Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/master' into topic/johanna/spicy-tls

Browse source 
* origin/master: (93 commits)
  spicyz: Add back message about removed support for port / ports in evt
  rule-parse: Remove id_to_str() lookup to squelch coverity warning
  Update doc submodule [nomail] [skip ci]
  Update zeekctl submodule [nomail]
  btest: Skip core.script-args under TSAN
  Update doc submodule [nomail] [skip ci]
  Update zeekctl submodule
  Add note to NEWS about the removal of OpaqueVal::DoSerialize and OpaqueVal::DoUnserialize
  Remove deprecated port/ports fields for spicy analyzers
  Remove deprecated Cluster::Node::interface field
  Remove deprecated signature definition format
  Return an error if GLOBAL:: prefix is used
  Remove deprecated BloomFilter serialization methods
  Remove deprecated OpaqueVal serialization methods
  Remove deprecated DECLARE_OPAQUE_VALUE macro
  Make TypePtr::Capture member variables private
  Remove deprecated Trigger constructor
  Remove deprecated Controller::auto_assign_ports and Controller::auto_assign_start_port
  Remove deprecated load-balacing policy script
  Remove deprecated prometheus telemetry policy script
  ...
This commit is contained in:
Johanna Amann 2024-08-13 10:37:52 +01:00
commit 1e282989fe
202 changed files with 2903 additions and 1097 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -146,6 +146,7 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/files/magic/__load__.zeek
scripts/base/frameworks/telemetry/options.zeek
build/scripts/base/bif/__load__.zeek
build/scripts/base/bif/consts.bif.zeek
build/scripts/base/bif/telemetry.bif.zeek
build/scripts/base/bif/zeekygen.bif.zeek
build/scripts/base/bif/pcap.bif.zeek

13
testing/btest/Baseline/coverage.bare-mode-errors/errors
View file

@ -1,15 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### NOTE: This file has been sorted with diff-sort.
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/__load__.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from command line arguments "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";

1
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -146,6 +146,7 @@ scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/files/magic/__load__.zeek
scripts/base/frameworks/telemetry/options.zeek
build/scripts/base/bif/__load__.zeek
build/scripts/base/bif/consts.bif.zeek
build/scripts/base/bif/telemetry.bif.zeek
build/scripts/base/bif/zeekygen.bif.zeek
build/scripts/base/bif/pcap.bif.zeek

16
testing/btest/Baseline/coverage.test-all-policy-cluster/.stderr
View file

@ -1,21 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
received termination signal
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
received termination signal
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
received termination signal
warning in <...>/__load__.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:2 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/extracted_file_limits.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:147 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/packet-fragments.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:148 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
warning in <...>/warnings.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:149 "Remove in v7.1 The policy<...>/defaults package is deprecated. The options set here are now the defaults for Zeek in general.";
received termination signal

3
testing/btest/Baseline/language.deprecate-global/.stderr
View file

@ -1,3 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/deprecate-global.zeek, line 22: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::test_function)
warning in <...>/deprecate-global.zeek, line 26: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::X)

8
testing/btest/Baseline/language.global-colon-colon/.stderr
View file

@ -1,9 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/global-colon-colon.zeek, line 67: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::X)
warning in <...>/global-colon-colon.zeek, line 75: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::my_hook)
warning in <...>/global-colon-colon.zeek, line 82: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::func)
warning in <...>/global-colon-colon.zeek, line 89: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::funcX)
warning in <...>/global-colon-colon.zeek, line 110: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::X)
warning in <...>/global-colon-colon.zeek, line 118: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::my_hook)
warning in <...>/global-colon-colon.zeek, line 125: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::func)
warning in <...>/global-colon-colon.zeek, line 132: Remove in v7.1: Use :: instead of GLOBAL:: (GLOBAL::funcX)

20
testing/btest/Baseline/language.global-colon-colon/out
View file

@ -3,8 +3,6 @@
MyModule X
(MyModule) print MyModule::X
MyModule X
(MyModule) print GLOBAL::X
global X
(MyModule) print ::X
global X
(MyModule) hook my_hook()
@ -13,32 +11,22 @@
(MyModule) hook MyModule::my_hook()
MyModule::my_hook() (in GLOBAL)
MyModule::my_hook()
(MyModule) hook GLOBAL::my_hook()
my_hook() (in GLOBAL)
::my_hook() (in GLOBAL)
::my_hook() (in MyModule using ::)
(MyModule) hook ::my_hook()
my_hook() (in GLOBAL)
::my_hook() (in GLOBAL)
::my_hook() (in MyModule using ::)
(MyModule) call func()
MyModule::func()
(MyModule) call GLOBAL::func()
GLOBAL::func()
(MyModule) call ::func()
GLOBAL::func()
(MyModule) call funcX()
::funcX() (in MyModule)
(MyModule) call GLOBAL::funcX()
::funcX() (in MyModule)
(MyModule) call ::funcX()
::funcX() (in MyModule)
(G) print X
global X
(G) print MyModule::X
MyModule X
(G) print GLOBAL::X
global X
(G) print ::X
global X
(G) hook my_hook()
@ -48,24 +36,16 @@
(G) MyModule::my_hook()
MyModule::my_hook() (in GLOBAL)
MyModule::my_hook()
(G) hook GLOBAL::my_hook()
my_hook() (in GLOBAL)
::my_hook() (in GLOBAL)
::my_hook() (in MyModule using ::)
(G) hook ::my_hook()
my_hook() (in GLOBAL)
::my_hook() (in GLOBAL)
::my_hook() (in MyModule using ::)
(G) call func()
GLOBAL::func()
(G) call GLOBAL::func()
GLOBAL::func()
(G) call ::func()
GLOBAL::func()
(G) call funcX()
::funcX() (in MyModule)
(G) call GLOBAL::funcX()
::funcX() (in MyModule)
(G) call ::funcX()
::funcX() (in MyModule)
MyModule::my_event() (in MyModule)

10
testing/btest/Baseline/language.init-integration/out
View file

@ -13,15 +13,15 @@ init_key2 in state2: 1
[worker-1] = [node_type=Cluster::WORKER, ip=127.0.0.1, p=5/udp, manager=manager-1]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>],
[worker-5] = [node_type=Cluster::WORKER, ip=3.4.5.6, zone_id=, p=15/tcp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>],
[worker-5] = [node_type=Cluster::WORKER, ip=3.4.5.6, zone_id=, p=15/tcp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>],
[worker-6] = [node_type=Cluster::WORKER, ip=4.5.6.7, zone_id=, p=17/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>],
[worker-6] = [node_type=Cluster::WORKER, ip=4.5.6.7, zone_id=, p=17/udp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
}
{
[3.0, 4]

1
testing/btest/Baseline/language.when/out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
done
lookup successful
received termination signal

