diff --git a/CHANGES b/CHANGES index e26e7c375d..4a3f7510ae 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,88 @@ +2.1-271 | 2013-01-08 10:18:57 -0800 + + * Change substring index notation to use a colon. String slice + notation is now written as `s[1:2]`. Addresses #422. (Jon Siwek) + +2.1-268 | 2013-01-07 09:43:44 -0800 + + * Fix memory leak in OpaqueType::DoUnserialize. (Jon Siwek) + +2.1-265 | 2012-12-20 17:38:42 -0800 + + * Add array-style index accessor for strings. Addresses #422. (Jon + Siwek) + + The index expression can take up to two indices for the start and + end index of the substring to return (e.g. "mystring[1,3]"). + Negative indices are allowed, with -1 representing the last + character in the string. The indexing is not cyclic -- if the + starting index is >= the length of the string an empty string is + returned, and if the ending index is >= the length of the string + then it's interpreted as the last index of the string. Assigning + to substrings accessed like this isn't allowed. + +2.1-263 | 2012-12-20 16:22:09 -0800 + + * Bro's language now has a new set of types "opaque of X". (Matthias + Vallentin) + + Opaque values can be passed around like other values but they can + only be manipulated with BiF functions, not with other operators. + Currently, the following opaque types are supported: + + - opaque of md5 + - opaque of sha1 + - opaque of sha256 + - opaquey of entropy. + + They go along with the corrsponding BiF functions md5_*, sha1_*, + sha256_*, and entropy_*, respectively. Note that these functions + have changed their signatures to work with opaques types rather + than global state as it was before. + +2.1-240 | 2012-12-20 15:21:07 -0800 + + * Improve error for invalid use of types as values. Addresses #923. + (Jon Siwek) + +2.1-238 | 2012-12-20 15:11:25 -0800 + + * Finish implementation of script-layer switch statement. Addresses + #754. (Jon Siwek) + + They behave like C-style switches except case labels can be + comprised of multiple literal constants delimited by commas. Only + atomic types are allowed for now. Case label bodies that don't + execute a "return" or "break" statement will fall through to + subsequent cases. A default case label is allowed. + + * Fix a case where c$resp$size is misrepresented. Addresses #730. + (Jon Siwek) + +2.1-234 | 2012-12-20 12:12:19 -0800 + + * Fix return value of hook calls that have no handlers. For this + case, the return value is always true. (Jon Siwek) + + * Fix to_port() BIF for port strings with a port number of zero. + (Jon Siwek) + +2.1-231 | 2012-12-14 14:51:35 -0800 + + * Make const variables actually constant. Both local and global + variables declared with "const" could be modified, but now + expressions that would modify them generate an error message at + parse-time. Addresses #922. (Jon Siwek) + +2.1-229 | 2012-12-14 14:46:12 -0800 + + * Fix memory leak in ASCII reader when encoutering errors in input. + (Bernhard Amann) + + * Improvements for the "bad checksums" detector to make it detect + bad TCP checksums. (Seth Hall) + 2.1-223 | 2012-12-12 14:25:15 -0800 * Trick for parallelizing input framework unit tests. Instead of diff --git a/NEWS b/NEWS index f3fe143362..e3f20d0455 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,33 @@ New Functionality - The ASCII writer can now output CSV files on a per filter basis. +- Bro's language now has a working "switch" statement that generally + behaves like C-style switches except case labels can be comprised of + multiple literal constants delimited by commas. Only atomic types + are allowed for now. Case label bodies that don't execute a + "return" or "break" statement will fall through to subsequent cases. + A default case label is allowed. + +- Bro's language now has a new set of types "opaque of X". Opaque + values can be passed around like other values but they can only be + manipulated with BiF functions, not with other operators. Currently, + the following opaque types are supported: + + - opaque of md5 + - opaque of sha1 + - opaque of sha256 + - opaquey of entropy. + + They go along with the corrsponding BiF functions md5_*, sha1_*, + sha256_*, and entropy_*, respectively. Note that these functions + have changed their signatures to work with opaques types rather + than global state as it was before. + +- Strings now support the subscript operator to extract individual + characters and substrings (e.g., s[4], s[1,5]). The index expression + can take up to two indices for the start and end index of the + substring to return (e.g. "mystring[1,3]"). + Changed Functionality ~~~~~~~~~~~~~~~~~~~~~ @@ -37,6 +64,9 @@ Changed Functionality make_connection_persistent(), generate_idmef(), split_complete() + - md5_*, sha1_*, sha256_*, and entropy_* have all changed + their signatures to work with opaque types (see above). + - Removed a now unused argument from "do_split" helper function. - "this" is no longer a reserved keyword. diff --git a/VERSION b/VERSION index 42edbac7b2..8bcf1f15dd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-223 +2.1-271 diff --git a/aux/broccoli b/aux/broccoli index 06682dbb15..073404dd29 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 06682dbb15d26d2688bdc9ad76efec17d38dc80f +Subproject commit 073404dd29dc6e90ff0e4eb8bc836f8adbf3931e diff --git a/aux/broctl b/aux/broctl index f4d6a2af15..2bf6b37177 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit f4d6a2af15404dc1349d12d2ad21a3eebcb2ff1e +Subproject commit 2bf6b37177b895329173acac2bb98f38a8783bc1 diff --git a/aux/btest b/aux/btest index d83e10c5f7..3585dc9a7a 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit d83e10c5f76cbfdf81c843575351fbc7b544fc93 +Subproject commit 3585dc9a7afe20d70cb77fc2472cc6bce3850b67 diff --git a/scripts/base/frameworks/notice/cluster.bro b/scripts/base/frameworks/notice/cluster.bro index 3ee113acf3..e812c3fdca 100644 --- a/scripts/base/frameworks/notice/cluster.bro +++ b/scripts/base/frameworks/notice/cluster.bro @@ -21,12 +21,10 @@ redef Cluster::manager2worker_events += /Notice::begin_suppression/; redef Cluster::worker2manager_events += /Notice::cluster_notice/; @if ( Cluster::local_node_type() != Cluster::MANAGER ) + # The notice policy is completely handled by the manager and shouldn't be # done by workers or proxies to save time for packet processing. -event bro_init() &priority=11 - { - Notice::policy = table(); - } +redef Notice::policy = table(); event Notice::begin_suppression(n: Notice::Info) { diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro index a0a2c692b7..15c1d6661d 100644 --- a/scripts/base/misc/find-checksum-offloading.bro +++ b/scripts/base/misc/find-checksum-offloading.bro @@ -14,7 +14,8 @@ export { } # Keep track of how many bad checksums have been seen. -global bad_checksums = 0; +global bad_ip_checksums = 0; +global bad_tcp_checksums = 0; # Track to see if this script is done so that messages aren't created multiple times. global done = F; @@ -25,10 +26,19 @@ event ChecksumOffloading::check() return; local pkts_recvd = net_stats()$pkts_recvd; - if ( (bad_checksums*1.0 / net_stats()$pkts_recvd*1.0) > 0.05 ) + local bad_ip_checksum_pct = (pkts_recvd != 0) ? (bad_ip_checksums*1.0 / pkts_recvd*1.0) : 0; + local bad_tcp_checksum_pct = (pkts_recvd != 0) ? (bad_tcp_checksums*1.0 / pkts_recvd*1.0) : 0; + if ( bad_ip_checksum_pct > 0.05 || bad_tcp_checksum_pct > 0.05 ) { local packet_src = reading_traces() ? "trace file likely has" : "interface is likely receiving"; - local message = fmt("Your %s invalid IP checksums, most likely from NIC checksum offloading.", packet_src); + local bad_checksum_msg = (bad_ip_checksum_pct > 0.0) ? "IP" : ""; + if ( bad_tcp_checksum_pct > 0.0 ) + { + if ( |bad_checksum_msg| > 0 ) + bad_checksum_msg += " and "; + bad_checksum_msg += "TCP"; + } + local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading.", packet_src, bad_checksum_msg); Reporter::warning(message); done = T; } @@ -48,7 +58,13 @@ event bro_init() event net_weird(name: string) { if ( name == "bad_IP_checksum" ) - ++bad_checksums; + ++bad_ip_checksums; + } + +event conn_weird(name: string, c: connection, addl: string) + { + if ( name == "bad_TCP_checksum" ) + ++bad_tcp_checksums; } event bro_done() diff --git a/scripts/base/protocols/http/file-hash.bro b/scripts/base/protocols/http/file-hash.bro index 7e8e5cceaf..bc7547e51a 100644 --- a/scripts/base/protocols/http/file-hash.bro +++ b/scripts/base/protocols/http/file-hash.bro @@ -13,16 +13,16 @@ export { redef record Info += { ## MD5 sum for a file transferred over HTTP calculated from the ## response body. - md5: string &log &optional; + md5: string &log &optional; ## This value can be set per-transfer to determine per request ## if a file should have an MD5 sum generated. It must be ## set to T at the time of or before the first chunk of body data. - calc_md5: bool &default=F; + calc_md5: bool &default=F; ## Indicates if an MD5 sum is being calculated for the current ## request/response pair. - calculating_md5: bool &default=F; + md5_handle: opaque of md5 &optional; }; ## Generate MD5 sums for these filetypes. @@ -41,13 +41,12 @@ event http_entity_data(c: connection, is_orig: bool, length: count, data: string if ( c$http$calc_md5 || (c$http?$mime_type && generate_md5 in c$http$mime_type) ) { - c$http$calculating_md5 = T; - md5_hash_init(c$id); + c$http$md5_handle = md5_hash_init(); } } - if ( c$http$calculating_md5 ) - md5_hash_update(c$id, data); + if ( c$http?$md5_handle ) + md5_hash_update(c$http$md5_handle, data); } ## In the event of a content gap during a file transfer, detect the state for @@ -55,11 +54,11 @@ event http_entity_data(c: connection, is_orig: bool, length: count, data: string ## incorrect anyway. event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5 { - if ( is_orig || ! c?$http || ! c$http$calculating_md5 ) return; + if ( is_orig || ! c?$http || ! c$http?$md5_handle ) return; set_state(c, F, is_orig); - c$http$calculating_md5 = F; - md5_hash_finish(c$id); + md5_hash_finish(c$http$md5_handle); # Ignore return value. + delete c$http$md5_handle; } ## When the file finishes downloading, finish the hash and generate a notice. @@ -67,11 +66,11 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) & { if ( is_orig || ! c?$http ) return; - if ( c$http$calculating_md5 ) + if ( c$http?$md5_handle ) { local url = build_url_http(c$http); - c$http$calculating_md5 = F; - c$http$md5 = md5_hash_finish(c$id); + c$http$md5 = md5_hash_finish(c$http$md5_handle); + delete c$http$md5_handle; NOTICE([$note=MD5, $msg=fmt("%s %s %s", c$id$orig_h, c$http$md5, url), $sub=c$http$md5, $conn=c, $URL=url]); @@ -82,11 +81,12 @@ event connection_state_remove(c: connection) &priority=-5 { if ( c?$http_state && c$http_state$current_response in c$http_state$pending && - c$http_state$pending[c$http_state$current_response]$calculating_md5 ) + c$http_state$pending[c$http_state$current_response]?$md5_handle ) { # The MD5 sum isn't going to be saved anywhere since the entire # body wouldn't have been seen anyway and we'd just be giving an # incorrect MD5 sum. - md5_hash_finish(c$id); + md5_hash_finish(c$http$md5_handle); + delete c$http$md5_handle; } } diff --git a/scripts/base/protocols/smtp/entities.bro b/scripts/base/protocols/smtp/entities.bro index e158d045e0..80d6089ce7 100644 --- a/scripts/base/protocols/smtp/entities.bro +++ b/scripts/base/protocols/smtp/entities.bro @@ -16,33 +16,33 @@ export { type EntityInfo: record { ## This is the timestamp of when the MIME content transfer began. - ts: time &log; - uid: string &log; - id: conn_id &log; + ts: time &log; + uid: string &log; + id: conn_id &log; ## A count to represent the depth of this message transaction in a ## single connection where multiple messages were transferred. - trans_depth: count &log; + trans_depth: count &log; ## The filename seen in the Content-Disposition header. - filename: string &log &optional; + filename: string &log &optional; ## Track how many bytes of the MIME encoded file have been seen. - content_len: count &log &default=0; + content_len: count &log &default=0; ## The mime type of the entity discovered through magic bytes identification. - mime_type: string &log &optional; + mime_type: string &log &optional; ## The calculated MD5 sum for the MIME entity. - md5: string &log &optional; + md5: string &log &optional; ## Optionally calculate the file's MD5 sum. Must be set prior to the ## first data chunk being see in an event. - calc_md5: bool &default=F; + calc_md5: bool &default=F; ## This boolean value indicates if an MD5 sum is being calculated ## for the current file transfer. - calculating_md5: bool &default=F; + md5_handle: opaque of md5 &optional; ## Optionally write the file to disk. Must be set prior to first ## data chunk being seen in an event. - extract_file: bool &default=F; + extract_file: bool &default=F; ## Store the file handle here for the file currently being extracted. - extraction_file: file &log &optional; + extraction_file: file &log &optional; }; redef record Info += { @@ -126,18 +126,16 @@ event mime_segment_data(c: connection, length: count, data: string) &priority=-5 if ( c$smtp$current_entity$content_len == 0 ) { - if ( generate_md5 in c$smtp$current_entity$mime_type && ! never_calc_md5 ) - c$smtp$current_entity$calc_md5 = T; + local entity = c$smtp$current_entity; + if ( generate_md5 in entity$mime_type && ! never_calc_md5 ) + entity$calc_md5 = T; - if ( c$smtp$current_entity$calc_md5 ) - { - c$smtp$current_entity$calculating_md5 = T; - md5_hash_init(c$id); - } + if ( entity$calc_md5 ) + entity$md5_handle = md5_hash_init(); } - if ( c$smtp$current_entity$calculating_md5 ) - md5_hash_update(c$id, data); + if ( c$smtp$current_entity?$md5_handle ) + md5_hash_update(entity$md5_handle, data); } ## In the event of a content gap during the MIME transfer, detect the state for @@ -147,10 +145,11 @@ event content_gap(c: connection, is_orig: bool, seq: count, length: count) &prio { if ( is_orig || ! c?$smtp || ! c$smtp?$current_entity ) return; - if ( c$smtp$current_entity$calculating_md5 ) + local entity = c$smtp$current_entity; + if ( entity?$md5_handle ) { - c$smtp$current_entity$calculating_md5 = F; - md5_hash_finish(c$id); + md5_hash_finish(entity$md5_handle); + delete entity$md5_handle; } } @@ -161,12 +160,14 @@ event mime_end_entity(c: connection) &priority=-3 if ( ! c?$smtp || ! c$smtp?$current_entity ) return; - if ( c$smtp$current_entity$calculating_md5 ) + local entity = c$smtp$current_entity; + if ( entity?