Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/vern/script-xform'

Browse source 
* origin/topic/vern/script-xform: (30 commits)
  Adjust some Reducer ref-counting and IntrusivePtr usage
  Fix reference counting in ListExpr inline/reduce methods
  Simplify WhileStmt::CondPredStmt()
  Use std::move() in Case::UpdateBody()
  Switch some Stmt transform/reduce logic to use IntrusivePtr
  Switch some Expr transform/reduce logic to use IntrusivePtr
  Adjust how some Expr::SetOpX() calls use std::move()
  Add missing header-includes to Reduce.h
  Add std::move() for args to an assign_to_index call
  Adjust memory management for &default argument expression type-check
  Use string for TempVar::name
  Switch AnalyOpt::only_func to optional<string>
  Fix a signed/unsigned comparison warning
  simplified some vestigial complexity I noticed when flipping through diffs
  canonicalization for an error message in one of the alternative test baselines
  baseline differences for "xform" alternative: changes generally reflect exposure of transformed code, or error propagation stopping earlier due to error now occurring in an assignment (to a temporary)
  new testing alternative for script transformation (= xform)
  bug in correctly inspecting test output file
  split bifs.string_utils into a non-error test and an only-errors test, to help control for differing error propagation
  logic for driving the script optimization process
  ...
This commit is contained in:
Jon Siwek 2021-01-14 15:00:48 -08:00
commit 16942f3859
61 changed files with 19865 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

26
CHANGES
View file

@ -1,3 +1,29 @@
4.1.0-dev.114 | 2021-01-14 15:00:48 -0800
* Add support for rewriting the ASTs for script functions in "reduced" form
In reduced ASTs, expressions have only variables or constants for operands
(no subexpressions - those are replaced by temporary variables). In
addition, some expressions are transformed into alternatives (new specialized
expressions, or in some cases new internal types of statements) to
more directly encapsulate their operation.
The functionality is enabled by using -O xform. You can dump the
before-and-after ASTs using -O dump-xform (very large output!). The new
command-line option --optimize-only=X restricts the processing to only the
function named X, and also automatically turns on dump-xform.
* Add new btest alternative for script transformation (xform) (Vern Paxson, Corelight)
* split bifs.string_utils into a non-error test and an only-errors test (Vern Paxson, Corelight)
To help control for differing error propagation
* Add convenience function, obj_desc(), for accessing object descriptions (Vern Paxson, Corelight)
* removed unused EventBodyList subclass (Vern Paxson, Corelight)
4.1.0-dev.82 | 2021-01-14 13:27:23 -0700
* Use static_cast instead of dynamic_cast for Val conversions (Tim Wojtulewicz)

2
VERSION
View file

@ -1 +1 @@
4.1.0-dev.82
4.1.0-dev.114

2
src/CMakeLists.txt
View file

@ -325,8 +325,10 @@ set(MAIN_SRCS
script_opt/Expr.cc
script_opt/Inline.cc
script_opt/ProfileFunc.cc
script_opt/Reduce.cc
script_opt/ScriptOpt.cc
script_opt/Stmt.cc
script_opt/TempVar.cc
nb_dns.c
digest.h

13
src/Desc.cc
View file

@ -427,4 +427,17 @@ bool ODesc::FindType(const Type* type)
return false;
}
std::string obj_desc(const Obj* o)
{
static ODesc d;
d.Clear();
o->Describe(&d);
d.SP();
o->GetLocationInfo()->Describe(&d);
return std::string(d.Description());
}
} // namespace zeek

7
src/Desc.h
View file

@ -210,6 +210,13 @@ protected:
std::set<const Type*> encountered_types;
};
// Returns a string representation of an object's description. Used for
// debugging and error messages. takes a bare pointer rather than an
// IntrusivePtr because the latter is harder to deal with when making
// calls from a debugger like lldb, which is the main use of this function.
class Obj;
extern std::string obj_desc(const Obj* o);
} // namespace zeek
using BroFile [[deprecated("Remove in v4.1. Use zeek::File.")]] = zeek::File;

296
src/Expr.cc
View file

@ -41,6 +41,10 @@ const char* expr_name(BroExprTag t)
"coerce", "record_coerce", "table_coerce", "vector_coerce",
"sizeof", "cast", "is", "[:]=",
"inline()",
"[]=", "$=",
"vec+=",
"to_any_coerce", "from_any_coerce",
"any[]",
"nop",
};
@ -95,12 +99,24 @@ NameExpr* Expr::AsNameExpr()
return (NameExpr*) this;
}
NameExprPtr Expr::AsNameExprPtr()
{
CHECK_TAG(tag, EXPR_NAME, "ExprVal::AsNameExpr", expr_name)
return {NewRef{}, (NameExpr*) this};
}
const ConstExpr* Expr::AsConstExpr() const
{
CHECK_TAG(tag, EXPR_CONST, "ExprVal::AsConstExpr", expr_name)
return (const ConstExpr*) this;
}
ConstExprPtr Expr::AsConstExprPtr()
{
CHECK_TAG(tag, EXPR_CONST, "ExprVal::AsConstExpr", expr_name)
return {NewRef{}, (ConstExpr*) this};
}
const CallExpr* Expr::AsCallExpr() const
{
CHECK_TAG(tag, EXPR_CALL, "ExprVal::AsCallExpr", expr_name)
@ -143,6 +159,12 @@ EventExprPtr Expr::AsEventExprPtr()
return {NewRef{}, (EventExpr*) this};
}
RefExprPtr Expr::AsRefExprPtr()
{
CHECK_TAG(tag, EXPR_REF, "ExprVal::AsRefExpr", expr_name)
return {NewRef{}, (RefExpr*) this};
}
bool Expr::CanAdd() const
{
return false;
@ -182,6 +204,133 @@ void Expr::Assign(Frame* /* f */, ValPtr /* v */)
Internal("Expr::Assign called");
}
void Expr::AssignToIndex(ValPtr v1, ValPtr v2, ValPtr v3) const
{
bool iterators_invalidated;
auto error_msg = assign_to_index(std::move(v1), std::move(v2), std::move(v3),
iterators_invalidated);
if ( iterators_invalidated )
{
ODesc d;
Describe(&d);
reporter->PushLocation(GetLocationInfo());
reporter->Warning("possible loop/iterator invalidation caused by expression: %s", d.Description());
reporter->PopLocation();
}
if ( error_msg )
RuntimeErrorWithCallStack(error_msg);
}
static int get_slice_index(int idx, int len)
{
if ( abs(idx) > len )
idx = idx > 0 ? len : 0; // Clamp maximum positive/negative indices.
else if ( idx < 0 )
idx += len; // Map to a positive index.
return idx;
}
const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3,
bool& iterators_invalidated)
{
iterators_invalidated = false;
if ( ! v1 || ! v2 || ! v3 )
return nullptr;
// Hold an extra reference in case the ownership transfer
// to the table/vector goes wrong and we still want to obtain
// diagnostic info from the original value after the assignment
// already unref'd.
auto v_extra = v3;
switch ( v1->GetType()->Tag() ) {
case TYPE_VECTOR:
{
const ListVal* lv = v2->AsListVal();
VectorVal* v1_vect = v1->AsVectorVal();
if ( lv->Length() > 1 )
{
auto len = v1_vect->Size();
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
// Remove the elements from the vector within the slice.
for ( auto idx = first; idx < last; idx++ )
v1_vect->Remove(first);
// Insert the new elements starting at the first
// position.
VectorVal* v_vect = v3->AsVectorVal();
for ( auto idx = 0u; idx < v_vect->Size();
idx++, first++ )
v1_vect->Insert(first, v_vect->At(idx));
}
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v3)) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ?
vt->GetName() : type_name(vtt);
return util::fmt("vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
}
case TYPE_TABLE:
{
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v3), true, &iterators_invalidated) )
{
v3 = std::move(v_extra);
if ( v3 )
{
ODesc d;
v3->Describe(&d);
const auto& vt = v3->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ?
vt->GetName() : type_name(vtt);
return util::fmt("table index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description());
}
else
return "assignment failed with null value";
}
break;
}
case TYPE_STRING:
return "assignment via string index accessor not allowed";
break;
default:
return "bad index expression type in assignment";
break;
}
return nullptr;
}
TypePtr Expr::InitType() const
{
return type;
@ -312,6 +461,12 @@ NameExpr::NameExpr(IDPtr arg_id, bool const_init)
h->SetUsed();
}
// This isn't in-lined to avoid needing to pull in ID.h.
IDPtr NameExpr::IdPtr()
{
return id;
}
ValPtr NameExpr::Eval(Frame* f) const
{
ValPtr v;
@ -437,7 +592,14 @@ ValPtr UnaryExpr::Eval(Frame* f) const
if ( ! v )
return nullptr;
if ( is_vector(v) && Tag() != EXPR_IS && Tag() != EXPR_CAST )
if ( is_vector(v) && Tag() != EXPR_IS && Tag() != EXPR_CAST &&
// The following allows passing vectors-by-reference to
// functions that use vector-of-any for generic vector
// manipulation ...
Tag() != EXPR_TO_ANY_COERCE &&
// ... and the following to avoid vectorizing operations
// on vector-of-any's
Tag() != EXPR_FROM_ANY_COERCE )
{
VectorVal* v_op = v->AsVectorVal();
VectorTypePtr out_t;
@ -458,10 +620,8 @@ ValPtr UnaryExpr::Eval(Frame* f) const
return result;
}
else
{
return Fold(v.get());
}
}
bool UnaryExpr::IsPure() const
{
@ -2130,7 +2290,8 @@ void RefExpr::Assign(Frame* f, ValPtr v)
AssignExpr::AssignExpr(ExprPtr arg_op1,
ExprPtr arg_op2,
bool arg_is_init, ValPtr arg_val,
const AttributesPtr& attrs)
const AttributesPtr& attrs,
bool typecheck)
: BinaryExpr(EXPR_ASSIGN, arg_is_init ?
std::move(arg_op1) : arg_op1->MakeLvalue(),
std::move(arg_op2))
@ -2153,6 +2314,7 @@ AssignExpr::AssignExpr(ExprPtr arg_op1,
return;
}
if ( typecheck )
// We discard the status from TypeCheck since it has already
// generated error messages.
(void) TypeCheck(attrs);
@ -2755,16 +2917,6 @@ ValPtr IndexExpr::Eval(Frame* f) const
return Fold(v1.get(), v2.get());
}
static int get_slice_index(int idx, int len)
{
if ( abs(idx) > len )
idx = idx > 0 ? len : 0; // Clamp maximum positive/negative indices.
else if ( idx < 0 )
idx += len; // Map to a positive index.
return idx;
}
ValPtr IndexExpr::Fold(Val* v1, Val* v2) const
{
if ( IsError() )
@ -2856,105 +3008,9 @@ void IndexExpr::Assign(Frame* f, ValPtr v)
return;
auto v1 = op1->Eval(f);
if ( ! v1 )
return;
auto v2 = op2->Eval(f);
if ( ! v1 || ! v2 )
return;
// Hold an extra reference to 'arg_v' in case the ownership transfer to
// the table/vector goes wrong and we still want to obtain diagnostic info
// from the original value after the assignment already unref'd.
auto v_extra = v;
switch ( v1->GetType()->Tag() ) {
case TYPE_VECTOR:
{
const ListVal* lv = v2->AsListVal();
VectorVal* v1_vect = v1->AsVectorVal();
if ( lv->Length() > 1 )
{
auto len = v1_vect->Size();
bro_int_t first = get_slice_index(lv->Idx(0)->CoerceToInt(), len);
bro_int_t last = get_slice_index(lv->Idx(1)->CoerceToInt(), len);
// Remove the elements from the vector within the slice
for ( auto idx = first; idx < last; idx++ )
v1_vect->Remove(first);
// Insert the new elements starting at the first position
VectorVal* v_vect = v->AsVectorVal();
for ( auto idx = 0u; idx < v_vect->Size(); idx++, first++ )
v1_vect->Insert(first, v_vect->At(idx));
}
else if ( ! v1_vect->Assign(lv->Idx(0)->CoerceToUnsigned(), std::move(v)) )
{
v = std::move(v_extra);
if ( v )
{
ODesc d;
v->Describe(&d);
const auto& vt = v->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
RuntimeErrorWithCallStack(util::fmt(
"vector index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description()));
}
else
RuntimeErrorWithCallStack("assignment failed with null value");
}
break;
}
case TYPE_TABLE:
{
bool iterators_invalidated = false;
if ( ! v1->AsTableVal()->Assign(std::move(v2), std::move(v), true, &iterators_invalidated) )
{
v = std::move(v_extra);
if ( v )
{
ODesc d;
v->Describe(&d);
const auto& vt = v->GetType();
auto vtt = vt->Tag();
std::string tn = vtt == TYPE_RECORD ? vt->GetName() : type_name(vtt);
RuntimeErrorWithCallStack(util::fmt(
"table index assignment failed for invalid type '%s', value: %s",
tn.data(), d.Description()));
}
else
RuntimeErrorWithCallStack("assignment failed with null value");
}
if ( iterators_invalidated )
{
ODesc d;
Describe(&d);
reporter->PushLocation(GetLocationInfo());
reporter->Warning("possible loop/iterator invalidation caused by expression: %s", d.Description());
reporter->PopLocation();
}
}
break;
case TYPE_STRING:
RuntimeErrorWithCallStack("assignment via string index accessor not allowed");
break;
default:
RuntimeErrorWithCallStack("bad index expression type in assignment");
break;
}
AssignToIndex(v1, v2, v);
}
void IndexExpr::ExprDescribe(ODesc* d) const
@ -5222,7 +5278,7 @@ bool check_and_promote_args(ListExpr* const args, RecordType* types)
if ( el.length() < ntypes )
{
ExprPList def_elements;
std::vector<ExprPtr> def_elements;
// Start from rightmost parameter, work backward to fill in missing
// arguments using &default expressions.
@ -5237,11 +5293,21 @@ bool check_and_promote_args(ListExpr* const args, RecordType* types)
return false;
}
def_elements.push_front(def_attr->GetExpr().get());
// Don't use the default expression directly, as
// doing so will wind up sharing its code across
// different invocations that use the default
// argument. That works okay for the interpreter,
// but if we transform the code we want that done
// separately for each instance, rather than
// one instance inheriting the transformed version
// from another.
const auto& e = def_attr->GetExpr();
def_elements.emplace_back(e->Duplicate());
}
for ( const auto& elem : def_elements )
el.push_back(elem->Ref());
auto ne = def_elements.size();
while ( ne )
el.push_back(def_elements[--ne].release());
}
TypeList* tl = new TypeList();