6
testing/btest/Baseline/plugins.hooks/output
View file

@ -464,6 +464,7 @@
0.000000 MetaHookPost LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./consts.bif.zeek, <...>/consts.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./contents, <...>/contents.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./control, <...>/control.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek) -> -1
@ -758,6 +759,7 @@
0.000000 MetaHookPost LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./consts.bif.zeek, <...>/consts.bif.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./contents, <...>/contents.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./control, <...>/control.zeek) -> (-1, <no content>)
0.000000 MetaHookPost LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek) -> (-1, <no content>)
@ -1384,6 +1386,7 @@
0.000000 MetaHookPre LoadFile(0, ./comm.bif.zeek, <...>/comm.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./const.bif.zeek, <...>/const.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./consts.bif.zeek, <...>/consts.bif.zeek)
0.000000 MetaHookPre LoadFile(0, ./contents, <...>/contents.zeek)
0.000000 MetaHookPre LoadFile(0, ./control, <...>/control.zeek)
0.000000 MetaHookPre LoadFile(0, ./data.bif.zeek, <...>/data.bif.zeek)
@ -1678,6 +1681,7 @@
0.000000 MetaHookPre LoadFileExtended(0, ./comm.bif.zeek, <...>/comm.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./communityid.bif.zeek, <...>/communityid.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./const.bif.zeek, <...>/const.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./consts.bif.zeek, <...>/consts.bif.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./contents, <...>/contents.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./control, <...>/control.zeek)
0.000000 MetaHookPre LoadFileExtended(0, ./data.bif.zeek, <...>/data.bif.zeek)
@ -2305,6 +2309,7 @@
0.000000 | HookLoadFile ./comm.bif.zeek <...>/comm.bif.zeek
0.000000 | HookLoadFile ./communityid.bif.zeek <...>/communityid.bif.zeek
0.000000 | HookLoadFile ./const.bif.zeek <...>/const.bif.zeek
0.000000 | HookLoadFile ./consts.bif.zeek <...>/consts.bif.zeek
0.000000 | HookLoadFile ./contents <...>/contents.zeek
0.000000 | HookLoadFile ./control <...>/control.zeek
0.000000 | HookLoadFile ./data.bif.zeek <...>/data.bif.zeek
@ -2599,6 +2604,7 @@
0.000000 | HookLoadFileExtended ./comm.bif.zeek <...>/comm.bif.zeek
0.000000 | HookLoadFileExtended ./communityid.bif.zeek <...>/communityid.bif.zeek
0.000000 | HookLoadFileExtended ./const.bif.zeek <...>/const.bif.zeek
0.000000 | HookLoadFileExtended ./consts.bif.zeek <...>/consts.bif.zeek
0.000000 | HookLoadFileExtended ./contents <...>/contents.zeek
0.000000 | HookLoadFileExtended ./control <...>/control.zeek
0.000000 | HookLoadFileExtended ./data.bif.zeek <...>/data.bif.zeek

3
testing/btest/Baseline/scripts.base.frameworks.telemetry.basic/out
View file

@ -1,5 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### zeek_session_metrics |2|
### zeek_session_metrics |3|
Telemetry::COUNTER, zeek, zeek_ended_sessions_total, [reason], [inactivity], 0.0
Telemetry::COUNTER, zeek, zeek_total_sessions_total, [protocol], [tcp], 500.0
Telemetry::GAUGE, zeek, zeek_active_sessions, [protocol], [tcp], 500.0
### bt* metrics |5|

11
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-ntlm/conn.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60126 127.0.1.1 389 tcp ldap_tcp 2.290081 289 1509 SF 0 ShADadFf 12 921 15 2297 -
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-ntlm/ldap.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60126 127.0.1.1 389 1 3 bind SASL SASL bind in progress SASL(0): successful result: - NTLM
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60126 127.0.1.1 389 2 3 bind SASL success - - NTLM
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60126 127.0.1.1 389 4 - unbind - - - -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-ntlm/ldap_search.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap_search
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scope deref_aliases base_object result_count result diagnostic_message filter attributes
#types time string addr port addr port int string string string count string string string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60126 127.0.1.1 389 3 tree never dc=example,dc=com 9 success - (objectclass=*) -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-scram-sha-512/conn.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59552 127.0.1.1 389 tcp ldap_tcp 2.231680 353 1772 SF 0 ShADadFf 11 933 15 2560 -
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-scram-sha-512/ldap.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59552 127.0.1.1 389 1 3 bind SASL SASL bind in progress SASL(0): successful result: user: sasladmin@slapd.ldap property: slapAuthzDN not found in sasldb - SCRAM-SHA-512
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59552 127.0.1.1 389 2 3 bind SASL success - - SCRAM-SHA-512
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59552 127.0.1.1 389 4 - unbind - - - -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-scram-sha-512/ldap_search.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap_search
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id scope deref_aliases base_object result_count result diagnostic_message filter attributes
#types time string addr port addr port int string string string count string string string vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 59552 127.0.1.1 389 3 tree never dc=example,dc=com 9 success - (objectclass=*) -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-srp-who-am-i/conn.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60648 127.0.1.1 389 tcp ldap_tcp 2.114467 548 1020 SF 0 ShADadFf 9 1024 6 1340 -
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.protocols.ldap.sasl-srp-who-am-i/ldap.log Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60648 127.0.1.1 389 1 3 bind SASL SASL bind in progress SASL(0): successful result: user: zeek@ubuntu-01.example.com property: slapAuthzDN not found in sasldb - SRP
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 60648 127.0.1.1 389 2 3 bind SASL success - - SRP
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.protocols.ldap.spnego-ntlmssp/conn.log Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.105 50041 192.168.1.108 389 tcp ldap_tcp 0.004745 93 283 RSTR 0 ShADdFar 5 305 4 455 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.107 50041 192.168.1.108 389 tcp ldap_tcp 0.005883 93 283 RSTR 0 ShADdFar 5 305 4 455 -
#close XXXX-XX-XX-XX-XX-XX

14
testing/btest/Baseline/scripts.base.protocols.ldap.spnego-ntlmssp/ldap.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.105 50041 192.168.1.108 389 160 3 bind SASL SASL bind in progress - - GSS-SPNEGO
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.105 50041 192.168.1.108 389 161 - unbind - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.107 50041 192.168.1.108 389 427 3 bind SASL SASL bind in progress - - GSS-SPNEGO
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.1.107 50041 192.168.1.108 389 428 - unbind - - - -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.starttls/conn.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 45936 127.0.1.1 389 tcp ldap_tcp,ssl 0.016922 683 3002 RSTO 0 ShADadFR 14 1407 14 3738 -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.starttls/ldap.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 45936 127.0.1.1 389 1 - extended success - 1.3.6.1.4.1.1466.20037 (StartTLS) -
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/scripts.base.protocols.ldap.starttls/out Normal file
View file

@ -0,0 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
CHhAvVGS1DHFjwGM9, extended_request, 1.3.6.1.4.1.1466.20037 (StartTLS),
CHhAvVGS1DHFjwGM9, extended_response, LDAP::ResultCode_SUCCESS, ,
CHhAvVGS1DHFjwGM9, LDAP::starttls

11
testing/btest/Baseline/scripts.base.protocols.ldap.starttls/ssl.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 45936 127.0.1.1 389 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 ubuntu-01.example.com F - - T CsiI - - -
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.ldap.who-am-i/conn.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 48122 127.0.1.1 389 tcp ldap_tcp 0.001192 83 59 SF 0 ShADadFf 8 507 5 327 -
#close XXXX-XX-XX-XX-XX-XX

13
testing/btest/Baseline/scripts.base.protocols.ldap.who-am-i/ldap.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ldap
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p message_id version opcode result diagnostic_message object argument
#types time string addr port addr port int int string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 48122 127.0.1.1 389 1 3 bind simple success - cn=admin,dc=example,dc=com REDACTED
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 48122 127.0.1.1 389 2 - extended success - 1.3.6.1.4.1.4203.1.11.3 (whoami) -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 48122 127.0.1.1 389 3 - unbind - - - -
#close XXXX-XX-XX-XX-XX-XX

3
testing/btest/Baseline/scripts.base.protocols.ldap.who-am-i/out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
CHhAvVGS1DHFjwGM9, extended_request, 1.3.6.1.4.1.4203.1.11.3 (whoami),
CHhAvVGS1DHFjwGM9, extended_response, LDAP::ResultCode_SUCCESS, , dn:cn=admin,dc=example,dc=com