$md5_handle ) { - c$smtp$current_entity$md5 = md5_hash_finish(c$id); + entity$md5 = md5_hash_finish(entity$md5_handle); + delete entity$md5_handle; NOTICE([$note=MD5, $msg=fmt("Calculated a hash for a MIME entity from %s", c$id$orig_h), - $sub=c$smtp$current_entity$md5, $conn=c]); + $sub=entity$md5, $conn=c]); } } @@ -177,6 +178,10 @@ event mime_one_header(c: connection, h: mime_header_rec) if ( h$name == "CONTENT-DISPOSITION" && /[fF][iI][lL][eE][nN][aA][mM][eE]/ in h$value ) c$smtp$current_entity$filename = extract_filename_from_content_disposition(h$value); + + if ( h$name == "CONTENT-TYPE" && + /[nN][aA][mM][eE][:blank:]*=/ in h$value ) + c$smtp$current_entity$filename = extract_filename_from_content_disposition(h$value); } event mime_end_entity(c: connection) &priority=-5 diff --git a/scripts/base/utils/files.bro b/scripts/base/utils/files.bro index e1e599b0b6..76d2ecea4f 100644 --- a/scripts/base/utils/files.bro +++ b/scripts/base/utils/files.bro @@ -19,7 +19,7 @@ function generate_extraction_filename(prefix: string, c: connection, suffix: str ## the filename. function extract_filename_from_content_disposition(data: string): string { - local filename = sub(data, /^.*[fF][iI][lL][eE][nN][aA][mM][eE][[:blank:]]*=[[:blank:]]*/, ""); + local filename = sub(data, /^.*[nN][aA][mM][eE][[:blank:]]*=[[:blank:]]*/, ""); # Remove quotes around the filename if they are there. if ( /^\"/ in filename ) filename = split_n(filename, /\"/, F, 2)[2]; diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro index fb805bfd33..53d7109468 100644 --- a/scripts/policy/protocols/http/detect-webapps.bro +++ b/scripts/policy/protocols/http/detect-webapps.bro @@ -28,7 +28,7 @@ event signature_match(state: signature_state, msg: string, data: string) &priori if ( /^webapp-/ !in state$sig_id ) return; local c = state$conn; - local si = Software::Info; + local si: Software::Info; si = [$name=msg, $unparsed_version=msg, $host=c$id$resp_h, $host_p=c$id$resp_p, $software_type=WEB_APPLICATION]; si$url = build_url_http(c$http); if ( c$id$resp_h in Software::tracked && diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9c504d4ef5..401feeb24e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -361,6 +361,7 @@ set(bro_SRCS NetVar.cc NetbiosSSN.cc Obj.cc + OpaqueVal.cc OSFinger.cc PacketFilter.cc PacketSort.cc diff --git a/src/Expr.cc b/src/Expr.cc index 7995d5d495..9e71f27897 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -229,10 +229,15 @@ bool Expr::DoUnserialize(UnserialInfo* info) } -NameExpr::NameExpr(ID* arg_id) : Expr(EXPR_NAME) +NameExpr::NameExpr(ID* arg_id, bool const_init) : Expr(EXPR_NAME) { id = arg_id; - SetType(id->Type()->Ref()); + in_const_init = const_init; + + if ( id->AsType() ) + SetType(new TypeType(id->AsType())); + else + SetType(id->Type()->Ref()); EventHandler* h = event_registry->Lookup(id->Name()); if ( h ) @@ -287,6 +292,9 @@ Expr* NameExpr::MakeLvalue() if ( id->AsType() ) ExprError("Type name is not an lvalue"); + if ( id->IsConst() && ! in_const_init ) + ExprError("const is not a modifiable lvalue"); + return new RefExpr(this); } @@ -337,9 +345,11 @@ bool NameExpr::DoSerialize(SerialInfo* info) const // Write out just the name of the function if requested. if ( info->globals_as_names && id->IsGlobal() ) - return SERIALIZE('n') && SERIALIZE(id->Name()); + return SERIALIZE('n') && SERIALIZE(id->Name()) && + SERIALIZE(in_const_init); else - return SERIALIZE('f') && id->Serialize(info); + return SERIALIZE('f') && id->Serialize(info) && + SERIALIZE(in_const_init); } bool NameExpr::DoUnserialize(UnserialInfo* info) @@ -370,6 +380,9 @@ bool NameExpr::DoUnserialize(UnserialInfo* info) if ( ! id ) return false; + if ( ! UNSERIALIZE(&in_const_init) ) + return false; + return true; } @@ -2788,22 +2801,43 @@ bool AssignExpr::DoUnserialize(UnserialInfo* info) return UNSERIALIZE(&is_init); } -IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2) +IndexExpr::IndexExpr(Expr* arg_op1, ListExpr* arg_op2, bool is_slice) : BinaryExpr(EXPR_INDEX, arg_op1, arg_op2) { if ( IsError() ) return; + if ( is_slice ) + { + if ( ! IsString(op1->Type()->Tag()) ) + ExprError("slice notation indexing only supported for strings currently"); + } + + else if ( IsString(op1->Type()->Tag()) ) + { + if ( arg_op2->Exprs().length() != 1 ) + ExprError("invalid string index expression"); + } + + if ( IsError() ) + return; + int match_type = op1->Type()->MatchesIndex(arg_op2); if ( match_type == DOES_NOT_MATCH_INDEX ) SetError("not an index type"); else if ( ! op1->Type()->YieldType() ) + { + if ( IsString(op1->Type()->Tag()) && + match_type == MATCHES_INDEX_SCALAR ) + SetType(base_type(TYPE_STRING)); + else // It's a set - so indexing it yields void. We don't // directly generate an error message, though, since this // expression might be part of an add/delete statement, // rather than yielding a value. - SetType(base_type(TYPE_VOID)); + SetType(base_type(TYPE_VOID)); + } else if ( match_type == MATCHES_INDEX_SCALAR ) SetType(op1->Type()->YieldType()->Ref()); @@ -2879,6 +2913,9 @@ void IndexExpr::Delete(Frame* f) Expr* IndexExpr::MakeLvalue() { + if ( IsString(op1->Type()->Tag()) ) + ExprError("cannot assign to string index expression"); + return new RefExpr(this); } @@ -2952,10 +2989,37 @@ Val* IndexExpr::Fold(Val* v1, Val* v2) const Val* v = 0; - if ( v1->Type()->Tag() == TYPE_VECTOR ) + switch ( v1->Type()->Tag() ) { + case TYPE_VECTOR: v = v1->AsVectorVal()->Lookup(v2); - else + break; + + case TYPE_TABLE: v = v1->AsTableVal()->Lookup(v2); + break; + + case TYPE_STRING: + { + const ListVal* lv = v2->AsListVal(); + const BroString* s = v1->AsString(); + int len = s->Len(); + bro_int_t first = lv->Index(0)->AsInt(); + bro_int_t last = lv->Length() > 1 ? lv->Index(1)->AsInt() : first; + + if ( first < 0 ) + first += len; + + if ( last < 0 ) + last += len; + + BroString* substring = s->GetSubstring(first, last - first + 1); + return new StringVal(substring ? substring : new BroString("")); + } + + default: + Error("type cannot be indexed"); + break; + } if ( v ) return v->Ref(); @@ -2982,14 +3046,25 @@ void IndexExpr::Assign(Frame* f, Val* v, Opcode op) return; } - if ( v1->Type()->Tag() == TYPE_VECTOR ) - { + switch ( v1->Type()->Tag() ) { + case TYPE_VECTOR: if ( ! v1->AsVectorVal()->Assign(v2, v, this, op) ) Internal("assignment failed"); - } + break; - else if ( ! v1->AsTableVal()->Assign(v2, v, op) ) - Internal("assignment failed"); + case TYPE_TABLE: + if ( ! v1->AsTableVal()->Assign(v2, v, op) ) + Internal("assignment failed"); + break; + + case TYPE_STRING: + Internal("assignment via string index accessor not allowed"); + break; + + default: + Internal("bad index expression type in assignment"); + break; + } Unref(v1); Unref(v2); diff --git a/src/Expr.h b/src/Expr.h index afdf02c124..1e07708d14 100644 --- a/src/Expr.h +++ b/src/Expr.h @@ -198,7 +198,7 @@ protected: class NameExpr : public Expr { public: - NameExpr(ID* id); + NameExpr(ID* id, bool const_init = false); ~NameExpr(); ID* Id() const { return id; } @@ -220,6 +220,7 @@ protected: DECLARE_SERIAL(NameExpr); ID* id; + bool in_const_init; }; class ConstExpr : public Expr { @@ -645,7 +646,7 @@ protected: class IndexExpr : public BinaryExpr { public: - IndexExpr(Expr* op1, ListExpr* op2); + IndexExpr(Expr* op1, ListExpr* op2, bool is_slice = false); int CanAdd() const; int CanDel() const; diff --git a/src/Func.cc b/src/Func.cc index cf548b2d95..9b94b15d97 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -282,13 +282,14 @@ Val* BroFunc::Call(val_list* args, Frame* parent) const #ifdef PROFILE_BRO_FUNCTIONS DEBUG_MSG("Function: %s\n", id->Name()); #endif - if ( ! bodies.size() ) + if ( ! bodies.size() ) { // Can only happen for events and hooks. assert(Flavor() == FUNC_FLAVOR_EVENT || Flavor() == FUNC_FLAVOR_HOOK); loop_over_list(*args, i) Unref((*args)[i]); - return 0 ; + + return Flavor() == FUNC_FLAVOR_HOOK ? new Val(true, TYPE_BOOL) : 0; } SegmentProfiler(segment_logger, location); diff --git a/src/OpaqueVal.cc b/src/OpaqueVal.cc new file mode 100644 index 0000000000..51f975edf8 --- /dev/null +++ b/src/OpaqueVal.cc @@ -0,0 +1,501 @@ +#include "OpaqueVal.h" +#include "Reporter.h" +#include "Serializer.h" + +bool HashVal::IsValid() const + { + return valid; + } + +bool HashVal::Init() + { + if ( valid ) + return false; + + valid = DoInit(); + return valid; + } + +StringVal* HashVal::Get() + { + if ( ! valid ) + return new StringVal(""); + + StringVal* result = DoGet(); + valid = false; + return result; + } + +bool HashVal::Feed(const void* data, size_t size) + { + if ( valid ) + return DoFeed(data, size); + + reporter->InternalError("invalid opaque hash value"); + return false; + } + +bool HashVal::DoInit() + { + assert(! "missing implementation of DoInit()"); + return false; + } + +bool HashVal::DoFeed(const void*, size_t) + { + assert(! "missing implementation of DoFeed()"); + return false; + } + +StringVal* HashVal::DoGet() + { + assert(! "missing implementation of DoGet()"); + return new StringVal(""); + } + +HashVal::HashVal(OpaqueType* t) : OpaqueVal(t) + { + valid = false; + } + +IMPLEMENT_SERIAL(HashVal, SER_HASH_VAL); + +bool HashVal::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_HASH_VAL, OpaqueVal); + return SERIALIZE(valid); + } + +bool HashVal::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(OpaqueVal); + return UNSERIALIZE(&valid); + } + +void MD5Val::digest(val_list& vlist, u_char result[MD5_DIGEST_LENGTH]) + { + MD5_CTX h; + md5_init(&h); + + loop_over_list(vlist, i) + { + Val* v = vlist[i]; + if ( v->Type()->Tag() == TYPE_STRING ) + { + const BroString* str = v->AsString(); + md5_update(&h, str->Bytes(), str->Len()); + } + else + { + ODesc d(DESC_BINARY); + v->Describe(&d); + md5_update(&h, (const u_char *) d.Bytes(), d.Len()); + } + } + + md5_final(&h, result); + } + +void MD5Val::hmac(val_list& vlist, + u_char key[MD5_DIGEST_LENGTH], + u_char result[MD5_DIGEST_LENGTH]) + { + digest(vlist, result); + for ( int i = 0; i < MD5_DIGEST_LENGTH; ++i ) + result[i] ^= key[i]; + + MD5(result, MD5_DIGEST_LENGTH, result); + } + +bool MD5Val::DoInit() + { + assert(! IsValid()); + md5_init(&ctx); + return true; + } + +bool MD5Val::DoFeed(const void* data, size_t size) + { + if ( ! IsValid() ) + return false; + + md5_update(&ctx, data, size); + return true; + } + +StringVal* MD5Val::DoGet() + { + if ( ! IsValid() ) + return new StringVal(""); + + u_char digest[MD5_DIGEST_LENGTH]; + md5_final(&ctx, digest); + return new StringVal(md5_digest_print(digest)); + } + +IMPLEMENT_SERIAL(MD5Val, SER_MD5_VAL); + +bool MD5Val::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_MD5_VAL, HashVal); + + if ( ! IsValid() ) + return true; + + if ( ! (SERIALIZE(ctx.A) && + SERIALIZE(ctx.B) && + SERIALIZE(ctx.C) && + SERIALIZE(ctx.D) && + SERIALIZE(ctx.Nl) && + SERIALIZE(ctx.Nh)) ) + return false; + + for ( int i = 0; i < MD5_LBLOCK; ++i ) + { + if ( ! SERIALIZE(ctx.data[i]) ) + return false; + } + + if ( ! SERIALIZE(ctx.num) ) + return false; + + return true; + } + +bool MD5Val::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(HashVal); + + if ( ! IsValid() ) + return true; + + if ( ! (UNSERIALIZE(&ctx.A) && + UNSERIALIZE(&ctx.B) && + UNSERIALIZE(&ctx.C) && + UNSERIALIZE(&ctx.D) && + UNSERIALIZE(&ctx.Nl) && + UNSERIALIZE(&ctx.Nh)) ) + return false; + + for ( int i = 0; i < MD5_LBLOCK; ++i ) + { + if ( ! UNSERIALIZE(&ctx.data[i]) ) + return false; + } + + if ( ! UNSERIALIZE(&ctx.num) ) + return false; + + return true; + } + +void SHA1Val::digest(val_list& vlist, u_char result[SHA_DIGEST_LENGTH]) + { + SHA_CTX h; + sha1_init(&h); + + loop_over_list(vlist, i) + { + Val* v = vlist[i]; + if ( v->Type()->Tag() == TYPE_STRING ) + { + const BroString* str = v->AsString(); + sha1_update(&h, str->Bytes(), str->Len()); + } + else + { + ODesc d(DESC_BINARY); + v->Describe(&d); + sha1_update(&h, (const u_char *) d.Bytes(), d.Len()); + } + } + + sha1_final(&h, result); + } + +bool SHA1Val::DoInit() + { + assert(! IsValid()); + sha1_init(&ctx); + return true; + } + +bool SHA1Val::DoFeed(const void* data, size_t size) + { + if ( ! IsValid() ) + return false; + + sha1_update(&ctx, data, size); + return true; + } + +StringVal* SHA1Val::DoGet() + { + if ( ! IsValid() ) + return new StringVal(""); + + u_char digest[SHA_DIGEST_LENGTH]; + sha1_final(&ctx, digest); + return new StringVal(sha1_digest_print(digest)); + } + +IMPLEMENT_SERIAL(SHA1Val, SER_SHA1_VAL); + +bool SHA1Val::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_SHA1_VAL, HashVal); + + if ( ! IsValid() ) + return true; + + if ( ! (SERIALIZE(ctx.h0) && + SERIALIZE(ctx.h1) && + SERIALIZE(ctx.h2) && + SERIALIZE(ctx.h3) && + SERIALIZE(ctx.h4) && + SERIALIZE(ctx.Nl) && + SERIALIZE(ctx.Nh)) ) + return false; + + for ( int i = 0; i < SHA_LBLOCK; ++i ) + { + if ( ! SERIALIZE(ctx.data[i]) ) + return false; + } + + if ( ! SERIALIZE(ctx.num) ) + return false; + + return true; + } + +bool SHA1Val::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(HashVal); + + if ( ! IsValid() ) + return true; + + if ( ! (UNSERIALIZE(&ctx.h0) && + UNSERIALIZE(&ctx.h1) && + UNSERIALIZE(&ctx.h2) && + UNSERIALIZE(&ctx.h3) && + UNSERIALIZE(&ctx.h4) && + UNSERIALIZE(&ctx.Nl) && + UNSERIALIZE(&ctx.Nh)) ) + return false; + + for ( int i = 0; i < SHA_LBLOCK; ++i ) + { + if ( ! UNSERIALIZE(&ctx.data[i]) ) + return false; + } + + if ( ! UNSERIALIZE(&ctx.num) ) + return false; + + return true; + } + +void SHA256Val::digest(val_list& vlist, u_char result[SHA256_DIGEST_LENGTH]) + { + SHA256_CTX h; + sha256_init(&h); + + loop_over_list(vlist, i) + { + Val* v = vlist[i]; + if ( v->Type()->Tag() == TYPE_STRING ) + { + const BroString* str = v->AsString(); + sha256_update(&h, str->Bytes(), str->Len()); + } + else + { + ODesc d(DESC_BINARY); + v->Describe(&d); + sha256_update(&h, (const u_char *) d.Bytes(), d.Len()); + } + } + + sha256_final(&h, result); + } + +bool SHA256Val::DoInit() + { + assert( ! IsValid() ); + sha256_init(&ctx); + return true; + } + +bool SHA256Val::DoFeed(const void* data, size_t size) + { + if ( ! IsValid() ) + return false; + + sha256_update(&ctx, data, size); + return true; + } + +StringVal* SHA256Val::DoGet() + { + if ( ! IsValid() ) + return new StringVal(""); + + u_char digest[SHA256_DIGEST_LENGTH]; + sha256_final(&ctx, digest); + return new StringVal(sha256_digest_print(digest)); + } + +IMPLEMENT_SERIAL(SHA256Val, SER_SHA256_VAL); + +bool SHA256Val::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_SHA256_VAL, HashVal); + + if ( ! IsValid() ) + return true; + + for ( int i = 0; i < 8; ++i ) + { + if ( ! SERIALIZE(ctx.h[i]) ) + return false; + } + + if ( ! (SERIALIZE(ctx.Nl) && + SERIALIZE(ctx.Nh)) ) + return false; + + for ( int i = 0; i < SHA_LBLOCK; ++i ) + { + if ( ! SERIALIZE(ctx.data[i]) ) + return false; + } + + if ( ! (SERIALIZE(ctx.num) && + SERIALIZE(ctx.md_len)) ) + return false; + + return true; + } + +bool SHA256Val::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(HashVal); + + if ( ! IsValid() ) + return true; + + for ( int i = 0; i < 8; ++i ) + { + if ( ! UNSERIALIZE(&ctx.h[i]) ) + return false; + } + + if ( ! (UNSERIALIZE(&ctx.Nl) && + UNSERIALIZE(&ctx.Nh)) ) + return false; + + for ( int i = 0; i < SHA_LBLOCK; ++i ) + { + if ( ! UNSERIALIZE(&ctx.data[i]) ) + return false; + } + + + if ( ! (UNSERIALIZE(&ctx.num) && + UNSERIALIZE(&ctx.md_len)) ) + return false; + + return true; + } + + +bool EntropyVal::Feed(const void* data, size_t size) + { + state.add(data, size); + return true; + } + +bool EntropyVal::Get(double *r_ent, double *r_chisq, double *r_mean, + double *r_montepicalc, double *r_scc) + { + state.end(r_ent, r_chisq, r_mean, r_montepicalc, r_scc); + return true; + } + +IMPLEMENT_SERIAL(EntropyVal, SER_ENTROPY_VAL); + +bool EntropyVal::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_ENTROPY_VAL, OpaqueVal); + + for ( int i = 0; i < 256; ++i ) + { + if ( ! SERIALIZE(state.ccount[i]) ) + return false; + } + + if ( ! (SERIALIZE(state.totalc) && + SERIALIZE(state.mp) && + SERIALIZE(state.sccfirst)) ) + return false; + + for ( int i = 0; i < RT_MONTEN; ++i ) + { + if ( ! SERIALIZE(state.monte[i]) ) + return false; + } + + if ( ! (SERIALIZE(state.inmont) && + SERIALIZE(state.mcount) && + SERIALIZE(state.cexp) && + SERIALIZE(state.montex) && + SERIALIZE(state.montey) && + SERIALIZE(state.montepi) && + SERIALIZE(state.sccu0) && + SERIALIZE(state.scclast) && + SERIALIZE(state.scct1) && + SERIALIZE(state.scct2) && + SERIALIZE(state.scct3)) ) + return false; + + return true; + } + +bool EntropyVal::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(OpaqueVal); + + for ( int i = 0; i < 256; ++i ) + { + if ( ! UNSERIALIZE(&state.ccount[i]) ) + return false; + } + + if ( ! (UNSERIALIZE(&state.totalc) && + UNSERIALIZE(&state.mp) && + UNSERIALIZE(&state.sccfirst)) ) + return false; + + for ( int i = 0; i < RT_MONTEN; ++i ) + { + if ( ! UNSERIALIZE(&state.monte[i]) ) + return false; + } + + if ( ! (UNSERIALIZE(&state.inmont) && + UNSERIALIZE(&state.mcount) && + UNSERIALIZE(&state.cexp) && + UNSERIALIZE(&state.montex) && + UNSERIALIZE(&state.montey) && + UNSERIALIZE(&state.montepi) && + UNSERIALIZE(&state.sccu0) && + UNSERIALIZE(&state.scclast) && + UNSERIALIZE(&state.scct1) && + UNSERIALIZE(&state.scct2) && + UNSERIALIZE(&state.scct3)) ) + return false; + + return true; + } diff --git a/src/OpaqueVal.h b/src/OpaqueVal.h new file mode 100644 index 0000000000..0428e50bdb --- /dev/null +++ b/src/OpaqueVal.h @@ -0,0 +1,110 @@ +// See the file "COPYING" in the main distribution directory for copyright. + +#ifndef OPAQUEVAL_H +#define OPAQUEVAL_H + +#include "RandTest.h" +#include "Val.h" +#include "digest.h" + +class HashVal : public OpaqueVal { +public: + virtual bool IsValid() const; + virtual bool Init(); + virtual bool Feed(const void* data, size_t size); + virtual StringVal* Get(); + +protected: + HashVal() { }; + HashVal(OpaqueType* t); + virtual bool DoInit(); + virtual bool DoFeed(const void* data, size_t size); + virtual StringVal* DoGet(); + + DECLARE_SERIAL(HashVal); + +private: + // This flag exists because Get() can only be called once. + bool valid; +}; + +class MD5Val : public HashVal { +public: + static void digest(val_list& vlist, u_char result[MD5_DIGEST_LENGTH]); + + static void hmac(val_list& vlist, + u_char key[MD5_DIGEST_LENGTH], + u_char result[MD5_DIGEST_LENGTH]); + + MD5Val() : HashVal(new OpaqueType("md5")) { } + +protected: + friend class Val; + + virtual bool DoInit() /* override */; + virtual bool DoFeed(const void* data, size_t size) /* override */; + virtual StringVal* DoGet() /* override */; + + DECLARE_SERIAL(MD5Val); + +private: + MD5_CTX ctx; +}; + +class SHA1Val : public HashVal { +public: + static void digest(val_list& vlist, u_char result[SHA_DIGEST_LENGTH]); + + SHA1Val() : HashVal(new OpaqueType("sha1")) { } + +protected: + friend class Val; + + virtual bool DoInit() /* override */; + virtual bool DoFeed(const void* data, size_t size) /* override */; + virtual StringVal* DoGet() /* override */; + + DECLARE_SERIAL(SHA1Val); + +private: + SHA_CTX ctx; +}; + +class SHA256Val : public HashVal { +public: + static void digest(val_list& vlist, u_char result[SHA256_DIGEST_LENGTH]); + + SHA256Val() : HashVal(new OpaqueType("sha256")) { } + +protected: + friend class Val; + + virtual bool DoInit() /* override */; + virtual bool DoFeed(const void* data, size_t size) /* override */; + virtual StringVal* DoGet() /* override */; + + DECLARE_SERIAL(SHA256Val); + +private: + SHA256_CTX ctx; +}; + +class EntropyVal : public OpaqueVal { +public: + EntropyVal() : OpaqueVal(new OpaqueType("entropy")) { } + + bool Feed(const void* data, size_t size); + bool Get(double *r_ent, double *r_chisq, double *r_mean, + double *r_montepicalc, double *r_scc); + +protected: + friend class Val; + EntropyVal(OpaqueType* t); + + DECLARE_SERIAL(EntropyVal); + +private: + RandTest state; +}; + +#endif diff --git a/src/RandTest.cc b/src/RandTest.cc index 638cc6c765..94e76500b5 100644 --- a/src/RandTest.cc +++ b/src/RandTest.cc @@ -12,7 +12,18 @@ Modified for Bro by Seth Hall - July 2010 */ -#include +#include +#include "RandTest.h" + +#define log2of10 3.32192809488736234787 +/* RT_LOG2 -- Calculate log to the base 2 */ +static double rt_log2(double x) +{ + return log2of10 * log10(x); +} + +// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0); +#define RT_INCIRC 281474943156225.0 RandTest::RandTest() { @@ -28,9 +39,9 @@ RandTest::RandTest() } } -void RandTest::add(void *buf, int bufl) +void RandTest::add(const void *buf, int bufl) { - unsigned char *bp = (unsigned char*)buf; + const unsigned char *bp = static_cast(buf); int oc; while (bufl-- > 0) @@ -78,8 +89,8 @@ void RandTest::add(void *buf, int bufl) } } -void RandTest::end(double *r_ent, double *r_chisq, - double *r_mean, double *r_montepicalc, double *r_scc) +void RandTest::end(double* r_ent, double* r_chisq, + double* r_mean, double* r_montepicalc, double* r_scc) { int i; double ent, chisq, scc, datasum; diff --git a/src/RandTest.h b/src/RandTest.h index a4f551b602..bb1eb3c6b4 100644 --- a/src/RandTest.h +++ b/src/RandTest.h @@ -1,34 +1,33 @@ -#include +#ifndef RANDTEST_H +#define RANDTEST_H -#define log2of10 3.32192809488736234787 -/* RT_LOG2 -- Calculate log to the base 2 */ -static double rt_log2(double x) -{ - return log2of10 * log10(x); -} +#include "util.h" #define RT_MONTEN 6 /* Bytes used as Monte Carlo co-ordinates. This should be no more bits than the mantissa of your "double" floating point type. */ +class EntropyVal; -// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0); -#define RT_INCIRC 281474943156225.0 class RandTest { public: RandTest(); - void add(void *buf, int bufl); - void end(double *r_ent, double *r_chisq, double *r_mean, - double *r_montepicalc, double *r_scc); + void add(const void* buf, int bufl); + void end(double* r_ent, double* r_chisq, double* r_mean, + double* r_montepicalc, double* r_scc); private: - long ccount[256]; /* Bins to count occurrences of values */ - long totalc; /* Total bytes counted */ + friend class EntropyVal; + + int64 ccount[256]; /* Bins to count occurrences of values */ + int64 totalc; /* Total bytes counted */ int mp; int sccfirst; unsigned int monte[RT_MONTEN]; - long inmont, mcount; + int64 inmont, mcount; double cexp, montex, montey, montepi, sccu0, scclast, scct1, scct2, scct3; - }; +}; + +#endif diff --git a/src/SerialTypes.h b/src/SerialTypes.h index c47ff19298..e103c1c40e 100644 --- a/src/SerialTypes.h +++ b/src/SerialTypes.h @@ -98,6 +98,12 @@ SERIAL_VAL(RECORD_VAL, 10) SERIAL_VAL(ENUM_VAL, 11) SERIAL_VAL(VECTOR_VAL, 12) SERIAL_VAL(MUTABLE_VAL, 13) +SERIAL_VAL(OPAQUE_VAL, 14) +SERIAL_VAL(HASH_VAL, 15) +SERIAL_VAL(MD5_VAL, 16) +SERIAL_VAL(SHA1_VAL, 17) +SERIAL_VAL(SHA256_VAL, 18) +SERIAL_VAL(ENTROPY_VAL, 19) #define SERIAL_EXPR(name, val) SERIAL_CONST(name, val, EXPR) SERIAL_EXPR(EXPR, 1) @@ -178,6 +184,7 @@ SERIAL_TYPE(SUBNET_TYPE, 8) SERIAL_TYPE(FILE_TYPE, 9) SERIAL_TYPE(ENUM_TYPE, 10) SERIAL_TYPE(VECTOR_TYPE, 11) +SERIAL_TYPE(OPAQUE_TYPE, 12) SERIAL_CONST2(ATTRIBUTES) SERIAL_CONST2(EVENT_HANDLER) diff --git a/src/Stmt.cc b/src/Stmt.cc index c65b44a9bd..2cd7117ddb 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -592,6 +592,21 @@ Case::~Case() void Case::Describe(ODesc* d) const { + if ( ! Cases() ) + { + if ( ! d->IsBinary() ) + d->Add("default:"); + + d->AddCount(0); + + d->PushIndent(); + Body()->AccessStats(d); + Body()->Describe(d); + d->PopIndent(); + + return; + } + const expr_list& e = Cases()->Exprs(); if ( ! d->IsBinary() ) @@ -658,13 +673,64 @@ bool Case::DoUnserialize(UnserialInfo* info) return this->s != 0; } -SwitchStmt::SwitchStmt(Expr* index, case_list* arg_cases) : - ExprStmt(STMT_SWITCH, index) +static void int_del_func(void* v) { - cases = arg_cases; + delete (int*) v; + } - //### need to loop over cases and make sure their type matches - //### the index, and they're constant and not redundant +void SwitchStmt::Init() + { + TypeList* t = new TypeList(); + t->Append(e->Type()->Ref()); + comp_hash = new CompositeHash(t); + Unref(t); + + case_label_map.SetDeleteFunc(int_del_func); + } + +SwitchStmt::SwitchStmt(Expr* index, case_list* arg_cases) : + ExprStmt(STMT_SWITCH, index), cases(arg_cases), default_case_idx(-1) + { + Init(); + + if ( ! is_atomic_type(e->Type()) ) + e->Error("switch expression must be of an atomic type"); + + loop_over_list(*cases, i) + { + const Case* c = (*cases)[i]; + const ListExpr* le = c->Cases(); + + if ( le ) + { + if ( ! le->Type()->AsTypeList()->AllMatch(e->Type(), false) ) + { + le->Error("case expression type differs from switch type", e); + continue; + } + + const expr_list& exprs = le->Exprs(); + + loop_over_list(exprs, j) + { + if ( ! exprs[j]->IsConst() ) + exprs[j]->Error("case label expression isn't constant"); + else + { + if ( ! AddCaseLabelMapping(exprs[j]->ExprVal(), i) ) + exprs[j]->Error("duplicate case label"); + } + } + } + + else + { + if ( default_case_idx != -1 ) + c->Error("multiple default labels", (*cases)[default_case_idx]); + else + default_case_idx = i; + } + } } SwitchStmt::~SwitchStmt() @@ -673,12 +739,80 @@ SwitchStmt::~SwitchStmt() Unref((*cases)[i]); delete cases; + delete comp_hash; } -Val* SwitchStmt::DoExec(Frame* /* f */, Val* /* v */, stmt_flow_type& /* flow */) const +bool SwitchStmt::AddCaseLabelMapping(const Val* v, int idx) { - printf("switch statement not implemented\n"); - return 0; + HashKey* hk = comp_hash->ComputeHash(v, 1); + + if ( ! hk ) + { + reporter->PushLocation(e->GetLocationInfo()); + reporter->InternalError("switch expression type mismatch (%s/%s)", + type_name(v->Type()->Tag()), type_name(e->Type()->Tag())); + } + + int* label_idx = case_label_map.Lookup(hk); + + if ( label_idx ) + { + delete hk; + return false; + } + + case_label_map.Insert(hk, new int(idx)); + return true; + } + +int SwitchStmt::FindCaseLabelMatch(const Val* v) const + { + HashKey* hk = comp_hash->ComputeHash(v, 1); + + if ( ! hk ) + { + reporter->PushLocation(e->GetLocationInfo()); + reporter->InternalError("switch expression type mismatch (%s/%s)", + type_name(v->Type()->Tag()), type_name(e->Type()->Tag())); + } + + int* label_idx = case_label_map.Lookup(hk); + + delete hk; + + if ( ! label_idx ) + return default_case_idx; + else + return *label_idx; + } + +Val* SwitchStmt::DoExec(Frame* f, Val* v, stmt_flow_type& flow) const + { + Val* rval = 0; + + int matching_label_idx = FindCaseLabelMatch(v); + + if ( matching_label_idx == -1 ) + return 0; + + for ( int i = matching_label_idx; i < cases->length(); ++i ) + { + const Case* c = (*cases)[i]; + + flow = FLOW_NEXT; + rval = c->Body()->Exec(f, flow); + + if ( flow == FLOW_BREAK ) + { + flow = FLOW_NEXT; + break; + } + + if ( flow == FLOW_RETURN ) + break; + } + + return rval; } Stmt* SwitchStmt::DoSimplify() @@ -697,7 +831,13 @@ Stmt* SwitchStmt::DoSimplify() } if ( e->IsConst() ) - { // ### go through cases and pull out the one it matches + { + // Could possibly remove all case labels before the one + // that will match, but may be tricky to tell if any + // subsequent ones can also be removed since it depends + // on the evaluation of the body executing a break/return + // statement. Then still need a way to bypass the lookup + // DoExec for it to be beneficial. if ( ! optimize ) Warn("constant in switch"); } @@ -770,6 +910,9 @@ bool SwitchStmt::DoSerialize(SerialInfo* info) const if ( ! (*cases)[i]->Serialize(info) ) return false; + if ( ! SERIALIZE(default_case_idx) ) + return false; + return true; } @@ -777,6 +920,8 @@ bool SwitchStmt::DoUnserialize(UnserialInfo* info) { DO_UNSERIALIZE(ExprStmt); + Init(); + int len; if ( ! UNSERIALIZE(&len) ) return false; @@ -790,6 +935,25 @@ bool SwitchStmt::DoUnserialize(UnserialInfo* info) cases->append(c); } + if ( ! UNSERIALIZE(&default_case_idx) ) + return false; + + loop_over_list(*cases, i) + { + const ListExpr* le = (*cases)[i]->Cases(); + + if ( ! le ) + continue; + + const expr_list& exprs = le->Exprs(); + + loop_over_list(exprs, j) + { + if ( ! AddCaseLabelMapping(exprs[j]->ExprVal(), i) ) + return false; + } + } + return true; } diff --git a/src/Stmt.h b/src/Stmt.h index 7c3b42609b..497d7c97b1 100644 --- a/src/Stmt.h +++ b/src/Stmt.h @@ -17,6 +17,8 @@ class StmtList; class ForStmt; +declare(PDict, int); + class Stmt : public BroObj { public: BroStmtTag Tag() const { return tag; } @@ -187,7 +189,8 @@ protected: class Case : public BroObj { public: - Case(ListExpr* c, Stmt* arg_s) { cases = c; s = arg_s; } + Case(ListExpr* c, Stmt* arg_s) : + cases(simplify_expr_list(c,SIMPLIFY_GENERAL)), s(arg_s) { } ~Case(); const ListExpr* Cases() const { return cases; } @@ -226,7 +229,7 @@ public: protected: friend class Stmt; - SwitchStmt() { cases = 0; } + SwitchStmt() { cases = 0; default_case_idx = -1; comp_hash = 0; } Val* DoExec(Frame* f, Val* v, stmt_flow_type& flow) const; Stmt* DoSimplify(); @@ -234,7 +237,23 @@ protected: DECLARE_SERIAL(SwitchStmt); + // Initialize composite hash and case label map. + void Init(); + + // Adds an entry in case_label_map