mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 15:48:19 +00:00
Do not log function arguments in test.
This was excercising hooks to validate that they were called. For that it uses pretty verbose logging. Since version numbers are not stable and hard to canonify this script already unloads the version module (there is e.g., code in `base/misc/version` which splits the version strings and works on single components which might appear like pretty ordinary floating point numbers in the log). This test however worked under the assumption that nothing in bare mode loads `base/misc/version` which is hard to guarantee, especially considering that plugins can be embedded and might load that module themself. With this patch we now make the logging slightly less verbose so that function call arguments are not logged anymore.
This commit is contained in:
Benjamin Bannier
parent
0c2f04548a
commit
1e4f368c68
3 changed files with 111 additions and 14 deletions
|
|
@ -673,13 +673,17 @@
|
||||||
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Supervisor::__is_supervisor, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(Supervisor::__is_supervisor, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(Supervisor::is_supervisor, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(Supervisor::is_supervisor, <frame>, ()) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(Version::parse, ..., ...) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(__init_primary_bifs, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(__init_primary_bifs, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(__init_secondary_bifs, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(__init_secondary_bifs, <null>, ()) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(bare_mode, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(current_time, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(current_time, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
|
0.000000 MetaHookPost CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
|
0.000000 MetaHookPost CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(global_options, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(global_options, <frame>, ()) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(lstrip, ..., ...) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(network_time, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(network_time, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
|
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2152/udp)) -> <no result>
|
0.000000 MetaHookPost CallFunction(port_to_count, <frame>, (2152/udp)) -> <no result>
|
||||||
|
|
@ -690,12 +694,15 @@
|
||||||
0.000000 MetaHookPost CallFunction(reading_live_traffic, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(reading_live_traffic, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(reading_traces, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(reading_traces, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
|
0.000000 MetaHookPost CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$)) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(split_string1, ..., ...) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
|
0.000000 MetaHookPost CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F)) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
|
0.000000 MetaHookPost CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(to_count, ..., ...) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(x509_set_certificate_cache, <frame>, ({})) -> <no result>
|
0.000000 MetaHookPost CallFunction(x509_set_certificate_cache, <frame>, ({})) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(x509_set_certificate_cache_hit_callback, <frame>, (X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -> <no result>
|
0.000000 MetaHookPost CallFunction(x509_set_certificate_cache_hit_callback, <frame>, (X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(zeek_args, <frame>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(zeek_args, <frame>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost CallFunction(zeek_init, <null>, ()) -> <no result>
|
0.000000 MetaHookPost CallFunction(zeek_init, <null>, ()) -> <no result>
|
||||||
|
0.000000 MetaHookPost CallFunction(zeek_version, <null>, ()) -> <no result>
|
||||||
0.000000 MetaHookPost DrainEvents() -> <void>
|
0.000000 MetaHookPost DrainEvents() -> <void>
|
||||||
0.000000 MetaHookPost LoadFile(0, ../main, <...>/main.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ../main, <...>/main.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ../plugin, <...>/plugin.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ../plugin, <...>/plugin.zeek) -> -1
|
||||||
|
|
@ -823,6 +830,9 @@
|
||||||
0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, ./_Zeek_Spicy.consts.bif.zeek, <...>/_Zeek_Spicy.consts.bif.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, ./_Zeek_Spicy.events.bif.zeek, <...>/_Zeek_Spicy.events.bif.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, ./_Zeek_Spicy.functions.bif.zeek, <...>/_Zeek_Spicy.functions.bif.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ./acld, <...>/acld.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./acld, <...>/acld.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ./addrs, <...>/addrs.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./addrs, <...>/addrs.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> -1