504
src/Expr.h
View file

@ -68,6 +68,15 @@ enum BroExprTag : int {
EXPR_IS,
EXPR_INDEX_SLICE_ASSIGN,
EXPR_INLINE,
// The following types of expressions are only created for
// ASTs transformed to reduced form; they aren't germane for
// ASTs produced by parsing .zeek script files.
EXPR_INDEX_ASSIGN, EXPR_FIELD_LHS_ASSIGN,
EXPR_APPEND_TO,
EXPR_TO_ANY_COERCE, EXPR_FROM_ANY_COERCE,
EXPR_ANY_INDEX,
EXPR_NOP,
#define NUM_EXPRS (int(EXPR_NOP) + 1)
@ -75,18 +84,27 @@ enum BroExprTag : int {
extern const char* expr_name(BroExprTag t);
class ListExpr;
class NameExpr;
class ConstExpr;
class IndexExpr;
class AssignExpr;
class CallExpr;
class ConstExpr;
class EventExpr;
class Stmt;
class FieldAssignExpr;
class FieldExpr;
class ForExpr;
class IndexExpr;
class ListExpr;
class NameExpr;
class RefExpr;
class Expr;
using ExprPtr = IntrusivePtr<Expr>;
using CallExprPtr = IntrusivePtr<CallExpr>;
using ConstExprPtr = IntrusivePtr<ConstExpr>;
using EventExprPtr = IntrusivePtr<EventExpr>;
using ExprPtr = IntrusivePtr<Expr>;
using NameExprPtr = IntrusivePtr<NameExpr>;
using RefExprPtr = IntrusivePtr<RefExpr>;
class Stmt;
using StmtPtr = IntrusivePtr<Stmt>;
class Expr : public Obj {
@ -182,13 +200,17 @@ public:
ctype* As ## ctype (); \
IntrusivePtr<ctype> As ## ctype ## Ptr ();
ZEEK_EXPR_ACCESSOR_DECLS(AssignExpr)
ZEEK_EXPR_ACCESSOR_DECLS(CallExpr)
ZEEK_EXPR_ACCESSOR_DECLS(ConstExpr)
ZEEK_EXPR_ACCESSOR_DECLS(EventExpr)
ZEEK_EXPR_ACCESSOR_DECLS(FieldAssignExpr)
ZEEK_EXPR_ACCESSOR_DECLS(FieldExpr)
ZEEK_EXPR_ACCESSOR_DECLS(ForExpr)
ZEEK_EXPR_ACCESSOR_DECLS(IndexExpr)
ZEEK_EXPR_ACCESSOR_DECLS(ListExpr)
ZEEK_EXPR_ACCESSOR_DECLS(NameExpr)
ZEEK_EXPR_ACCESSOR_DECLS(ConstExpr)
ZEEK_EXPR_ACCESSOR_DECLS(CallExpr)
ZEEK_EXPR_ACCESSOR_DECLS(AssignExpr)
ZEEK_EXPR_ACCESSOR_DECLS(IndexExpr)
ZEEK_EXPR_ACCESSOR_DECLS(EventExpr)
ZEEK_EXPR_ACCESSOR_DECLS(RefExpr)
void Describe(ODesc* d) const override final;
@ -200,6 +222,113 @@ public:
// Recursively traverses the AST to inline eligible function calls.
virtual ExprPtr Inline(Inliner* inl) { return ThisPtr(); }
// True if the expression can serve as an operand to a reduced
// expression.
bool IsSingleton(Reducer* r) const
{
return (tag == EXPR_NAME && IsReduced(r)) || tag == EXPR_CONST;
}
// True if the expression has no side effects, false otherwise.
virtual bool HasNoSideEffects() const { return IsPure(); }
// True if the expression is in fully reduced form: a singleton
// or an assignment to an operator with singleton operands.
virtual bool IsReduced(Reducer* c) const;
// True if the expression's operands are singletons.
virtual bool HasReducedOps(Reducer* c) const;
// True if (a) the expression has at least one operand, and (b) all
// of its operands are constant.
bool HasConstantOps() const
{
return GetOp1() && GetOp1()->IsConst() &&
(! GetOp2() ||
(GetOp2()->IsConst() &&
(! GetOp3() || GetOp3()->IsConst())));
}
// True if the expression is reduced to a form that can be
// used in a conditional.
bool IsReducedConditional(Reducer* c) const;
// True if the expression is reduced to a form that can be
// used in a field assignment.
bool IsReducedFieldAssignment(Reducer* c) const;
// True if this expression can be the RHS for a field assignment.
bool IsFieldAssignable(const Expr* e) const;
// True if the expression will transform to one of another type
// upon reduction, for non-constant operands. "Transform" means
// something beyond assignment to a temporary. Necessary so that
// we know to fully reduce such expressions if they're the RHS
// of an assignment.
virtual bool WillTransform(Reducer* c) const { return false; }
// The same, but for the expression when used in a conditional context.
virtual bool WillTransformInConditional(Reducer* c) const
{ return false; }
// Returns the current expression transformed into "new_me".
ExprPtr TransformMe(ExprPtr new_me, Reducer* c, StmtPtr& red_stmt);
// Returns a set of predecessor statements in red_stmt (which might
// be nil if no reduction necessary), and the reduced version of
// the expression, suitable for replacing previous uses. The
// second version always yields a singleton suitable for use
// as an operand. The first version does this too except
// for assignment statements; thus, its form is not guarantee
// suitable for use as an operand.
virtual ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt);
virtual ExprPtr ReduceToSingleton(Reducer* c, StmtPtr& red_stmt)
{ return Reduce(c, red_stmt); }
// Reduces the expression to one whose operands are singletons.
// Returns a predecessor statement (which might be a StmtList), if any.
virtual StmtPtr ReduceToSingletons(Reducer* c);
// Reduces the expression to one that can appear as a conditional.
ExprPtr ReduceToConditional(Reducer* c, StmtPtr& red_stmt);
// Reduces the expression to one that can appear as a field
// assignment.
ExprPtr ReduceToFieldAssignment(Reducer* c, StmtPtr& red_stmt);
// Helper function for factoring out complexities related to
// index-based assignment.
void AssignToIndex(ValPtr v1, ValPtr v2, ValPtr v3) const;
// Returns a new expression corresponding to a temporary
// that's been assigned to the given expression via red_stmt.
ExprPtr AssignToTemporary(ExprPtr e, Reducer* c, StmtPtr& red_stmt);
// Same but for this expression.
ExprPtr AssignToTemporary(Reducer* c, StmtPtr& red_stmt)
{ return AssignToTemporary(ThisPtr(), c, red_stmt); }
// If the expression always evaluates to the same value, returns
// that value. Otherwise, returns nullptr.
virtual ValPtr FoldVal() const { return nullptr; }
// Returns a Val or a constant Expr corresponding to zero.
ValPtr MakeZero(TypeTag t) const;
ConstExprPtr MakeZeroExpr(TypeTag t) const;
// Returns the expression's operands, or nil if it doesn't
// have the given operand.
virtual ExprPtr GetOp1() const;
virtual ExprPtr GetOp2() const;
virtual ExprPtr GetOp3() const;
// Sets the operands to new values.
virtual void SetOp1(ExprPtr new_op);
virtual void SetOp2(ExprPtr new_op);
virtual void SetOp3(ExprPtr new_op);
// Helper function to reduce boring code runs.
StmtPtr MergeStmts(StmtPtr s1, StmtPtr s2, StmtPtr s3 = nullptr) const;
// Access to the original expression from which this one is derived,
// or this one if we don't have an original. Returns a bare pointer
// rather than an ExprPtr to emphasize that the access is read-only.
@ -272,6 +401,7 @@ public:
explicit NameExpr(IDPtr id, bool const_init = false);
ID* Id() const { return id.get(); }
IDPtr IdPtr();
ValPtr Eval(Frame* f) const override;
void Assign(Frame* f, ValPtr v) override;
@ -282,10 +412,20 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasNoSideEffects() const override { return true; }
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override { return IsReduced(c); }
bool WillTransform(Reducer* c) const override { return ! IsReduced(c); }
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ValPtr FoldVal() const override;
protected:
void ExprDescribe(ODesc* d) const override;
// Returns true if our identifier is a global with a constant value
// that can be propagated; used for optimization.
bool FoldableGlobal() const;
IDPtr id;
bool in_const_init;
};
@ -303,6 +443,7 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
ValPtr FoldVal() const override { return val; }
protected:
void ExprDescribe(ODesc* d) const override;
@ -325,6 +466,14 @@ public:
// Optimization-related:
ExprPtr Inline(Inliner* inl) override;
bool HasNoSideEffects() const override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr GetOp1() const override final { return op; }
void SetOp1(ExprPtr _op) override final { op = std::move(_op); }
protected:
UnaryExpr(BroExprTag arg_tag, ExprPtr arg_op);
@ -353,6 +502,17 @@ public:
// Optimization-related:
ExprPtr Inline(Inliner* inl) override;
bool HasNoSideEffects() const override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr GetOp1() const override final { return op1; }
ExprPtr GetOp2() const override final { return op2; }
void SetOp1(ExprPtr _op) override final { op1 = std::move(_op); }
void SetOp2(ExprPtr _op) override final { op2 = std::move(_op); }
protected:
BinaryExpr(BroExprTag arg_tag,
ExprPtr arg_op1, ExprPtr arg_op2)
@ -425,6 +585,12 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasNoSideEffects() const override;
bool WillTransform(Reducer* c) const override { return true; }
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override { return false; }
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr ReduceToSingleton(Reducer* c, StmtPtr& red_stmt) override;
};
class ComplementExpr final : public UnaryExpr {
@ -433,6 +599,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr Fold(Val* v) const override;
@ -444,6 +612,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr Fold(Val* v) const override;
@ -455,6 +625,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr Fold(Val* v) const override;
@ -466,6 +638,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr Fold(Val* v) const override;
@ -490,6 +664,11 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ExprPtr BuildSub(const ExprPtr& op1, const ExprPtr& op2);
};
class AddToExpr final : public BinaryExpr {
@ -499,6 +678,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override { return true; }
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class RemoveFromExpr final : public BinaryExpr {
@ -508,6 +689,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override { return true; }
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class SubExpr final : public BinaryExpr {
@ -516,6 +699,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class TimesExpr final : public BinaryExpr {
@ -525,6 +710,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class DivideExpr final : public BinaryExpr {
@ -533,6 +720,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr AddrFold(Val* v1, Val* v2) const override;
@ -555,6 +744,13 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override { return true; }
bool WillTransformInConditional(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
bool IsTrue(const ExprPtr& e) const;
bool IsFalse(const ExprPtr& e) const;
};
class BitExpr final : public BinaryExpr {
@ -563,6 +759,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class EqExpr final : public BinaryExpr {
@ -572,6 +770,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr Fold(Val* v1, Val* v2) const override;
@ -584,6 +784,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
};
class CondExpr final : public Expr {
@ -603,6 +805,20 @@ public:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
bool WillTransform(Reducer* c) const override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
ExprPtr GetOp1() const override final { return op1; }
ExprPtr GetOp2() const override final { return op2; }
ExprPtr GetOp3() const override final { return op3; }
void SetOp1(ExprPtr _op) override final { op1 = std::move(_op); }
void SetOp2(ExprPtr _op) override final { op2 = std::move(_op); }
void SetOp3(ExprPtr _op) override final { op3 = std::move(_op); }
protected:
void ExprDescribe(ODesc* d) const override;
@ -620,6 +836,14 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
// Reduce to simplifed LHS form, i.e., a reference to only a name.
StmtPtr ReduceToLHS(Reducer* c);
};
class AssignExpr : public BinaryExpr {
@ -628,7 +852,8 @@ public:
// yet still perform the assignment. Used for triggers.
AssignExpr(ExprPtr op1, ExprPtr op2, bool is_init,
ValPtr val = nullptr,
const AttributesPtr& attrs = nullptr);
const AttributesPtr& attrs = nullptr,
bool type_check = true);
ValPtr Eval(Frame* f) const override;
void EvalIntoAggregate(const zeek::Type* t, Val* aggr, Frame* f) const override;
@ -637,20 +862,29 @@ public:
ValPtr InitVal(const zeek::Type* t, ValPtr aggr) const override;
bool IsPure() const override;
void SetOp2(ExprPtr e)
{
op2 = std::move(e);
}
// Optimization-related:
ExprPtr Duplicate() override;
bool HasNoSideEffects() const override;
bool WillTransform(Reducer* c) const override { return true; }
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr ReduceToSingleton(Reducer* c, StmtPtr& red_stmt) override;
// Whether this is an assignment to a temporary.
bool IsTemp() const { return is_temp; }
void SetIsTemp() { is_temp = true; }
protected:
bool TypeCheck(const AttributesPtr& attrs = nullptr);
bool TypeCheckArithmetics(TypeTag bt1, TypeTag bt2);
bool is_init;
ValPtr val; // optional
// Optimization-related:
bool is_temp = false;
};
class IndexSliceAssignExpr final : public AssignExpr {
@ -688,6 +922,9 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
ValPtr Fold(Val* v1, Val* v2) const override;
@ -797,6 +1034,10 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
ValPtr InitVal(const zeek::Type* t, ValPtr aggr) const override;
@ -823,6 +1064,10 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
ValPtr InitVal(const zeek::Type* t, ValPtr aggr) const override;
@ -849,6 +1094,10 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
ValPtr InitVal(const zeek::Type* t, ValPtr aggr) const override;
@ -867,6 +1116,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
protected:
ValPtr InitVal(const zeek::Type* t, ValPtr aggr) const override;
@ -885,6 +1136,9 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override { return true; }
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
void ExprDescribe(ODesc* d) const override;
@ -898,6 +1152,9 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool WillTransform(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
ValPtr FoldSingleVal(Val* v, InternalTypeTag t) const;
ValPtr Fold(Val* v) const override;
@ -974,6 +1231,16 @@ public:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr GetOp1() const override final;
ExprPtr GetOp2() const override final;
void SetOp1(ExprPtr _op) override final;
void SetOp2(ExprPtr _op) override final;
protected:
void ExprDescribe(ODesc* d) const override;
@ -988,6 +1255,8 @@ public:
// Optimization-related:
ExprPtr Duplicate() override;
bool HasReducedOps(Reducer* c) const override;
protected:
ValPtr Fold(Val* v1, Val* v2) const override;
@ -1011,6 +1280,11 @@ public:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
void ExprDescribe(ODesc* d) const override;
@ -1038,6 +1312,8 @@ public:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
protected:
void ExprDescribe(ODesc* d) const override;
@ -1052,30 +1328,8 @@ private:
std::string my_name;
};
class EventExpr final : public Expr {
public:
EventExpr(const char* name, ListExprPtr args);
const char* Name() const { return name.c_str(); }
ListExpr* Args() const { return args.get(); }
EventHandlerPtr Handler() const { return handler; }
ValPtr Eval(Frame* f) const override;
TraversalCode Traverse(TraversalCallback* cb) const override;
// Optimization-related:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
protected:
void ExprDescribe(ODesc* d) const override;
std::string name;
EventHandlerPtr handler;
ListExprPtr args;
};
// This comes before EventExpr so that EventExpr::GetOp1 can return its
// arguments as convertible to ExprPtr.
class ListExpr : public Expr {
public:
ListExpr();
@ -1103,6 +1357,11 @@ public:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
protected:
ValPtr AddSetInit(const zeek::Type* t, ValPtr aggr) const;
@ -1111,6 +1370,38 @@ protected:
ExprPList exprs;
};
class EventExpr final : public Expr {
public:
EventExpr(const char* name, ListExprPtr args);
const char* Name() const { return name.c_str(); }
ListExpr* Args() const { return args.get(); }
EventHandlerPtr Handler() const { return handler; }
ValPtr Eval(Frame* f) const override;
TraversalCode Traverse(TraversalCallback* cb) const override;
// Optimization-related:
ExprPtr Duplicate() override;
ExprPtr Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
StmtPtr ReduceToSingletons(Reducer* c) override;
ExprPtr GetOp1() const override final { return args; }
void SetOp1(ExprPtr _op) override final
{ args = {NewRef{}, _op->AsListExpr()}; }
protected:
void ExprDescribe(ODesc* d) const override;
std::string name;
EventHandlerPtr handler;
ListExprPtr args;
};
class RecordAssignExpr final : public ListExpr {
public:
@ -1159,6 +1450,9 @@ public:
ExprPtr Duplicate() override;
bool IsReduced(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
TraversalCode Traverse(TraversalCallback* cb) const override;
protected:
@ -1170,6 +1464,134 @@ protected:
StmtPtr body;
};
// A companion to AddToExpr that's for vector-append, instantiated during
// the reduction process.
class AppendToExpr : public BinaryExpr {
public:
AppendToExpr(ExprPtr op1, ExprPtr op2);
ValPtr Eval(Frame* f) const override;
bool IsReduced(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr Duplicate() override;
};
// An internal class for reduced form.
class IndexAssignExpr : public BinaryExpr {
public:
// "op1[op2] = op3", all reduced.
IndexAssignExpr(ExprPtr op1, ExprPtr op2, ExprPtr op3);
ValPtr Eval(Frame* f) const override;
ExprPtr Duplicate() override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr ReduceToSingleton(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr GetOp3() const override final { return op3; }
void SetOp3(ExprPtr _op) override final { op3 = std::move(_op); }
TraversalCode Traverse(TraversalCallback* cb) const override;
protected:
void ExprDescribe(ODesc* d) const override;
ExprPtr op3; // assignment RHS
};
// An internal class for reduced form.
class FieldLHSAssignExpr : public BinaryExpr {
public:
// "op1$field = RHS", where RHS is reduced with respect to
// ReduceToFieldAssignment().
FieldLHSAssignExpr(ExprPtr op1, ExprPtr op2, const char* field_name,
int field);
const char* FieldName() const { return field_name; }
int Field() const { return field; }
ValPtr Eval(Frame* f) const override;
ExprPtr Duplicate() override;
bool IsReduced(Reducer* c) const override;
bool HasReducedOps(Reducer* c) const override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
ExprPtr ReduceToSingleton(Reducer* c, StmtPtr& red_stmt) override;
protected:
void ExprDescribe(ODesc* d) const override;
const char* field_name;
int field;
};
// Expression to explicitly capture conversion to an "any" type, rather
// than it occurring implicitly during script interpretation.
class CoerceToAnyExpr : public UnaryExpr {
public:
CoerceToAnyExpr(ExprPtr op);
protected:
ValPtr Fold(Val* v) const override;
ExprPtr Duplicate() override;
};
// Same, but for conversion from an "any" type.
class CoerceFromAnyExpr : public UnaryExpr {
public:
CoerceFromAnyExpr(ExprPtr op, TypePtr to_type);
protected:
ValPtr Fold(Val* v) const override;
ExprPtr Duplicate() override;
};
// Expression used to explicitly capture [a, b, c, ...] = x assignments.
class AnyIndexExpr : public UnaryExpr {
public:
AnyIndexExpr(ExprPtr op, int index);
int Index() const { return index; }
protected:
ValPtr Fold(Val* v) const override;
void ExprDescribe(ODesc* d) const override;
ExprPtr Duplicate() override;
ExprPtr Reduce(Reducer* c, StmtPtr& red_stmt) override;
int index;
};
// Used internally for optimization, when a placeholder is needed.
class NopExpr : public Expr {
public:
explicit NopExpr() : Expr(EXPR_NOP) { }
ValPtr Eval(Frame* f) const override;
ExprPtr Duplicate() override;
TraversalCode Traverse(TraversalCallback* cb) const override;
protected:
void ExprDescribe(ODesc* d) const override;
};
// Assigns v1[v2] = v3. Returns an error message, or nullptr on success.
// Factored out so that compiled code can call it as well as the interpreter.
extern const char* assign_to_index(ValPtr v1, ValPtr v2, ValPtr v3,
bool& iterators_invalidated);
inline Val* Expr::ExprVal() const
{