for the given value to associate it + // with the given index in the cases list. If the entry already exists, + // returns false, else returns true. + bool AddCaseLabelMapping(const Val* v, int idx); + + // Returns index of a case label that's equal to the value, or + // default_case_idx if no case label matches (which may be -1 if there's + // no default label). + int FindCaseLabelMatch(const Val* v) const; + case_list* cases; + int default_case_idx; + CompositeHash* comp_hash; + PDict(int) case_label_map; }; class AddStmt : public ExprStmt { diff --git a/src/TCP.cc b/src/TCP.cc index 555adf1b57..da977d8157 100644 --- a/src/TCP.cc +++ b/src/TCP.cc @@ -382,7 +382,7 @@ void TCP_Analyzer::ProcessFIN(double t, TCP_Endpoint* endpoint, endpoint->FIN_seq = base_seq - endpoint->StartSeq() + seq_len; } -bool TCP_Analyzer::ProcessRST(double t, TCP_Endpoint* endpoint, +void TCP_Analyzer::ProcessRST(double t, TCP_Endpoint* endpoint, const IP_Hdr* ip, uint32 base_seq, int len, int& seq_len) { @@ -406,11 +406,9 @@ bool TCP_Analyzer::ProcessRST(double t, TCP_Endpoint* endpoint, } PacketWithRST(); - - return true; } -int TCP_Analyzer::ProcessFlags(double t, +void TCP_Analyzer::ProcessFlags(double t, const IP_Hdr* ip, const struct tcphdr* tp, uint32 tcp_hdr_len, int len, int& seq_len, TCP_Endpoint* endpoint, TCP_Endpoint* peer, @@ -425,14 +423,11 @@ int TCP_Analyzer::ProcessFlags(double t, if ( flags.FIN() ) ProcessFIN(t, endpoint, seq_len, base_seq); - if ( flags.RST() && - ! ProcessRST(t, endpoint, ip, base_seq, len, seq_len) ) - return 0; + if ( flags.RST() ) + ProcessRST(t, endpoint, ip, base_seq, len, seq_len); if ( flags.ACK() ) ProcessACK(endpoint, peer, ack_seq, is_orig, flags); - - return 1; } void TCP_Analyzer::TransitionFromInactive(double t, TCP_Endpoint* endpoint, @@ -825,10 +820,27 @@ void TCP_Analyzer::UpdateClosedState(double t, TCP_Endpoint* endpoint, } } -void TCP_Analyzer::UpdateResetState(int len, TCP_Flags flags) +void TCP_Analyzer::UpdateResetState(int len, TCP_Flags flags, + TCP_Endpoint* endpoint, uint32 base_seq, + uint32 last_seq) { if ( flags.SYN() ) + { Weird("SYN_after_reset"); + + if ( endpoint->prev_state == TCP_ENDPOINT_INACTIVE ) + { + // Seq. numbers were initialized by a RST packet from this endpoint, + // but now that a SYN is seen from it, that could mean the earlier + // RST was spoofed/injected, so re-initialize. This mostly just + // helps prevent misrepresentations of payload sizes that are based + // on bad initial sequence values. + endpoint->InitStartSeq(base_seq); + endpoint->InitAckSeq(base_seq); + endpoint->InitLastSeq(last_seq); + } + } + if ( flags.FIN() ) Weird("FIN_after_reset"); @@ -871,7 +883,7 @@ void TCP_Analyzer::UpdateStateMachine(double t, break; case TCP_ENDPOINT_RESET: - UpdateResetState(len, flags); + UpdateResetState(len, flags, endpoint, base_seq, last_seq); break; } } @@ -996,10 +1008,8 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, int seq_len = len; // length in terms of sequence space - if ( ! ProcessFlags(t, ip, tp, tcp_hdr_len, len, seq_len, - endpoint, peer, base_seq, ack_seq, - orig_addr, is_orig, flags) ) - return; + ProcessFlags(t, ip, tp, tcp_hdr_len, len, seq_len, endpoint, peer, base_seq, + ack_seq, orig_addr, is_orig, flags); uint32 last_seq = base_seq + seq_len; diff --git a/src/TCP.h b/src/TCP.h index c84202fcf6..635fda7960 100644 --- a/src/TCP.h +++ b/src/TCP.h @@ -135,13 +135,13 @@ protected: void ProcessFIN(double t, TCP_Endpoint* endpoint, int& seq_len, uint32 base_seq); - bool ProcessRST(double t, TCP_Endpoint* endpoint, const IP_Hdr* ip, + void ProcessRST(double t, TCP_Endpoint* endpoint, const IP_Hdr* ip, uint32 base_seq, int len, int& seq_len); void ProcessACK(TCP_Endpoint* endpoint, TCP_Endpoint* peer, uint32 ack_seq, int is_orig, TCP_Flags flags); - int ProcessFlags(double t, const IP_Hdr* ip, const struct tcphdr* tp, + void ProcessFlags(double t, const IP_Hdr* ip, const struct tcphdr* tp, uint32 tcp_hdr_len, int len, int& seq_len, TCP_Endpoint* endpoint, TCP_Endpoint* peer, uint32 base_seq, uint32 ack_seq, @@ -186,7 +186,8 @@ protected: int delta_last, TCP_Flags flags, int& do_close); - void UpdateResetState(int len, TCP_Flags flags); + void UpdateResetState(int len, TCP_Flags flags, TCP_Endpoint* endpoint, + uint32 base_seq, uint32 last_seq); void GeneratePacketEvent(TCP_Endpoint* endpoint, TCP_Endpoint* peer, uint32 base_seq, uint32 ack_seq, diff --git a/src/Type.cc b/src/Type.cc index e9b0949d13..1fb813efa1 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -30,6 +30,7 @@ const char* type_name(TypeTag t) "table", "union", "record", "types", "func", "file", + "opaque", "vector", "type", "error", @@ -96,6 +97,7 @@ BroType::BroType(TypeTag t, bool arg_base_type) case TYPE_LIST: case TYPE_FUNC: case TYPE_FILE: + case TYPE_OPAQUE: case TYPE_VECTOR: case TYPE_TYPE: internal_tag = TYPE_INTERNAL_OTHER; @@ -114,8 +116,17 @@ BroType::~BroType() delete [] type_id; } -int BroType::MatchesIndex(ListExpr*& /* index */) const +int BroType::MatchesIndex(ListExpr*& index) const { + if ( Tag() == TYPE_STRING ) + { + if ( index->Exprs().length() != 1 && index->Exprs().length() != 2 ) + return DOES_NOT_MATCH_INDEX; + + if ( check_and_promote_exprs_to_type(index, ::base_type(TYPE_INT)) ) + return MATCHES_INDEX_SCALAR; + } + return DOES_NOT_MATCH_INDEX; } @@ -1262,6 +1273,42 @@ bool FileType::DoUnserialize(UnserialInfo* info) return yield != 0; } +OpaqueType::OpaqueType(const string& arg_name) : BroType(TYPE_OPAQUE) + { + name = arg_name; + } + +void OpaqueType::Describe(ODesc* d) const + { + if ( d->IsReadable() ) + d->AddSP("opaque of"); + else + d->Add(int(Tag())); + + d->Add(name.c_str()); + } + +IMPLEMENT_SERIAL(OpaqueType, SER_OPAQUE_TYPE); + +bool OpaqueType::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_OPAQUE_TYPE, BroType); + return SERIALIZE(name); + } + +bool OpaqueType::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(BroType); + + char const* n; + if ( ! UNSERIALIZE_STR(&n, 0) ) + return false; + + name = n; + delete [] n; + return true; + } + EnumType::EnumType(const string& arg_name) : BroType(TYPE_ENUM) { @@ -1716,6 +1763,13 @@ int same_type(const BroType* t1, const BroType* t2, int is_init) case TYPE_FILE: return same_type(t1->YieldType(), t2->YieldType(), is_init); + case TYPE_OPAQUE: + { + const OpaqueType* ot1 = (const OpaqueType*) t1; + const OpaqueType* ot2 = (const OpaqueType*) t2; + return ot1->Name() == ot2->Name() ? 1 : 0; + } + case TYPE_TYPE: return same_type(t1, t2, is_init); @@ -1805,6 +1859,7 @@ int is_assignable(BroType* t) case TYPE_VECTOR: case TYPE_FILE: + case TYPE_OPAQUE: case TYPE_TABLE: case TYPE_TYPE: return 1; @@ -2190,3 +2245,18 @@ BroType* init_type(Expr* init) return new SetType(t->AsTypeList(), 0); } + +bool is_atomic_type(const BroType* t) + { + switch ( t->InternalType() ) { + case TYPE_INTERNAL_INT: + case TYPE_INTERNAL_UNSIGNED: + case TYPE_INTERNAL_DOUBLE: + case TYPE_INTERNAL_STRING: + case TYPE_INTERNAL_ADDR: + case TYPE_INTERNAL_SUBNET: + return true; + default: + return false; + } + } diff --git a/src/Type.h b/src/Type.h index 8e2bb099d8..249d8709c5 100644 --- a/src/Type.h +++ b/src/Type.h @@ -29,6 +29,7 @@ typedef enum { TYPE_LIST, TYPE_FUNC, TYPE_FILE, + TYPE_OPAQUE, TYPE_VECTOR, TYPE_TYPE, TYPE_ERROR @@ -499,6 +500,23 @@ protected: BroType* yield; }; +class OpaqueType : public BroType { +public: + OpaqueType(const string& name); + virtual ~OpaqueType() { }; + + const string& Name() const { return name; } + + void Describe(ODesc* d) const; + +protected: + OpaqueType() { } + + DECLARE_SERIAL(OpaqueType) + + string name; +}; + class EnumType : public BroType { public: EnumType(const string& arg_name); @@ -625,6 +643,9 @@ BroType* merge_type_list(ListExpr* elements); // Given an expression, infer its type when used for an initialization. extern BroType* init_type(Expr* init); +// Returns true if argument is an atomic type. +bool is_atomic_type(const BroType* t); + // True if the given type tag corresponds to an integral type. #define IsIntegral(t) (t == TYPE_INT || t == TYPE_COUNT || t == TYPE_COUNTER) diff --git a/src/Val.cc b/src/Val.cc index 3e60fffc82..20051aff5f 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -3114,6 +3114,27 @@ void VectorVal::ValDescribe(ODesc* d) const d->Add("]"); } +OpaqueVal::OpaqueVal(OpaqueType* t) : Val(t) + { + } + +OpaqueVal::~OpaqueVal() + { + } + +IMPLEMENT_SERIAL(OpaqueVal, SER_OPAQUE_VAL); + +bool OpaqueVal::DoSerialize(SerialInfo* info) const + { + DO_SERIALIZE(SER_OPAQUE_VAL, Val); + return true; + } + +bool OpaqueVal::DoUnserialize(UnserialInfo* info) + { + DO_UNSERIALIZE(Val); + return true; + } Val* check_and_promote(Val* v, const BroType* t, int is_init) { @@ -3209,17 +3230,7 @@ int same_val(const Val* /* v1 */, const Val* /* v2 */) bool is_atomic_val(const Val* v) { - switch ( v->Type()->InternalType() ) { - case TYPE_INTERNAL_INT: - case TYPE_INTERNAL_UNSIGNED: - case TYPE_INTERNAL_DOUBLE: - case TYPE_INTERNAL_STRING: - case TYPE_INTERNAL_ADDR: - case TYPE_INTERNAL_SUBNET: - return true; - default: - return false; - } + return is_atomic_type(v->Type()); } int same_atomic_val(const Val* v1, const Val* v2) diff --git a/src/Val.h b/src/Val.h index c3ec5b04fb..8ebfb2de0e 100644 --- a/src/Val.h +++ b/src/Val.h @@ -1013,6 +1013,20 @@ protected: VectorType* vector_type; }; +// Base class for values with types that are managed completely internally, +// with no further script-level operators provided (other than bif +// functions). See OpaqueVal.h for derived classes. +class OpaqueVal : public Val { +public: + OpaqueVal(OpaqueType* t); + virtual ~OpaqueVal(); + +protected: + friend class Val; + OpaqueVal() { } + + DECLARE_SERIAL(OpaqueVal); +}; // Checks the given value for consistency with the given type. If an // exact match, returns it. If promotable, returns the promoted version, diff --git a/src/Var.cc b/src/Var.cc index 2e9fdbe946..b4d76097d3 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -210,7 +210,6 @@ static void make_var(ID* id, BroType* t, init_class c, Expr* init, // defined. Func* f = new BroFunc(id, 0, 0, 0, 0); id->SetVal(new Val(f)); - id->SetConst(); } } @@ -233,8 +232,9 @@ Stmt* add_local(ID* id, BroType* t, init_class c, Expr* init, Ref(id); + Expr* name_expr = new NameExpr(id, dt == VAR_CONST); Stmt* stmt = - new ExprStmt(new AssignExpr(new NameExpr(id), init, 0, 0, + new ExprStmt(new AssignExpr(name_expr, init, 0, 0, id->Attrs() ? id->Attrs()->Attrs() : 0 )); stmt->SetLocationInfo(init->GetLocationInfo()); diff --git a/src/bro.bif b/src/bro.bif index d945e54ef4..8cea9d9123 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -530,82 +530,7 @@ function piped_exec%(program: string, to_write: string%): bool %} %%{ -static void hash_md5_val(val_list& vlist, unsigned char digest[16]) - { - MD5_CTX h; - - md5_init(&h); - loop_over_list(vlist, i) - { - Val* v = vlist[i]; - if ( v->Type()->Tag() == TYPE_STRING ) - { - const BroString* str = v->AsString(); - md5_update(&h, str->Bytes(), str->Len()); - } - else - { - ODesc d(DESC_BINARY); - v->Describe(&d); - md5_update(&h, (const u_char *) d.Bytes(), d.Len()); - } - } - md5_final(&h, digest); - } - -static void hmac_md5_val(val_list& vlist, unsigned char digest[16]) - { - hash_md5_val(vlist, digest); - for ( int i = 0; i < 16; ++i ) - digest[i] = digest[i] ^ shared_hmac_md5_key[i]; - MD5(digest, 16, digest); - } - -static void hash_sha1_val(val_list& vlist, unsigned char digest[20]) - { - SHA_CTX h; - - sha1_init(&h); - loop_over_list(vlist, i) - { - Val* v = vlist[i]; - if ( v->Type()->Tag() == TYPE_STRING ) - { - const BroString* str = v->AsString(); - sha1_update(&h, str->Bytes(), str->Len()); - } - else - { - ODesc d(DESC_BINARY); - v->Describe(&d); - sha1_update(&h, (const u_char *) d.Bytes(), d.Len()); - } - } - sha1_final(&h, digest); - } - -static void hash_sha256_val(val_list& vlist, unsigned char digest[32]) - { - SHA256_CTX h; - - sha256_init(&h); - loop_over_list(vlist, i) - { - Val* v = vlist[i]; - if ( v->Type()->Tag() == TYPE_STRING ) - { - const BroString* str = v->AsString(); - sha256_update(&h, str->Bytes(), str->Len()); - } - else - { - ODesc d(DESC_BINARY); - v->Describe(&d); - sha256_update(&h, (const u_char *) d.Bytes(), d.Len()); - } - } - sha256_final(&h, digest); - } +#include "OpaqueVal.h" %%} ## Computes the MD5 hash value of the provided list of arguments. @@ -623,8 +548,8 @@ static void hash_sha256_val(val_list& vlist, unsigned char digest[32]) ## friends. function md5_hash%(...%): string %{ - unsigned char digest[16]; - hash_md5_val(@ARG@, digest); + unsigned char digest[MD5_DIGEST_LENGTH]; + MD5Val::digest(@ARG@, digest); return new StringVal(md5_digest_print(digest)); %} @@ -643,8 +568,8 @@ function md5_hash%(...%): string ## friends. function sha1_hash%(...%): string %{ - unsigned char digest[20]; - hash_sha1_val(@ARG@, digest); + unsigned char digest[SHA_DIGEST_LENGTH]; + SHA1Val::digest(@ARG@, digest); return new StringVal(sha1_digest_print(digest)); %} @@ -663,8 +588,8 @@ function sha1_hash%(...%): string ## friends. function sha256_hash%(...%): string %{ - unsigned char digest[32]; - hash_sha256_val(@ARG@, digest); + unsigned char digest[SHA256_DIGEST_LENGTH]; + SHA256Val::digest(@ARG@, digest); return new StringVal(sha256_digest_print(digest)); %} @@ -679,288 +604,183 @@ function sha256_hash%(...%): string ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish function md5_hmac%(...%): string %{ - unsigned char digest[16]; - hmac_md5_val(@ARG@, digest); - return new StringVal(md5_digest_print(digest)); + unsigned char hmac[MD5_DIGEST_LENGTH]; + MD5Val::hmac(@ARG@, shared_hmac_md5_key, hmac); + return new StringVal(md5_digest_print(hmac)); %} -%%{ -static map md5_states; -static map sha1_states; -static map sha256_states; - -BroString* convert_index_to_string(Val* index) - { - ODesc d; - index->Describe(&d); - BroString* s = new BroString(1, d.TakeBytes(), d.Len()); - s->SetUseFreeToDelete(1); - return s; - } -%%} - -## Initializes MD5 state to enable incremental hash computation. After -## initializing the MD5 state with this function, you can feed data to -## :bro:id:`md5_hash_update` and finally need to call :bro:id:`md5_hash_finish` -## to finish the computation and get the final hash value. +## Constructs an MD5 handle to enable incremental hash computation. You can +## feed data to the returned opaque value with :bro:id:`md5_hash_update` and +## eventually need to call :bro:id:`md5_hash_finish` to finish the computation +## and get the hash digest as result. ## ## For example, when computing incremental MD5 values of transferred files in -## multiple concurrent HTTP connections, one would call ``md5_hash_init(c$id)`` -## once before invoking ``md5_hash_update(c$id, some_more_data)`` in the +## multiple concurrent HTTP connections, one keeps an optional handle in the +## HTTP session record. Then, one would call +## ``c$http$md5_handle = md5_hash_init()`` once before invoking +## ``md5_hash_update(c$http$md5_handle, some_more_data)`` in the ## :bro:id:`http_entity_data` event handler. When all data has arrived, a call ## to :bro:id:`md5_hash_finish` returns the final hash value. -## -## index: The unique identifier to associate with this hash computation. +## +## Returns: The opaque handle associated with this hash computation. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function md5_hash_init%(index: any%): bool +function md5_hash_init%(%): opaque of md5 %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( md5_states.count(*s) < 1 ) - { - MD5_CTX h; - md5_init(&h); - md5_states[*s] = h; - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + HashVal* digest = new MD5Val(); + digest->Init(); + return digest; %} -## Initializes SHA1 state to enable incremental hash computation. After -## initializing the SHA1 state with this function, you can feed data to -## :bro:id:`sha1_hash_update` and finally need to call -## :bro:id:`sha1_hash_finish` to finish the computation and get the final hash -## value. +## Constructs an SHA1 handle to enable incremental hash computation. You can +## feed data to the returned opaque value with :bro:id:`sha1_hash_update` and +## finally need to call :bro:id:`sha1_hash_finish` to finish the computation +## and get the hash digest as result. ## ## For example, when computing incremental SHA1 values of transferred files in -## multiple concurrent HTTP connections, one would call ``sha1_hash_init(c$id)`` -## once before invoking ``sha1_hash_update(c$id, some_more_data)`` in the +## multiple concurrent HTTP connections, one keeps an optional handle in the +## HTTP session record. Then, one would call +## ``c$http$sha1_handle = sha1_hash_init()`` ## once before invoking +## ``sha1_hash_update(c$http$sha1_handle, some_more_data)`` in the ## :bro:id:`http_entity_data` event handler. When all data has arrived, a call ## to :bro:id:`sha1_hash_finish` returns the final hash value. ## -## index: The unique identifier to associate with this hash computation. +## Returns: The opaque handle associated with this hash computation. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function sha1_hash_init%(index: any%): bool +function sha1_hash_init%(%): opaque of sha1 %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( sha1_states.count(*s) < 1 ) - { - SHA_CTX h; - sha1_init(&h); - sha1_states[*s] = h; - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + HashVal* digest = new SHA1Val(); + digest->Init(); + return digest; %} -## Initializes SHA256 state to enable incremental hash computation. After -## initializing the SHA256 state with this function, you can feed data to -## :bro:id:`sha256_hash_update` and finally need to call -## :bro:id:`sha256_hash_finish` to finish the computation and get the final hash -## value. +## Constructs an SHA256 handle to enable incremental hash computation. You can +## feed data to the returned opaque value with :bro:id:`sha256_hash_update` and +## finally need to call :bro:id:`sha256_hash_finish` to finish the computation +## and get the hash digest as result. ## ## For example, when computing incremental SHA256 values of transferred files in -## multiple concurrent HTTP connections, one would call -## ``sha256_hash_init(c$id)`` once before invoking -## ``sha256_hash_update(c$id, some_more_data)`` in the +## multiple concurrent HTTP connections, one keeps an optional handle in the +## HTTP session record. Then, one would call +## ``c$http$sha256_handle = sha256_hash_init()`` ## once before invoking +## ``sha256_hash_update(c$http$sha256_handle, some_more_data)`` in the ## :bro:id:`http_entity_data` event handler. When all data has arrived, a call ## to :bro:id:`sha256_hash_finish` returns the final hash value. ## -## index: The unique identifier to associate with this hash computation. +## Returns: The opaque handle associated with this hash computation. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_update sha256_hash_finish -function sha256_hash_init%(index: any%): bool +function sha256_hash_init%(%): opaque of sha256 %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( sha256_states.count(*s) < 1 ) - { - SHA256_CTX h; - sha256_init(&h); - sha256_states[*s] = h; - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + HashVal* digest = new SHA256Val(); + digest->Init(); + return digest; %} -## Update the MD5 value associated with a given index. It is required to +## Updates the MD5 value associated with a given index. It is required to ## call :bro:id:`md5_hash_init` once before calling this ## function. ## -## index: The unique identifier to associate with this hash computation. +## handle: The opaque handle associated with this hash computation. ## ## data: The data to add to the hash computation. ## +## Returns: True on success. +## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function md5_hash_update%(index: any, data: string%): bool +function md5_hash_update%(handle: opaque of md5, data: string%): bool %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( md5_states.count(*s) > 0 ) - { - md5_update(&md5_states[*s], data->Bytes(), data->Len()); - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); + return new Val(rc, TYPE_BOOL); %} -## Update the SHA1 value associated with a given index. It is required to +## Updates the SHA1 value associated with a given index. It is required to ## call :bro:id:`sha1_hash_init` once before calling this ## function. ## -## index: The unique identifier to associate with this hash computation. +## handle: The opaque handle associated with this hash computation. ## ## data: The data to add to the hash computation. ## +## Returns: True on success. +## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function sha1_hash_update%(index: any, data: string%): bool +function sha1_hash_update%(handle: opaque of sha1, data: string%): bool %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( sha1_states.count(*s) > 0 ) - { - sha1_update(&sha1_states[*s], data->Bytes(), data->Len()); - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); + return new Val(rc, TYPE_BOOL); %} -## Update the SHA256 value associated with a given index. It is required to +## Updates the SHA256 value associated with a given index. It is required to ## call :bro:id:`sha256_hash_init` once before calling this ## function. ## -## index: The unique identifier to associate with this hash computation. +## handle: The opaque handle associated with this hash computation. ## ## data: The data to add to the hash computation. ## +## Returns: True on success. +## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_finish -function sha256_hash_update%(index: any, data: string%): bool +function sha256_hash_update%(handle: opaque of sha256, data: string%): bool %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( sha256_states.count(*s) > 0 ) - { - sha256_update(&sha256_states[*s], data->Bytes(), data->Len()); - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + bool rc = static_cast(handle)->Feed(data->Bytes(), data->Len()); + return new Val(rc, TYPE_BOOL); %} ## Returns the final MD5 digest of an incremental hash computation. ## -## index: The unique identifier of this hash computation. +## handle: The opaque handle associated with this hash computation. ## -## Returns: The hash value associated with the computation at *index*. +## Returns: The hash value associated with the computation of *handle*. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function md5_hash_finish%(index: any%): string +function md5_hash_finish%(handle: opaque of md5%): string %{ - BroString* s = convert_index_to_string(index); - StringVal* printable_digest; - - if ( md5_states.count(*s) > 0 ) - { - unsigned char digest[16]; - md5_final(&md5_states[*s], digest); - md5_states.erase(*s); - printable_digest = new StringVal(md5_digest_print(digest)); - } - else - printable_digest = new StringVal(""); - - delete s; - return printable_digest; + return static_cast(handle)->Get(); %} ## Returns the final SHA1 digest of an incremental hash computation. ## -## index: The unique identifier of this hash computation. +## handle: The opaque handle associated with this hash computation. ## -## Returns: The hash value associated with the computation at *index*. +## Returns: The hash value associated with the computation of *handle*. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update ## sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish -function sha1_hash_finish%(index: any%): string +function sha1_hash_finish%(handle: opaque of sha1%): string %{ - BroString* s = convert_index_to_string(index); - StringVal* printable_digest; - - if ( sha1_states.count(*s) > 0 ) - { - unsigned char digest[20]; - sha1_final(&sha1_states[*s], digest); - sha1_states.erase(*s); - printable_digest = new StringVal(sha1_digest_print(digest)); - } - else - printable_digest = new StringVal(""); - - delete s; - return printable_digest; + return static_cast(handle)->Get(); %} ## Returns the final SHA256 digest of an incremental hash computation. ## -## index: The unique identifier of this hash computation. +## handle: The opaque handle associated with this hash computation. ## -## Returns: The hash value associated with the computation at *index*. +## Returns: The hash value associated with the computation of *handle*. ## ## .. bro:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish ## sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish ## sha256_hash sha256_hash_init sha256_hash_update -function sha256_hash_finish%(index: any%): string +function sha256_hash_finish%(handle: opaque of sha256%): string %{ - BroString* s = convert_index_to_string(index); - StringVal* printable_digest; - - if ( sha256_states.count(*s) > 0 ) - { - unsigned char digest[32]; - sha256_final(&sha256_states[*s], digest); - sha256_states.erase(*s); - printable_digest = new StringVal(sha256_digest_print(digest)); - } - else - printable_digest = new StringVal(""); - - delete s; - return printable_digest; + return static_cast(handle)->Get(); %} ## Generates a random number. @@ -1058,11 +878,6 @@ function identify_data%(data: string, return_mime: bool%): string return new StringVal(descr); %} -%%{ -#include -static map entropy_states; -%%} - ## Performs an entropy test on the given data. ## See http://www.fourmilab.ch/random. ## @@ -1107,13 +922,11 @@ function find_entropy%(data: string%): entropy_test_result %{ double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; + EntropyVal e; + e.Feed(data->Bytes(), data->Len()); + e.Get(&ent, &chisq, &mean, &montepi, &scc); + RecordVal* ent_result = new RecordVal(entropy_test_result); - RandTest *rt = new RandTest(); - - rt->add((char*) data->Bytes(), data->Len()); - rt->end(&ent, &chisq, &mean, &montepi, &scc); - delete rt; - ent_result->Assign(0, new Val(ent, TYPE_DOUBLE)); ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE)); ent_result->Assign(2, new Val(mean, TYPE_DOUBLE)); @@ -1124,85 +937,52 @@ function find_entropy%(data: string%): entropy_test_result ## Initializes data structures for incremental entropy calculation. ## -## index: An arbitrary unique value per distinct computation. -## -## Returns: True on success. +## Returns: An opaque handle to be used in subsequent operations. ## ## .. bro:see:: find_entropy entropy_test_add entropy_test_finish -function entropy_test_init%(index: any%): bool +function entropy_test_init%(%): opaque of entropy %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( entropy_states.count(*s) < 1 ) - { - entropy_states[*s] = new RandTest(); - status = 1; - } - - delete s; - return new Val(status, TYPE_BOOL); + return new EntropyVal(); %} -## Adds data to an incremental entropy calculation. Before using this function, -## one needs to invoke :bro:id:`entropy_test_init`. +## Adds data to an incremental entropy calculation. +## +## handle: The opaque handle representing the entropy calculation state. ## ## data: The data to add to the entropy calculation. ## -## index: An arbitrary unique value that identifies a particular entropy -## computation. -## ## Returns: True on success. ## ## .. bro:see:: find_entropy entropy_test_add entropy_test_finish -function entropy_test_add%(index: any, data: string%): bool +function entropy_test_add%(handle: opaque of entropy, data: string%): bool %{ - BroString* s = convert_index_to_string(index); - int status = 0; - - if ( entropy_states.count(*s) > 0 ) - { - entropy_states[*s]->add((char*) data->Bytes(), data->Len()); - status = 1; - } - - delete s; + bool status = static_cast(handle)->Feed(data->Bytes(), + data->Len()); return new Val(status, TYPE_BOOL); %} ## Finishes an incremental entropy calculation. Before using this function, -## one needs to initialize the computation with :bro:id:`entropy_test_init` and +## one needs to obtain an opaque handle with :bro:id:`entropy_test_init` and ## add data to it via :bro:id:`entropy_test_add`. ## -## index: An arbitrary unique value that identifies a particular entropy -## computation. +## handle: The opaque handle representing the entropy calculation state. ## ## Returns: The result of the entropy test. See :bro:id:`find_entropy` for a ## description of the individual components. ## ## .. bro:see:: find_entropy entropy_test_init entropy_test_add -function entropy_test_finish%(index: any%): entropy_test_result +function entropy_test_finish%(handle: opaque of entropy%): entropy_test_result %{ - BroString* s = convert_index_to_string(index); double montepi, scc, ent, mean, chisq; montepi = scc = ent = mean = chisq = 0.0; + static_cast(handle)->Get(&ent, &chisq, &mean, &montepi, &scc); + RecordVal* ent_result = new RecordVal(entropy_test_result); - - if ( entropy_states.count(*s) > 0 ) - { - RandTest *rt = entropy_states[*s]; - rt->end(&ent, &chisq, &mean, &montepi, &scc); - entropy_states.erase(*s); - delete rt; - } - ent_result->Assign(0, new Val(ent, TYPE_DOUBLE)); ent_result->Assign(1, new Val(chisq, TYPE_DOUBLE)); ent_result->Assign(2, new Val(mean, TYPE_DOUBLE)); ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE)); ent_result->Assign(4, new Val(scc, TYPE_DOUBLE)); - - delete s; return ent_result; %} @@ -2684,8 +2464,9 @@ function to_port%(s: string%): port if ( s->Len() < 10 ) { char* slash; + errno = 0; port = strtol(s->CheckString(), &slash, 10); - if ( port ) + if ( ! errno ) { ++slash; if ( streq(slash, "tcp") ) diff --git a/src/builtin-func.l b/src/builtin-func.l index 1d61f31734..9baeb1a9f9 100644 --- a/src/builtin-func.l +++ b/src/builtin-func.l @@ -74,7 +74,9 @@ HEX [0-9a-fA-F]+ "set" return check_c_mode(TOK_SET); "table" return check_c_mode(TOK_TABLE); "vector" return check_c_mode(TOK_VECTOR); -"module" return check_c_mode(TOK_MODULE); +"of" return check_c_mode(TOK_OF); +"opaque" return check_c_mode(TOK_OPAQUE); +"module" return check_c_mode(TOK_MODULE); "@ARG@" return TOK_ARG; "@ARGS@" return TOK_ARGS; diff --git a/src/builtin-func.y b/src/builtin-func.y index fd40613236..474f321ccd 100644 --- a/src/builtin-func.y +++ b/src/builtin-func.y @@ -269,15 +269,15 @@ void print_event_c_body(FILE *fp) %token TOK_LPP TOK_RPP TOK_LPB TOK_RPB TOK_LPPB TOK_RPPB TOK_VAR_ARG %token TOK_BOOL -%token TOK_FUNCTION TOK_EVENT TOK_CONST TOK_ENUM -%token TOK_TYPE TOK_RECORD TOK_SET TOK_VECTOR TOK_TABLE TOK_MODULE +%token TOK_FUNCTION TOK_EVENT TOK_CONST TOK_ENUM TOK_OF +%token TOK_TYPE TOK_RECORD TOK_SET TOK_VECTOR TOK_OPAQUE TOK_TABLE TOK_MODULE %token TOK_ARGS TOK_ARG TOK_ARGC %token TOK_ID TOK_ATTR TOK_CSTR TOK_LF TOK_WS TOK_COMMENT %token TOK_ATOM TOK_INT TOK_C_TOKEN %left ',' ':' -%type TOK_C_TOKEN TOK_ID TOK_CSTR TOK_WS TOK_COMMENT TOK_ATTR TOK_INT opt_ws +%type TOK_C_TOKEN TOK_ID TOK_CSTR TOK_WS TOK_COMMENT TOK_ATTR TOK_INT opt_ws type %type TOK_ATOM TOK_BOOL %union { @@ -584,7 +584,17 @@ args_1: args_1 ',' opt_ws arg opt_ws { /* empty */ } ; -arg: TOK_ID opt_ws ':' opt_ws TOK_ID +// TODO: Migrate all other compound types to this rule. Once the BiF language +// can parse all regular Bro types, we can throw out the unnecessary +// boilerplate typedefs for addr_set, string_set, etc. +type: + TOK_OPAQUE opt_ws TOK_OF opt_ws TOK_ID + { $$ = concat("opaque of ", $5); } + | TOK_ID + { $$ = $1; } + ; + +arg: TOK_ID opt_ws ':' opt_ws type { args.push_back(new BuiltinFuncArg($1, $5)); } | TOK_VAR_ARG { @@ -594,7 +604,7 @@ arg: TOK_ID opt_ws ':' opt_ws TOK_ID } ; -return_type: ':' opt_ws TOK_ID opt_ws +return_type: ':' opt_ws type opt_ws { BuiltinFuncArg* ret = new BuiltinFuncArg("", $3); ret->PrintBro(fp_bro_init); diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index 950a3d5c9b..2af3a31a88 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -213,8 +213,6 @@ bool Ascii::GetLine(string& str) return false; } - - // read the entire file and send appropriate thingies back to InputMgr bool Ascii::DoUpdate() { diff --git a/src/parse.y b/src/parse.y index 079fc16c43..090786647e 100644 --- a/src/parse.y +++ b/src/parse.y @@ -11,7 +11,7 @@ %token TOK_DOUBLE TOK_ELSE TOK_ENUM TOK_EVENT TOK_EXPORT TOK_FILE TOK_FOR %token TOK_FUNCTION TOK_GLOBAL TOK_HOOK TOK_ID TOK_IF TOK_INT %token TOK_INTERVAL TOK_LIST TOK_LOCAL TOK_MODULE -%token TOK_NEXT TOK_OF TOK_PATTERN TOK_PATTERN_TEXT +%token TOK_NEXT TOK_OF TOK_OPAQUE TOK_PATTERN TOK_PATTERN_TEXT %token TOK_PORT TOK_PRINT TOK_RECORD TOK_REDEF %token TOK_REMOVE_FROM TOK_RETURN TOK_SCHEDULE TOK_SET %token TOK_STRING TOK_SUBNET TOK_SWITCH TOK_TABLE @@ -418,6 +418,14 @@ expr: $$ = new IndexExpr($1, $3); } + | expr '[' expr ':' expr ']' + { + set_location(@1, @6); + ListExpr* le = new ListExpr($3); + le->Append($5); + $$ = new IndexExpr($1, le, true); + } + | expr '$' TOK_ID { set_location(@1, @3); @@ -899,6 +907,12 @@ type: $$ = new FileType(base_type(TYPE_STRING)); } + | TOK_OPAQUE TOK_OF TOK_ID + { + set_location(@1, @3); + $$ = new OpaqueType($3); + } + | resolve_id { if ( ! $1 || ! ($$ = $1->AsType()) ) diff --git a/src/scan.l b/src/scan.l index bf4cd76f23..efcd273e36 100644 --- a/src/scan.l +++ b/src/scan.l @@ -298,6 +298,7 @@ local return TOK_LOCAL; module return TOK_MODULE; next return TOK_NEXT; of return TOK_OF; +opaque return TOK_OPAQUE; pattern return TOK_PATTERN; port return TOK_PORT; print return TOK_PRINT; diff --git a/testing/btest/Baseline/bifs.to_port/out b/testing/btest/Baseline/bifs.to_port/out index 79796d605e..7744914c30 100644 --- a/testing/btest/Baseline/bifs.to_port/out +++ b/testing/btest/Baseline/bifs.to_port/out @@ -1,6 +1,9 @@ 123/tcp 123/udp 123/icmp +0/tcp +0/udp +0/icmp 0/unknown 256/tcp 256/udp diff --git a/testing/btest/Baseline/core.tcp.rst-after-syn/.stdout b/testing/btest/Baseline/core.tcp.rst-after-syn/.stdout new file mode 100644 index 0000000000..25ed566cd0 --- /dev/null +++ b/testing/btest/Baseline/core.tcp.rst-after-syn/.stdout @@ -0,0 +1,3 @@ +[orig_h=1.2.0.2, orig_p=2527/tcp, resp_h=1.2.0.3, resp_p=6649/tcp] +orig:, [size=175, state=1, num_pkts=4, num_bytes_ip=395, flow_label=0] +resp:, [size=0, state=6, num_pkts=5, num_bytes_ip=236, flow_label=0] diff --git a/testing/btest/Baseline/istate.opaque/expected.log b/testing/btest/Baseline/istate.opaque/expected.log new file mode 100644 index 0000000000..1386a47db1 --- /dev/null +++ b/testing/btest/Baseline/istate.opaque/expected.log @@ -0,0 +1,4 @@ +acbd18db4cc2f85cedef654fccc4a4d8 +0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33 +2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae +[entropy=0.918296, chi_square=423.666667, mean=108.0, monte_carlo_pi=nan, serial_correlation=-0.5] diff --git a/testing/btest/Baseline/istate.opaque/output.log b/testing/btest/Baseline/istate.opaque/output.log new file mode 100644 index 0000000000..1386a47db1 --- /dev/null +++ b/testing/btest/Baseline/istate.opaque/output.log @@ -0,0 +1,4 @@ +acbd18db4cc2f85cedef654fccc4a4d8 +0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33 +2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae +[entropy=0.918296, chi_square=423.666667, mean=108.0, monte_carlo_pi=nan, serial_correlation=-0.5] diff --git a/testing/btest/Baseline/language.const/invalid.stderr b/testing/btest/Baseline/language.const/invalid.stderr new file mode 100644 index 0000000000..b08c472708 --- /dev/null +++ b/testing/btest/Baseline/language.const/invalid.stderr @@ -0,0 +1,13 @@ +error in ./invalid.bro, line 15: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 16: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 17: const is not a modifiable lvalue (bar) +error in ./invalid.bro, line 17: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 18: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 19: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 20: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 22: const is not a modifiable lvalue (foo) +error in ./invalid.bro, line 25: const is not a modifiable lvalue (bar) +error in ./invalid.bro, line 26: const is not a modifiable lvalue (baz) +error in ./invalid.bro, line 27: const is not a modifiable lvalue (bar) +error in ./invalid.bro, line 28: const is not a modifiable lvalue (baz) +error in ./invalid.bro, line 33: const is not a modifiable lvalue (foo) diff --git a/testing/btest/Baseline/language.const/invalid.stdout b/testing/btest/Baseline/language.const/invalid.stdout new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/Baseline/language.const/valid.stderr b/testing/btest/Baseline/language.const/valid.stderr new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/Baseline/language.const/valid.stdout b/testing/btest/Baseline/language.const/valid.stdout new file mode 100644 index 0000000000..5e3a76f060 --- /dev/null +++ b/testing/btest/Baseline/language.const/valid.stdout @@ -0,0 +1,10 @@ +40 +enter f, 10 +exit f, 110 +enter f, 9 +exit f, 109 +enter f, 7 +exit f, 107 +foo, 10 +bar, 9 +baz, 7 diff --git a/testing/btest/Baseline/language.hook/out b/testing/btest/Baseline/language.hook/out index bef25193b8..d4f367f875 100644 --- a/testing/btest/Baseline/language.hook/out +++ b/testing/btest/Baseline/language.hook/out @@ -3,6 +3,7 @@ myhook return F myhook return T myhook, &priority=5, [a=37, b=goobye world] F +T myhook3, 8 T myhook4, 2 diff --git a/testing/btest/Baseline/language.string-indexing/out b/testing/btest/Baseline/language.string-indexing/out new file mode 100644 index 0000000000..3359187d4c --- /dev/null +++ b/testing/btest/Baseline/language.string-indexing/out @@ -0,0 +1,13 @@ +1 +12 +123456 +0123456789 +8 +789 +9 +9 +9 + + +2 +1 diff --git a/testing/btest/Baseline/language.switch-statement/out b/testing/btest/Baseline/language.switch-statement/out new file mode 100644 index 0000000000..19f86f493a --- /dev/null +++ b/testing/btest/Baseline/language.switch-statement/out @@ -0,0 +1 @@ +done diff --git a/testing/btest/Baseline/language.type-type-error/.stderr b/testing/btest/Baseline/language.type-type-error/.stderr new file mode 100644 index 0000000000..95cb065ece --- /dev/null +++ b/testing/btest/Baseline/language.type-type-error/.stderr @@ -0,0 +1 @@ +error in /home/jsiwek/bro/testing/btest/.tmp/language.type-type-error/type-type-error.bro, line 13: not a record (r$a) diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt index c4ac546ab6..5d95fdc0c0 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt @@ -56,20 +56,20 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475167096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0 1300475167097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0 0 0 S0 F 0 D 1 199 0 0 1300475167099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0 0 0 S0 F 0 D 1 179 0 0 -1300475168853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 435 0 89 SHR F 0 Cd 0 0 1 117 -1300475168854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 420 0 99 SHR F 0 Cd 0 0 1 127 -1300475168854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 391 0 183 SHR F 0 Cd 0 0 1 211 -1300475168857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 317 0 89 SHR F 0 Cd 0 0 1 117 -1300475168858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 343 0 99 SHR F 0 Cd 0 0 1 127 -1300475168858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 375 0 183 SHR F 0 Cd 0 0 1 211 -1300475168891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 339 0 89 SHR F 0 Cd 0 0 1 117 -1300475168892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 334 0 99 SHR F 0 Cd 0 0 1 127 -1300475168892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 420 0 183 SHR F 0 Cd 0 0 1 211 -1300475168893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 384 0 89 SHR F 0 Cd 0 0 1 117 -1300475168894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 316 0 99 SHR F 0 Cd 0 0 1 127 -1300475168894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 422 0 183 SHR F 0 Cd 0 0 1 211 -1300475168901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 402 0 131 SHR F 0 Cd 0 0 1 159 -1300475168902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 374 0 198 SHR F 0 Cd 0 0 1 226 +1300475168853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 435 38 89 SF F 0 Dd 1 66 1 117 +1300475168854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 420 52 99 SF F 0 Dd 1 80 1 127 +1300475168854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 391 38 183 SF F 0 Dd 1 66 1 211 +1300475168857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 317 38 89 SF F 0 Dd 1 66 1 117 +1300475168858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 343 52 99 SF F 0 Dd 1 80 1 127 +1300475168858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 375 38 183 SF F 0 Dd 1 66 1 211 +1300475168891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 339 38 89 SF F 0 Dd 1 66 1 117 +1300475168892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 334 52 99 SF F 0 Dd 1 80 1 127 +1300475168892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 420 38 183 SF F 0 Dd 1 66 1 211 +1300475168893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 384 38 89 SF F 0 Dd 1 66 1 117 +1300475168894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 316 52 99 SF F 0 Dd 1 80 1 127 +1300475168894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 422 38 183 SF F 0 Dd 1 66 1 211 +1300475168901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 402 36 131 SF F 0 Dd 1 64 1 159 +1300475168902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 374 36 198 SF F 0 Dd 1 64 1 226 1300475169899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0 1300475170862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2613016 350 0 S0 F 0 D 7 546 0 0 1300475171675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 100096 66 0 S0 F 0 D 2 162 0 0 @@ -77,13 +77,13 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475173116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 99801 66 0 S0 F 0 D 2 162 0 0 1300475173117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 99848 66 0 S0 F 0 D 2 122 0 0 1300475173153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0 -1300475168859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp 215893 1130 734 S1 F 1130 ShACad 4 216 4 950 -1300475168652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 61328 0 350 OTH F 0 CdA 1 52 1 402 -1300475168895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp 227283 1178 734 S1 F 1178 ShACad 4 216 4 950 -1300475168902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 120040 534 412 S1 F 534 ShACad 3 164 3 576 -1300475168892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp 229603 1148 734 S1 F 1148 ShACad 4 216 4 950 -1300475168855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp 218501 1171 733 S1 F 1171 ShACad 4 216 4 949 -1300475168892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp 220960 1137 733 S1 F 1137 ShACad 4 216 4 949 +1300475168859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 215893 1130 734 S1 F 0 ShADad 6 1450 4 950 +1300475168652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 61328 463 350 OTH F 0 DdA 2 567 1 402 +1300475168895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 227283 1178 734 S1 F 0 ShADad 6 1498 4 950 +1300475168902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 120040 534 412 S1 F 0 ShADad 4 750 3 576 +1300475168892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 229603 1148 734 S1 F 0 ShADad 6 1468 4 950 +1300475168855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 218501 1171 733 S1 F 0 ShADad 6 1491 4 949 +1300475168892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 220960 1137 733 S1 F 0 ShADad 6 1457 4 949 1300475169780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0 0 0 OTH F 0 h 0 0 1 48 -1300475168724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 