|
||||||
|
|
@ -924,8 +934,12 @@
|
||||||
0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, Zeek<...>/bare.zeek, <...>/bare.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, Zeek<...>/default.zeek, <...>/default.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, _Zeek_Spicy/__load__.zeek, <...>/__load__.zeek) -> -1
|
||||||
|
0.000000 MetaHookPost LoadFile(0, _Zeek_Spicy/__preload__.zeek, <...>/__preload__.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, base/bif, <...>/bif) -> -1
|
0.000000 MetaHookPost LoadFile(0, base/bif, <...>/bif) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, base/init-default, <...>/init-default.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, base/init-default.zeek, <...>/init-default.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, base/packet-protocols, <...>/packet-protocols) -> -1
|
0.000000 MetaHookPost LoadFile(0, base/packet-protocols, <...>/packet-protocols) -> -1
|
||||||
0.000000 MetaHookPost LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> -1
|
0.000000 MetaHookPost LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> -1
|
||||||
|
|
@ -1200,6 +1214,9 @@
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, ./_Zeek_Spicy.consts.bif.zeek, <...>/_Zeek_Spicy.consts.bif.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, ./_Zeek_Spicy.events.bif.zeek, <...>/_Zeek_Spicy.events.bif.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, ./_Zeek_Spicy.functions.bif.zeek, <...>/_Zeek_Spicy.functions.bif.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./acld, <...>/acld.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./acld, <...>/acld.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./addrs, <...>/addrs.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./addrs, <...>/addrs.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek) -> (-1, <no content>)
|
||||||
|
|
@ -1301,8 +1318,12 @@
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, Zeek<...>/bare.zeek, <...>/bare.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, Zeek<...>/default.zeek, <...>/default.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, _Zeek_Spicy/__load__.zeek, <...>/__load__.zeek) -> (-1, <no content>)
|
||||||
|
0.000000 MetaHookPost LoadFileExtended(0, _Zeek_Spicy/__preload__.zeek, <...>/__preload__.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, base/bif, <...>/bif) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, base/bif, <...>/bif) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, base/init-default, <...>/init-default.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, base/init-default.zeek, <...>/init-default.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols) -> (-1, <no content>)
|
||||||
0.000000 MetaHookPost LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> (-1, <no content>)
|
0.000000 MetaHookPost LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek) -> (-1, <no content>)
|
||||||
|
|
@ -2130,13 +2151,17 @@
|
||||||
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, <frame>, ())
|
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(Supervisor::__is_supervisor, <frame>, ())
|
0.000000 MetaHookPre CallFunction(Supervisor::__is_supervisor, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(Supervisor::is_supervisor, <frame>, ())
|
0.000000 MetaHookPre CallFunction(Supervisor::is_supervisor, <frame>, ())
|
||||||
|
0.000000 MetaHookPre CallFunction(Version::parse, ..., ...)
|
||||||
0.000000 MetaHookPre CallFunction(__init_primary_bifs, <null>, ())
|
0.000000 MetaHookPre CallFunction(__init_primary_bifs, <null>, ())
|
||||||
0.000000 MetaHookPre CallFunction(__init_secondary_bifs, <null>, ())
|
0.000000 MetaHookPre CallFunction(__init_secondary_bifs, <null>, ())
|
||||||
|
0.000000 MetaHookPre CallFunction(bare_mode, <null>, ())
|
||||||
0.000000 MetaHookPre CallFunction(current_time, <frame>, ())
|
0.000000 MetaHookPre CallFunction(current_time, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(filter_change_tracking, <null>, ())
|
0.000000 MetaHookPre CallFunction(filter_change_tracking, <null>, ())
|
||||||
0.000000 MetaHookPre CallFunction(getenv, <null>, (CLUSTER_NODE))
|
0.000000 MetaHookPre CallFunction(getenv, <null>, (CLUSTER_NODE))
|
||||||
0.000000 MetaHookPre CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
|
0.000000 MetaHookPre CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
|
||||||
0.000000 MetaHookPre CallFunction(global_options, <frame>, ())
|
0.000000 MetaHookPre CallFunction(global_options, <frame>, ())
|
||||||
|
0.000000 MetaHookPre CallFunction(gsub, ..., ...)
|
||||||
|
0.000000 MetaHookPre CallFunction(lstrip, ..., ...)
|
||||||
0.000000 MetaHookPre CallFunction(network_time, <frame>, ())
|
0.000000 MetaHookPre CallFunction(network_time, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2123/udp))
|
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2123/udp))
|
||||||
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2152/udp))
|
0.000000 MetaHookPre CallFunction(port_to_count, <frame>, (2152/udp))
|
||||||
|
|
@ -2147,12 +2172,15 @@
|
||||||
0.000000 MetaHookPre CallFunction(reading_live_traffic, <frame>, ())
|
0.000000 MetaHookPre CallFunction(reading_live_traffic, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(reading_traces, <frame>, ())