15
src/Func.cc
View file

@ -556,6 +556,21 @@ void ScriptFunc::AddBody(StmtPtr new_body,
sort(bodies.begin(), bodies.end());
}
void ScriptFunc::ReplaceBody(const StmtPtr& old_body, StmtPtr new_body)
{
bool found_it = false;
for ( auto& body : bodies )
if ( body.stmts.get() == old_body.get() )
{
body.stmts = new_body;
found_it = true;
}
ASSERT(found_it);
current_body = new_body;
}
void ScriptFunc::AddClosure(IDPList ids, Frame* f)
{
if ( ! f )

5
src/Func.h
View file

@ -235,6 +235,11 @@ public:
const std::vector<IDPtr>& new_inits,
size_t new_frame_size, int priority) override;
// Replace the given current instance of a function body with
// a new one.
void ReplaceBody(const detail::StmtPtr& old_body,
detail::StmtPtr new_body);
StmtPtr CurrentBody() const { return current_body; }
/**

29
src/Options.cc
View file

@ -106,6 +106,7 @@ void usage(const char* prog, int code)
fprintf(stderr, " -I|--print-id <ID name> | print out given ID\n");
fprintf(stderr, " -N|--print-plugins | print available plugins and exit (-NN for verbose)\n");
fprintf(stderr, " -O|--optimize[=<option>] | enable script optimization (use -O help for options)\n");
fprintf(stderr, " -o|--optimize-only=<func> | enable script optimization only for the given function\n");
fprintf(stderr, " -P|--prime-dns | prime DNS\n");
fprintf(stderr, " -Q|--time | print execution time summary to stderr\n");
fprintf(stderr, " -S|--debug-rules | enable rule debugging\n");
@ -145,20 +146,34 @@ void usage(const char* prog, int code)
static void set_analysis_option(const char* opt, Options& opts)
{
if ( ! opt || util::streq(opt, "all") )
{
opts.analysis_options.inliner = true;
opts.analysis_options.activate = true;
return;
}
if ( util::streq(opt, "help") )
{
fprintf(stderr, "--optimize options:\n");
fprintf(stderr, " dump-xform dump transformed scripts to stdout; implies xform\n");
fprintf(stderr, " help print this list\n");
fprintf(stderr, " inline inline function calls\n");
fprintf(stderr, " recursive report on recursive functions and exit\n");
fprintf(stderr, " xform tranform scripts to \"reduced\" form\n");
exit(0);
}
if ( util::streq(opt, "inline") )
opts.analysis_options.inliner = true;
auto& a_o = opts.analysis_options;
if ( util::streq(opt, "dump-xform") )
a_o.activate = a_o.dump_xform = true;
else if ( util::streq(opt, "inline") )
a_o.inliner = true;
else if ( util::streq(opt, "recursive") )
opts.analysis_options.inliner =
opts.analysis_options.report_recursive = true;
a_o.inliner = a_o.report_recursive = true;
else if ( util::streq(opt, "xform") )
a_o.activate = true;
else
{
@ -279,6 +294,7 @@ Options parse_cmdline(int argc, char** argv)
{"save-seeds", required_argument, nullptr, 'H'},
{"print-plugins", no_argument, nullptr, 'N'},
{"optimize", required_argument, nullptr, 'O'},
{"optimize-only", required_argument, nullptr, 'o'},
{"prime-dns", no_argument, nullptr, 'P'},
{"time", no_argument, nullptr, 'Q'},
{"debug-rules", no_argument, nullptr, 'S'},
@ -306,7 +322,7 @@ Options parse_cmdline(int argc, char** argv)
};
char opts[256];
util::safe_strncpy(opts, "B:e:f:G:H:I:i:j::n:O:p:r:s:T:t:U:w:X:CDFNPQSWabdhv",
util::safe_strncpy(opts, "B:e:f:G:H:I:i:j::n:O:o:p:r:s:T:t:U:w:X:CDFNPQSWabdhv",
sizeof(opts));
#ifdef USE_PERFTOOLS_DEBUG
@ -431,6 +447,9 @@ Options parse_cmdline(int argc, char** argv)
case 'O':
set_analysis_option(optarg, rval);
break;
case 'o':
rval.analysis_options.only_func = optarg;
break;
case 'P':
if ( rval.dns_mode != detail::DNS_DEFAULT )
usage(zargs[0], 1);

167
src/Stmt.cc
View file

@ -32,6 +32,8 @@ const char* stmt_name(StmtTag t)
"for", "next", "break", "return", "add", "delete",
"list", "bodylist",
"<init>", "fallthrough", "while",
"catch-return",
"check-any-length",
"null",
};
@ -94,6 +96,18 @@ const SwitchStmt* Stmt::AsSwitchStmt() const
return (const SwitchStmt*) this;
}
const ExprStmt* Stmt::AsExprStmt() const
{
CHECK_TAG(tag, STMT_EXPR, "Stmt::AsExprStmt", stmt_name)
return (const ExprStmt*) this;
}
const ReturnStmt* Stmt::AsReturnStmt() const
{
CHECK_TAG(tag, STMT_RETURN, "Stmt::AsReturnStmt", stmt_name)
return (const ReturnStmt*) this;
}
bool Stmt::SetLocationInfo(const Location* start, const Location* end)
{
if ( ! Obj::SetLocationInfo(start, end) )
@ -354,6 +368,11 @@ ExprStmt::ExprStmt(StmtTag t, ExprPtr arg_e) : Stmt(t), e(std::move(arg_e))
ExprStmt::~ExprStmt() = default;
ExprPtr ExprStmt::StmtExprPtr() const
{
return e;
}
ValPtr ExprStmt::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
@ -961,17 +980,37 @@ TraversalCode SwitchStmt::Traverse(TraversalCallback* cb) const
HANDLE_TC_STMT_POST(tc);
}
AddStmt::AddStmt(ExprPtr arg_e) : ExprStmt(STMT_ADD, std::move(arg_e))
AddDelStmt::AddDelStmt(StmtTag t, ExprPtr arg_e)
: ExprStmt(t, std::move(arg_e))
{
}
bool AddDelStmt::IsPure() const
{
return false;
}
TraversalCode AddDelStmt::Traverse(TraversalCallback* cb) const
{
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
// Argument is stored in base class's "e" field.
tc = e->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
tc = cb->PostStmt(this);
HANDLE_TC_STMT_POST(tc);
}
AddStmt::AddStmt(ExprPtr arg_e) : AddDelStmt(STMT_ADD, std::move(arg_e))
{
if ( ! e->CanAdd() )
Error("illegal add statement");
}
bool AddStmt::IsPure() const
{
return false;
}
ValPtr AddStmt::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
@ -981,20 +1020,7 @@ ValPtr AddStmt::Exec(Frame* f, StmtFlowType& flow) const
}
TraversalCode AddStmt::Traverse(TraversalCallback* cb) const
{
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
// Argument is stored in base class's "e" field.
tc = e->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
tc = cb->PostStmt(this);
HANDLE_TC_STMT_POST(tc);
}
DelStmt::DelStmt(ExprPtr arg_e) : ExprStmt(STMT_DELETE, std::move(arg_e))
DelStmt::DelStmt(ExprPtr arg_e) : AddDelStmt(STMT_DELETE, std::move(arg_e))
{
if ( e->IsError() )
return;
@ -1003,11 +1029,6 @@ DelStmt::DelStmt(ExprPtr arg_e) : ExprStmt(STMT_DELETE, std::move(arg_e))
Error("illegal delete statement");
}
bool DelStmt::IsPure() const
{
return false;
}
ValPtr DelStmt::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
@ -1016,18 +1037,6 @@ ValPtr DelStmt::Exec(Frame* f, StmtFlowType& flow) const
return nullptr;
}
TraversalCode DelStmt::Traverse(TraversalCallback* cb) const
{
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
// Argument is stored in base class's "e" field.
tc = e->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
tc = cb->PostStmt(this);
HANDLE_TC_STMT_POST(tc);
}
EventStmt::EventStmt(EventExprPtr arg_e)
: ExprStmt(STMT_EVENT, arg_e), event_expr(std::move(arg_e))
@ -1060,10 +1069,10 @@ TraversalCode EventStmt::Traverse(TraversalCallback* cb) const
HANDLE_TC_STMT_POST(tc);
}
WhileStmt::WhileStmt(ExprPtr arg_loop_condition,
StmtPtr arg_body)
WhileStmt::WhileStmt(ExprPtr arg_loop_condition, StmtPtr arg_body)
: Stmt(STMT_WHILE),
loop_condition(std::move(arg_loop_condition)), body(std::move(arg_body))
loop_condition(std::move(arg_loop_condition)),
body(std::move(arg_body))
{
if ( ! loop_condition->IsError() &&
! IsBool(loop_condition->GetType()->Tag()) )
@ -1119,6 +1128,9 @@ ValPtr WhileStmt::Exec(Frame* f, StmtFlowType& flow) const
for ( ; ; )
{
if ( loop_cond_pred_stmt )
loop_cond_pred_stmt->Exec(f, flow);
auto cond = loop_condition->Eval(f);
if ( ! cond )
@ -1568,12 +1580,15 @@ void ReturnStmt::StmtDescribe(ODesc* d) const
StmtList::StmtList() : Stmt(STMT_LIST)
{
stmts = new StmtPList;
}
StmtList::~StmtList()
{
for ( const auto& stmt : stmts )
for ( const auto& stmt : Stmts() )
Unref(stmt);
delete stmts;
}
ValPtr StmtList::Exec(Frame* f, StmtFlowType& flow) const
@ -1581,7 +1596,7 @@ ValPtr StmtList::Exec(Frame* f, StmtFlowType& flow) const
RegisterAccess();
flow = FLOW_NEXT;
for ( const auto& stmt : stmts )
for ( const auto& stmt : Stmts() )
{
f->SetNextStmt(stmt);
@ -1604,7 +1619,7 @@ ValPtr StmtList::Exec(Frame* f, StmtFlowType& flow) const
bool StmtList::IsPure() const
{
for ( const auto& stmt : stmts )
for ( const auto& stmt : Stmts() )
if ( ! stmt->IsPure() )
return false;
return true;
@ -1615,10 +1630,10 @@ void StmtList::StmtDescribe(ODesc* d) const
if ( ! d->IsReadable() )
{
AddTag(d);
d->AddCount(stmts.length());
d->AddCount(stmts->length());
}
if ( stmts.length() == 0 )
if ( stmts->length() == 0 )
DescribeDone(d);
else
@ -1629,7 +1644,7 @@ void StmtList::StmtDescribe(ODesc* d) const
d->NL();
}
for ( const auto& stmt : stmts )
for ( const auto& stmt : Stmts() )
{
stmt->Describe(d);
d->NL();
@ -1645,7 +1660,7 @@ TraversalCode StmtList::Traverse(TraversalCallback* cb) const
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
for ( const auto& stmt : stmts )
for ( const auto& stmt : Stmts() )
{
tc = stmt->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
@ -1655,64 +1670,6 @@ TraversalCode StmtList::Traverse(TraversalCallback* cb) const
HANDLE_TC_STMT_POST(tc);
}
ValPtr EventBodyList::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
flow = FLOW_NEXT;
for ( const auto& stmt : stmts )
{
f->SetNextStmt(stmt);
// Ignore the return value, since there shouldn't be
// any; and ignore the flow, since we still execute
// all of the event bodies even if one of them does
// a FLOW_RETURN.
if ( ! pre_execute_stmt(stmt, f) )
{ // ### Abort or something
}
auto result = stmt->Exec(f, flow);
if ( ! post_execute_stmt(stmt, f, result.get(), &flow) )
{ // ### Abort or something
}
}
// Simulate a return so the hooks operate properly.
StmtFlowType ft = FLOW_RETURN;
(void) post_execute_stmt(f->GetNextStmt(), f, nullptr, &ft);
return nullptr;
}
void EventBodyList::StmtDescribe(ODesc* d) const
{
if ( d->IsReadable() && stmts.length() > 0 )
{
for ( const auto& stmt : stmts )
{
if ( ! d->IsBinary() )
{
d->Add("{");
d->PushIndent();
stmt->AccessStats(d);
}
stmt->Describe(d);
if ( ! d->IsBinary() )
{
d->Add("}");
d->PopIndent();
}
}
}
else
StmtList::StmtDescribe(d);
}
InitStmt::InitStmt(std::vector<IDPtr> arg_inits) : Stmt(STMT_INIT)
{
inits = std::move(arg_inits);

