From 1a03a95f355bcc8e68aa096b074714a879fac902 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 17 Dec 2014 09:57:06 -0600 Subject: [PATCH] Workaround race condition in unified2 file module. This makes the unit test pass consistently, but need to see about fixing it in the unified2 file module directly. --- .../scripts/base/files/unified2/alert.bro | 34 +++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/testing/btest/scripts/base/files/unified2/alert.bro b/testing/btest/scripts/base/files/unified2/alert.bro index eca1ca036c..189e35bd8e 100644 --- a/testing/btest/scripts/base/files/unified2/alert.bro +++ b/testing/btest/scripts/base/files/unified2/alert.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2 +# @TEST-EXEC: bro -b %INPUT test_watch_file=$FILES/unified2.u2 # @TEST-EXEC: btest-diff unified2.log @TEST-START-FILE sid_msg.map @@ -68,9 +68,39 @@ redef Unified2::gen_msg = @DIR+"/gen_msg.map"; redef Unified2::classification_config = @DIR+"/classification.config"; global i = 0; +# TODO: can't currently use Unified2::watch_file directly for the test as +# there's a race between reading that file and the map/classification +# config files, which leads to not all fields of the unified2.log being +# populated on occassion. +const test_watch_file: string = "" &redef; + +event start_test() + { + Input::add_analysis([$source=test_watch_file, + $reader=Input::READER_BINARY, + $mode=Input::STREAM, + $name=test_watch_file]); + } + +# TODO: this should be handled by unified2 module, but it's here for +# working around the issue mentioned in comment above. +event file_new(f: fa_file) + { + if ( f$source == test_watch_file ) + { + Files::add_analyzer(f, Files::ANALYZER_UNIFIED2); + f$u2_events = table(); + } + } + +event bro_init() + { + schedule 2sec { start_test() }; + } + event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet) { ++i; if ( i == 2 ) terminate(); - } \ No newline at end of file + }