|
0.000000 MetaHookPre CallFunction(reading_traces, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
|
0.000000 MetaHookPre CallFunction(set_to_regex, <frame>, ({}, (^\.?|\.)(~~)$))
|
||||||
|
0.000000 MetaHookPre CallFunction(split_string1, ..., ...)
|
||||||
0.000000 MetaHookPre CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
|
0.000000 MetaHookPre CallFunction(string_to_pattern, <frame>, ((^\.?|\.)()$, F))
|
||||||
0.000000 MetaHookPre CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
|
0.000000 MetaHookPre CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
|
||||||
|
0.000000 MetaHookPre CallFunction(to_count, ..., ...)
|
||||||
0.000000 MetaHookPre CallFunction(x509_set_certificate_cache, <frame>, ({}))
|
0.000000 MetaHookPre CallFunction(x509_set_certificate_cache, <frame>, ({}))
|
||||||
0.000000 MetaHookPre CallFunction(x509_set_certificate_cache_hit_callback, <frame>, (X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}}))
|
0.000000 MetaHookPre CallFunction(x509_set_certificate_cache_hit_callback, <frame>, (X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}}))
|
||||||
0.000000 MetaHookPre CallFunction(zeek_args, <frame>, ())
|
0.000000 MetaHookPre CallFunction(zeek_args, <frame>, ())
|
||||||
0.000000 MetaHookPre CallFunction(zeek_init, <null>, ())
|
0.000000 MetaHookPre CallFunction(zeek_init, <null>, ())
|
||||||
|
0.000000 MetaHookPre CallFunction(zeek_version, <null>, ())
|
||||||
0.000000 MetaHookPre DrainEvents()
|
0.000000 MetaHookPre DrainEvents()
|
||||||
0.000000 MetaHookPre LoadFile(0, ../main, <...>/main.zeek)
|
0.000000 MetaHookPre LoadFile(0, ../main, <...>/main.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ../plugin, <...>/plugin.zeek)
|
0.000000 MetaHookPre LoadFile(0, ../plugin, <...>/plugin.zeek)
|
||||||
|
|
@ -2280,6 +2308,9 @@
|
||||||
0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, ./_Zeek_Spicy.consts.bif.zeek, <...>/_Zeek_Spicy.consts.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, ./_Zeek_Spicy.events.bif.zeek, <...>/_Zeek_Spicy.events.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, ./_Zeek_Spicy.functions.bif.zeek, <...>/_Zeek_Spicy.functions.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ./acld, <...>/acld.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./acld, <...>/acld.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ./addrs, <...>/addrs.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./addrs, <...>/addrs.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
|
0.000000 MetaHookPre LoadFile(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
|
||||||
|
|
@ -2381,8 +2412,12 @@
|
||||||
0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek)
|
0.000000 MetaHookPre LoadFile(0, <...>/__load__.zeek, <...>/__load__.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek)
|
0.000000 MetaHookPre LoadFile(0, <...>/__preload__.zeek, <...>/__preload__.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek)
|
0.000000 MetaHookPre LoadFile(0, <...>/hooks.zeek, <...>/hooks.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, Zeek<...>/bare.zeek, <...>/bare.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, Zeek<...>/default.zeek, <...>/default.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, _Zeek_Spicy/__load__.zeek, <...>/__load__.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFile(0, _Zeek_Spicy/__preload__.zeek, <...>/__preload__.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, base/bif, <...>/bif)
|
0.000000 MetaHookPre LoadFile(0, base/bif, <...>/bif)
|
||||||
0.000000 MetaHookPre LoadFile(0, base/init-default, <...>/init-default.zeek)
|
0.000000 MetaHookPre LoadFile(0, base/init-default.zeek, <...>/init-default.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek)
|
0.000000 MetaHookPre LoadFile(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek)
|
||||||
0.000000 MetaHookPre LoadFile(0, base/packet-protocols, <...>/packet-protocols)
|
0.000000 MetaHookPre LoadFile(0, base/packet-protocols, <...>/packet-protocols)
|
||||||
0.000000 MetaHookPre LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek)
|
0.000000 MetaHookPre LoadFile(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek)
|
||||||
|
|
@ -2657,6 +2692,9 @@