219
src/Stmt.h
View file

@ -11,9 +11,12 @@
#include "zeek/ID.h"
ZEEK_FORWARD_DECLARE_NAMESPACED(CompositeHash, zeek::detail);
ZEEK_FORWARD_DECLARE_NAMESPACED(NameExpr, zeek::detail);
namespace zeek::detail {
using NameExprPtr = IntrusivePtr<zeek::detail::NameExpr>;
class ExprListStmt : public Stmt {
public:
const ListExpr* ExprList() const { return l.get(); }
@ -23,6 +26,9 @@ public:
// Optimization-related:
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
protected:
ExprListStmt(StmtTag t, ListExprPtr arg_l);
@ -35,6 +41,12 @@ protected:
void StmtDescribe(ODesc* d) const override;
ListExprPtr l;
// Optimization-related:
// Returns a new version of the original derived object
// based on the given list of singleton expressions.
virtual StmtPtr DoSubclassReduce(ListExprPtr singletons, Reducer* c) = 0;
};
class PrintStmt final : public ExprListStmt {
@ -48,6 +60,9 @@ public:
protected:
ValPtr DoExec(std::vector<ValPtr> vals,
StmtFlowType& flow) const override;
// Optimization-related:
StmtPtr DoSubclassReduce(ListExprPtr singletons, Reducer* c) override;
};
class ExprStmt : public Stmt {
@ -55,9 +70,15 @@ public:
explicit ExprStmt(ExprPtr e);
~ExprStmt() override;
// This constructor is only meant for internal use, but it's
// not protected since ExprPtr's mask the actual caller,
// not allowing us to use "friend" for protected access.
ExprStmt(StmtTag t, ExprPtr e);
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
const Expr* StmtExpr() const { return e.get(); }
ExprPtr StmtExprPtr() const;
void StmtDescribe(ODesc* d) const override;
@ -67,9 +88,10 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
protected:
ExprStmt(StmtTag t, ExprPtr e);
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
protected:
virtual ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const;
bool IsPure() const override;
@ -93,6 +115,11 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
bool NoFlowAfter(bool ignore_break) const override;
protected:
ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override;
bool IsPure() const override;
@ -115,6 +142,8 @@ public:
const Stmt* Body() const { return s.get(); }
Stmt* Body() { return s.get(); }
void UpdateBody(StmtPtr new_body) { s = std::move(new_body); }
void Describe(ODesc* d) const override;
TraversalCode Traverse(TraversalCallback* cb) const;
@ -145,6 +174,11 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
bool NoFlowAfter(bool ignore_break) const override;
protected:
ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override;
bool IsPure() const override;
@ -175,28 +209,38 @@ protected:
std::vector<std::pair<ID*, int>> case_label_type_list;
};
class AddStmt final : public ExprStmt {
// Helper class. Added for script optimization, but it makes sense
// in terms of factoring even without.
class AddDelStmt : public ExprStmt {
public:
TraversalCode Traverse(TraversalCallback* cb) const override;
bool IsPure() const override;
// Optimization-related:
StmtPtr DoReduce(Reducer* c) override;
bool IsReduced(Reducer* c) const override;
protected:
AddDelStmt(StmtTag t, ExprPtr arg_e);
};
class AddStmt final : public AddDelStmt {
public:
explicit AddStmt(ExprPtr e);
bool IsPure() const override;
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
TraversalCode Traverse(TraversalCallback* cb) const override;
// Optimization-related:
StmtPtr Duplicate() override;
};
class DelStmt final : public ExprStmt {
class DelStmt final : public AddDelStmt {
public:
explicit DelStmt(ExprPtr e);
bool IsPure() const override;
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
TraversalCode Traverse(TraversalCallback* cb) const override;
// Optimization-related:
StmtPtr Duplicate() override;
};
@ -212,6 +256,8 @@ public:
// Optimization-related:
StmtPtr Duplicate() override;
StmtPtr DoReduce(Reducer* c) override;
protected:
EventExprPtr event_expr;
};
@ -229,11 +275,20 @@ public:
TraversalCode Traverse(TraversalCallback* cb) const override;
// Optimization-related:
const Stmt* CondStmt() const
{ return loop_cond_stmt ? loop_cond_stmt.get() : nullptr; }
StmtPtr CondPredStmt() const
{ return loop_cond_pred_stmt; }
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
// Note, no need for a NoFlowAfter method because the loop might
// execute zero times, so it's always the default of "false".
const StmtPtr ConditionAsStmt() const
{ return stmt_loop_condition; }
protected:
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
@ -243,8 +298,14 @@ protected:
// Optimization-related member variables.
// When in reduced form, the following holds a statement (which
// might be a block) for evaluating the loop's conditional.
StmtPtr loop_cond_stmt = nullptr;
// might be a block) that's a *predecessor* necessary for evaluating
// the loop's conditional.
StmtPtr loop_cond_pred_stmt = nullptr;
// When reducing, we create a *statement* associated with
// evaluating the reduced conditional, as well as the reduced
// expression. This turns out to be useful in propagating RDs/UDs.
StmtPtr stmt_loop_condition = nullptr;
};
class ForStmt final : public ExprStmt {
@ -271,6 +332,12 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
// Note, no need for a NoFlowAfter method because the loop might
// execute zero times, so it's always the default of "false".
protected:
ValPtr DoExec(Frame* f, Val* v, StmtFlowType& flow) const override;
@ -294,6 +361,9 @@ public:
// Optimization-related:
StmtPtr Duplicate() override { return SetSucc(new NextStmt()); }
bool NoFlowAfter(bool ignore_break) const override
{ return true; }
protected:
};
@ -311,6 +381,9 @@ public:
// Optimization-related:
StmtPtr Duplicate() override { return SetSucc(new BreakStmt()); }
bool NoFlowAfter(bool ignore_break) const override
{ return ! ignore_break; }
protected:
};
@ -346,6 +419,12 @@ public:
// Constructor used for duplication, when we've already done
// all of the type-checking.
ReturnStmt(ExprPtr e, bool ignored);
// Optimization-related:
StmtPtr DoReduce(Reducer* c) override;
bool NoFlowAfter(bool ignore_break) const override
{ return true; }
};
class StmtList : public Stmt {
@ -355,8 +434,8 @@ public:
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
const StmtPList& Stmts() const { return stmts; }
StmtPList& Stmts() { return stmts; }
const StmtPList& Stmts() const { return *stmts; }
StmtPList& Stmts() { return *stmts; }
void StmtDescribe(ODesc* d) const override;
@ -366,27 +445,29 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
bool NoFlowAfter(bool ignore_break) const override;
// Idioms commonly used in reduction.
StmtList(StmtPtr s1, Stmt* s2);
StmtList(StmtPtr s1, StmtPtr s2);
StmtList(StmtPtr s1, StmtPtr s2, StmtPtr s3);
protected:
bool IsPure() const override;
StmtPList stmts;
};
StmtPList* stmts;
class EventBodyList final : public StmtList {
public:
EventBodyList() : StmtList()
{ topmost = false; tag = STMT_EVENT_BODY_LIST; }
// Optimization-related:
bool ReduceStmt(int& s_i, StmtPList* f_stmts, Reducer* c);
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
void StmtDescribe(ODesc* d) const override;
// "Topmost" means that this is the main body of a function or event.
// void SetTopmost(bool is_topmost) { topmost = is_topmost; }
// bool IsTopmost() { return topmost; }
protected:
bool topmost;
void ResetStmts(StmtPList* new_stmts)
{
delete stmts;
stmts = new_stmts;
}
};
class InitStmt final : public Stmt {
@ -405,6 +486,9 @@ public:
// Optimization-related:
StmtPtr Duplicate() override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
protected:
std::vector<IDPtr> inits;
};
@ -448,6 +532,8 @@ public:
StmtPtr Duplicate() override;
void Inline(Inliner* inl) override;
bool IsReduced(Reducer* c) const override;
protected:
ExprPtr cond;
StmtPtr s1;
@ -456,6 +542,74 @@ protected:
bool is_return;
};
// Internal statement used for inlining. Executes a block and stops
// the propagation of any "return" inside the block. Generated in
// an already-reduced state.
class CatchReturnStmt : public Stmt {
public:
explicit CatchReturnStmt(StmtPtr block, NameExprPtr ret_var);
StmtPtr Block() const { return block; }
// This returns a bare pointer rather than a NameExprPtr only
// because we don't want to have to include Expr.h in this header.
const NameExpr* RetVar() const { return ret_var.get(); }
// The assignment statement this statement transformed into,
// or nil if it hasn't (the common case).
StmtPtr AssignStmt() const { return assign_stmt; }
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
bool IsPure() const override;
// Even though these objects are generated in reduced form, we still
// have a reduction method to support the subsequent optimizer pass.
StmtPtr DoReduce(Reducer* c) override;
// Note, no need for a NoFlowAfter() method because anything that
// has "NoFlowAfter" inside the body still gets caught and we
// continue afterwards.
StmtPtr Duplicate() override;
void StmtDescribe(ODesc* d) const override;
TraversalCode Traverse(TraversalCallback* cb) const override;
protected:
// The inlined function body.
StmtPtr block;
// Expression that holds the return value. Only used for compiling.
NameExprPtr ret_var;
// If this statement transformed into an assignment, that
// corresponding statement.
StmtPtr assign_stmt;
};
// Statement that makes sure at run-time that an "any" type has the
// correct number of (list) entries to enable sub-assigning to it via
// statements like "[a, b, c] = x;". Generated in an already-reduced state.
class CheckAnyLenStmt : public ExprStmt {
public:
explicit CheckAnyLenStmt(ExprPtr e, int expected_len);
ValPtr Exec(Frame* f, StmtFlowType& flow) const override;
StmtPtr Duplicate() override;
bool IsReduced(Reducer* c) const override;
StmtPtr DoReduce(Reducer* c) override;
void StmtDescribe(ODesc* d) const override;
protected:
int expected_len;
};
} // namespace zeek::detail
using ExprListStmt [[deprecated("Remove in v4.1. Use zeek::detail::ExprListStmt instead.")]] = zeek::detail::ExprListStmt;
@ -474,7 +628,6 @@ using BreakStmt [[deprecated("Remove in v4.1. Use zeek::detail::BreakStmt instea
using FallthroughStmt [[deprecated("Remove in v4.1. Use zeek::detail::FallthroughStmt instead.")]] = zeek::detail::FallthroughStmt;
using ReturnStmt [[deprecated("Remove in v4.1. Use zeek::detail::ReturnStmt instead.")]] = zeek::detail::ReturnStmt;
using StmtList [[deprecated("Remove in v4.1. Use zeek::detail::StmtList instead.")]] = zeek::detail::StmtList;
using EventBodyList [[deprecated("Remove in v4.1. Use zeek::detail::EventBodyList instead.")]] = zeek::detail::EventBodyList;
using InitStmt [[deprecated("Remove in v4.1. Use zeek::detail::InitStmt instead.")]] = zeek::detail::InitStmt;
using NullStmt [[deprecated("Remove in v4.1. Use zeek::detail::NullStmt instead.")]] = zeek::detail::NullStmt;
using WhenStmt [[deprecated("Remove in v4.1. Use zeek::detail::WhenStmt instead.")]] = zeek::detail::WhenStmt;

41
src/StmtBase.h
View file

@ -24,11 +24,13 @@ using ValPtr = IntrusivePtr<Val>;
namespace zeek::detail {
class StmtList;
class ExprStmt;
class ForStmt;
class InitStmt;
class WhenStmt;
class ReturnStmt;
class StmtList;
class SwitchStmt;
class WhenStmt;
class EventExpr;
class ListExpr;
@ -37,6 +39,7 @@ using EventExprPtr = IntrusivePtr<EventExpr>;
using ListExprPtr = IntrusivePtr<ListExpr>;
class Inliner;
class Reducer;
class Stmt;
using StmtPtr = IntrusivePtr<Stmt>;
@ -50,6 +53,7 @@ public:
virtual ValPtr Exec(Frame* f, StmtFlowType& flow) const = 0;
Stmt* Ref() { zeek::Ref(this); return this; }
StmtPtr ThisPtr() { return {NewRef{}, this}; }
bool SetLocationInfo(const Location* loc) override
{ return Stmt::SetLocationInfo(loc, loc); }
@ -64,7 +68,9 @@ public:
ForStmt* AsForStmt();
const ForStmt* AsForStmt() const;
const ExprStmt* AsExprStmt() const;
const InitStmt* AsInitStmt() const;
const ReturnStmt* AsReturnStmt() const;
const WhenStmt* AsWhenStmt() const;
const SwitchStmt* AsSwitchStmt() const;
@ -81,12 +87,37 @@ public:
virtual TraversalCode Traverse(TraversalCallback* cb) const = 0;
// Returns a duplicate of the statement.
// Returns a duplicate of the statement so that modifications
// can be made to statements from inlining function bodies - or
// to the originals - without affecting other instances.
//
// It's tempting to think that there are some statements that
// are safe to share across multiple functions and could just
// return references to themselves - but since we associate
// information for script optimization with individual statements
// nodes, even these need to be duplicated.
virtual StmtPtr Duplicate() = 0;
// Recursively traverses the AST to inline eligible function calls.
virtual void Inline(Inliner* inl) { }
// True if the statement is in reduced form.
virtual bool IsReduced(Reducer* c) const;
// Returns a reduced version of the statement, as managed by
// the given Reducer.
StmtPtr Reduce(Reducer* c);
virtual StmtPtr DoReduce(Reducer* c) { return ThisPtr(); }
// True if there's definitely no control flow past the statement.
// The argument governs whether to ignore "break" statements, given
// they mean two different things depending on whether they're in
// a loop or a switch. Also, if we want to know whether flow reaches
// the *end* of a loop, then we also want to ignore break's, as
// in that case, they do lead to flow reaching the end.
virtual bool NoFlowAfter(bool ignore_break) const
{ return false; }
// Access to the original statement from which this one is derived,
// or this one if we don't have an original. Returns a bare pointer
// rather than a StmtPtr to emphasize that the access is read-only.
@ -124,6 +155,10 @@ public:
protected:
explicit Stmt(StmtTag arg_tag);
// Helper function called after reductions to perform canonical
// actions.
StmtPtr TransformMe(StmtPtr new_me, Reducer* c);
void AddTag(ODesc* d) const;
virtual void StmtDescribe(ODesc* d) const;
void DescribeDone(ODesc* d) const;

2
src/StmtEnums.h
View file

@ -18,6 +18,8 @@ enum StmtTag {
STMT_INIT,
STMT_FALLTHROUGH,
STMT_WHILE,
STMT_CATCH_RETURN, // for reduced InlineExpr's
STMT_CHECK_ANY_LEN, // internal reduced statement
STMT_NULL
#define NUM_STMTS (int(STMT_NULL) + 1)
};

2325
src/script_opt/Expr.cc
View file

File diff suppressed because it is too large Load diff

2
src/script_opt/Inline.cc
View file

@ -154,7 +154,7 @@ void Inliner::InlineFunction(FuncInfo* f)
f->Func()->SetFrameSize(new_frame_size);
}
ExprPtr Inliner::CheckForInlining(IntrusivePtr<CallExpr> c)
ExprPtr Inliner::CheckForInlining(CallExprPtr c)
{
auto f = c->Func();

3
src/script_opt/Inline.h
View file

@ -5,6 +5,7 @@
#pragma once
#include "zeek/Func.h"
#include "zeek/Expr.h"
#include "zeek/Scope.h"
#include <unordered_set>
@ -25,7 +26,7 @@ public:
// Either returns the original CallExpr if it's not inline-able,
// or an InlineExpr if it is.
ExprPtr CheckForInlining(IntrusivePtr<CallExpr> c);
ExprPtr CheckForInlining(CallExprPtr c);
// True if the given function has been inlined.
bool WasInlined(Func* f) { return inline_ables.count(f) > 0; }

21
src/script_opt/ProfileFunc.h
View file

@ -18,13 +18,20 @@ public:
ProfileFunc(bool _compute_hash = false)
{ compute_hash = _compute_hash; }
std::unordered_set<const ID*>& Globals() { return globals; }
std::unordered_set<const ID*>& Locals() { return locals; }
std::unordered_set<const ID*>& Inits() { return inits; }
std::unordered_set<ScriptFunc*>& ScriptCalls() { return script_calls; }
std::unordered_set<Func*>& BiFCalls() { return BiF_calls; }
std::unordered_set<ScriptFunc*>& WhenCalls() { return when_calls; }
std::unordered_set<const char*>& Events() { return events; }
const std::unordered_set<const ID*>& Globals() const
{ return globals; }
const std::unordered_set<const ID*>& Locals() const
{ return locals; }
const std::unordered_set<const ID*>& Inits() const
{ return inits; }
const std::unordered_set<ScriptFunc*>& ScriptCalls() const
{ return script_calls; }
const std::unordered_set<Func*>& BiFCalls() const
{ return BiF_calls; }
const std::unordered_set<ScriptFunc*>& WhenCalls() const
{ return when_calls; }
const std::unordered_set<const char*>& Events() const
{ return events; }
bool DoesIndirectCalls() { return does_indirect_calls; }
std::size_t HashVal() { return hash_val; }