2
testing/btest/Baseline/scripts.base.protocols.modbus.coil_parsing_big/coverage
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
5 of 36 events triggered by trace
5 of 32 events triggered by trace

2
testing/btest/Baseline/scripts.base.protocols.modbus.coil_parsing_small/coverage
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
5 of 36 events triggered by trace
5 of 32 events triggered by trace

2
testing/btest/Baseline/scripts.base.protocols.modbus.events/coverage
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
22 of 36 events triggered by trace
22 of 32 events triggered by trace

16
testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/mysql.log Normal file
View file

@ -0,0 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 login root T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select @@version_comment limit 1 T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select DATABASE(), USER() limit 1 T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 query select @@character_set_client, @@character_set_connection, @@character_set_server, @@character_set_database limit 1 T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 statistics (empty) - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35928 127.0.0.1 3306 quit (empty) - - -
#close XXXX-XX-XX-XX-XX-XX

19
testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password-after-auth-switch/out Normal file
View file

@ -0,0 +1,19 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql auth plugin, F, caching_sha2_password, Vz\x08w+^\x04p\x02Tv\x01"~\x114\x14RP6\x00, 21
mysql handshake, root
mysql auth plugin, T, mysql_native_password, , 0
mysql auth switch request, caching_sha2_password, Vz\x08w+^\x04p\x02Tv\x01"~\x114\x14RP6\x00, 21
mysql auth more data, T, \xf7dS\x9eXe\xc4\xd6\xa9\xa7 \xfbC\xa6p\xaf\xdf\x9dB[B\x80\xa7\x80\xef\x0c\x95BC9#\x82, 32
mysql auth more data, F, \x03, 1
mysql ok, 0
mysql request, 3, select @@version_comment limit 1
mysql result row, [MySQL Community Server - GPL]
mysql ok, 0
mysql request, 3, select DATABASE(), USER() limit 1
mysql result row, [, root@localhost]
mysql ok, 0
mysql request, 3, select @@character_set_client, @@character_set_connection, @@character_set_server, @@character_set_database limit 1
mysql result row, [utf8mb4, utf8mb4, utf8mb4, utf8mb4]
mysql ok, 0
mysql request, 9,
mysql request, 1,

23
testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/mysql.log Normal file
View file

@ -0,0 +1,23 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56494 127.0.0.1 3306 login root F - Got an error reading communication packets
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 login root T 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query show databases T 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query show tables T 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 field_list t T 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 query select @@version_comment limit 1 T 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 127.0.0.1 49352 127.0.0.1 3306 quit (empty) - - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 login root T 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query show databases T 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query show tables T 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 field_list t T 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 query select @@version_comment limit 1 T 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 127.0.0.1 40950 127.0.0.1 3306 quit (empty) - - -
#close XXXX-XX-XX-XX-XX-XX

51
testing/btest/Baseline/scripts.base.protocols.mysql.caching_sha2_password/out Normal file
View file

@ -0,0 +1,51 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql auth plugin, F, caching_sha2_password, s.\x13\x01>\x05m\x04~Lq)%\x0fLL\x01\x08Xj\x00, 21
mysql handshake, root
mysql auth plugin, T, caching_sha2_password, \x98\xa0Ex\x8a\xeb`\xf3\xc7)\xa6\xaf\xf1\xa4]-\xa0\xdf\x959\xa1\xc5\xd6\xb8\xf3\xd6}\xb2\xa8\x033~, 32
mysql auth more data, F, \x04, 1
mysql error, 1158, Got an error reading communication packets
mysql auth plugin, F, caching_sha2_password, 4x`?e\x04i'k&-P%LID\x17/\x0f{\x00, 21
mysql handshake, root
mysql auth plugin, T, caching_sha2_password, y.\x91:\x11\x87i\x17\xdfI_\xd2\xec\x9a"\xc2%sB\x10\x90\xbd\x15C\xf4w\xc0\x09p}\x8eE, 32
mysql auth more data, F, \x04, 1
mysql auth more data, T, \x02, 1
mysql auth more data, F, -----BEGIN PUBLIC KEY-----\x0aMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VACy/bY60MRuPW6aCxZ\x0abi+o0EgCgxzFObbyzDfnTnVJegOXbrdcbu1qIlEjPyn7UMBfjQr+VueiJvPjz2M8\x0ad/6GX1h4fYuwW4bEXBVo4HGxM8N0IyO1BYjafOaoUeL/NI+bLifH70KorIcSUR+h\x0a879DAQ0zlKz5vwpDYN2LVxidjFvy5baSPi/csDMqi2jitBAzbNW992O/v9CPnh5f\x0akdRMa2lMPKxRaPeqAw9U7CAmRqAaHZAfdI5kYnj3vsOFvKL2dkE+ckY8sh5H2uto\x0a37+mg6oll5PsydMbSuvFHLc0JZm++oem5z2WsZBdxmohqJ8Foc43W8IOtxs+YAOw\x0avwIDAQAB\x0a-----END PUBLIC KEY-----\x0a, 451
mysql auth more data, T, \xca3\x89.M\x9d\xc0\xcb\xd6'2Zo*\xda8\xd2\xba\xb1\xabI\xcb\x1es%R\x1fo\xd0\xa6\xb8\x90<B\x0c(\xacR9\xee\xd8xv-\xe1\xb9d\xd2\x1e\xfam\xf9\xf6!f>\xf56\x0e\xd9\xd8p\x9eX\x84K\xb5\x1a\xe5\xfa\x18\xc1*\xfc\xa9W\xd6p\x1a\xcfv\xe8%\xe0\xb9\xfe\x98\x1b\xb3\x938\x85\xf4O\xf0c2b\xae\x81F\x1e\xb9\x1f\xbd\xdf\x16C\x91\xd5\x08\xa6\x82\xb6y\xf7\xa3u<F}V\xd8`Eb\xcf;\x8e\xd1\xe5\xba\x03\x03\x17q\xba\xbe\xde4\xdc}K\xcc\xc2eWs\x8e\xf5\x87\xa8\x0fL\x8a\xb5a|k\x19\xbc|\xa4\xfb\x16\x8e \xb8\x84]\x87\xc8\xe5m\xf1\xca\xbbD=(I\xd9?\x9d\xea\x0d\xa9\xf7\xd3?\xb1\xad\xf5\x18\x08\x00/s\x10<\xb4\x80\xc7\xa5\xd0\xfa\x11\xe9\xcd\xdf/\xa8\xef\xdeAd\x86k \x92\x8b\x85is\x91!p\o\xa6yZ5\xba\xe5\xaa\x11\xcbt\xbc\x11XV\x8eW\x921x\xa9T\x803)f(S, 256
mysql ok, 0
mysql request, 3, show databases
mysql result row, [information_schema]
mysql result row, [mysql]
mysql result row, [performance_schema]
mysql result row, [sys]
mysql result row, [test]
mysql ok, 0
mysql request, 3, show tables
mysql result row, [t]
mysql ok, 0
mysql request, 4, t\x00
mysql ok, 0
mysql request, 3, select @@version_comment limit 1
mysql result row, [MySQL Community Server - GPL]
mysql ok, 0
mysql request, 1,
mysql auth plugin, F, caching_sha2_password, Z\x0cwi\x02Y\x12{#M\x13\x15C7L\x15&m\x1a\x1e\x00, 21
mysql handshake, root
mysql auth plugin, T, caching_sha2_password, \x9a\xbec\xdd\xd7\xa1\x83X}\x81\xbf\x06\xe7\xd2\xd8\xb2\x7f\xdbs\xe2\xfd\x0f1\x88\xb1\xf0i}\x94D\x8ds, 32
mysql auth more data, F, \x03, 1
mysql ok, 0
mysql request, 3, show databases
mysql result row, [information_schema]
mysql result row, [mysql]
mysql result row, [performance_schema]
mysql result row, [sys]
mysql result row, [test]
mysql ok, 0
mysql request, 3, show tables
mysql result row, [t]
mysql ok, 0
mysql request, 4, t\x00
mysql ok, 0
mysql request, 3, select @@version_comment limit 1
mysql result row, [MySQL Community Server - GPL]
mysql ok, 0
mysql request, 1,