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.ocsp_events.bif.zeek, <...>/Zeek_X509.ocsp_events.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_X509.types.bif.zeek, <...>/Zeek_X509.types.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./Zeek_XMPP.events.bif.zeek, <...>/Zeek_XMPP.events.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, ./_Zeek_Spicy.consts.bif.zeek, <...>/_Zeek_Spicy.consts.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, ./_Zeek_Spicy.events.bif.zeek, <...>/_Zeek_Spicy.events.bif.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, ./_Zeek_Spicy.functions.bif.zeek, <...>/_Zeek_Spicy.functions.bif.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./acld, <...>/acld.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./acld, <...>/acld.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./addrs, <...>/addrs.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./addrs, <...>/addrs.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, ./analyzer.bif.zeek, <...>/analyzer.bif.zeek)
|
||||||
|
|
@ -2758,8 +2796,12 @@
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, <...>/__load__.zeek, <...>/__load__.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, <...>/__preload__.zeek, <...>/__preload__.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, <...>/hooks.zeek, <...>/hooks.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, Zeek<...>/bare.zeek, <...>/bare.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, Zeek<...>/default.zeek, <...>/default.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, _Zeek_Spicy/__load__.zeek, <...>/__load__.zeek)
|
||||||
|
0.000000 MetaHookPre LoadFileExtended(0, _Zeek_Spicy/__preload__.zeek, <...>/__preload__.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, base/bif, <...>/bif)
|
0.000000 MetaHookPre LoadFileExtended(0, base/bif, <...>/bif)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, base/init-default, <...>/init-default.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, base/init-default.zeek, <...>/init-default.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, base/init-frameworks-and-bifs.zeek, <...>/init-frameworks-and-bifs.zeek)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols)
|
0.000000 MetaHookPre LoadFileExtended(0, base/packet-protocols, <...>/packet-protocols)
|
||||||
0.000000 MetaHookPre LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek)
|
0.000000 MetaHookPre LoadFileExtended(0, base<...>/CPP-load.bif, <...>/CPP-load.bif.zeek)
|
||||||
|
|
@ -3586,13 +3628,17 @@
|
||||||
0.000000 | HookCallFunction SumStats::register_observe_plugins()
|
0.000000 | HookCallFunction SumStats::register_observe_plugins()
|
||||||
0.000000 | HookCallFunction Supervisor::__is_supervisor()
|
0.000000 | HookCallFunction Supervisor::__is_supervisor()
|
||||||
0.000000 | HookCallFunction Supervisor::is_supervisor()
|
0.000000 | HookCallFunction Supervisor::is_supervisor()
|
||||||
|
0.000000 | HookCallFunction Version::parse(...)
|
||||||
0.000000 | HookCallFunction __init_primary_bifs()
|
0.000000 | HookCallFunction __init_primary_bifs()
|
||||||
0.000000 | HookCallFunction __init_secondary_bifs()
|
0.000000 | HookCallFunction __init_secondary_bifs()
|
||||||
|
0.000000 | HookCallFunction bare_mode()
|
||||||
0.000000 | HookCallFunction current_time()
|
0.000000 | HookCallFunction current_time()
|
||||||
0.000000 | HookCallFunction filter_change_tracking()
|
0.000000 | HookCallFunction filter_change_tracking()
|
||||||
0.000000 | HookCallFunction getenv(CLUSTER_NODE)
|
0.000000 | HookCallFunction getenv(CLUSTER_NODE)
|
||||||
0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
|
0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
|
||||||
0.000000 | HookCallFunction global_options()
|
0.000000 | HookCallFunction global_options()
|
||||||
|
0.000000 | HookCallFunction gsub(...)
|
||||||
|
0.000000 | HookCallFunction lstrip(...)
|
||||||
0.000000 | HookCallFunction network_time()
|
0.000000 | HookCallFunction network_time()
|
||||||
0.000000 | HookCallFunction port_to_count(2123/udp)
|
0.000000 | HookCallFunction port_to_count(2123/udp)
|
||||||
0.000000 | HookCallFunction port_to_count(2152/udp)
|
0.000000 | HookCallFunction port_to_count(2152/udp)
|
||||||
|
|
@ -3603,12 +3649,15 @@
|
||||||
0.000000 | HookCallFunction reading_live_traffic()
|
0.000000 | HookCallFunction reading_live_traffic()
|
||||||
0.000000 | HookCallFunction reading_traces()
|
0.000000 | HookCallFunction reading_traces()
|
||||||
0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
|
0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$)
|
||||||
|
0.000000 | HookCallFunction split_string1(...)