278
src/script_opt/Reduce.cc Normal file
View file

@ -0,0 +1,278 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "ID.h"
#include "Var.h"
#include "Scope.h"
#include "Expr.h"
#include "Stmt.h"
#include "Desc.h"
#include "ProfileFunc.h"
#include "Reporter.h"
#include "zeek/script_opt/Reduce.h"
#include "zeek/script_opt/TempVar.h"
namespace zeek::detail {
Reducer::Reducer(Scope* s)
{
scope = s;
}
Reducer::~Reducer()
{
for ( int i = 0; i < temps.length(); ++i )
delete temps[i];
}
ExprPtr Reducer::GenTemporaryExpr(const TypePtr& t, ExprPtr rhs)
{
auto e = make_intrusive<NameExpr>(GenTemporary(t, rhs));
e->SetLocationInfo(rhs->GetLocationInfo());
return e;
}
NameExprPtr Reducer::UpdateName(NameExprPtr n)
{
if ( NameIsReduced(n.get()) )
return n;
return make_intrusive<NameExpr>(FindNewLocal(n.get()));
}
bool Reducer::NameIsReduced(const NameExpr* n) const
{
auto id = n->Id();
return inline_block_level == 0 || id->IsGlobal() || IsTemporary(id) ||
IsNewLocal(n);
}
void Reducer::UpdateIDs(IDPList* ids)
{
loop_over_list(*ids, i)
{
IDPtr id = {NewRef{}, (*ids)[i]};
if ( ! ID_IsReduced(id) )
{
Unref((*ids)[i]);
(*ids)[i] = UpdateID(id).release();
}
}
}
void Reducer::UpdateIDs(std::vector<IDPtr>& ids)
{
for ( auto& id : ids )
if ( ! ID_IsReduced(id) )
id = UpdateID(id);
}
bool Reducer::IDsAreReduced(const IDPList* ids) const
{
for ( auto& id : *ids )
if ( ! ID_IsReduced(id) )
return false;
return true;
}
bool Reducer::IDsAreReduced(const std::vector<IDPtr>& ids) const
{
for ( auto& id : ids )
if ( ! ID_IsReduced(id) )
return false;
return true;
}
IDPtr Reducer::UpdateID(IDPtr id)
{
if ( ID_IsReduced(id) )
return id;
return FindNewLocal(id.get());
}
bool Reducer::ID_IsReduced(const ID* id) const
{
return inline_block_level == 0 || id->IsGlobal() || IsTemporary(id) ||
IsNewLocal(id);
}
NameExprPtr Reducer::GenInlineBlockName(IDPtr id)
{
return make_intrusive<NameExpr>(GenLocal(id.get()));
}
NameExprPtr Reducer::PushInlineBlock(TypePtr type)
{
++inline_block_level;
if ( ! type || type->Tag() == TYPE_VOID )
return nullptr;
IDPtr ret_id = install_ID("@retvar", "<internal>", false, false);
ret_id->SetType(type);
// Track this as a new local *if* we're in the outermost inlining
// block. If we're recursively deeper into inlining, then this
// variable will get mapped to a local anyway, so no need.
if ( inline_block_level == 1 )
new_locals.insert(ret_id.get());
return GenInlineBlockName(ret_id);
}
void Reducer::PopInlineBlock()
{
--inline_block_level;
}
bool Reducer::SameVal(const Val* v1, const Val* v2) const
{
if ( is_atomic_val(v1) )
return same_atomic_val(v1, v2);
else
return v1 == v2;
}
IDPtr Reducer::GenTemporary(const TypePtr& t, ExprPtr rhs)
{
if ( Optimizing() )
reporter->InternalError("Generating a new temporary while optimizing");
auto temp = new TempVar(temps.length(), t, rhs);
IDPtr temp_id = install_ID(temp->Name(), "<internal>", false, false);
temp->SetID(temp_id);
temp_id->SetType(t);
temps.append(temp);
ids_to_temps[temp_id.get()] = temp;
return temp_id;
}
IDPtr Reducer::FindNewLocal(ID* id)
{
auto mapping = orig_to_new_locals.find(id);
if ( mapping != orig_to_new_locals.end() )
return mapping->second;
return GenLocal(id);
}
IDPtr Reducer::GenLocal(ID* orig)
{
if ( Optimizing() )
reporter->InternalError("Generating a new local while optimizing");
char buf[8192];
int n = new_locals.size();
snprintf(buf, sizeof buf, "%s.%d", orig->Name(), n);
IDPtr local_id = install_ID(buf, "<internal>", false, false);
local_id->SetType(orig->GetType());
new_locals.insert(local_id.get());
orig_to_new_locals[orig] = local_id;
return local_id;
}
bool Reducer::IsNewLocal(const ID* id) const
{
ID* non_const_ID = (ID*) id; // I don't get why C++ requires this
return new_locals.count(non_const_ID) != 0;
}
TempVar* Reducer::FindTemporary(const ID* id) const
{
auto tmp = ids_to_temps.find(id);
if ( tmp == ids_to_temps.end() )
return nullptr;
else
return tmp->second;
}
StmtPtr Reducer::MergeStmts(const NameExpr* lhs, ExprPtr rhs, Stmt* succ_stmt)
{
// First check for tmp=rhs.
auto lhs_id = lhs->Id();
auto lhs_tmp = FindTemporary(lhs_id);
if ( ! lhs_tmp )
return nullptr;
// We have tmp=rhs. Now look for var=tmp.
if ( succ_stmt->Tag() != STMT_EXPR )
return nullptr;
auto s_e = succ_stmt->AsExprStmt()->StmtExpr();
if ( s_e->Tag() != EXPR_ASSIGN )
return nullptr;
auto a = s_e->AsAssignExpr();
auto a_lhs = a->GetOp1();
auto a_rhs = a->GetOp2();
if ( a_lhs->Tag() != EXPR_REF || a_rhs->Tag() != EXPR_NAME )
// Complex 2nd-statement assignment, or RHS not a candidate.
return nullptr;
auto a_lhs_deref = a_lhs->AsRefExprPtr()->GetOp1();
if ( a_lhs_deref->Tag() != EXPR_NAME )
// Complex 2nd-statement assignment.
return nullptr;
auto a_lhs_var = a_lhs_deref->AsNameExpr()->Id();
auto a_rhs_var = a_rhs->AsNameExpr()->Id();
if ( a_rhs_var != lhs_id )
// 2nd statement is var=something else.
return nullptr;
if ( a_lhs_var->GetType()->Tag() != a_rhs_var->GetType()->Tag() )
// This can happen when we generate an assignment
// specifically to convert to/from an "any" type.
return nullptr;
if ( FindTemporary(a_lhs_var) )
{
// "var" is itself a temporary. Don't complain, as
// complex reductions can generate these. We'll wind
// up folding the chain once it hits a regular variable.
return nullptr;
}
// Got it. Mark the original temporary as no longer relevant.
lhs_tmp->Deactivate();
auto merge_e = make_intrusive<AssignExpr>(a_lhs_deref, rhs, false,
nullptr, nullptr, false);
TrackExprReplacement(rhs.get(), merge_e.get());
return make_intrusive<ExprStmt>(merge_e);
}
void Reducer::TrackExprReplacement(const Expr* orig, const Expr* e)
{
new_expr_to_orig[e] = orig;
}
const Expr* non_reduced_perp;
bool checking_reduction;
bool NonReduced(const Expr* perp)
{
if ( checking_reduction )
non_reduced_perp = perp;
return false;
}
} // zeek::detail

189
src/script_opt/Reduce.h Normal file
View file

@ -0,0 +1,189 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "zeek/IntrusivePtr.h"
#include "zeek/Scope.h"
#include "zeek/Expr.h"
#include "zeek/Stmt.h"
namespace zeek::detail {
class Expr;
class TempVar;
class ProfileFunc;
class Reducer {
public:
Reducer(Scope* s);
~Reducer();
StmtPtr Reduce(StmtPtr s)
{
return s->Reduce(this);
}
ExprPtr GenTemporaryExpr(const TypePtr& t, ExprPtr rhs);
NameExprPtr UpdateName(NameExprPtr n);
bool NameIsReduced(const NameExpr* n) const;
void UpdateIDs(IDPList* ids);
bool IDsAreReduced(const IDPList* ids) const;
void UpdateIDs(std::vector<IDPtr>& ids);
bool IDsAreReduced(const std::vector<IDPtr>& ids) const;
IDPtr UpdateID(IDPtr id);
bool ID_IsReduced(const IDPtr& id) const
{ return ID_IsReduced(id.get()); }
bool ID_IsReduced(const ID* id) const;
// This is called *prior* to pushing a new inline block, in
// order to generate the equivalent of function parameters.
NameExprPtr GenInlineBlockName(IDPtr id);
int NumNewLocals() const { return new_locals.size(); }
// Returns the name of a temporary for holding the return
// value of the block, or nil if the type indicates there's
// o return value.
NameExprPtr PushInlineBlock(TypePtr type);
void PopInlineBlock();
// Whether it's okay to split a statement into two copies for if-else
// expansion. We only allow this to a particular depth because
// beyond that a function body can get too large to analyze.
bool BifurcationOkay() const { return bifurcation_level <= 12; }
int BifurcationLevel() const { return bifurcation_level; }
void PushBifurcation() { ++bifurcation_level; }
void PopBifurcation() { --bifurcation_level; }
int NumTemps() const { return temps.length(); }
// True if this name already reflects the replacement.
bool IsNewLocal(const NameExpr* n) const
{ return IsNewLocal(n->Id()); }
bool IsNewLocal(const ID* id) const;
bool IsTemporary(const ID* id) const
{ return FindTemporary(id) != nullptr; }
// This is a stub for now, since it's not relevant for AST
// reduction by itself. However, many of the Reduce methods
// ultimately will call this predicate to control how they
// function during the second traversal used to optimize
// the reduced form, so we provide the hook now.
bool Optimizing() const { return false; }
// A stub for now, but ultimately a predicate that indicates whether
// a given reduction pass is being made to prune unused statements.
bool IsPruning() const { return false; }
// A stub for now, ultimately a predicate that returns true if
// the given statement should be removed due to AST optimization.
bool ShouldOmitStmt(const StmtPtr& s) const { return false; }
// A stub for now, ultimately provides a replacement for the
// given statement due to AST optimization, or nil if there's
// no replacement.
StmtPtr ReplacementStmt(const StmtPtr& s) const { return nullptr; }
// NOT YET IMPLEMENTED, SO CURRENTLY A STUB:
// Given the LHS and RHS of an assignment, returns true
// if the RHS is a common subexpression (meaning that the
// current assignment statement should be deleted). In
// that case, has the side effect of associating an alias
// for the LHS with the temporary holding the equivalent RHS.
//
// Assumes reduction (including alias propagation) has
// already been applied.
bool IsCSE(const AssignExpr* a, const NameExpr* lhs, const Expr* rhs)
{ return false; }
// Given an lhs=rhs statement followed by succ_stmt, returns
// a (new) merge of the two if they're of the form tmp=rhs, var=tmp;
// otherwise, nil.
StmtPtr MergeStmts(const NameExpr* lhs, ExprPtr rhs, Stmt* succ_stmt);
// The following two methods will, in the future, update expressions
// with optimized versions. They are distinct because the first
// one (meant for calls in a Stmt reduction context) will also Reduce
// the expression, whereas the second one (meant for calls in an Expr
// context) does not, to avoid circularity.
//
// For now, they are stubs.
//
// These two are used for use in optimizing expressions that appear in
// a Stmt context.
ExprPtr OptExpr(Expr* e) { return {NewRef{}, e}; }
ExprPtr OptExpr(ExprPtr e) { return e; }
// This one for expressions appearing in an Expr context.
ExprPtr UpdateExpr(ExprPtr e) { return e; }
const Scope* FuncScope() const { return scope; }
protected:
bool SameVal(const Val* v1, const Val* v2) const;
IDPtr GenTemporary(const TypePtr& t, ExprPtr rhs);
TempVar* FindTemporary(const ID* id) const;
// Retrieve the identifier corresponding to the new local for
// the given expression. Creates the local if necessary.
IDPtr FindNewLocal(ID* id);
IDPtr FindNewLocal(const NameExpr* n)
{ return FindNewLocal(n->Id()); }
// Generate a new local to use in lieu of the original (seen
// in an inlined block). The difference is that the new
// version has a distinct name and has a correct frame offset
// for the current function.
IDPtr GenLocal(ID* orig);
// Track that we're replacing instances of "orig" with a new
// expression. This allows us to locate the RDs associated
// with "orig" in the context of the new expression, without
// requiring an additional RD propagation pass.
void TrackExprReplacement(const Expr* orig, const Expr* e);
Scope* scope;
PList<TempVar> temps;
// Temps for which we've processed their associated expression
// (and they didn't wind up being aliases).
PList<TempVar> expr_temps;
// Let's us go from an identifier to an associated temporary
// variable, if it corresponds to one.
std::unordered_map<const ID*, TempVar*> ids_to_temps;
std::unordered_set<ID*> new_locals;
std::unordered_map<const ID*, IDPtr> orig_to_new_locals;
// Tracks whether we're inside an inline block, and if so then
// how deeply.
int inline_block_level = 0;
// Tracks how deeply we are in "bifurcation", i.e., duplicating
// code for if-else cascades. We need to cap this at a certain
// depth or else we can get functions whose size blows up
// exponentially.
int bifurcation_level = 0;
// For a new expression we've created, map it to the expression
// it's replacing. This allows us to locate the RDs associated
// with the usage.
std::unordered_map<const Expr*, const Expr*> new_expr_to_orig;
};
// Used for debugging, to communicate which expression wasn't
// reduced when we expected them all to be.
extern const Expr* non_reduced_perp;
extern bool checking_reduction;
// Used to report a non-reduced expression.
extern bool NonReduced(const Expr* perp);
} // zeek::detail

163
src/script_opt/ScriptOpt.cc
View file

@ -1,9 +1,12 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/Options.h"
#include "zeek/Reporter.h"
#include "zeek/Desc.h"
#include "zeek/script_opt/ScriptOpt.h"
#include "zeek/script_opt/ProfileFunc.h"
#include "zeek/script_opt/Inline.h"
#include "zeek/script_opt/Reduce.h"
namespace zeek::detail {
@ -15,6 +18,67 @@ std::unordered_set<const Func*> non_recursive_funcs;
static std::vector<FuncInfo> funcs;
void optimize_func(ScriptFunc* f, ProfileFunc* pf, ScopePtr scope_ptr,
StmtPtr& body, AnalyOpt& analysis_options)
{
if ( reporter->Errors() > 0 )
return;
if ( ! analysis_options.activate )
return;
if ( analysis_options.only_func &&
*analysis_options.only_func != f->Name() )
return;
if ( analysis_options.only_func )
printf("Original: %s\n", obj_desc(body.get()).c_str());
if ( pf->NumWhenStmts() > 0 || pf->NumLambdas() > 0 )
{
if ( analysis_options.only_func )
printf("Skipping analysis due to \"when\" statement or use of lambdas\n");
return;
}
auto scope = scope_ptr.release();
push_existing_scope(scope);
auto rc = new Reducer(scope);
auto new_body = rc->Reduce(body);
if ( reporter->Errors() > 0 )
{
delete rc;
pop_scope();
return;
}
non_reduced_perp = nullptr;
checking_reduction = true;
if ( ! new_body->IsReduced(rc) )
printf("Reduction inconsistency for %s: %s\n", f->Name(),
obj_desc(non_reduced_perp).c_str());
checking_reduction = false;
if ( analysis_options.only_func || analysis_options.dump_xform )
printf("Transformed: %s\n", obj_desc(new_body.get()).c_str());
f->ReplaceBody(body, new_body);
body = new_body;
int new_frame_size =
scope->Length() + rc->NumTemps() + rc->NumNewLocals();
if ( new_frame_size > f->FrameSize() )
f->SetFrameSize(new_frame_size);
delete rc;
pop_scope();
}
FuncInfo::FuncInfo(ScriptFuncPtr _func, ScopePtr _scope, StmtPtr _body)
: func(std::move(_func)), scope(std::move(_scope)), body(std::move(_body))
{}
@ -41,23 +105,120 @@ void analyze_scripts(Options& opts)
if ( ! did_init )
{
check_env_opt("ZEEK_DUMP_XFORM", analysis_options.dump_xform);
check_env_opt("ZEEK_INLINE", analysis_options.inliner);
check_env_opt("ZEEK_XFORM", analysis_options.activate);
if ( ! analysis_options.only_func )
{
auto zo = getenv("ZEEK_ONLY");
if ( zo )
analysis_options.only_func = zo;
}
if ( analysis_options.only_func )
analysis_options.activate = true;
did_init = true;
}
if ( ! analysis_options.inliner )
if ( ! analysis_options.activate && ! analysis_options.inliner )
return;
// Now that everything's parsed and BiF's have been initialized,
// profile the functions.
std::unordered_map<const ScriptFunc*, const ProfileFunc*> func_profs;
for ( auto& f : funcs )
{
f.SetProfile(std::make_unique<ProfileFunc>(true));
f.Body()->Traverse(f.Profile());
func_profs[f.Func()] = f.Profile();
}
// Figure out which functions either directly or indirectly
// appear in "when" clauses.
// Final set of functions involved in "when" clauses.
std::unordered_set<const ScriptFunc*> when_funcs;
// Which functions we still need to analyze.
std::unordered_set<const ScriptFunc*> when_funcs_to_do;
for ( auto& f : funcs )
{
if ( f.Profile()->WhenCalls().size() > 0 )
{
when_funcs.insert(f.Func());
for ( auto& bf : f.Profile()->WhenCalls() )
when_funcs_to_do.insert(bf);
#ifdef NOT_YET
if ( analysis_options.report_uncompilable )
{
ODesc d;
f.ScriptFunc()->AddLocation(&d);
printf("%s cannot be compiled due to use of \"when\" statement (%s)\n",
f.ScriptFunc()->Name(), d.Description());
}
#endif // NOT_YET
}
}
// Set of new functions to put on to-do list. Separate from
// the to-do list itself so we don't modify it while iterating
// over it.
std::unordered_set<const ScriptFunc*> new_to_do;
while ( when_funcs_to_do.size() > 0 )
{
for ( auto& wf : when_funcs_to_do )
{
when_funcs.insert(wf);
for ( auto& wff : func_profs[wf]->ScriptCalls() )
{
if ( when_funcs.count(wff) > 0 )
// We've already processed this
// function.
continue;
new_to_do.insert(wff);
}
}
when_funcs_to_do = new_to_do;
new_to_do.clear();
}
Inliner* inl = nullptr;
if ( analysis_options.inliner )
inl = new Inliner(funcs, analysis_options.report_recursive);
if ( ! analysis_options.activate )
{
delete inl;
return;
}
for ( auto& f : funcs )
{
if ( inl && inl->WasInlined(f.Func()) )
// No need to compile as it won't be
// called directly.
continue;
if ( when_funcs.count(f.Func()) > 0 )
// We don't try to compile these.
continue;
auto new_body = f.Body();
optimize_func(f.Func(), f.Profile(), f.Scope(),
new_body, analysis_options);
f.SetBody(new_body);
}
delete inl;
}

15
src/script_opt/ScriptOpt.h
View file

@ -4,6 +4,9 @@
#pragma once
#include <string>
#include <optional>
#include "zeek/Func.h"
#include "zeek/Expr.h"
#include "zeek/Scope.h"
@ -16,6 +19,17 @@ namespace zeek::detail {
// Flags controlling what sorts of analysis to do.
struct AnalyOpt {
// Whether to analyze scripts.
bool activate = false;
// If true, dump out transformed code: the results of reducing
// interpreted scripts, and, if optimize is set, of then optimizing
// them. Always done if only_func is set.
bool dump_xform = false;
// If non-nil, then only analyze the given function/event/hook.
std::optional<std::string> only_func;
// If true, do global inlining.
bool inliner = false;
@ -41,6 +55,7 @@ public:
ProfileFunc* Profile() { return pf.get(); }
const std::string& SaveFile() { return save_file; }
void SetBody(StmtPtr new_body) { body = std::move(new_body); }
void SetProfile(std::unique_ptr<ProfileFunc> _pf);
void SetSaveFile(std::string _sf) { save_file = std::move(_sf); }