2
testing/btest/Baseline/scripts.base.protocols.mysql.encrypted-aws-rds/tls-12.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql ssl request, CHhAvVGS1DHFjwGM9

2
testing/btest/Baseline/scripts.base.protocols.mysql.encrypted-aws-rds/tls-13.out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql ssl request, CHhAvVGS1DHFjwGM9

4
testing/btest/Baseline/language.deprecate-global/out → testing/btest/Baseline/scripts.base.protocols.mysql.encrypted/out
View file

@ -1,4 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
X, shadows ::X (42)
::X, 42
GLOBAL::X, 42
mysql ssl request, CHhAvVGS1DHFjwGM9

54
testing/btest/Baseline/scripts.base.protocols.mysql.many-query-attr/mysql.log Normal file
View file

@ -0,0 +1,54 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 login root T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 query show databases T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 query show tables T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list columns_priv T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list component T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list db T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list default_roles T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list engine_cost T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list func T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list general_log T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list global_grants T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list gtid_executed T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list help_category T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list help_keyword T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list help_relation T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list help_topic T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list innodb_index_stats T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list innodb_table_stats T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list ndb_binlog_index T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list password_history T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list plugin T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list procs_priv T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list proxies_priv T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list replication_asynchronous_connection_failover T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list replication_asynchronous_connection_failover_managed T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list replication_group_configuration_version T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list replication_group_member_actions T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list role_edges T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list server_cost T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list servers T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list slave_master_info T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list slave_relay_log_info T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list slave_worker_info T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list slow_log T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list tables_priv T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list time_zone T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list time_zone_leap_second T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list time_zone_name T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list time_zone_transition T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list time_zone_transition_type T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 field_list user T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 query select @@version_comment limit 1 T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 query SELECT mysql_query_attribute_string('n1'), mysql_query_attribute_string('n2') T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33592 127.0.0.1 3306 quit (empty) - - -
#close XXXX-XX-XX-XX-XX-XX

132
testing/btest/Baseline/scripts.base.protocols.mysql.many-query-attr/out Normal file
View file

@ -0,0 +1,132 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql handshake, root
mysql ok, 0
mysql request, 3, show databases
mysql result row, [information_schema]
mysql result row, [mysql]
mysql result row, [performance_schema]
mysql result row, [sys]
mysql ok, 0
mysql request, 3, show tables
mysql result row, [columns_priv]
mysql result row, [component]
mysql result row, [db]
mysql result row, [default_roles]
mysql result row, [engine_cost]
mysql result row, [func]
mysql result row, [general_log]
mysql result row, [global_grants]
mysql result row, [gtid_executed]
mysql result row, [help_category]
mysql result row, [help_keyword]
mysql result row, [help_relation]
mysql result row, [help_topic]
mysql result row, [innodb_index_stats]
mysql result row, [innodb_table_stats]
mysql result row, [ndb_binlog_index]
mysql result row, [password_history]
mysql result row, [plugin]
mysql result row, [procs_priv]
mysql result row, [proxies_priv]
mysql result row, [replication_asynchronous_connection_failover]
mysql result row, [replication_asynchronous_connection_failover_managed]
mysql result row, [replication_group_configuration_version]
mysql result row, [replication_group_member_actions]
mysql result row, [role_edges]
mysql result row, [server_cost]
mysql result row, [servers]
mysql result row, [slave_master_info]
mysql result row, [slave_relay_log_info]
mysql result row, [slave_worker_info]
mysql result row, [slow_log]
mysql result row, [tables_priv]
mysql result row, [time_zone]
mysql result row, [time_zone_leap_second]
mysql result row, [time_zone_name]
mysql result row, [time_zone_transition]
mysql result row, [time_zone_transition_type]
mysql result row, [user]
mysql ok, 0
mysql request, 4, columns_priv\x00
mysql ok, 0
mysql request, 4, component\x00
mysql ok, 0
mysql request, 4, db\x00
mysql ok, 0
mysql request, 4, default_roles\x00
mysql ok, 0
mysql request, 4, engine_cost\x00
mysql ok, 0
mysql request, 4, func\x00
mysql ok, 0
mysql request, 4, general_log\x00
mysql ok, 0
mysql request, 4, global_grants\x00
mysql ok, 0
mysql request, 4, gtid_executed\x00
mysql ok, 0
mysql request, 4, help_category\x00
mysql ok, 0
mysql request, 4, help_keyword\x00
mysql ok, 0
mysql request, 4, help_relation\x00
mysql ok, 0
mysql request, 4, help_topic\x00
mysql ok, 0
mysql request, 4, innodb_index_stats\x00
mysql ok, 0
mysql request, 4, innodb_table_stats\x00
mysql ok, 0
mysql request, 4, ndb_binlog_index\x00
mysql ok, 0
mysql request, 4, password_history\x00
mysql ok, 0
mysql request, 4, plugin\x00
mysql ok, 0
mysql request, 4, procs_priv\x00
mysql ok, 0
mysql request, 4, proxies_priv\x00
mysql ok, 0
mysql request, 4, replication_asynchronous_connection_failover\x00
mysql ok, 0
mysql request, 4, replication_asynchronous_connection_failover_managed\x00
mysql ok, 0
mysql request, 4, replication_group_configuration_version\x00
mysql ok, 0
mysql request, 4, replication_group_member_actions\x00
mysql ok, 0
mysql request, 4, role_edges\x00
mysql ok, 0
mysql request, 4, server_cost\x00
mysql ok, 0
mysql request, 4, servers\x00
mysql ok, 0
mysql request, 4, slave_master_info\x00
mysql ok, 0
mysql request, 4, slave_relay_log_info\x00
mysql ok, 0
mysql request, 4, slave_worker_info\x00
mysql ok, 0
mysql request, 4, slow_log\x00
mysql ok, 0
mysql request, 4, tables_priv\x00
mysql ok, 0
mysql request, 4, time_zone\x00
mysql ok, 0
mysql request, 4, time_zone_leap_second\x00
mysql ok, 0
mysql request, 4, time_zone_name\x00
mysql ok, 0
mysql request, 4, time_zone_transition\x00
mysql ok, 0
mysql request, 4, time_zone_transition_type\x00
mysql ok, 0
mysql request, 4, user\x00
mysql ok, 0
mysql request, 3, select @@version_comment limit 1
mysql result row, [MySQL Community Server - GPL]
mysql ok, 0
mysql request, 3, SELECT mysql_query_attribute_string('n1'), mysql_query_attribute_string('n2')
mysql result row, [42, v2]
mysql ok, 0
mysql request, 1,

14
testing/btest/Baseline/scripts.base.protocols.mysql.query-attr-non-string/mysql.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33754 127.0.0.1 3306 login root T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33754 127.0.0.1 3306 ping (empty) T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33754 127.0.0.1 3306 query SELECT version() T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 33754 127.0.0.1 3306 quit (empty) - - -
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/scripts.base.protocols.mysql.query-attr-non-string/out Normal file
View file

@ -0,0 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql handshake, root
mysql ok, 0
mysql request, 14,
mysql ok, 0
mysql request, 3, SELECT version()
mysql eof, T
mysql result row, [9.0.0]
mysql eof, F
mysql request, 1,