|
||||||
0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
|
0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F)
|
||||||
0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
|
0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, )
|
||||||
|
0.000000 | HookCallFunction to_count(...)
|
||||||
0.000000 | HookCallFunction x509_set_certificate_cache({})
|
0.000000 | HookCallFunction x509_set_certificate_cache({})
|
||||||
0.000000 | HookCallFunction x509_set_certificate_cache_hit_callback(X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})
|
0.000000 | HookCallFunction x509_set_certificate_cache_hit_callback(X509::x509_certificate_cache_replay{ <init> X509::i{ if (X509::f$info?$x509) return event x509_certificate(X509::f, X509::e$handle, X509::e$certificate)for ([X509::i] in X509::e$extensions_cache) { X509::ext = X509::e$extensions_cache[X509::i]if (X509::ext is X509::Extension) event x509_extension(X509::f, (X509::ext as X509::Extension))elseif (X509::ext is X509::BasicConstraints) event x509_ext_basic_constraints(X509::f, (X509::ext as X509::BasicConstraints))elseif (X509::ext is X509::SubjectAlternativeName) event x509_ext_subject_alternative_name(X509::f, (X509::ext as X509::SubjectAlternativeName))elseif (X509::ext is X509::SctInfo) { X509::s = (X509::ext as X509::SctInfo)event x509_ocsp_ext_signed_certificate_timestamp(X509::f, X509::s$version, X509::s$logid, X509::s$timestamp, X509::s$hash_alg, X509::s$sig_alg, X509::s$signature)}elseReporter::error(fmt(Encountered unknown extension while replaying certificate with fuid %s, X509::f$id))}}})
|
||||||
0.000000 | HookCallFunction zeek_args()
|
0.000000 | HookCallFunction zeek_args()
|
||||||
0.000000 | HookCallFunction zeek_init()
|
0.000000 | HookCallFunction zeek_init()
|
||||||
|
0.000000 | HookCallFunction zeek_version()
|
||||||
0.000000 | HookDrainEvents
|
0.000000 | HookDrainEvents
|
||||||
0.000000 | HookLoadFile ../main <...>/main.zeek
|
0.000000 | HookLoadFile ../main <...>/main.zeek
|
||||||
0.000000 | HookLoadFile ../plugin <...>/plugin.zeek
|
0.000000 | HookLoadFile ../plugin <...>/plugin.zeek
|
||||||
|
|
@ -3736,6 +3785,9 @@
|
||||||
0.000000 | HookLoadFile ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek
|
0.000000 | HookLoadFile ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek
|
||||||
0.000000 | HookLoadFile ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
|
0.000000 | HookLoadFile ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
|
||||||
0.000000 | HookLoadFile ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
|
0.000000 | HookLoadFile ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
|
||||||
|
0.000000 | HookLoadFile ./_Zeek_Spicy.consts.bif.zeek <...>/_Zeek_Spicy.consts.bif.zeek
|
||||||
|
0.000000 | HookLoadFile ./_Zeek_Spicy.events.bif.zeek <...>/_Zeek_Spicy.events.bif.zeek
|
||||||
|
0.000000 | HookLoadFile ./_Zeek_Spicy.functions.bif.zeek <...>/_Zeek_Spicy.functions.bif.zeek
|
||||||
0.000000 | HookLoadFile ./acld <...>/acld.zeek
|
0.000000 | HookLoadFile ./acld <...>/acld.zeek
|
||||||
0.000000 | HookLoadFile ./addrs <...>/addrs.zeek
|
0.000000 | HookLoadFile ./addrs <...>/addrs.zeek
|
||||||
0.000000 | HookLoadFile ./analyzer.bif.zeek <...>/analyzer.bif.zeek
|
0.000000 | HookLoadFile ./analyzer.bif.zeek <...>/analyzer.bif.zeek