885
src/script_opt/Stmt.cc
View file

@ -4,11 +4,50 @@
#include "zeek/Stmt.h"
#include "zeek/Expr.h"
#include "zeek/Frame.h"
#include "zeek/Reporter.h"
#include "zeek/Desc.h"
#include "zeek/Traverse.h"
#include "zeek/script_opt/Reduce.h"
namespace zeek::detail {
bool Stmt::IsReduced(Reducer* c) const
{
return true;
}
StmtPtr Stmt::Reduce(Reducer* c)
{
auto this_ptr = ThisPtr();
auto repl = c->ReplacementStmt(this_ptr);
if ( repl )
return repl;
if ( c->ShouldOmitStmt(this_ptr) )
{
auto null = make_intrusive<NullStmt>();
null->SetOriginal(this_ptr);
return null;
}
return DoReduce(c);
}
StmtPtr Stmt::TransformMe(StmtPtr new_me, Reducer* c)
{
ASSERT(new_me != this);
// Set the original prior to reduction, to support "original chains"
// to ultimately resolve back to the source statement.
new_me->SetOriginal(ThisPtr());
return new_me->Reduce(c);
}
void ExprListStmt::Inline(Inliner* inl)
{
auto& e = l->Exprs();
@ -16,12 +55,70 @@ void ExprListStmt::Inline(Inliner* inl)
e.replace(i, e[i]->Inline(inl).release());
}
bool ExprListStmt::IsReduced(Reducer* c) const
{
const ExprPList& e = l->Exprs();
for ( const auto& expr : e )
if ( ! expr->IsSingleton(c) )
return NonReduced(expr);
return true;
}
StmtPtr ExprListStmt::DoReduce(Reducer* c)
{
if ( ! c->Optimizing() && IsReduced(c) )
return ThisPtr();
auto new_l = make_intrusive<ListExpr>();
auto s = make_intrusive<StmtList>();
ExprPList& e = l->Exprs();
for ( auto& expr : e )
{
if ( c->Optimizing() )
new_l->Append(c->OptExpr(expr));
else if ( expr->IsSingleton(c) )
new_l->Append({NewRef{}, expr});
else
{
StmtPtr red_e_stmt;
auto red_e = expr->ReduceToSingleton(c, red_e_stmt);
new_l->Append(red_e);
if ( red_e_stmt )
s->Stmts().push_back(red_e_stmt.release());
}
}
if ( c->Optimizing() )
{
l = new_l;
return ThisPtr();
}
else
{
s->Stmts().push_back(DoSubclassReduce(new_l, c).release());
return s->Reduce(c);
}
}
StmtPtr PrintStmt::Duplicate()
{
return SetSucc(new PrintStmt(l->Duplicate()->AsListExprPtr()));
}
StmtPtr PrintStmt::DoSubclassReduce(ListExprPtr singletons, Reducer* c)
{
auto new_me = make_intrusive<PrintStmt>(singletons);
new_me->SetOriginal(ThisPtr());
return new_me;
}
StmtPtr ExprStmt::Duplicate()
{
@ -34,6 +131,61 @@ void ExprStmt::Inline(Inliner* inl)
e = e->Inline(inl);
}
bool ExprStmt::IsReduced(Reducer* c) const
{
if ( ! e || e->IsReduced(c) )
return true;
return NonReduced(e.get());
}
StmtPtr ExprStmt::DoReduce(Reducer* c)
{
if ( ! e )
// e can be nil for our derived classes (like ReturnStmt).
return TransformMe(make_intrusive<NullStmt>(), c);
auto t = e->Tag();
if ( t == EXPR_NOP )
return TransformMe(make_intrusive<NullStmt>(), c);
if ( c->Optimizing() )
{
e = c->OptExpr(e);
return ThisPtr();
}
if ( e->IsSingleton(c) )
// No point evaluating.
return TransformMe(make_intrusive<NullStmt>(), c);
if ( (t == EXPR_ASSIGN || t == EXPR_CALL ||
t == EXPR_INDEX_ASSIGN || t == EXPR_FIELD_LHS_ASSIGN ||
t == EXPR_APPEND_TO) &&
e->IsReduced(c) )
return ThisPtr();
StmtPtr red_e_stmt;
if ( t == EXPR_CALL )
// A bare call. If we reduce it regularly, if
// it has a non-void type it'll generate an
// assignment to a temporary.
red_e_stmt = e->ReduceToSingletons(c);
else
e = e->Reduce(c, red_e_stmt);
if ( red_e_stmt )
{
auto s = make_intrusive<StmtList>(red_e_stmt, ThisPtr());
return TransformMe(s, c);
}
else
return ThisPtr();
}
StmtPtr IfStmt::Duplicate()
{
@ -51,6 +203,119 @@ void IfStmt::Inline(Inliner* inl)
s2->Inline(inl);
}
bool IfStmt::IsReduced(Reducer* c) const
{
if ( ! e->IsReducedConditional(c) )
return NonReduced(e.get());
return s1->IsReduced(c) && s2->IsReduced(c);
}
StmtPtr IfStmt::DoReduce(Reducer* c)
{
StmtPtr red_e_stmt;
if ( e->WillTransformInConditional(c) )
e = e->ReduceToConditional(c, red_e_stmt);
// First, assess some fundamental transformations.
if ( e->Tag() == EXPR_NOT )
{ // Change "if ( ! x ) s1 else s2" to "if ( x ) s2 else s1".
auto s1_orig = s1;
s1 = s2;
s2 = s1_orig;
e = e->GetOp1();
}
if ( e->Tag() == EXPR_OR_OR && c->BifurcationOkay() )
{
c->PushBifurcation();
// Expand "if ( a || b ) s1 else s2" to
// "if ( a ) s1 else { if ( b ) s1 else s2 }"
auto a = e->GetOp1();
auto b = e->GetOp2();
auto s1_dup = s1 ? s1->Duplicate() : nullptr;
s2 = make_intrusive<IfStmt>(b, s1_dup, s2);
e = a;
auto res = DoReduce(c);
c->PopBifurcation();
return res;
}
if ( e->Tag() == EXPR_AND_AND && c->BifurcationOkay() )
{
c->PushBifurcation();
// Expand "if ( a && b ) s1 else s2" to
// "if ( a ) { if ( b ) s1 else s2 } else s2"
auto a = e->GetOp1();
auto b = e->GetOp2();
auto s2_dup = s2 ? s2->Duplicate() : nullptr;
s1 = make_intrusive<IfStmt>(b, s1, s2_dup);
e = a;
auto res = DoReduce(c);
c->PopBifurcation();
return res;
}
s1 = s1->Reduce(c);
s2 = s2->Reduce(c);
if ( s1->Tag() == STMT_NULL && s2->Tag() == STMT_NULL )
return TransformMe(make_intrusive<NullStmt>(), c);
if ( c->Optimizing() )
e = c->OptExpr(e);
else
{
StmtPtr cond_red_stmt;
e = e->ReduceToConditional(c, cond_red_stmt);
if ( red_e_stmt && cond_red_stmt )
red_e_stmt = make_intrusive<StmtList>(red_e_stmt,
cond_red_stmt);
else if ( cond_red_stmt )
red_e_stmt = cond_red_stmt;
}
if ( e->IsConst() )
{
auto c_e = e->AsConstExprPtr();
auto t = c_e->Value()->AsBool();
if ( c->Optimizing() )
return t ? s1 : s2;
if ( t )
return TransformMe(make_intrusive<StmtList>(red_e_stmt, s1), c);
else
return TransformMe(make_intrusive<StmtList>(red_e_stmt, s2), c);
}
if ( red_e_stmt )
return TransformMe(make_intrusive<StmtList>(red_e_stmt, this), c);
return ThisPtr();
}
bool IfStmt::NoFlowAfter(bool ignore_break) const
{
if ( s1 && s2 )
return s1->NoFlowAfter(ignore_break) &&
s2->NoFlowAfter(ignore_break);
// Assuming the test isn't constant, the non-existent branch
// could be picked, so flow definitely continues afterwards.
// (Constant branches will be pruned during reduciton.)
return false;
}
IntrusivePtr<Case> Case::Duplicate()
{
@ -86,6 +351,128 @@ void SwitchStmt::Inline(Inliner* inl)
c->Body()->Inline(inl);
}
bool SwitchStmt::IsReduced(Reducer* r) const
{
if ( ! e->IsReduced(r) )
return NonReduced(e.get());
for ( const auto& c : *cases )
{
if ( c->ExprCases() && ! c->ExprCases()->IsReduced(r) )
return false;
if ( c->TypeCases() && ! r->IDsAreReduced(c->TypeCases()) )
return false;
if ( ! c->Body()->IsReduced(r) )
return false;
}
return true;
}
StmtPtr SwitchStmt::DoReduce(Reducer* rc)
{
auto s = make_intrusive<StmtList>();
StmtPtr red_e_stmt;
if ( rc->Optimizing() )
e = rc->OptExpr(e);
else
e = e->Reduce(rc, red_e_stmt);
// Note, the compiler checks for constant switch expressions.
if ( red_e_stmt )
s->Stmts().push_back(red_e_stmt.release());
for ( const auto& c : *cases )
{
auto c_e = c->ExprCases();
if ( c_e )
{
StmtPtr c_e_stmt;
auto red_cases = c_e->Reduce(rc, c_e_stmt);
if ( c_e_stmt )
s->Stmts().push_back(c_e_stmt.release());
}
auto c_t = c->TypeCases();
if ( c_t )
rc->UpdateIDs(c_t);
c->UpdateBody(c->Body()->Reduce(rc));
}
// Upate type cases.
for ( auto& i : case_label_type_list )
{
IDPtr idp = {NewRef{}, i.first};
i.first = rc->UpdateID(idp).release();
}
if ( s->Stmts().length() > 0 )
{
StmtPtr me = ThisPtr();
auto pre_and_me = make_intrusive<StmtList>(s, me);
return TransformMe(pre_and_me, rc);
}
return ThisPtr();
}
bool SwitchStmt::NoFlowAfter(bool ignore_break) const
{
bool control_reaches_end = false;
bool default_seen_with_no_flow_after = false;
for ( const auto& c : *Cases() )
{
if ( ! c->Body()->NoFlowAfter(true) )
return false;
if ( (! c->ExprCases() ||
c->ExprCases()->Exprs().length() == 0) &&
(! c->TypeCases() ||
c->TypeCases()->length() == 0) )
// We saw the default, and the test before this
// one established that it has no flow after it.
default_seen_with_no_flow_after = true;
}
return default_seen_with_no_flow_after;
}
bool AddDelStmt::IsReduced(Reducer* c) const
{
return e->HasReducedOps(c);
}
StmtPtr AddDelStmt::DoReduce(Reducer* c)
{
if ( c->Optimizing() )
{
e = c->OptExpr(e);
return ThisPtr();
}
if ( e->Tag() != EXPR_INDEX && e->Tag() != EXPR_FIELD )
Internal("bad \"add\"/\"delete\"");
auto red_e_stmt = e->ReduceToSingletons(c);
if ( red_e_stmt )
{
auto s = make_intrusive<StmtList>(red_e_stmt, ThisPtr());
return TransformMe(s, c);
}
else
return ThisPtr();
}
StmtPtr AddStmt::Duplicate()
{
@ -104,6 +491,32 @@ StmtPtr EventStmt::Duplicate()
return SetSucc(new EventStmt(e->Duplicate()->AsEventExprPtr()));
}
StmtPtr EventStmt::DoReduce(Reducer* c)
{
if ( c->Optimizing() )
{
e = c->OptExpr(e);
event_expr = e->AsEventExprPtr();
}
else if ( ! event_expr->IsSingleton(c) )
{
StmtPtr red_e_stmt;
auto ee_red = event_expr->Reduce(c, red_e_stmt);
event_expr = ee_red->AsEventExprPtr();
e = event_expr;
if ( red_e_stmt )
{
auto s = make_intrusive<StmtList>(red_e_stmt, ThisPtr());
return TransformMe(s, c);
}
}
return ThisPtr();
}
StmtPtr WhileStmt::Duplicate()
{
@ -115,12 +528,55 @@ void WhileStmt::Inline(Inliner* inl)
{
loop_condition = loop_condition->Inline(inl);
if ( loop_cond_stmt )
loop_cond_stmt->Inline(inl);
if ( loop_cond_pred_stmt )
loop_cond_pred_stmt->Inline(inl);
if ( body )
body->Inline(inl);
}
bool WhileStmt::IsReduced(Reducer* c) const
{
// No need to check loop_cond_pred_stmt, as we create it reduced.
return loop_condition->IsReducedConditional(c) && body->IsReduced(c);
}
StmtPtr WhileStmt::DoReduce(Reducer* c)
{
if ( c->Optimizing() )
loop_condition = c->OptExpr(loop_condition);
else
{
if ( IsReduced(c) )
{
if ( ! c->IsPruning() )
{
// See comment below for the particulars
// of this constructor.
stmt_loop_condition =
make_intrusive<ExprStmt>(STMT_EXPR,
loop_condition);
return ThisPtr();
}
}
else
loop_condition = loop_condition->ReduceToConditional(c,
loop_cond_pred_stmt);
}
body = body->Reduce(c);
// We use the more involved ExprStmt constructor here to bypass
// its check for whether the expression is being ignored, since
// we're not actually creating an ExprStmt for execution.
stmt_loop_condition =
make_intrusive<ExprStmt>(STMT_EXPR, loop_condition);
if ( loop_cond_pred_stmt )
loop_cond_pred_stmt = loop_cond_pred_stmt->Reduce(c);
return ThisPtr();
}
StmtPtr ForStmt::Duplicate()
{
@ -151,6 +607,46 @@ void ForStmt::Inline(Inliner* inl)
body->Inline(inl);
}
bool ForStmt::IsReduced(Reducer* c) const
{
if ( ! e->IsReduced(c) )
return NonReduced(e.get());
if ( ! c->IDsAreReduced(loop_vars) )
return false;
if ( value_var && ! c->ID_IsReduced(value_var) )
return false;
return body->IsReduced(c);
}
StmtPtr ForStmt::DoReduce(Reducer* c)
{
StmtPtr red_e_stmt;
if ( c->Optimizing() )
e = c->OptExpr(e);
else
{
e = e->Reduce(c, red_e_stmt);
c->UpdateIDs(loop_vars);
if ( value_var )
value_var = c->UpdateID(value_var);
}
body = body->Reduce(c);
if ( body->Tag() == STMT_NULL )
Error("empty \"for\" body leaves loop variables in indeterminant state");
if ( red_e_stmt )
return TransformMe(make_intrusive<StmtList>(red_e_stmt, this), c);
return ThisPtr();
}
StmtPtr ReturnStmt::Duplicate()
{
@ -162,6 +658,61 @@ ReturnStmt::ReturnStmt(ExprPtr arg_e, bool ignored)
{
}
StmtPtr ReturnStmt::DoReduce(Reducer* c)
{
if ( ! e )
return ThisPtr();
if ( c->Optimizing() )
{
e = c->OptExpr(e);
return ThisPtr();
}
if ( ! e->IsSingleton(c) )
{
StmtPtr red_e_stmt;
e = e->Reduce(c, red_e_stmt);
if ( red_e_stmt )
{
auto s = make_intrusive<StmtList>(red_e_stmt, ThisPtr());
return TransformMe(s, c);
}
}
return ThisPtr();
}
StmtList::StmtList(StmtPtr s1, Stmt* s2) : Stmt(STMT_LIST)
{
stmts = new StmtPList;
if ( s1 )
stmts->append(s1.release());
if ( s2 )
stmts->append(s2);
}
StmtList::StmtList(StmtPtr s1, StmtPtr s2) : Stmt(STMT_LIST)
{
stmts = new StmtPList;
if ( s1 )
stmts->append(s1.release());
if ( s2 )
stmts->append(s2.release());
}
StmtList::StmtList(StmtPtr s1, StmtPtr s2, StmtPtr s3) : Stmt(STMT_LIST)
{
stmts = new StmtPList;
if ( s1 )
stmts->append(s1.release());
if ( s2 )
stmts->append(s2.release());
if ( s3 )
stmts->append(s3.release());
}
StmtPtr StmtList::Duplicate()
{
@ -179,6 +730,181 @@ void StmtList::Inline(Inliner* inl)
stmt->Inline(inl);
}
bool StmtList::IsReduced(Reducer* c) const
{
int n = Stmts().length();
for ( auto i = 0; i < n; ++i )
{
auto& s_i = Stmts()[i];
if ( ! s_i->IsReduced(c) )
return false;
if ( s_i->NoFlowAfter(false) && i < n - 1 )
return false;
}
return true;
}
StmtPtr StmtList::DoReduce(Reducer* c)
{
StmtPList* f_stmts = new StmtPList;
bool did_change = false;
int n = Stmts().length();
for ( auto i = 0; i < n; ++i )
{
if ( ReduceStmt(i, f_stmts, c) )
did_change = true;
if ( i < n - 1 && Stmts()[i]->NoFlowAfter(false) )
{
did_change = true;
break;
}
if ( reporter->Errors() > 0 )
return ThisPtr();
}
if ( f_stmts->length() == 0 )
return TransformMe(make_intrusive<NullStmt>(), c);
if ( f_stmts->length() == 1 )
return (*f_stmts)[0]->Reduce(c);
if ( did_change )
{
ResetStmts(f_stmts);
return Reduce(c);
}
else
delete f_stmts;
return ThisPtr();
}
bool StmtList::ReduceStmt(int& s_i, StmtPList* f_stmts, Reducer* c)
{
bool did_change = false;
auto stmt = Stmts()[s_i]->ThisPtr();
auto old_stmt = stmt;
stmt = stmt->Reduce(c);
if ( stmt != old_stmt )
did_change = true;
if ( c->Optimizing() && stmt->Tag() == STMT_EXPR )
{
// There are two potential optimizations that affect
// whether we keep assignment statements. The first is
// for potential assignment chains like
//
// tmp1 = x;
// tmp2 = tmp1;
//
// where we can change this pair to simply "tmp2 = x", assuming
// no later use of tmp1.
//
// In addition, if we have "tmp1 = e" and "e" is an expression
// already computed into another temporary (say tmp0) that's
// safely usable at this point, then we can elide the tmp1
// assignment entirely.
auto s_e = stmt->AsExprStmt();
auto e = s_e->StmtExpr();
if ( e->Tag() != EXPR_ASSIGN )
{
f_stmts->append(stmt.release());
return false;
}
auto a = e->AsAssignExpr();
auto lhs = a->Op1()->AsRefExprPtr()->Op();
if ( lhs->Tag() != EXPR_NAME )
{
f_stmts->append(stmt.release());
return false;
}
auto var = lhs->AsNameExpr();
auto rhs = a->GetOp2();
if ( s_i < Stmts().length() - 1 )
{
// See if we can compress an assignment chain.
auto& s_i_succ = Stmts()[s_i + 1];
// Don't reduce s_i_succ. If it's what we're
// looking for, it's already reduced.
auto merge = c->MergeStmts(var, rhs, s_i_succ);
if ( merge )
{
f_stmts->append(merge.release());
// Skip both this statement and the next,
// now that we've substituted the merge.
++s_i;
return true;
}
}
if ( c->IsCSE(a, var, rhs.get()) )
{
// printf("discarding %s as unnecessary\n", obj_desc(a));
// Skip this now unnecessary statement.
return true;
}
}
if ( stmt->Tag() == STMT_LIST )
{ // inline the list
auto sl = stmt->AsStmtList();
for ( auto& sub_stmt : sl->Stmts() )
f_stmts->append(sub_stmt->Ref());
did_change = true;
}
else if ( stmt->Tag() == STMT_NULL )
// skip it
did_change = true;
else
// No need to Ref() because the StmtPList destructor
// doesn't Unref(), only the explict list-walking
// in the ~StmtList destructor.
f_stmts->append(stmt.release());
return did_change;
}
bool StmtList::NoFlowAfter(bool ignore_break) const
{
for ( auto& s : Stmts() )
{
// For "break" statements, if ignore_break is set then
// by construction flow *does* go to after this statement
// list. If we just used the second test below, then
// while the "break" would indicate there's flow after it,
// if there's dead code following that includes a "return",
// this would in fact be incorrect.
if ( ignore_break && s->Tag() == STMT_BREAK )
return false;
if ( s->NoFlowAfter(ignore_break) )
return true;
}
return false;
}
StmtPtr InitStmt::Duplicate()
{
@ -191,6 +917,17 @@ StmtPtr InitStmt::Duplicate()
return SetSucc(new InitStmt(new_inits));
}
bool InitStmt::IsReduced(Reducer* c) const
{
return c->IDsAreReduced(inits);
}
StmtPtr InitStmt::DoReduce(Reducer* c)
{
c->UpdateIDs(inits);
return ThisPtr();
}
StmtPtr WhenStmt::Duplicate()
{
@ -208,5 +945,149 @@ void WhenStmt::Inline(Inliner* inl)
// the frames of closures.
}
bool WhenStmt::IsReduced(Reducer* c) const
{
// We consider these always reduced because they're not
// candidates for any further optimization.
return true;
}
CatchReturnStmt::CatchReturnStmt(StmtPtr _block, NameExprPtr _ret_var)
: Stmt(STMT_CATCH_RETURN)
{
block = _block;
ret_var = _ret_var;
}
ValPtr CatchReturnStmt::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
auto val = block->Exec(f, flow);
if ( flow == FLOW_RETURN )
flow = FLOW_NEXT;
if ( ret_var )
f->SetElement(ret_var->Id()->Offset(), val);
// Note, do *not* return the value! That's taken as a signal
// that a full return executed.
return nullptr;
}
bool CatchReturnStmt::IsPure() const
{
// The ret_var is pure by construction.
return block->IsPure();
}
StmtPtr CatchReturnStmt::Duplicate()
{
auto rv_dup = ret_var->Duplicate();
auto rv_dup_ptr = rv_dup->AsNameExprPtr();
return SetSucc(new CatchReturnStmt(block->Duplicate(), rv_dup_ptr));
}
StmtPtr CatchReturnStmt::DoReduce(Reducer* c)
{
block = block->Reduce(c);
if ( block->Tag() == STMT_RETURN )
{
// The whole thing reduced to a bare return. This can
// happen due to constant propagation.
auto ret = block->AsReturnStmt();
auto ret_e = ret->StmtExprPtr();
if ( ! ret_e )
{
if ( ret_var )
reporter->InternalError("inlining inconsistency: no return value");
return make_intrusive<NullStmt>();
}
auto assign = make_intrusive<AssignExpr>(ret_var->Duplicate(),
ret_e->Duplicate(),
false);
assign_stmt = make_intrusive<ExprStmt>(assign);
return assign_stmt;
}
return ThisPtr();
}
void CatchReturnStmt::StmtDescribe(ODesc* d) const
{
Stmt::StmtDescribe(d);
block->Describe(d);
DescribeDone(d);
}
TraversalCode CatchReturnStmt::Traverse(TraversalCallback* cb) const
{
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
block->Traverse(cb);
if ( ret_var )
ret_var->Traverse(cb);
tc = cb->PostStmt(this);
HANDLE_TC_STMT_POST(tc);
}
CheckAnyLenStmt::CheckAnyLenStmt(ExprPtr arg_e, int _expected_len)
: ExprStmt(STMT_CHECK_ANY_LEN, std::move(arg_e))
{
expected_len = _expected_len;
}
ValPtr CheckAnyLenStmt::Exec(Frame* f, StmtFlowType& flow) const
{
RegisterAccess();
flow = FLOW_NEXT;
auto& v = e->Eval(f)->AsListVal()->Vals();
if ( v.size() != static_cast<size_t>(expected_len) )
reporter->ExprRuntimeError(e.get(), "mismatch in list lengths");
return nullptr;
}
StmtPtr CheckAnyLenStmt::Duplicate()
{
return SetSucc(new CheckAnyLenStmt(e->Duplicate(), expected_len));
}
bool CheckAnyLenStmt::IsReduced(Reducer* c) const
{
return true;
}
StmtPtr CheckAnyLenStmt::DoReduce(Reducer* c)
{
// These are created in reduced form.
return ThisPtr();
}
void CheckAnyLenStmt::StmtDescribe(ODesc* d) const
{
Stmt::StmtDescribe(d);
e->Describe(d);
if ( ! d->IsBinary() )
d->Add(".length == ");
d->Add(expected_len);
DescribeDone(d);
}
} // namespace zeek::detail