14
testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/mysql.log Normal file
View file

@ -0,0 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path mysql
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cmd arg success rows response
#types time string addr port addr port string string bool count string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 login ykg T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select @@version_comment limit 1 T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select now() T 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51682 127.0.0.1 3306 query select now() T 0 -
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.base.protocols.mysql.query-attr/out Normal file
View file

@ -0,0 +1,12 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
mysql handshake, ykg
mysql ok, 0
mysql request, 3, select @@version_comment limit 1
mysql result row, [Source distribution]
mysql ok, 0
mysql request, 3, select now()
mysql result row, [2022-07-13 10:45:41]
mysql ok, 0
mysql request, 3, select now()
mysql result row, [2022-07-13 10:45:43]
mysql ok, 0

13
testing/btest/Baseline/scripts.base.protocols.smb.smb2-zero-byte-error-ioctl/out Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=0, message_id=8, process_id=65279, tree_id=3905704575, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=256, flags=1, message_id=8, process_id=65279, tree_id=3905704575, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=0, message_id=21, process_id=65279, tree_id=900627714, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=256, flags=1, message_id=21, process_id=65279, tree_id=900627714, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=4, message_id=25, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=768, flags=5, message_id=25, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=4, message_id=28, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=768, flags=5, message_id=28, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=4, message_id=31, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=768, flags=5, message_id=31, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]
smb2_close_request, [credit_charge=1, status=0, command=6, credits=256, flags=4, message_id=34, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]
smb2_close_response, [credit_charge=1, status=0, command=6, credits=768, flags=5, message_id=34, process_id=65279, tree_id=1248644238, session_id=66137014, signature=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00], [alloc_size=0, eof=0, times=[modified=0.0, modified_raw=116444736000000000, accessed=0.0, accessed_raw=116444736000000000, created=0.0, created_raw=116444736000000000, changed=0.0, changed_raw=116444736000000000], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]]

2
testing/btest/Baseline/scripts.policy.frameworks.telemetry.log/telemetry.log.filtered
View file

@ -1,5 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
XXXXXXXXXX.XXXXXX zeek counter zeek_ended_sessions_total reason inactivity 0.0
XXXXXXXXXX.XXXXXX zeek counter zeek_total_sessions_total protocol tcp 1.0
XXXXXXXXXX.XXXXXX zeek gauge zeek_active_sessions protocol tcp 1.0
XXXXXXXXXX.XXXXXX zeek counter zeek_ended_sessions_total reason inactivity 0.0
XXXXXXXXXX.XXXXXX zeek counter zeek_total_sessions_total protocol tcp 500.0
XXXXXXXXXX.XXXXXX zeek gauge zeek_active_sessions protocol tcp 500.0

11
testing/btest/Baseline/signatures.custom-event-errors/.stderr
View file

@ -1,9 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/custom-event-errors.zeek, line 9: Wrong number of arguments for function. Expected 3, got 2. (event(state:signature_state, data:string))
warning in <...>/custom-event-errors.zeek, line 7: Wrong number of arguments for function. Expected 3, got 2. (event(state:signature_state, data:string))
error: wrong event parameters for 'wrong_signature2'
warning in <...>/custom-event-errors.zeek, line 11: Wrong number of arguments for function. Expected 2, got 3. (event(state:signature_state, msg:string, data:string))
warning in <...>/custom-event-errors.zeek, line 9: Wrong number of arguments for function. Expected 2, got 3. (event(state:signature_state, msg:string, data:string))
error: wrong event parameters for 'wrong_signature3'
warning in <...>/custom-event-errors.zeek, line 13: Type mismatch in function argument #1. Expected string, got count. (event(state:signature_state, msg:count, data:string))
warning in <...>/custom-event-errors.zeek, line 11: Type mismatch in function argument #1. Expected string, got count. (event(state:signature_state, msg:count, data:string))
error: wrong event parameters for 'wrong_signature4'
error: Error in signature (./id.sig:19): unknown script-level identifier (non_existing_event)
error: Error in signature (./id2.sig:4): custom event and identifier for msg unsupported
error: Error in signature (./id.sig:19): identifier is not an event (non_existing_event)
error: Error in signature (./id.sig:24): identifier is not an event (cat)
error: Error in signature (./id.sig:29): identifier is not an event (ignore_checksums)

1
testing/btest/Baseline/signatures.custom-event/.stderr
View file

@ -1,2 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning: Remove in v7.1: Using an identifier for msg is deprecated (./id.sig:9)

1
testing/btest/Baseline/signatures.custom-event/out
View file

@ -1,4 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
signature_match2 [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp]
signature_match [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - message from identifier (cannot be changed)
signature_match3 [orig_h=127.0.0.1, orig_p=30000/udp, resp_h=127.0.0.1, resp_p=13000/udp] - message

2
testing/btest/Baseline/spicy.replaces-conflicts/output
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
fatal error: redefinition of protocol analyzer spicy::SSH_1
fatal error: spicy::SSH_2: protocol analyzer SSH is already mapped to a different analyzer; cannot replace an analyzer multiple times

2
testing/btest/Baseline/supervisor.large-cluster/zeek.bare-1.node.out
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
supervised node zeek_init()
1024, cluster_nodes!
[node_type=Cluster::WORKER, ip=127.0.0.1, zone_id=, p=0/tcp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
[node_type=Cluster::WORKER, ip=127.0.0.1, zone_id=, p=0/tcp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
supervised node zeek_done()

2
testing/btest/Baseline/supervisor.large-cluster/zeek.bare-32.node.out
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
supervised node zeek_init()
1024, cluster_nodes!
[node_type=Cluster::WORKER, ip=127.0.0.1, zone_id=, p=0/tcp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
[node_type=Cluster::WORKER, ip=127.0.0.1, zone_id=, p=0/tcp, manager=<uninitialized>, id=<uninitialized>, metrics_port=<uninitialized>]
supervised node zeek_done()

3
testing/btest/Traces/README
View file

@ -18,3 +18,6 @@ Trace Index/Sources:
- one `\x30` byte in the ciphertext changed to `\x00`
- ldap/issue-32.pcapng: Provided by GH user martinvanhensbergen,
<https://github.com/zeek/spicy-ldap/issues/23>
- ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap: Harvested from CTU-SME-11
(Experiment-VM-Microsoft-Windows7AD-1) dataset, filtering on tcp port 389 and port 50041.
https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).

BIN
testing/btest/Traces/ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/ldap/ldap-starttls.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/ldap/ldap-who-am-i.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/ldap/sasl-ntlm.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/ldap/sasl-scram-sha-512.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/ldap/sasl-srp-who-am-i.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/mysql/caching_sha2_password-after-auth-switch.pcapng Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/mysql/caching_sha2_password.trace Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/mysql/many-query-attrs.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/mysql/mysql-9.0.0-query-attributes.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/mysql/query-attr.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/smb/smb2-zero-byte-error-ioctl.pcap Normal file
View file

Binary file not shown.