|
||||||
|
|
@ -3849,8 +3901,12 @@
|
||||||
0.000000 | HookLoadFile <...>/__load__.zeek <...>/__load__.zeek
|
0.000000 | HookLoadFile <...>/__load__.zeek <...>/__load__.zeek
|
||||||
0.000000 | HookLoadFile <...>/__preload__.zeek <...>/__preload__.zeek
|
0.000000 | HookLoadFile <...>/__preload__.zeek <...>/__preload__.zeek
|
||||||
0.000000 | HookLoadFile <...>/hooks.zeek <...>/hooks.zeek
|
0.000000 | HookLoadFile <...>/hooks.zeek <...>/hooks.zeek
|
||||||
|
0.000000 | HookLoadFile Zeek<...>/bare.zeek <...>/bare.zeek
|
||||||
|
0.000000 | HookLoadFile Zeek<...>/default.zeek <...>/default.zeek
|
||||||
|
0.000000 | HookLoadFile _Zeek_Spicy/__load__.zeek <...>/__load__.zeek
|
||||||
|
0.000000 | HookLoadFile _Zeek_Spicy/__preload__.zeek <...>/__preload__.zeek
|
||||||
0.000000 | HookLoadFile base/bif <...>/bif
|
0.000000 | HookLoadFile base/bif <...>/bif
|
||||||
0.000000 | HookLoadFile base/init-default <...>/init-default.zeek
|
0.000000 | HookLoadFile base/init-default.zeek <...>/init-default.zeek
|
||||||
0.000000 | HookLoadFile base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek
|
0.000000 | HookLoadFile base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek
|
||||||
0.000000 | HookLoadFile base/packet-protocols <...>/packet-protocols
|
0.000000 | HookLoadFile base/packet-protocols <...>/packet-protocols
|
||||||
0.000000 | HookLoadFile base<...>/CPP-load.bif <...>/CPP-load.bif.zeek
|
0.000000 | HookLoadFile base<...>/CPP-load.bif <...>/CPP-load.bif.zeek
|
||||||
|
|
@ -4113,6 +4169,9 @@
|
||||||
0.000000 | HookLoadFileExtended ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek
|
0.000000 | HookLoadFileExtended ./Zeek_X509.ocsp_events.bif.zeek <...>/Zeek_X509.ocsp_events.bif.zeek
|
||||||
0.000000 | HookLoadFileExtended ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
|
0.000000 | HookLoadFileExtended ./Zeek_X509.types.bif.zeek <...>/Zeek_X509.types.bif.zeek
|
||||||
0.000000 | HookLoadFileExtended ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
|
0.000000 | HookLoadFileExtended ./Zeek_XMPP.events.bif.zeek <...>/Zeek_XMPP.events.bif.zeek
|
||||||
|
0.000000 | HookLoadFileExtended ./_Zeek_Spicy.consts.bif.zeek <...>/_Zeek_Spicy.consts.bif.zeek
|
||||||
|
0.000000 | HookLoadFileExtended ./_Zeek_Spicy.events.bif.zeek <...>/_Zeek_Spicy.events.bif.zeek
|
||||||
|
0.000000 | HookLoadFileExtended ./_Zeek_Spicy.functions.bif.zeek <...>/_Zeek_Spicy.functions.bif.zeek
|
||||||
0.000000 | HookLoadFileExtended ./acld <...>/acld.zeek
|
0.000000 | HookLoadFileExtended ./acld <...>/acld.zeek
|
||||||
0.000000 | HookLoadFileExtended ./addrs <...>/addrs.zeek
|
0.000000 | HookLoadFileExtended ./addrs <...>/addrs.zeek
|
||||||
0.000000 | HookLoadFileExtended ./analyzer.bif.zeek <...>/analyzer.bif.zeek
|
0.000000 | HookLoadFileExtended ./analyzer.bif.zeek <...>/analyzer.bif.zeek
|
||||||
|
|
@ -4226,8 +4285,12 @@
|
||||||
0.000000 | HookLoadFileExtended <...>/__load__.zeek <...>/__load__.zeek
|
0.000000 | HookLoadFileExtended <...>/__load__.zeek <...>/__load__.zeek
|
||||||
0.000000 | HookLoadFileExtended <...>/__preload__.zeek <...>/__preload__.zeek
|
0.000000 | HookLoadFileExtended <...>/__preload__.zeek <...>/__preload__.zeek
|
||||||
0.000000 | HookLoadFileExtended <...>/hooks.zeek <...>/hooks.zeek
