From 1786a3b92d8bd4f9929decfcf74f59ab59d65334 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 31 Jul 2013 17:30:56 -0400 Subject: [PATCH] DHCP: Adding unit tests. --- scripts/base/protocols/dhcp/main.bro | 8 ++++++-- .../dhcp/known-devices-and-hostnames.bro | 12 ++++++++++++ .../dhcp.log | 10 ++++++++++ .../scripts.base.protocols.dhcp.inform/dhcp.log | 10 ++++++++++ .../known_devices.log | 11 +++++++++++ testing/btest/Traces/dhcp/dhcp.trace | Bin 0 -> 3140 bytes testing/btest/Traces/dhcp/dhcp_inform.trace | Bin 0 -> 687 bytes .../base/protocols/dhcp/dhcp-all-msg-types.btest | 6 ++++++ .../scripts/base/protocols/dhcp/inform.test | 5 +++++ .../dhcp/known-devices-and-hostnames/basic.test | 8 ++++++++ 10 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.dhcp.dhcp-all-msg-types/dhcp.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.dhcp.inform/dhcp.log create mode 100644 testing/btest/Baseline/scripts.policy.protocols.dhcp.known-devices-and-hostnames.basic/known_devices.log create mode 100644 testing/btest/Traces/dhcp/dhcp.trace create mode 100644 testing/btest/Traces/dhcp/dhcp_inform.trace create mode 100644 testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest create mode 100644 testing/btest/scripts/base/protocols/dhcp/inform.test create mode 100644 testing/btest/scripts/policy/protocols/dhcp/known-devices-and-hostnames/basic.test diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.bro index 05491361ff..07bd437579 100644 --- a/scripts/base/protocols/dhcp/main.bro +++ b/scripts/base/protocols/dhcp/main.bro @@ -57,13 +57,17 @@ event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_lis info$ts = network_time(); info$id = c$id; info$uid = c$uid; - info$assigned_ip = reverse_ip(msg$yiaddr); info$lease_time = lease; info$trans_id = msg$xid; if ( msg$h_addr != "" ) info$mac = msg$h_addr; - + + if ( reverse_ip(msg$yiaddr) != 0.0.0.0 ) + info$assigned_ip = reverse_ip(msg$yiaddr); + else + info$assigned_ip = c$id$orig_h; + c$dhcp = info; Log::write(DHCP::LOG, c$dhcp); diff --git a/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro b/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro index 95770ce273..ddb058f2e0 100644 --- a/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro +++ b/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro @@ -20,3 +20,15 @@ event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name]); } } + +event dhcp_inform(c: connection, msg: dhcp_msg, host_name: string) + { + if ( msg$h_addr == "" ) + return; + + if ( msg$h_addr !in known_devices ) + { + add known_devices[msg$h_addr]; + Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name]); + } + } diff --git a/testing/btest/Baseline/scripts.base.protocols.dhcp.dhcp-all-msg-types/dhcp.log b/testing/btest/Baseline/scripts.base.protocols.dhcp.dhcp-all-msg-types/dhcp.log new file mode 100644 index 0000000000..b52d455a4a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.dhcp.dhcp-all-msg-types/dhcp.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path dhcp +#open 2013-07-31-21-00-49 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mac assigned_ip lease_time trans_id +#types time string addr port addr port string addr interval count +1370200444.371332 nQcgTWjvg4c 128.2.6.189 68 128.2.6.152 67 90:b1:1c:99:49:29 128.2.6.189 900.000000 1984 +#close 2013-07-31-21-00-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.dhcp.inform/dhcp.log b/testing/btest/Baseline/scripts.base.protocols.dhcp.inform/dhcp.log new file mode 100644 index 0000000000..d8f626efe3 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.dhcp.inform/dhcp.