10
testing/btest/core/check-unused-event-handlers.test
View file

@ -1,10 +0,0 @@
# This test should print a warning that the event handler is never invoked.
# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1"
# @TEST-REQUIRES: $SCRIPTS/have-spicy # This test logs uninvoked event handlers, so disable it if Spicy and its plugin is unavailable.
# @TEST-EXEC: zeek -b %INPUT check_for_unused_event_handlers=T
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort-and-remove-abspath btest-diff .stderr
event this_is_never_used()
{
print "not even once";
}

4
testing/btest/core/script-args.zeek
View file

@ -2,6 +2,10 @@
# the script differently, leading to complaints that there are no scripts.
# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1"
# TSAN may re-execute the executable when the memory layout doesn't fullfill
# requirements, causing argument confusion when that happens (see #3774).
# @TEST-REQUIRES: ! have-tsan
# @TEST-EXEC: printf '#!' > test.zeek
# @TEST-EXEC: printf "$BUILD/src/zeek -b --\n" >> test.zeek
# @TEST-EXEC: cat %INPUT >> test.zeek

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -9,4 +9,4 @@
#
# @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v -e 'load-balancing.zeek.*deprecated script loaded' | grep -v -e 'prometheus.zeek.*deprecated script loaded' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors

2
testing/btest/coverage/test-all-policy-cluster.test
View file

@ -9,7 +9,7 @@
# @TEST-EXEC: CLUSTER_NODE=logger-1 zeek %INPUT
# @TEST-EXEC: CLUSTER_NODE=proxy-1 zeek %INPUT
# @TEST-EXEC: CLUSTER_NODE=worker-1 zeek %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v "load-balancing.zeek.*deprecated script" | grep -v "prometheus.zeek.*deprecated script" | $SCRIPTS/diff-remove-abspath' btest-diff .stderr
# @TEST-EXEC: TEST_DIFF_CANONIFIER='$SCRIPTS/diff-remove-abspath' btest-diff .stderr
@load base/frameworks/cluster
@load misc/loaded-scripts

27
testing/btest/language/deprecate-global.zeek
View file

@ -1,27 +0,0 @@
# @TEST-DOC: Adapt in v7.1 to check for errors upon GLOBAL accesses.
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
module GLOBAL;
function test_function() { }
global X = 42;
module MyModule;
global X = fmt("shadows ::X (%s)", ::X);
event zeek_init()
{
test_function();
::test_function();
GLOBAL::test_function();
print "X", X;
print "::X", ::X;
print "GLOBAL::X", GLOBAL::X;
}

22
testing/btest/language/global-colon-colon.zeek
View file

@ -30,7 +30,7 @@ hook my_hook() &priority=9
print " MyModule::my_hook()";
}
# This implements GLOBAL::my_hook()
# This implements a global my_hook()
hook ::my_hook() &priority=8
{
print " ::my_hook() (in MyModule using ::)";
@ -63,37 +63,29 @@ event zeek_init() &priority=5
print fmt(" %s", X);
print "(MyModule) print MyModule::X";
print fmt(" %s", MyModule::X);
print "(MyModule) print GLOBAL::X";
print fmt(" %s", GLOBAL::X);
print "(MyModule) print ::X";
print fmt(" %s", ::X);
print "(MyModule) hook my_hook()";
hook my_hook(); # This uses MyModule::my_hook();
print "(MyModule) hook MyModule::my_hook()";
hook MyModule::my_hook(); # This uses MyModule::hook();
print "(MyModule) hook GLOBAL::my_hook()";
hook GLOBAL::my_hook();
print "(MyModule) hook ::my_hook()";
hook ::my_hook();
print "(MyModule) call func()";
func();
print "(MyModule) call GLOBAL::func()";
GLOBAL::func();
print "(MyModule) call ::func()";
::func();
print "(MyModule) call funcX()";
funcX();
print "(MyModule) call GLOBAL::funcX()";
GLOBAL::funcX();
print "(MyModule) call ::funcX()";
::funcX();
# This schedules MyEvent::my_event()
event my_event();
# This schedules the GLOBAL::my_event();
# This schedules the global ::my_event()
event ::my_event();
}
@ -106,30 +98,22 @@ event zeek_init() &priority=5
print fmt(" %s", X);
print "(G) print MyModule::X";
print fmt(" %s", MyModule::X);
print "(G) print GLOBAL::X";
print fmt(" %s", GLOBAL::X);
print "(G) print ::X";
print fmt(" %s", ::X);
print "(G) hook my_hook()";
hook my_hook(); # This uses GLOBAL::my_hook();
hook my_hook(); # This uses global my_hook();
print "(G) MyModule::my_hook()";
hook MyModule::my_hook(); # This uses MyModule::hook();
print "(G) hook GLOBAL::my_hook()";
hook GLOBAL::my_hook();
print "(G) hook ::my_hook()";
hook ::my_hook();
print "(G) call func()";
func();
print "(G) call GLOBAL::func()";
GLOBAL::func();
print "(G) call ::func()";
::func();
print "(G) call funcX()";
funcX();
print "(G) call GLOBAL::funcX()";
GLOBAL::funcX();
print "(G) call ::funcX()";
::funcX();
}

2
testing/btest/language/global-type-clash.zeek
View file

@ -9,7 +9,7 @@ type r: record { b: count; };
event zeek_init()
{
local x: GLOBAL::r;
local x: ::r;
x$a = 5;
local y: test::r;

9
testing/btest/language/when.zeek
View file

@ -1,6 +1,6 @@
# @TEST-EXEC: btest-bg-run test1 zeek -b %INPUT
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: mv test1/.stdout out
# @TEST-EXEC: cat test1/.stdout test1/.stderr >> out
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -26,6 +26,13 @@ event zeek_init()
when [h] ( local hname3 = lookup_addr(h) ) {}
timeout to + 2sec {}
# The following used to generate a spurious warning, so it's here
# as a regression test.
when ( local res = lookup_addr(127.0.0.1) )
{
return;
}
print "done";
}

12
testing/btest/scripts/base/protocols/ldap/sasl-ntlm.zeek Normal file
View file

@ -0,0 +1,12 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-ntlm.pcap %INPUT
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: This broke after #3826 got merged

12
testing/btest/scripts/base/protocols/ldap/sasl-scram-sha-512.zeek Normal file
View file

@ -0,0 +1,12 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-scram-sha-512.pcap %INPUT
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ldap_search.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: This broke after #3826 got merged

11
testing/btest/scripts/base/protocols/ldap/sasl-srp-who-am-i.zeek Normal file
View file

@ -0,0 +1,11 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/sasl-srp-who-am-i.pcap %INPUT
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: SASL authentication using SRP (Secure Remote Password)

15
testing/btest/scripts/base/protocols/ldap/spnego-ntlmssp.zeek Normal file
View file

@ -0,0 +1,15 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
#
# The ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap file was harvested
# from the CTU-SME-11 (Experiment-VM-Microsoft-Windows7AD-1) dataset
# at https://zenodo.org/records/7958259 (DOI 10.5281/zenodo.7958258).
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ctu-sme-11-win7ad-1-ldap-tcp-50041.pcap
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: SASL bindRequest with SPNEGO NTLMSSP.