17
src/script_opt/TempVar.cc Normal file
View file

@ -0,0 +1,17 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/script_opt/TempVar.h"
#include "zeek/Reporter.h"
namespace zeek::detail {
TempVar::TempVar(int num, const TypePtr& t, ExprPtr _rhs) : type(t)
{
char buf[8192];
snprintf(buf, sizeof buf, "#%d", num);
name = buf;
id = nullptr;
}
} // zeek::detail

36
src/script_opt/TempVar.h Normal file
View file

@ -0,0 +1,36 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
// Class for managing temporary variables created during statement reduction
// for compilation.
#include <string>
#include "zeek/ID.h"
#include "zeek/Expr.h"
namespace zeek::detail {
class TempVar {
public:
TempVar(int num, const TypePtr& t, ExprPtr rhs);
const char* Name() const { return name.data(); }
const zeek::Type* Type() const { return type.get(); }
const Expr* RHS() const { return rhs.get(); }
IDPtr Id() const { return id; }
void SetID(IDPtr _id) { id = std::move(_id); }
void Deactivate() { active = false; }
bool IsActive() const { return active; }
protected:
std::string name;
IDPtr id;
const TypePtr& type;
ExprPtr rhs;
bool active = true;
};
} // zeek::detail

1
testing/btest/Baseline.xform/broker.remote_log_types/recv.recv.out Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

11
testing/btest/Baseline.xform/broker.remote_log_types/recv.test.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 1 AA (empty) 10,20,30 (empty) foo\x0aif (0 < i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline.xform/broker.remote_log_types/send.send.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Broker::peer_added, 127.0.0.1

11
testing/btest/Baseline.xform/broker.remote_log_types/send.test.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 Test::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 1 AA (empty) 10,20,30 (empty) foo\x0aif (0 < i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

5
testing/btest/Baseline.xform/language.common-mistakes/1.out Normal file
View file

@ -0,0 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
expression error in ./1.zeek, line 9: field value missing (mr$f)
bar start
foo start
other zeek_init

3
testing/btest/Baseline.xform/language.common-mistakes/2.out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
expression error in ./2.zeek, line 7: no such index (t[nope])
in foo

3
testing/btest/Baseline.xform/language.common-mistakes/3.out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
expression error in ./3.zeek, line 5: type-checking failed in vector append (v vec+= ok)
in foo

12
testing/btest/Baseline.xform/language.function-sending/recv.recv.out Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
peer added
receiver got ping: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(myfunc(%s), c);\x0aprint <internal>::#0;\x0a}
myfunc(1)
receiver got ping: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(myfunc(%s), c);\x0aprint <internal>::#0;\x0a}
myfunc(2)
receiver got ping: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(myfunc(%s), c);\x0aprint <internal>::#0;\x0a}
myfunc(3)
receiver got ping: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(myfunc(%s), c);\x0aprint <internal>::#0;\x0a}
myfunc(4)
receiver got ping: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(myfunc(%s), c);\x0aprint <internal>::#0;\x0a}
myfunc(5)

11
testing/btest/Baseline.xform/language.function-sending/send.send.out Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
peer added
sender got pong: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(bodiesdontsend(%s), c);\x0aprint <internal>::#0;\x0a}
bodiesdontsend(1)
sender got pong: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(bodiesdontsend(%s), c);\x0aprint <internal>::#0;\x0a}
bodiesdontsend(2)
sender got pong: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(bodiesdontsend(%s), c);\x0aprint <internal>::#0;\x0a}
bodiesdontsend(3)
sender got pong: my-message, myfunc\x0a{ \x0a<internal>::#0 = fmt(bodiesdontsend(%s), c);\x0aprint <internal>::#0;\x0a}
bodiesdontsend(4)
peer lost

6
testing/btest/Baseline.xform/language.index-assignment-invalid/out Normal file
View file

@ -0,0 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
runtime error in <...>/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j] []= <internal>::#3, call stack:
#0 Queue::get_vector([initialized=T, vals={[2] = test,[3] = [a=T, b=hi, c=<uninitialized>],[5] = 3,[0] = hello,[6] = jkl;,[4] = asdf,[1] = goodbye}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at <...>/index-assignment-invalid.zeek:19
#1 bar(55) at <...>/index-assignment-invalid.zeek:27
#2 foo(hi, 13) at <...>/index-assignment-invalid.zeek:39
#3 zeek_init()

2
testing/btest/Baseline.xform/language.type-coerce-numerics/double_convert_failure1.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in ./double_convert_failure1.zeek, line 7 and double: type clash for field "cc" ((coerce [$cc=5.0] to myrecord) and double)

2
testing/btest/Baseline.xform/language.type-coerce-numerics/double_convert_failure2.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in ./double_convert_failure2.zeek, line 7 and double: type clash for field "cc" ((coerce [$cc=-5.0] to myrecord) and double)

15
testing/btest/Baseline.xform/language.type-coerce-numerics/first_set.out Normal file
View file

@ -0,0 +1,15 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in int and ./first_set.zeek, line 46: overflow promoting from unsigned/double to signed arithmetic value (int and 9223372036854775808)
expression error in ./first_set.zeek, line 46: Failed type conversion ((coerce <internal>::#0 to record { ii:int; cc:count; dd:double; }))
3
int
4
int
5
int
6
int
7.0
double
-5.0
double

2
testing/btest/Baseline.xform/language.type-coerce-numerics/int_convert_failure.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in ./int_convert_failure.zeek, line 7 and int: type clash for field "cc" ((coerce [$cc=-5] to myrecord) and int)

19
testing/btest/Baseline.xform/language.type-coerce-numerics/vectors.out Normal file
View file

@ -0,0 +1,19 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
vector of count
vector of count
vector of count
[1, 2]
[3, 4]
[4, 6]
vector of int
vector of int
vector of int
[1, 2]
[3, 4]
[4, 6]
vector of double
vector of double
vector of double
[1.0, 2.0]
[3.0, 4.0]
[4.0, 6.0]

3556
testing/btest/Baseline.xform/plugins.hooks/output Normal file
View file

File diff suppressed because one or more lines are too long

2
testing/btest/Baseline.xform/plugins.logging-hooks/output Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX | HookLogInit ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}

12
testing/btest/Baseline.xform/plugins.logging-hooks/ssh.log Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field EMPTY
#unset_field -
#path ssh
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
F -2 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 4,2,3,1 CC,BB,AA EMPTY 10,20,30 EMPTY SSH::foo\x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
T - SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 4,2,3,1 CC,BB,AA EMPTY 10,20,30 EMPTY SSH::foo\x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline.xform/scripts.base.frameworks.file-analysis.bifs.file_exists_lookup_file/.stdout Normal file
View file

@ -0,0 +1,8 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error: file ID asdf not a known file
expression error in <...>/main.zeek, line 357: value used but not set (<internal>::#0)
This should fail but not crash
lookup fid: FMnxxt3xjVcWNS2141
We should have found the file id: FMnxxt3xjVcWNS2141
This should return T
T

11
testing/btest/Baseline.xform/scripts.base.frameworks.logging.ascii-gz/ssh-uncompressed.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssh-uncompressed
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 4,2,3,1 CC,BB,AA (empty) 10,20,30 (empty) SSH::foo\x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline.xform/scripts.base.frameworks.logging.ascii-gz/ssh.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssh
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 4,2,3,1 CC,BB,AA (empty) 10,20,30 (empty) SSH::foo\x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline.xform/scripts.base.frameworks.logging.ascii-json/ssh.log Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":XXXXXXXXXX.XXXXXX,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n"}

13
testing/btest/Baseline.xform/scripts.base.frameworks.logging.sqlite.simultaneous-writes/ssh.select Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1|-42|SSH::LOG|21|123|10.0.0.0/24|1.2.3.4|3.14|XXXXXXXXXX.XXXXXX|100.0|hurz|4,2,3,1|CC,BB,AA|(empty)|10,20,30|(empty)|SSH::foo
if (0 < SSH::i)
return (Foo);
else
return (Bar);
1|-42|SSH::LOG|21|123|10.0.0.0/24|1.2.3.4|3.14|XXXXXXXXXX.XXXXXX|100.0|hurz|4,2,3,1|CC,BB,AA|(empty)|10,20,30|(empty)|SSH::foo
if (0 < SSH::i)
return (Foo);
else
return (Bar);

7
testing/btest/Baseline.xform/scripts.base.frameworks.logging.sqlite.types/ssh.select Normal file
View file

@ -0,0 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1|-42|SSH::LOG|21|123|10.0.0.0/24|1.2.3.4|3.14|XXXXXXXXXX.XXXXXX|100.0|hurz|4,2,3,1|CC,BB,AA|(empty)|10,20,30|(empty)|SSH::foo
if (0 < SSH::i)
return (Foo);
else
return (Bar);