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path dhcp +#open 2013-07-31-21-00-55 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p mac assigned_ip lease_time trans_id +#types time string addr port addr port string addr interval count +1374432420.191205 FrJExwHcSal 128.2.6.122 68 128.2.6.152 67 90:b1:1c:99:49:29 128.2.6.122 0.000000 2754407505 +#close 2013-07-31-21-00-55 diff --git a/testing/btest/Baseline/scripts.policy.protocols.dhcp.known-devices-and-hostnames.basic/known_devices.log b/testing/btest/Baseline/scripts.policy.protocols.dhcp.known-devices-and-hostnames.basic/known_devices.log new file mode 100644 index 0000000000..91d37f8950 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.dhcp.known-devices-and-hostnames.basic/known_devices.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path known_devices +#open 2013-07-31-21-27-41 +#fields ts mac dhcp_host_name +#types time string string +1370200443.344965 90:b1:1c:99:49:29 btest.is.cool +1374432420.186878 90:b1:1c:99:49:29 (empty) +#close 2013-07-31-21-27-41 diff --git a/testing/btest/Traces/dhcp/dhcp.trace b/testing/btest/Traces/dhcp/dhcp.trace new file mode 100644 index 0000000000000000000000000000000000000000..aeb00a133f1f70d493c3152f7c1f3a7ea458c2dd GIT binary patch literal 3140 zcmca|c+)~A1{MYw`2U}Qff2~5nz=eK^&Ja?F^~ho|G{9wMwywOnj8$S42-HEWe$Rs zCqOzuk_;{k&WwUa%NZHjfFkS%K;q~Cq90v!=<<`Bf|E@d8I4#DthjuLhc~GtwYWqt zvsf=VKR@R`C)gaVA+Adfc)>V!5hvCRPDLbkPwV0n?~S~)&J2kt z>?s};kZ*li8Nz^p2*QwnWI&{N4^RL$2yXffifnK|f>OMRojfANH-MCY0Z0vqF+5W| z8zdkt(kEij^luCOx5 z0ZS7Q#weNvphfdtP;|hGW`;lPp(8J?v;40EhSmpFHj+b&r4kxibI^(!Fn4&CzwH0( gfuUtz$VPIt|6~m`w2q9N(Bd#=VbnW(0DEZ)0CO2oasU7T literal 0 HcmV?d00001 diff --git a/testing/btest/Traces/dhcp/dhcp_inform.trace b/testing/btest/Traces/dhcp/dhcp_inform.trace new file mode 100644 index 0000000000000000000000000000000000000000..798ca84149dece44eaf6f1cb91874a5dba63d86a GIT binary patch literal 687 zcmca|c+)~A1{MYw`2U}Qff2}AqVp#3-%Tb4MIZ-+8F(}u_})+0C^OSjlY_yPfl-)& z!GXa+Q0GVk6I&G!&tPz2aAx@b{177}8(25UM35Yah5?9v7;os)$xXq@ri>isjEw(5 z0rvD26GIp=}0&I=&Gj>q$49@^#HDdt< P0wc?RU~&T{IN|{S|HnC| literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest new file mode 100644 index 0000000000..752ab91780 --- /dev/null +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest @@ -0,0 +1,6 @@ +# This tests that DHCP leases are logged in dhcp.log +# The trace has a message of each DHCP message type, +# but only one lease should show up in the logs. + +# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp.trace %INPUT +# @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/base/protocols/dhcp/inform.test b/testing/btest/scripts/base/protocols/dhcp/inform.test new file mode 100644 index 0000000000..652fd1ae45 --- /dev/null +++ b/testing/btest/scripts/base/protocols/dhcp/inform.test @@ -0,0 +1,5 @@ +# DHCPINFORM leases are special-cased in the code. +# This tests that those leases are correctly logged. + +# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: btest-diff dhcp.log diff --git a/testing/btest/scripts/policy/protocols/dhcp/known-devices-and-hostnames/basic.test b/testing/btest/scripts/policy/protocols/dhcp/known-devices-and-hostnames/basic.test new file mode 100644 index 0000000000..c2fcc1397c --- /dev/null +++ b/testing/btest/scripts/policy/protocols/dhcp/known-devices-and-hostnames/basic.test @@ -0,0 +1,8 @@ +# This tests that the known_devices log is created, +# that devices are logged by MAC address, and that +# the DHCP hostname is added, if available. + +# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp.trace -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: btest-diff known_devices.log + +@load policy/protocols/dhcp/known-devices-and-hostnames \ No newline at end of file