25
testing/btest/scripts/base/protocols/ldap/starttls.zeek Normal file
View file

@ -0,0 +1,25 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap-starttls.pcap %INPUT >out
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: LDAP supports StartTLS through extendedRequest 1.3.6.1.4.1.1466.20037
event LDAP::extended_request(c: connection, message_id: int, request_name: string, request_value: string) {
print c$uid, "extended_request", fmt("%s (%s)", request_name, LDAP::EXTENDED_REQUESTS[request_name]), request_value;
}
event LDAP::extended_response(c: connection, message_id: int, result: LDAP::ResultCode, response_name: string, response_value: string) {
print c$uid, "extended_response", result, response_name, response_value;
}
event LDAP::starttls(c: connection) {
print c$uid, "LDAP::starttls";
}

20
testing/btest/scripts/base/protocols/ldap/who-am-i.zeek Normal file
View file

@ -0,0 +1,20 @@
# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
# @TEST-REQUIRES: have-spicy
# @TEST-EXEC: zeek -C -r ${TRACES}/ldap/ldap-who-am-i.pcap %INPUT >out
# @TEST-EXEC: cat conn.log | zeek-cut -Cn local_orig local_resp > conn.log2 && mv conn.log2 conn.log
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ldap.log
# @TEST-EXEC: ! test -f dpd.log
# @TEST-EXEC: ! test -f analyzer.log
#
# @TEST-DOC: Testing OpenLDAP's ldapwhoami utility with simple authentication.
event LDAP::extended_request(c: connection, message_id: int, request_name: string, request_value: string) {
print c$uid, "extended_request", fmt("%s (%s)", request_name, LDAP::EXTENDED_REQUESTS[request_name]), request_value;
}
event LDAP::extended_response(c: connection, message_id: int, result: LDAP::ResultCode, response_name: string, response_value: string) {
print c$uid, "extended_response", result, response_name, response_value;
}

50
testing/btest/scripts/base/protocols/mysql/caching_sha2_password-after-auth-switch.test Normal file
View file

@ -0,0 +1,50 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/caching_sha2_password-after-auth-switch.pcapng %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff mysql.log
@load base/protocols/mysql
event mysql_ok(c: connection, affected_rows: count)
{
print "mysql ok", affected_rows;
}
event mysql_eof(c: connection, is_intermediate: bool)
{
print "mysql eof", is_intermediate;
}
event mysql_result_row(c: connection, row: string_vec)
{
print "mysql result row", row;
}
event mysql_error(c: connection, code: count, msg: string)
{
print "mysql error", code, msg;
}
event mysql_command_request(c: connection, command: count, arg: string)
{
print "mysql request", command, arg;
}
event mysql_handshake(c: connection, username: string)
{
print "mysql handshake", username;
}
event mysql_auth_plugin(c: connection, is_orig: bool, name: string, data: string)
{
print "mysql auth plugin", is_orig, name, data, |data|;
}
event mysql_auth_switch_request(c: connection, name: string, data: string)
{
print "mysql auth switch request", name, data, |data|;
}
event mysql_auth_more_data(c: connection, is_orig: bool, data: string)
{
print "mysql auth more data", is_orig, data, |data|;
}

50
testing/btest/scripts/base/protocols/mysql/caching_sha2_password.test Normal file
View file

@ -0,0 +1,50 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/caching_sha2_password.trace %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff mysql.log
@load base/protocols/mysql
event mysql_ok(c: connection, affected_rows: count)
{
print "mysql ok", affected_rows;
}
event mysql_eof(c: connection, is_intermediate: bool)
{
print "mysql eof", is_intermediate;
}
event mysql_result_row(c: connection, row: string_vec)
{
print "mysql result row", row;
}
event mysql_error(c: connection, code: count, msg: string)
{
print "mysql error", code, msg;
}
event mysql_command_request(c: connection, command: count, arg: string)
{
print "mysql request", command, arg;
}
event mysql_handshake(c: connection, username: string)
{
print "mysql handshake", username;
}
event mysql_auth_plugin(c: connection, is_orig: bool, name: string, data: string)
{
print "mysql auth plugin", is_orig, name, data, |data|;
}
event mysql_auth_switch_request(c: connection, name: string, data: string)
{
print "mysql auth switch request", name, data, |data|;
}
event mysql_auth_more_data(c: connection, is_orig: bool, data: string)
{
print "mysql auth more data", is_orig, data, |data|;
}

15
testing/btest/scripts/base/protocols/mysql/encrypted-aws-rds.test
View file

@ -1,15 +1,17 @@
# Just two traces with MySQL running in Amazon RDS tls1.3 and tls1.2
# @TEST-EXEC: zeek -b -r $TRACES/mysql/tls-12-amazon-rds.trace %INPUT
# @TEST-EXEC: mkdir tls-12 && mv *log tls-12
# @TEST-EXEC: zeek -b -r $TRACES/mysql/tls-12-amazon-rds.trace %INPUT >out
# @TEST-EXEC: mkdir tls-12 && mv *log out tls-12
#
# @TEST-EXEC: zeek -b -r $TRACES/mysql/tls-13-amazon-rds.trace %INPUT
# @TEST-EXEC: mkdir tls-13 && mv *log tls-13
# @TEST-EXEC: zeek -b -r $TRACES/mysql/tls-13-amazon-rds.trace %INPUT >out
# @TEST-EXEC: mkdir tls-13 && mv *log out tls-13
#
# @TEST-EXEC: btest-diff tls-12/out
# @TEST-EXEC: btest-diff tls-12/conn.log
# @TEST-EXEC: btest-diff tls-12/ssl.log
# @TEST-EXEC: btest-diff tls-12/x509.log
#
# @TEST-EXEC: btest-diff tls-13/out
# @TEST-EXEC: btest-diff tls-13/conn.log
# @TEST-EXEC: btest-diff tls-13/ssl.log
# @TEST-EXEC: ! test -f tls-13/x509.log
@ -17,3 +19,8 @@
@load base/protocols/conn
@load base/protocols/mysql
@load base/protocols/ssl
event mysql_ssl_request(c: connection)
{
print "mysql ssl request", c$uid;
}

8
testing/btest/scripts/base/protocols/mysql/encrypted.test
View file

@ -3,8 +3,9 @@
# empty mysql.log file.
# @TEST-EXEC: touch mysql.log
# @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT
# @TEST-EXEC: zeek -b -r $TRACES/mysql/encrypted.trace %INPUT >out
# @TEST-EXEC: btest-diff mysql.log
# @TEST-EXEC: btest-diff out
#
# Ensure the connection was handed off by peaking into some other logs.
# @TEST-EXEC: btest-diff conn.log
@ -14,3 +15,8 @@
@load base/protocols/conn
@load base/protocols/mysql
@load base/protocols/ssl
event mysql_ssl_request(c: connection)
{
print "mysql ssl request", c$uid;
}

35
testing/btest/scripts/base/protocols/mysql/many-query-attr.test Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/many-query-attrs.pcap %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff mysql.log
@load base/protocols/mysql
event mysql_ok(c: connection, affected_rows: count)
{
print "mysql ok", affected_rows;
}
event mysql_eof(c: connection, is_intermediate: bool)
{
print "mysql eof", is_intermediate;
}
event mysql_result_row(c: connection, row: string_vec)
{
print "mysql result row", row;
}
event mysql_error(c: connection, code: count, msg: string)
{
print "mysql error", code, msg;
}
event mysql_command_request(c: connection, command: count, arg: string)
{
print "mysql request", command, arg;
}
event mysql_handshake(c: connection, username: string)
{
print "mysql handshake", username;
}

35
testing/btest/scripts/base/protocols/mysql/query-attr-non-string.test Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/mysql-9.0.0-query-attributes.pcap %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff mysql.log
@load base/protocols/mysql
event mysql_ok(c: connection, affected_rows: count)
{
print "mysql ok", affected_rows;
}
event mysql_eof(c: connection, is_intermediate: bool)
{
print "mysql eof", is_intermediate;
}
event mysql_result_row(c: connection, row: string_vec)
{
print "mysql result row", row;
}
event mysql_error(c: connection, code: count, msg: string)
{
print "mysql error", code, msg;
}
event mysql_command_request(c: connection, command: count, arg: string)
{
print "mysql request", command, arg;
}
event mysql_handshake(c: connection, username: string)
{
print "mysql handshake", username;
}

