb9bb52564e65d8224b95f70dc79e66 +Subproject commit 95c93494d7192f69d30f208c4caa3bd38adda6fd diff --git a/aux/broctl b/aux/broctl index ed933502b4..ba9e1aa2f2 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit ed933502b4d2518f94b6cfa7a5b371e53fda5c3d +Subproject commit ba9e1aa2f2159deac0cf96863f54405643764df0 From 3fedd32f4de9dcdf430c7d2bd54d8a84a352f0fe Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 17 May 2012 14:47:09 -0500 Subject: [PATCH 49/51] Fix mobility checksums unit test. Was failing because it depended on weirds being sent to stderr. --- .../Baseline/core.mobility-checksums/bad.out | 27 ++++++++++++++++--- .../Baseline/core.mobility-checksums/good.out | 0 testing/btest/core/mobility-checksums.test | 20 +++++++++----- 3 files changed, 37 insertions(+), 10 deletions(-) delete mode 100644 testing/btest/Baseline/core.mobility-checksums/good.out diff --git a/testing/btest/Baseline/core.mobility-checksums/bad.out b/testing/btest/Baseline/core.mobility-checksums/bad.out index 6ea9955402..dfbd5006a9 100644 --- a/testing/btest/Baseline/core.mobility-checksums/bad.out +++ b/testing/btest/Baseline/core.mobility-checksums/bad.out @@ -1,3 +1,24 @@ -1333988844.893456 weird: bad_MH_checksum -1333995733.276730 weird: bad_TCP_checksum -1333995701.656496 weird: bad_UDP_checksum +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1333988844.893456 - - - - - bad_MH_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1333640536.489921 UWkUyAuUGXf 2001:78:1:32::1 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1333640468.146461 UWkUyAuUGXf 2001:78:1:32::1 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro diff --git a/testing/btest/Baseline/core.mobility-checksums/good.out b/testing/btest/Baseline/core.mobility-checksums/good.out deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/testing/btest/core/mobility-checksums.test b/testing/btest/core/mobility-checksums.test index 1d41daf543..8a88eb8194 100644 --- a/testing/btest/core/mobility-checksums.test +++ b/testing/btest/core/mobility-checksums.test @@ -1,9 +1,15 @@ # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h -# @TEST-EXEC: bro -b -r $TRACES/chksums/mip6-bad-mh-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/mip6-good-mh-chksum.pcap >>good.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap >>bad.out 2>&1 -# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap >>bad.out 2>&1 +# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap +# @TEST-EXEC: mv weird.log bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap +# @TEST-EXEC: cat weird.log >> bad.out +# @TEST-EXEC: rm weird.log +# @TEST-EXEC: bro -r $TRACES/chksums/mip6-good-mh-chksum.pcap +# @TEST-EXEC: test ! -e weird.log +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap +# @TEST-EXEC: test ! -e weird.log +# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap +# @TEST-EXEC: test ! -e weird.log # @TEST-EXEC: btest-diff bad.out -# @TEST-EXEC: btest-diff good.out From 90a1814a0a2257ca2aa8d04f7b07389bc207c00e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Thu, 17 May 2012 12:47:30 -0700 Subject: [PATCH 50/51] Linking in the DS docs. --- doc/logging.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/logging.rst b/doc/logging.rst index 30a793df7d..384996c28a 100644 --- a/doc/logging.rst +++ b/doc/logging.rst @@ -373,3 +373,13 @@ record, care must be given to when and how long data is stored. Normally data saved to the connection record will remain there for the duration of the connection and from a practical perspective it's not uncommon to need to delete that data before the end of the connection. + +Other Writers +------------- + +Bro support the following output formats other than ASCII: + +.. toctree:: + :maxdepth: 1 + + logging-dataseries From 5f3575425d6e485bc2fed9dfc295ae4fb191d0f7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 17 May 2012 15:26:28 -0500 Subject: [PATCH 51/51] Fix compile errors. Preprocess out DataSeries.cc based on config.h's USE_DATASERIES value and one reference to threading::Field needed scoping. --- src/logging/Manager.cc | 2 +- src/logging/writers/DataSeries.cc | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc index f78e47da73..34d10a1abf 100644 --- a/src/logging/Manager.cc +++ b/src/logging/Manager.cc @@ -466,7 +466,7 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, filter->fields = (threading::Field**) realloc(filter->fields, - sizeof(Field) * ++filter->num_fields); + sizeof(threading::Field) * ++filter->num_fields); if ( ! filter->fields ) { diff --git a/src/logging/writers/DataSeries.cc b/src/logging/writers/DataSeries.cc index 9f19028be3..1d5a6ea4da 100644 --- a/src/logging/writers/DataSeries.cc +++ b/src/logging/writers/DataSeries.cc @@ -1,5 +1,9 @@ // See the file "COPYING" in the main distribution directory for copyright. +#include "config.h" + +#ifdef USE_DATASERIES + #include #include #include @@ -415,3 +419,5 @@ bool DataSeries::DoSetBuf(bool enabled) // DataSeries is *always* buffered to some degree. This option is ignored. return true; } + +#endif /* USE_DATASERIES */