119904 525 232 S1 F 525 ShACad 3 164 3 396 -1300475168855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp 219720 1125 734 S1 F 1125 ShACad 4 216 4 950 +1300475168724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 119904 525 232 S1 F 0 ShADad 4 741 3 396 +1300475168855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 219720 1125 734 S1 F 0 ShADad 6 1445 4 950 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt index b74b9fd7e3..5af6f702b8 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt @@ -56,20 +56,20 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0 1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp 0.000000 0 0 S0 F 0 D 1 199 0 0 1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp 0.000000 0 0 S0 F 0 D 1 179 0 0 -1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 0 89 SHR F 0 Cd 0 0 1 117 -1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 0 99 SHR F 0 Cd 0 0 1 127 -1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 0 183 SHR F 0 Cd 0 0 1 211 -1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 0 89 SHR F 0 Cd 0 0 1 117 -1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 0 99 SHR F 0 Cd 0 0 1 127 -1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 0 183 SHR F 0 Cd 0 0 1 211 -1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 0 89 SHR F 0 Cd 0 0 1 117 -1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 0 99 SHR F 0 Cd 0 0 1 127 -1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 0 183 SHR F 0 Cd 0 0 1 211 -1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 0 89 SHR F 0 Cd 0 0 1 117 -1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 0 99 SHR F 0 Cd 0 0 1 127 -1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 0 183 SHR F 0 Cd 0 0 1 211 -1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 0 131 SHR F 0 Cd 0 0 1 159 -1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 0 198 SHR F 0 Cd 0 0 1 226 +1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F 0 Dd 1 66 1 117 +1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F 0 Dd 1 80 1 127 +1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F 0 Dd 1 66 1 211 +1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF F 0 Dd 1 66 1 117 +1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF F 0 Dd 1 80 1 127 +1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF F 0 Dd 1 66 1 211 +1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF F 0 Dd 1 66 1 117 +1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF F 0 Dd 1 80 1 127 +1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF F 0 Dd 1 66 1 211 +1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF F 0 Dd 1 66 1 117 +1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF F 0 Dd 1 80 1 127 +1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF F 0 Dd 1 66 1 211 +1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF F 0 Dd 1 64 1 159 +1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF F 0 Dd 1 64 1 226 1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 85 0 0 1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 F 0 D 7 546 0 0 1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 F 0 D 2 162 0 0 @@ -77,13 +77,13 @@ ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes 1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 F 0 D 2 162 0 0 1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 F 0 D 2 122 0 0 1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0.000000 0 0 S0 F 0 D 1 78 0 0 -1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp 0.215893 1130 734 S1 F 1130 ShACad 4 216 4 950 -1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0.061329 0 350 OTH F 0 CdA 1 52 1 402 -1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp 0.227284 1178 734 S1 F 1178 ShACad 4 216 4 950 -1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp 0.120041 534 412 S1 F 534 ShACad 3 164 3 576 -1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp 0.229603 1148 734 S1 F 1148 ShACad 4 216 4 950 -1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp 0.218501 1171 733 S1 F 1171 ShACad 4 216 4 949 -1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp 0.220961 1137 733 S1 F 1137 ShACad 4 216 4 949 +1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 F 0 ShADad 6 1450 4 950 +1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp 0.061329 463 350 OTH F 0 DdA 2 567 1 402 +1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 F 0 ShADad 6 1498 4 950 +1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 F 0 ShADad 4 750 3 576 +1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F 0 ShADad 6 1468 4 950 +1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 F 0 ShADad 6 1491 4 949 +1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 F 0 ShADad 6 1457 4 949 1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp 0.000000 0 0 OTH F 0 h 0 0 1 48 -1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp 0.119905 525 232 S1 F 525 ShACad 3 164 3 396 -1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp 0.219720 1125 734 S1 F 1125 ShACad 4 216 4 950 +1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 F 0 ShADad 4 741 3 396 +1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 F 0 ShADad 6 1445 4 950 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt index ae62fbec3d..756a49a427 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt @@ -65,17 +65,17 @@ # Extent, type='http' ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file -1300475168.843894 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0 0 0 304 Not Modified 0 -1300475168.975800 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475168.976327 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475168.979160 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.012666 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.012730 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.014860 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.022665 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0 0 0 304 Not Modified 0 -1300475169.036294 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.036798 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.039923 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.074793 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.074938 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 0 0 0 304 Not Modified 0 -1300475169.075065 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 0 0 0 304 Not Modified 0 +1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.916018 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.916183 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.918358 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.952307 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.952296 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.954820 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.962687 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.975934 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.976436 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475168.979264 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 +1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified 0 diff --git a/testing/btest/Traces/tcp/rst-inject-rae.trace b/testing/btest/Traces/tcp/rst-inject-rae.trace new file mode 100644 index 0000000000..7225cc0d35 Binary files /dev/null and b/testing/btest/Traces/tcp/rst-inject-rae.trace differ diff --git a/testing/btest/Traces/wikipedia.trace b/testing/btest/Traces/wikipedia.trace index 68d85e0190..9e21966243 100644 Binary files a/testing/btest/Traces/wikipedia.trace and b/testing/btest/Traces/wikipedia.trace differ diff --git a/testing/btest/bifs/entropy_test.bro b/testing/btest/bifs/entropy_test.bro index 8dc54e09b2..2a2dd422d1 100644 --- a/testing/btest/bifs/entropy_test.bro +++ b/testing/btest/bifs/entropy_test.bro @@ -5,20 +5,14 @@ event bro_init() { local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; - if ( entropy_test_init(1) != T ) + local handle = entropy_test_init(); + if ( ! entropy_test_add(handle, a) ) exit(1); - - if ( entropy_test_add(1, a) != T ) - exit(1); - - print entropy_test_finish(1); + print entropy_test_finish(handle); local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000"; - if ( entropy_test_init(2) != T ) + handle = entropy_test_init(); + if ( ! entropy_test_add(handle, b) ) exit(1); - - if ( entropy_test_add(2, b) != T ) - exit(1); - - print entropy_test_finish(2); + print entropy_test_finish(handle); } diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test index 5a9715edf1..b022302c59 100644 --- a/testing/btest/bifs/md5.test +++ b/testing/btest/bifs/md5.test @@ -4,16 +4,16 @@ print md5_hash("one"); print md5_hash("one", "two", "three"); -md5_hash_init("a"); -md5_hash_init("b"); +local a = md5_hash_init(); +local b = md5_hash_init(); -md5_hash_update("a", "one"); -md5_hash_update("b", "one"); -md5_hash_update("b", "two"); -md5_hash_update("b", "three"); +md5_hash_update(a, "one"); +md5_hash_update(b, "one"); +md5_hash_update(b, "two"); +md5_hash_update(b, "three"); -print md5_hash_finish("a"); -print md5_hash_finish("b"); +print md5_hash_finish(a); +print md5_hash_finish(b); print md5_hmac("one"); print md5_hmac("one", "two", "three"); diff --git a/testing/btest/bifs/sha1.test b/testing/btest/bifs/sha1.test index 85c8df99c5..7bbd8b002e 100644 --- a/testing/btest/bifs/sha1.test +++ b/testing/btest/bifs/sha1.test @@ -4,13 +4,13 @@ print sha1_hash("one"); print sha1_hash("one", "two", "three"); -sha1_hash_init("a"); -sha1_hash_init("b"); +local a = sha1_hash_init(); +local b = sha1_hash_init(); -sha1_hash_update("a", "one"); -sha1_hash_update("b", "one"); -sha1_hash_update("b", "two"); -sha1_hash_update("b", "three"); +sha1_hash_update(a, "one"); +sha1_hash_update(b, "one"); +sha1_hash_update(b, "two"); +sha1_hash_update(b, "three"); -print sha1_hash_finish("a"); -print sha1_hash_finish("b"); +print sha1_hash_finish(a); +print sha1_hash_finish(b); diff --git a/testing/btest/bifs/sha256.test b/testing/btest/bifs/sha256.test index 7451f2fad3..a1c17f7113 100644 --- a/testing/btest/bifs/sha256.test +++ b/testing/btest/bifs/sha256.test @@ -4,13 +4,13 @@ print sha256_hash("one"); print sha256_hash("one", "two", "three"); -sha256_hash_init("a"); -sha256_hash_init("b"); +local a = sha256_hash_init(); +local b = sha256_hash_init(); -sha256_hash_update("a", "one"); -sha256_hash_update("b", "one"); -sha256_hash_update("b", "two"); -sha256_hash_update("b", "three"); +sha256_hash_update(a, "one"); +sha256_hash_update(b, "one"); +sha256_hash_update(b, "two"); +sha256_hash_update(b, "three"); -print sha256_hash_finish("a"); -print sha256_hash_finish("b"); +print sha256_hash_finish(a); +print sha256_hash_finish(b); diff --git a/testing/btest/bifs/to_port.bro b/testing/btest/bifs/to_port.bro index 0dfecac43e..b2289b8a21 100644 --- a/testing/btest/bifs/to_port.bro +++ b/testing/btest/bifs/to_port.bro @@ -7,6 +7,9 @@ event bro_init() print to_port("123/tcp"); print to_port("123/udp"); print to_port("123/icmp"); + print to_port("0/tcp"); + print to_port("0/udp"); + print to_port("0/icmp"); print to_port("not a port"); local a: transport_proto = tcp; diff --git a/testing/btest/core/leaks/string-indexing.bro b/testing/btest/core/leaks/string-indexing.bro new file mode 100644 index 0000000000..f9ea000ef9 --- /dev/null +++ b/testing/btest/core/leaks/string-indexing.bro @@ -0,0 +1,26 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/wikipedia.trace %INPUT + + +event new_connection(c: connection) + { + local s = "0123456789"; + print s[1]; + print s[1:2]; + print s[1:6]; + print s[0:20]; + print s[-2]; + print s[-3:1]; + print s[-1:10]; + print s[-1:0]; + print s[-1:5]; + print s[20:23]; + print s[-20:23]; + print s[0:5][2]; + print s[0:5][1:3][0]; + } diff --git a/testing/btest/core/leaks/switch-statement.bro b/testing/btest/core/leaks/switch-statement.bro new file mode 100644 index 0000000000..24829006b5 --- /dev/null +++ b/testing/btest/core/leaks/switch-statement.bro @@ -0,0 +1,289 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/wikipedia.trace %INPUT + +type MyEnum: enum { + RED, + GREEN, + BLUE, + PINK, +}; + +function switch_bool(v: bool): string + { + switch (v) { + case T: + return "true"; + case F: + return "false"; + } + return "n/a"; + } + +function switch_int(v: int): string + { + switch (v) { + case +1: + return "one"; + case +2: + return "two"; + case -3: + return "minus three"; + } + return "n/a"; + } + +function switch_enum(v: MyEnum): string + { + switch (v) { + case RED: + return "red"; + case GREEN: + return "green"; + case BLUE: + return "blue"; + } + return "n/a"; + } + +function switch_count(v: count): string + { + switch (v) { + case 1: + return "1"; + case 2: + return "2"; + case 3: + return "3"; + } + return "n/a"; + } + +function switch_port(v: port): string + { + switch (v) { + case 22/tcp: + return "ssh"; + case 53/udp: + return "dns"; + case 0/icmp: + return "echo"; + } + return "n/a"; + } + +function switch_double(v: double): string + { + switch (v) { + case 1.1: + return "1.1"; + case 2.2: + return "2.2"; + case 3.3: + return "3.3"; + } + return "n/a"; + } + +function switch_interval(v: interval): string + { + switch (v) { + case 1sec: + return "1sec"; + case 2day: + return "2day"; + case 3min: + return "3min"; + } + return "n/a"; + } + +function switch_string(v: string): string + { + switch (v) { + case "one": + return "first"; + case "two": + return "second"; + case "three": + return "third"; + } + return "n/a"; + } + +function switch_addr(v: addr): string + { + switch (v) { + case 1.2.3.4: + return "ipv4"; + case [fe80::1]: + return "ipv6"; + case 0.0.0.0: + return "unspec"; + } + return "n/a"; + } + +function switch_subnet(v: subnet): string + { + switch (v) { + case 1.2.3.0/24: + return "1.2.3.0/24"; + case [fe80::0]/96: + return "[fe80::0]"; + case 192.168.0.0/16: + return "192.168.0.0/16"; + } + return "n/a"; + } + +function switch_empty(v: count): string + { + switch ( v ) { + } + return "n/a"; + } + +function switch_break(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "test"; + case 2: + rval += "testing"; + break; + case 3: + rval += "tested"; + } + return rval + "return"; + } + +function switch_default(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "1"; + case 2: + rval += "2"; + case 3: + rval += "3"; + default: + rval += "d"; + } + return rval + "r"; + } + +function