11
testing/btest/Baseline.xform/scripts.base.frameworks.logging.types/ssh.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field EMPTY
#unset_field -
#path ssh
#open XXXX-XX-XX-XX-XX-XX
#fields b i e c p sn a d t iv s sc ss se vc ve f
#types bool int enum count port subnet addr double time interval string set[count] set[string] set[string] vector[count] vector[string] func
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 XXXXXXXXXX.XXXXXX 100.000000 hurz 4,2,3,1 CC,BB,AA EMPTY 10,20,30 EMPTY SSH::foo\x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a
#close XXXX-XX-XX-XX-XX-XX

237
testing/btest/Baseline.xform/scripts.policy.misc.dump-events/all-events-no-args.log Normal file
View file

@ -0,0 +1,237 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 zeek_init
0.000000 NetControl::init
0.000000 filter_change_tracking
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX ChecksumOffloading::check
XXXXXXXXXX.XXXXXX filter_change_tracking
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX dns_message
XXXXXXXXXX.XXXXXX dns_request
XXXXXXXXXX.XXXXXX protocol_confirmation
XXXXXXXXXX.XXXXXX dns_end
XXXXXXXXXX.XXXXXX dns_message
XXXXXXXXXX.XXXXXX dns_CNAME_reply
XXXXXXXXXX.XXXXXX dns_A_reply
XXXXXXXXXX.XXXXXX dns_end
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX connection_established
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX protocol_confirmation
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX ChecksumOffloading::check
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX filter_change_tracking
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX connection_established
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX protocol_confirmation
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX mime_begin_entity
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX mime_one_header
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX mime_end_entity
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX get_file_handle
XXXXXXXXXX.XXXXXX smtp_request
XXXXXXXXXX.XXXXXX smtp_reply
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX new_connection
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX connection_established
XXXXXXXXXX.XXXXXX ssl_extension_server_name
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX protocol_confirmation
XXXXXXXXXX.XXXXXX ssl_client_hello
XXXXXXXXXX.XXXXXX ssl_handshake_message
XXXXXXXXXX.XXXXXX ssl_plaintext_data
XXXXXXXXXX.XXXXXX ssl_extension
XXXXXXXXXX.XXXXXX ssl_server_hello
XXXXXXXXXX.XXXXXX ssl_handshake_message
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX x509_certificate
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_ext_basic_constraints
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_ext_subject_alternative_name
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX file_new
XXXXXXXXXX.XXXXXX file_over_new_connection
XXXXXXXXXX.XXXXXX file_sniff
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX x509_certificate
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_ext_basic_constraints
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX x509_extension
XXXXXXXXXX.XXXXXX file_hash
XXXXXXXXXX.XXXXXX file_state_remove
XXXXXXXXXX.XXXXXX ssl_handshake_message
XXXXXXXXXX.XXXXXX ssl_handshake_message
XXXXXXXXXX.XXXXXX ssl_plaintext_data
XXXXXXXXXX.XXXXXX ssl_handshake_message
XXXXXXXXXX.XXXXXX ssl_plaintext_data
XXXXXXXXXX.XXXXXX ssl_change_cipher_spec
XXXXXXXXXX.XXXXXX ssl_plaintext_data
XXXXXXXXXX.XXXXXX ssl_change_cipher_spec
XXXXXXXXXX.XXXXXX ssl_plaintext_data
XXXXXXXXXX.XXXXXX ssl_established
XXXXXXXXXX.XXXXXX net_done
XXXXXXXXXX.XXXXXX Broker::log_flush
XXXXXXXXXX.XXXXXX filter_change_tracking
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX connection_state_remove
XXXXXXXXXX.XXXXXX zeek_done
XXXXXXXXXX.XXXXXX ChecksumOffloading::check

1076
testing/btest/Baseline.xform/scripts.policy.misc.dump-events/all-events.log Normal file
View file

File diff suppressed because one or more lines are too long

9513
testing/btest/Baseline.xform/scripts.policy.misc.dump-events/really-all-events.log Normal file
View file

File diff suppressed because one or more lines are too long

321
testing/btest/Baseline.xform/scripts.policy.misc.dump-events/smtp-events.log Normal file
View file

@ -0,0 +1,321 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = We do not authorize the use of this system to transport unsolicited,
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=690.0 msecs 616.846085 usecs, service={\x0a\x0a}, history=ShAd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = and/or bulk e-mail.
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=695.0 msecs 762.872696 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = GP
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = xc90.websitewelcome.com Hello GP [122.162.143.157]
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = SIZE 52428800
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = PIPELINING
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = AUTH PLAIN LOGIN
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = STARTTLS
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 37.0 msecs 137.031555 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = HELP
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 39.0 msecs 682.865143 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = AUTH
[3] arg: string = LOGIN
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 35.017014 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH
[4] msg: string = VXNlcm5hbWU6
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 382.0 msecs 608.890533 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 724.0 msecs 498.033524 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 334
[3] cmd: string = AUTH_ANSWER
[4] msg: string = UGFzc3dvcmQ6
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 sec 725.0 msecs 71.907043 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = **
[3] arg: string = cHVuamFiQDEyMw==
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 84.0 msecs 751.844406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 235
[3] cmd: string = AUTH_ANSWER
[4] msg: string = Authentication succeeded
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 85.0 msecs 367.918015 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM: <gurpartap@patriots.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 427.0 msecs 718.877792 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
[4] msg: string = OK
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 428.0 msecs 204.059601 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO: <raj_deol2002in@yahoo.co.in>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 790.0 msecs 662.050247 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
[4] msg: string = Accepted
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 secs 791.0 msecs 157.007217 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 secs 132.0 msecs 632.97081 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
[4] msg: string = Enter message, ending with "." on a line by itself
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 329.0 msecs 288.005829 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=4.0 secs 719.0 msecs 743.013382 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=gurpartap@patriots.in, rcptto={\x0araj_deol2002in@yahoo.co.in\x0a}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" <gurpartap@patriots.in>, to={\x0a<raj_deol2002in@yahoo.co.in>\x0a}, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=<uninitialized>, subject=SMTP, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[FmFp351N5nhsMmAfQg, Fqrb1K5DWEfgy4WU2, FEFYSd1s8Onn9LynKj]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .
[4] msg: string = OK id=1Mugho-0003Dg-Un
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 234.0 msecs 778.881073 usecs, service={\x0aSMTP\x0a}, history=ShAdDaT, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = QUIT
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0, l2_addr=00:e0:1c:3c:17:c2], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0, l2_addr=00:1f:33:d9:81:60], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 secs 576.0 msecs 421.022415 usecs, service={\x0aSMTP\x0a}, history=ShAdDaTF, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=ClEkJM2Vm5giqnMf4h, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=<uninitialized>, path=[74.53.140.153, 10.10.1.4], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=<uninitialized>, mime_depth=5], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 221
[3] cmd: string = QUIT
[4] msg: string = xc90.websitewelcome.com closing connection
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=10.0 msecs 246.992111 usecs, service={\x0a\x0a}, history=ShAd, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = uprise ESMTP SubEthaSMTP null
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=3, num_bytes_ip=168, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=35, state=4, num_pkts=2, num_bytes_ip=147, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 411.056519 usecs, service={\x0aSMTP\x0a}, history=ShAdD, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=<uninitialized>, mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=<uninitialized>, messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = EHLO
[3] arg: string = [192.168.133.100]
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=220 uprise ESMTP SubEthaSMTP null, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = uprise
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 uprise, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = 8BITMIME
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 8BITMIME, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = AUTH LOGIN
[5] cont_resp: bool = T
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=24, state=4, num_pkts=4, num_bytes_ip=244, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=3, num_bytes_ip=199, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=29.0 msecs 386.043549 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 AUTH LOGIN, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = EHLO
[4] msg: string = Ok
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=5, num_bytes_ip=296, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=85, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=30.0 msecs 136.108398 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=<uninitialized>, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=F, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = MAIL
[3] arg: string = FROM:<albert@example.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=56, state=4, num_pkts=6, num_bytes_ip=380, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=4, num_bytes_ip=301, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=32.0 msecs 890.081406 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = MAIL
[4] msg: string = Ok
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=7, num_bytes_ip=432, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=93, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=33.0 msecs 337.116241 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto=<uninitialized>, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<ericlim220@yahoo.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=88, state=4, num_pkts=8, num_bytes_ip=516, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=5, num_bytes_ip=361, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 91.089249 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
[4] msg: string = Ok
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=9, num_bytes_ip=568, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=101, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=36.0 msecs 692.142487 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<felica4uu@hotmail.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=121, state=4, num_pkts=10, num_bytes_ip=653, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=6, num_bytes_ip=421, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=40.0 msecs 729.045868 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
[4] msg: string = Ok
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=11, num_bytes_ip=705, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=109, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=41.0 msecs 517.972946 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = RCPT
[3] arg: string = TO:<davis_mark1@outlook.com>
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=156, state=4, num_pkts=12, num_bytes_ip=792, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=7, num_bytes_ip=481, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 173.955917 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = RCPT
[4] msg: string = Ok
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=13, num_bytes_ip=844, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=117, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=44.0 msecs 801.950455 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=0], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = DATA
[3] arg: string =
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=162, state=4, num_pkts=14, num_bytes_ip=902, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=8, num_bytes_ip=541, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=47.0 msecs 863.006592 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=<uninitialized>, from=<uninitialized>, to=<uninitialized>, cc=<uninitialized>, reply_to=<uninitialized>, msg_id=<uninitialized>, in_reply_to=<uninitialized>, subject=<uninitialized>, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=250 Ok, path=[192.168.133.102, 192.168.133.100], user_agent=<uninitialized>, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=<uninitialized>], fuids=[]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 354
[3] cmd: string = DATA
[4] msg: string = End data with <CR><LF>.<CR><LF>
[5] cont_resp: bool = F
XXXXXXXXXX.XXXXXX smtp_request
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=15, num_bytes_ip=954, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=154, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=48.0 msecs 480.033875 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = T
[2] command: string = .
[3] arg: string = .
XXXXXXXXXX.XXXXXX smtp_reply
[0] c: connection = [id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], orig=[size=969, state=4, num_pkts=16, num_bytes_ip=1813, flow_label=0, l2_addr=58:b0:35:86:54:8d], resp=[size=162, state=4, num_pkts=9, num_bytes_ip=630, flow_label=0, l2_addr=00:08:ca:cc:ad:4c], start_time=XXXXXXXXXX.XXXXXX, duration=57.0 msecs 218.074799 usecs, service={\x0aSMTP\x0a}, history=ShAdDa, uid=CmES5u32sYpV7JYN, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, removal_hooks={\x0a\x09SMTP::finalize_smtp\x0a\x09if (SMTP::c?$smtp) \x0a\x09\x09SMTP::smtp_message(SMTP::c);\x0a\x0a}, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dce_rpc=<uninitialized>, dce_rpc_state=<uninitialized>, dce_rpc_backing=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, ntp=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=[ts=XXXXXXXXXX.XXXXXX, uid=CmES5u32sYpV7JYN, id=[orig_h=192.168.133.100, orig_p=49648/tcp, resp_h=192.168.133.102, resp_p=25/tcp], trans_depth=1, helo=[192.168.133.100], mailfrom=albert@example.com, rcptto={\x0afelica4uu@hotmail.com,\x0aericlim220@yahoo.com,\x0adavis_mark1@outlook.com\x0a}, date=Sat, 25 Jul 2015 16:43:07 +0300, from=Albert Zaharovits <albert@example.com>, to={\x0aericlim220@yahoo.com\x0a}, cc={\x0afelica4uu@hotmail.com,\x0adavis_mark1@outlook.com\x0a}, reply_to=<uninitialized>, msg_id=<A6202DF2-8E58-4E41-BE0B-C8D3989A4AEE@example.com>, in_reply_to=<9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com>, subject=Re: Bro SMTP CC Header, x_originating_ip=<uninitialized>, first_received=<uninitialized>, second_received=<uninitialized>, last_reply=354 End data with <CR><LF>.<CR><LF>, path=[192.168.133.102, 192.168.133.100], user_agent=Apple Mail (2.2102), tls=F, process_received_from=T, has_client_activity=T, entity=<uninitialized>, fuids=[Fc5KpS3kUYqDLwWSMf]], smtp_state=[helo=[192.168.133.100], messages_transferred=0, pending_messages=<uninitialized>, mime_depth=1], socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
[1] is_orig: bool = F
[2] code: count = 250
[3] cmd: string = .
[4] msg: string = Ok
[5] cont_resp: bool = F

2
testing/btest/Baseline/bifs.string_utils/out
View file

@ -57,11 +57,9 @@ find_str: -1
find_str: -1
find_str: 4
find_str: 4
find_str: -1
find_str: 0
find_str: -1
find_str: -1
find_str: 4
find_str: 4
find_str: -1

5
testing/btest/Baseline/bifs.string_utils_errors/out Normal file
View file

@ -0,0 +1,5 @@
Justification (input string 'abc')
----------------------------------
find_str: -1
find_str: -1

4
testing/btest/bifs/string_utils.zeek
View file

@ -10,12 +10,10 @@ event zeek_init()
print fmt("ljust: '%s'", ljust(s1, 3, " ")); # 'abc'
print fmt("ljust: '%s'", ljust(s1, 5)); # 'abc '
print fmt("ljust: '%s'", ljust(s1, 5, "-")); # 'abc--'
print fmt("ljust: '%s'", ljust(s1, 2, "--")); # This should return an error
print fmt("rjust: '%s'", rjust(s1, 2, " ")); # 'abc'
print fmt("rjust: '%s'", rjust(s1, 3, " ")); # 'abc'
print fmt("rjust: '%s'", rjust(s1, 5)); # ' abc'
print fmt("rjust: '%s'", rjust(s1, 5, "-")); # '--abc'
print fmt("rjust: '%s'", rjust(s1, 2, "--")); # This should return an error
print fmt("zfill: '%s'", zfill(s1, 2)); # 'abc'
print fmt("zfill: '%s'", zfill(s1, 3)); # 'abc'
print fmt("zfill: '%s'", zfill(s1, 5)); # '00abc'
@ -71,12 +69,10 @@ event zeek_init()
print fmt("find_str: %d", find_str(s3, "abcd", 0, 2));
print fmt("find_str: %d", find_str(s3, "efg"));
print fmt("find_str: %d", find_str(s3, "efg", 2, 6));
print fmt("find_str: %d", find_str(s3, "efg", 6, 2));
print fmt("find_str: %d", rfind_str(s3, "abcd"));
print fmt("find_str: %d", rfind_str(s3, "abcd", 1));
print fmt("find_str: %d", rfind_str(s3, "abcd", 0, 2));
print fmt("find_str: %d", rfind_str(s3, "efg"));
print fmt("find_str: %d", rfind_str(s3, "efg", 2, 6));
print fmt("find_str: %d", rfind_str(s3, "efg", 6, 2));
print "";
}

19
testing/btest/bifs/string_utils_errors.zeek Normal file
View file

@ -0,0 +1,19 @@
# Don't run the test for transformed ASTs, as they'll stop early due to
# error propagation.
# @TEST-REQUIRES: test "${ZEEK_XFORM}" != "1"
#
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
event zeek_init()
{
print "Justification (input string 'abc')";
print "----------------------------------";
local s1 : string = "abc";
print fmt("ljust: '%s'", ljust(s1, 2, "--")); # This should return an error
print fmt("rjust: '%s'", rjust(s1, 2, "--")); # This should return an error
local s3: string = "abcdefghi";
print fmt("find_str: %d", find_str(s3, "efg", 6, 2));
print fmt("find_str: %d", rfind_str(s3, "efg", 6, 2));
print "";
}

4
testing/btest/btest.cfg
View file

@ -60,3 +60,7 @@ BTEST_BASELINE_DIR=%(testbase)s/Baseline.dup:%(testbase)s/Baseline
[environment-inline]
ZEEK_INLINE=1
BTEST_BASELINE_DIR=%(testbase)s/Baseline.inline:%(testbase)s/Baseline
[environment-xform]
ZEEK_XFORM=1
BTEST_BASELINE_DIR=%(testbase)s/Baseline.xform:%(testbase)s/Baseline

2
testing/btest/language/type-coerce-numerics.zeek
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff double_convert_failure1.out
# @TEST-EXEC-FAIL: zeek -b double_convert_failure2.zeek >double_convert_failure2.out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff double_convert_failure1.out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff double_convert_failure2.out
# @TEST-EXEC-FAIL: zeek -b int_convert_failure.zeek >int_convert_failure.out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff int_convert_failure.out

2
testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT 2>&1
# @TEST-EXEC: btest-diff .stdout
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stdout
@load base/protocols/http