35
testing/btest/scripts/base/protocols/mysql/query-attr.test Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/mysql/query-attr.pcap %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff mysql.log
@load base/protocols/mysql
event mysql_ok(c: connection, affected_rows: count)
{
print "mysql ok", affected_rows;
}
event mysql_eof(c: connection, is_intermediate: bool)
{
print "mysql eof", is_intermediate;
}
event mysql_result_row(c: connection, row: string_vec)
{
print "mysql result row", row;
}
event mysql_error(c: connection, code: count, msg: string)
{
print "mysql error", code, msg;
}
event mysql_command_request(c: connection, command: count, arg: string)
{
print "mysql request", command, arg;
}
event mysql_handshake(c: connection, username: string)
{
print "mysql handshake", username;
}

16
testing/btest/scripts/base/protocols/smb/smb2-zero-byte-error-ioctl.test Normal file
View file

@ -0,0 +1,16 @@
# @TEST-DOC: Tests handling of PDUs containing error ioctls with byte lengths of zero
# @TEST-EXEC: zeek -b -r $TRACES/smb/smb2-zero-byte-error-ioctl.pcap %INPUT 2>&1 >out
# @TEST-EXEC: ! test -f analyzer.log
# @TEST-EXEC: btest-diff out
@load base/protocols/smb
event smb2_close_request(c: connection, hdr: SMB2::Header, file_id: SMB2::GUID)
{
print "smb2_close_request", hdr;
}
event smb2_close_response(c: connection, hdr: SMB2::Header, response: SMB2::CloseResponse)
{
print "smb2_close_response", hdr, response;
}

3
testing/btest/scripts/site/local-compat.test
View file

@ -27,9 +27,6 @@ redef digest_salt = "Please change this value.";
# This script logs which scripts were loaded during each run.
@load misc/loaded-scripts
# Apply the default tuning scripts for common tuning settings.
@load tuning/defaults
# Estimate and log capture loss.
@load misc/capture-loss

13
testing/btest/signatures/custom-event-errors.zeek
View file

@ -1,7 +1,6 @@
# @TEST-DOC: Using the wrong paramters for custom signature events.
#
# @TEST-EXEC-FAIL: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out
# @TEST-EXEC-FAIL: zeek -b -s id2 -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
@TEST-START-FILE id.sig
@ -24,13 +23,15 @@ signature udp-proto4 {
ip-proto == 17
event non_existing_event
}
@TEST-END-FILE
@TEST-START-FILE id2.sig
# Using two identifiers is not supported.
signature udp-proto-msg-id {
signature udp-proto5 {
ip-proto == 17
event signature_match message_as_id
event cat # builtin function
}
signature udp-proto6 {
ip-proto == 17
event ignore_checksums # variable
}
@TEST-END-FILE

7
testing/btest/signatures/custom-event.zeek
View file

@ -10,11 +10,6 @@ signature udp-proto {
event my_signature_match3 "message"
}
signature udp-proto-msg-id2 {
ip-proto == 17
event message_as_id
}
signature udp-stuff {
dst-ip == mynets
event my_signature_match2
@ -22,8 +17,6 @@ signature udp-stuff {
@TEST-END-FILE
const message_as_id = "message from identifier (cannot be changed)";
const mynets: set[subnet] = {
192.168.1.0/24,
10.0.0.0/8,

10
testing/btest/spicy/event-user-type
View file

@ -25,8 +25,7 @@ type Y = unit {
# @TEST-START-FILE foo.evt
protocol analyzer spicy::foo over UDP:
parse with foo::X,
ports { 12345/udp, 31337/udp };
parse with foo::X;
import foo;
@ -36,6 +35,13 @@ on foo::X -> event foo::X($conn, $is_orig, self.y);
# @TEST-END-FILE
# @TEST-START-FILE foo.zeek
const foo_ports = { 12345/udp, 31337/udp};
event zeek_init()
{
Analyzer::register_for_ports(Analyzer::ANALYZER_SPICY_FOO, foo_ports);
}
event foo::X(c: connection, is_orig: bool, y: foo::Y)
{
print fmt("is_orig=%d y=%s", is_orig, y);

21
testing/btest/spicy/port-deprecated.evt
View file

@ -1,21 +0,0 @@
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC: spicyz -d -o test.hlto ./udp-test.evt 2>out.stderr
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out.stderr
#
# @TEST-DOC: Remove with v7.1: Specifying ports is deprecated.
module Test;
import zeek;
public type Message = unit {
data: bytes &eod {}
};
# @TEST-START-FILE udp-test.evt
protocol analyzer spicy::TEST over UDP:
parse with Test::Message,
port 11337/udp-11340/udp,
ports {31337/udp-31340/udp};
# @TEST-END-FILE

24
testing/btest/spicy/port-fail.evt
View file

@ -1,24 +0,0 @@
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC-FAIL: spicyz %INPUT -d -o x.hlto >output 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-canonifier-spicy btest-diff output
#
# @TEST-DOC: Remove with v7.1
protocol analyzer spicy::SSH over TCP:
port 123456/udp;
@TEST-START-NEXT
protocol analyzer spicy::SSH over TCP:
port -1/udp;
@TEST-START-NEXT
protocol analyzer spicy::SSH over TCP:
port 1/udp-2/tcp;
@TEST-START-NEXT
protocol analyzer spicy::SSH over TCP:
port 2/udp-1/udp;

24
testing/btest/spicy/port-range-one-port.zeek
View file

@ -1,24 +0,0 @@
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC: spicyz -o test.hlto udp-test.spicy ./udp-test.evt
# @TEST-EXEC: HILTI_DEBUG=zeek zeek -Cr ${TRACES}/udp-packet.pcap test.hlto %INPUT >out 2>&1
# @TEST-EXEC: grep -e 'Scheduling analyzer' -e 'error during parsing' < out > out.filtered
# @TEST-EXEC: btest-diff out.filtered
# @TEST-DOC: Remove with v7.1. Expect a single 'Scheduling analyzer ...' message in the debug output and no parsing errors. There was a bug that 'port 31336/udp' would be wrongly interpreted as a 31336/udp-31337/udp port range. Regression test for #3278.
# @TEST-START-FILE udp-test.spicy
module UDPTest;
public type Message = unit {
data: bytes &eod {
assert False: "not reached";
}
};
# @TEST-END-FILE
# @TEST-START-FILE udp-test.evt
protocol analyzer spicy::UDP_TEST over UDP:
parse with UDPTest::Message,
port 31336/udp;
# @TEST-END-FILE

2
testing/btest/spicy/replaces-conflicts.evt
View file

@ -16,7 +16,7 @@ protocol analyzer spicy::SSH_1 over TCP:
parse with SSH::Banner,
replaces SSH;
protocol analyzer spicy::SSH_1 over UDP:
protocol analyzer spicy::SSH_2 over UDP:
parse with SSH::Banner,
replaces SSH;

2
testing/coverage/lcov_html.sh
View file

@ -116,7 +116,7 @@ verify_run "which lcov" \
# 4. Create a "tracefile" through lcov, which is necessary to create output later on.
echo -n "Creating tracefile for output generation... "
verify_run "lcov --no-external --capture --directory . --output-file $COVERAGE_FILE"
verify_run "lcov --no-external --capture --directory . --exclude 'testing/btest/.tmp/*' --output-file $COVERAGE_FILE"
# 5. Remove a number of 3rdparty and "extra" files that shouldn't be included in the
# Zeek coverage numbers.

2
testing/external/commit-hash.zeek-testing-cluster vendored
View file

@ -1 +1 @@
ded009fb7a0cdee6f36d5b40a6394788b760fa06
9f875d86000602661fbfc9bb471d1c598917ebc9

7
testing/scripts/have-tsan Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
if grep -q "ZEEK_SANITIZERS:STRING=.*thread.*" "${BUILD}"/CMakeCache.txt; then
exit 0
fi
exit 1