switch_default_placement(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "1"; + default: + rval += "d"; + case 2: + rval += "2"; + break; + case 3: + rval += "3"; + } + return rval + "r"; + } + +function switch_case_list(v: count): string + { + switch ( v ) { + case 1, 2: + return "1,2"; + case 3, 4, 5: + return "3,4,5"; + case 6, 7, 8, 9: + return "6,7,8,9"; + } + return "n/a"; + } + +function test_switch(actual: string, expect: string) + { + if ( actual != expect ) + print fmt("%s != %s", actual, expect); + } + +event new_connection(c: connection) + { + test_switch( switch_bool(T) , "true" ); + test_switch( switch_bool(F) , "false" ); + test_switch( switch_int(+1) , "one" ); + test_switch( switch_int(+2) , "two" ); + test_switch( switch_int(-3) , "minus three" ); + test_switch( switch_int(40) , "n/a" ); + test_switch( switch_enum(RED) , "red" ); + test_switch( switch_enum(BLUE) , "blue" ); + test_switch( switch_enum(GREEN) , "green" ); + test_switch( switch_enum(PINK) , "n/a" ); + test_switch( switch_count(1) , "1" ); + test_switch( switch_count(2) , "2" ); + test_switch( switch_count(3) , "3" ); + test_switch( switch_count(100) , "n/a" ); + test_switch( switch_port(22/tcp) , "ssh" ); + test_switch( switch_port(53/udp) , "dns" ); + test_switch( switch_port(0/icmp) , "echo" ); + test_switch( switch_port(1000/tcp) , "n/a" ); + test_switch( switch_double(1.1) , "1.1" ); + test_switch( switch_double(2.2) , "2.2" ); + test_switch( switch_double(3.3) , "3.3" ); + test_switch( switch_interval(1sec) , "1sec" ); + test_switch( switch_interval(2day) , "2day" ); + test_switch( switch_interval(3min) , "3min" ); + test_switch( switch_string("one") , "first" ); + test_switch( switch_string("two") , "second" ); + test_switch( switch_string("three") , "third" ); + test_switch( switch_addr(1.2.3.4) , "ipv4" ); + test_switch( switch_addr([fe80::1]) , "ipv6" ); + test_switch( switch_addr(0.0.0.0) , "unspec" ); + test_switch( switch_subnet(1.2.3.4/24) , "1.2.3.0/24" ); + test_switch( switch_subnet([fe80::1]/96) , "[fe80::0]" ); + test_switch( switch_subnet(192.168.1.100/16) , "192.168.0.0/16" ); + test_switch( switch_empty(2) , "n/a" ); + test_switch( switch_break(1) , "testtestingreturn" ); + test_switch( switch_break(2) , "testingreturn" ); + test_switch( switch_break(3) , "testedreturn" ); + test_switch( switch_default(1) , "123dr" ); + test_switch( switch_default(2) , "23dr" ); + test_switch( switch_default(3) , "3dr" ); + test_switch( switch_default(4) , "dr" ); + test_switch( switch_default_placement(1) , "1d2r" ); + test_switch( switch_default_placement(2) , "2r" ); + test_switch( switch_default_placement(3) , "3r" ); + test_switch( switch_default_placement(4) , "d2r" ); + + local v = vector(0,1,2,3,4,5,6,7,9,10); + local expect: string; + + for ( i in v ) + { + switch ( v[i] ) { + case 1, 2: + expect = "1,2"; + break; + case 3, 4, 5: + expect = "3,4,5"; + break; + case 6, 7, 8, 9: + expect = "6,7,8,9"; + break; + default: + expect = "n/a"; + break; + } + test_switch( switch_case_list(v[i]) , expect ); + } + + print "done"; + } diff --git a/testing/btest/core/tcp/rst-after-syn.bro b/testing/btest/core/tcp/rst-after-syn.bro new file mode 100644 index 0000000000..38976909d7 --- /dev/null +++ b/testing/btest/core/tcp/rst-after-syn.bro @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro -b -r $TRACES/tcp/rst-inject-rae.trace %INPUT +# @TEST-EXEC: btest-diff .stdout + +# Mostly just checking that c$resp$size isn't huge due to the injected +# RST packet being used to initialize sequence number in TCP analyzer. + +event connection_state_remove(c: connection) + { + print c$id; + print "orig:", c$orig; + print "resp:", c$resp; + } diff --git a/testing/btest/istate/opaque.bro b/testing/btest/istate/opaque.bro new file mode 100644 index 0000000000..84818a5e70 --- /dev/null +++ b/testing/btest/istate/opaque.bro @@ -0,0 +1,77 @@ +# +# @TEST-EXEC: bro -r $TRACES/empty.trace write.bro +# @TEST-EXEC: bro read.bro +# @TEST-EXEC: btest-diff expected.log +# @TEST-EXEC: btest-diff output.log +# @TEST-EXEC: cmp output.log expected.log + +@TEST-START-FILE read.bro + +global md5_handle: opaque of md5 &persistent &synchronized; +global sha1_handle: opaque of sha1 &persistent &synchronized; +global sha256_handle: opaque of sha256 &persistent &synchronized; +global entropy_handle: opaque of entropy &persistent &synchronized; + +event bro_done() + { + local out = open("output.log"); + + # Finish incremental operations started by a previous Bro. + if ( md5_hash_update(md5_handle, "oo") ) + print out, md5_hash_finish(md5_handle); + else + print out, "md5_hash_update() failed"; + + if ( sha1_hash_update(sha1_handle, "oo") ) + print out, sha1_hash_finish(sha1_handle); + else + print out, "sha1_hash_update() failed"; + + if ( sha256_hash_update(sha256_handle, "oo") ) + print out, sha256_hash_finish(sha256_handle); + else + print out, "sha256_hash_update() failed"; + + if ( entropy_test_add(entropy_handle, "oo") ) + print out, entropy_test_finish(entropy_handle); + else + print out, "entropy_test_add() failed"; + } + +@TEST-END-FILE + +@TEST-START-FILE write.bro + +global md5_handle: opaque of md5 &persistent &synchronized; +global sha1_handle: opaque of sha1 &persistent &synchronized; +global sha256_handle: opaque of sha256 &persistent &synchronized; +global entropy_handle: opaque of entropy &persistent &synchronized; + +event bro_init() + { + local out = open("expected.log"); + print out, md5_hash("foo"); + print out, sha1_hash("foo"); + print out, sha256_hash("foo"); + print out, find_entropy("foo"); + + # Begin incremental operations. Our goal is to feed the data string "foo" to + # the computation, but split into "f" and "oo" in two instances.. + md5_handle = md5_hash_init(); + if ( ! md5_hash_update(md5_handle, "f") ) + print out, "md5_hash_update() failed"; + + sha1_handle = sha1_hash_init(); + if ( ! sha1_hash_update(sha1_handle, "f") ) + print out, "sha1_hash_update() failed"; + + sha256_handle = sha256_hash_init(); + if ( ! sha256_hash_update(sha256_handle, "f") ) + print out, "sha256_hash_update() failed"; + + entropy_handle = entropy_test_init(); + if ( ! entropy_test_add(entropy_handle, "f") ) + print out, "entropy_test_add() failed"; + } + +@TEST-END-FILE diff --git a/testing/btest/language/const.bro b/testing/btest/language/const.bro new file mode 100644 index 0000000000..ee938e8d45 --- /dev/null +++ b/testing/btest/language/const.bro @@ -0,0 +1,79 @@ +# @TEST-EXEC: bro -b valid.bro 2>valid.stderr 1>valid.stdout +# @TEST-EXEC: btest-diff valid.stderr +# @TEST-EXEC: btest-diff valid.stdout + +# @TEST-EXEC-FAIL: bro -b invalid.bro 2>invalid.stderr 1>invalid.stdout +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff invalid.stderr +# @TEST-EXEC: btest-diff invalid.stdout + +@TEST-START-FILE valid.bro +# First some simple code that should be valid and error-free. + +function f(c: count) + { + print "enter f", c; + c = c + 100; + print "exit f", c; + } + +const foo = 0 &redef; +redef foo = 10; + +const bar = 9; + +event bro_init() + { + const baz = 7; + local i = foo; + i = i + bar + 2; + i = i + baz + 11; + ++i; + print i; + --i; + f(foo); + f(bar); + f(baz); + print "foo", foo; + print "bar", bar; + print "baz", baz; + } + +@TEST-END-FILE + +@TEST-START-FILE invalid.bro +# Now some const assignments that should generate errors at parse-time. + +const foo = 0 &redef; +redef foo = 10; + +const bar = 9; + +event bro_init() + { + const baz = 7; + local s = 0; + + print "nope"; + + foo = 100; + foo = bar; + foo = bar = baz; + foo = s; + ++foo; + s = foo = bar; + + if ( foo = 0 ) + print "nope"; + + bar = 1 + 1; + baz = s; + ++bar; + --baz; + + print "foo", foo; + print "bar", bar; + print "baz", baz; + print "foo=foo", foo = foo; + } + +@TEST-END-FILE diff --git a/testing/btest/language/string-indexing.bro b/testing/btest/language/string-indexing.bro new file mode 100644 index 0000000000..f991b3c5fa --- /dev/null +++ b/testing/btest/language/string-indexing.bro @@ -0,0 +1,17 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +local s = "0123456789"; +print s[1]; +print s[1:2]; +print s[1:6]; +print s[0:20]; +print s[-2]; +print s[-3:-1]; +print s[-1:-10]; +print s[-1:0]; +print s[-1:5]; +print s[20:23]; +print s[-20:23]; +print s[0:5][2]; +print s[0:5][1:3][0]; diff --git a/testing/btest/language/switch-statement.bro b/testing/btest/language/switch-statement.bro new file mode 100644 index 0000000000..b8c34f77dc --- /dev/null +++ b/testing/btest/language/switch-statement.bro @@ -0,0 +1,284 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +type MyEnum: enum { + RED, + GREEN, + BLUE, + PINK, +}; + +function switch_bool(v: bool): string + { + switch (v) { + case T: + return "true"; + case F: + return "false"; + } + return "n/a"; + } + +function switch_int(v: int): string + { + switch (v) { + case +1: + return "one"; + case +2: + return "two"; + case -3: + return "minus three"; + } + return "n/a"; + } + +function switch_enum(v: MyEnum): string + { + switch (v) { + case RED: + return "red"; + case GREEN: + return "green"; + case BLUE: + return "blue"; + } + return "n/a"; + } + +function switch_count(v: count): string + { + switch (v) { + case 1: + return "1"; + case 2: + return "2"; + case 3: + return "3"; + } + return "n/a"; + } + +function switch_port(v: port): string + { + switch (v) { + case 22/tcp: + return "ssh"; + case 53/udp: + return "dns"; + case 0/icmp: + return "echo"; + } + return "n/a"; + } + +function switch_double(v: double): string + { + switch (v) { + case 1.1: + return "1.1"; + case 2.2: + return "2.2"; + case 3.3: + return "3.3"; + } + return "n/a"; + } + +function switch_interval(v: interval): string + { + switch (v) { + case 1sec: + return "1sec"; + case 2day: + return "2day"; + case 3min: + return "3min"; + } + return "n/a"; + } + +function switch_string(v: string): string + { + switch (v) { + case "one": + return "first"; + case "two": + return "second"; + case "three": + return "third"; + } + return "n/a"; + } + +function switch_addr(v: addr): string + { + switch (v) { + case 1.2.3.4: + return "ipv4"; + case [fe80::1]: + return "ipv6"; + case 0.0.0.0: + return "unspec"; + } + return "n/a"; + } + +function switch_subnet(v: subnet): string + { + switch (v) { + case 1.2.3.0/24: + return "1.2.3.0/24"; + case [fe80::0]/96: + return "[fe80::0]"; + case 192.168.0.0/16: + return "192.168.0.0/16"; + } + return "n/a"; + } + +function switch_empty(v: count): string + { + switch ( v ) { + } + return "n/a"; + } + +function switch_break(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "test"; + case 2: + rval += "testing"; + break; + case 3: + rval += "tested"; + } + return rval + "return"; + } + +function switch_default(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "1"; + case 2: + rval += "2"; + case 3: + rval += "3"; + default: + rval += "d"; + } + return rval + "r"; + } + +function switch_default_placement(v: count): string + { + local rval = ""; + switch ( v ) { + case 1: + rval += "1"; + default: + rval += "d"; + case 2: + rval += "2"; + break; + case 3: + rval += "3"; + } + return rval + "r"; + } + +function switch_case_list(v: count): string + { + switch ( v ) { + case 1, 2: + return "1,2"; + case 3, 4, 5: + return "3,4,5"; + case 6, 7, 8, 9: + return "6,7,8,9"; + } + return "n/a"; + } + +function test_switch(actual: string, expect: string) + { + if ( actual != expect ) + print fmt("%s != %s", actual, expect); + } + +event bro_init() + { + test_switch( switch_bool(T) , "true" ); + test_switch( switch_bool(F) , "false" ); + test_switch( switch_int(+1) , "one" ); + test_switch( switch_int(+2) , "two" ); + test_switch( switch_int(-3) , "minus three" ); + test_switch( switch_int(40) , "n/a" ); + test_switch( switch_enum(RED) , "red" ); + test_switch( switch_enum(BLUE) , "blue" ); + test_switch( switch_enum(GREEN) , "green" ); + test_switch( switch_enum(PINK) , "n/a" ); + test_switch( switch_count(1) , "1" ); + test_switch( switch_count(2) , "2" ); + test_switch( switch_count(3) , "3" ); + test_switch( switch_count(100) , "n/a" ); + test_switch( switch_port(22/tcp) , "ssh" ); + test_switch( switch_port(53/udp) , "dns" ); + test_switch( switch_port(0/icmp) , "echo" ); + test_switch( switch_port(1000/tcp) , "n/a" ); + test_switch( switch_double(1.1) , "1.1" ); + test_switch( switch_double(2.2) , "2.2" ); + test_switch( switch_double(3.3) , "3.3" ); + test_switch( switch_interval(1sec) , "1sec" ); + test_switch( switch_interval(2day) , "2day" ); + test_switch( switch_interval(3min) , "3min" ); + test_switch( switch_string("one") , "first" ); + test_switch( switch_string("two") , "second" ); + test_switch( switch_string("three") , "third" ); + test_switch( switch_addr(1.2.3.4) , "ipv4" ); + test_switch( switch_addr([fe80::1]) , "ipv6" ); + test_switch( switch_addr(0.0.0.0) , "unspec" ); + test_switch( switch_subnet(1.2.3.4/24) , "1.2.3.0/24" ); + test_switch( switch_subnet([fe80::1]/96) , "[fe80::0]" ); + test_switch( switch_subnet(192.168.1.100/16) , "192.168.0.0/16" ); + test_switch( switch_empty(2) , "n/a" ); + test_switch( switch_break(1) , "testtestingreturn" ); + test_switch( switch_break(2) , "testingreturn" ); + test_switch( switch_break(3) , "testedreturn" ); + test_switch( switch_default(1) , "123dr" ); + test_switch( switch_default(2) , "23dr" ); + test_switch( switch_default(3) , "3dr" ); + test_switch( switch_default(4) , "dr" ); + test_switch( switch_default_placement(1) , "1d2r" ); + test_switch( switch_default_placement(2) , "2r" ); + test_switch( switch_default_placement(3) , "3r" ); + test_switch( switch_default_placement(4) , "d2r" ); + + local v = vector(0,1,2,3,4,5,6,7,9,10); + local expect: string; + + for ( i in v ) + { + switch ( v[i] ) { + case 1, 2: + expect = "1,2"; + break; + case 3, 4, 5: + expect = "3,4,5"; + break; + case 6, 7, 8, 9: + expect = "6,7,8,9"; + break; + default: + expect = "n/a"; + break; + } + test_switch( switch_case_list(v[i]) , expect ); + } + + print "done"; + } diff --git a/testing/btest/language/type-type-error.bro b/testing/btest/language/type-type-error.bro new file mode 100644 index 0000000000..047e4b34ef --- /dev/null +++ b/testing/btest/language/type-type-error.bro @@ -0,0 +1,14 @@ +# @TEST-EXEC-FAIL: bro -b %INPUT +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr + +type r: record { + a: string; +}; + +event bro_init() + { + # This should generate a parse error indicating that the type identifier + # is incorrectly used in an expression expecting a real value and not + # a value of type TypeType. + print r$a; + }