|
0.000000 | HookLoadFileExtended <...>/hooks.zeek <...>/hooks.zeek
|
||||||
|
0.000000 | HookLoadFileExtended Zeek<...>/bare.zeek <...>/bare.zeek
|
||||||
|
0.000000 | HookLoadFileExtended Zeek<...>/default.zeek <...>/default.zeek
|
||||||
|
0.000000 | HookLoadFileExtended _Zeek_Spicy/__load__.zeek <...>/__load__.zeek
|
||||||
|
0.000000 | HookLoadFileExtended _Zeek_Spicy/__preload__.zeek <...>/__preload__.zeek
|
||||||
0.000000 | HookLoadFileExtended base/bif <...>/bif
|
0.000000 | HookLoadFileExtended base/bif <...>/bif
|
||||||
0.000000 | HookLoadFileExtended base/init-default <...>/init-default.zeek
|
0.000000 | HookLoadFileExtended base/init-default.zeek <...>/init-default.zeek
|
||||||
0.000000 | HookLoadFileExtended base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek
|
0.000000 | HookLoadFileExtended base/init-frameworks-and-bifs.zeek <...>/init-frameworks-and-bifs.zeek
|
||||||
0.000000 | HookLoadFileExtended base/packet-protocols <...>/packet-protocols
|
0.000000 | HookLoadFileExtended base/packet-protocols <...>/packet-protocols
|
||||||
0.000000 | HookLoadFileExtended base<...>/CPP-load.bif <...>/CPP-load.bif.zeek
|
0.000000 | HookLoadFileExtended base<...>/CPP-load.bif <...>/CPP-load.bif.zeek
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
|
|
||||||
#include "Plugin.h"
|
#include "Plugin.h"
|
||||||
|
|
||||||
|
#include <cstring>
|
||||||
|
|
||||||
#include <Func.h>
|
#include <Func.h>
|
||||||
#include <Event.h>
|
#include <Event.h>
|
||||||
#include <Conn.h>
|
#include <Conn.h>
|
||||||
|
|
@ -40,13 +42,36 @@ zeek::plugin::Configuration Plugin::Configure()
|
||||||
static void describe_hook_args(const zeek::plugin::HookArgumentList& args, zeek::ODesc* d)
|
static void describe_hook_args(const zeek::plugin::HookArgumentList& args, zeek::ODesc* d)
|
||||||
{
|
{
|
||||||
bool first = true;
|
bool first = true;
|
||||||
|
bool serialize_args = true;
|
||||||
|
|
||||||
for ( zeek::plugin::HookArgumentList::const_iterator i = args.begin(); i != args.end(); i++ )
|
for ( zeek::plugin::HookArgumentList::const_iterator i = args.begin(); i != args.end(); i++ )
|
||||||
{
|
{
|
||||||
if ( ! first )
|
if ( first )
|
||||||
d->Add(", ");
|
{
|
||||||
|
first = false;
|
||||||
|
|
||||||
|
i->Describe(d);
|
||||||
|
|
||||||
|
// For function calls we remove args for unstable arguments
|
||||||
|
// from parsing the version in `base/misc/version`.
|
||||||
|
if ( i->GetType() == zeek::plugin::HookArgument::FUNC &&
|
||||||
|
(::strcmp(d->Description(), "Version::parse") == 0 ||
|
||||||
|
::strcmp(d->Description(), "gsub") == 0 ||
|
||||||
|
::strcmp(d->Description(), "split_string1") == 0 ||
|
||||||
|
::strcmp(d->Description(), "lstrip") == 0 ||
|
||||||
|
::strcmp(d->Description(), "to_count") == 0))
|
||||||
|
serialize_args = false;
|
||||||
|
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
d->Add(", ");
|
||||||
|
|
||||||
|
if ( serialize_args )
|
||||||
|
i->Describe(d);
|
||||||
|
else
|
||||||
|
d->Add("...");
|
||||||
|
|
||||||
i->Describe(d);
|
|
||||||
first = false;
|
first = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -70,8 +95,20 @@ std::pair<bool, zeek::ValPtr> Plugin::HookFunctionCall(const zeek::Func* func, z
|
||||||
{
|
{
|
||||||
zeek::ODesc d;
|
zeek::ODesc d;
|
||||||
d.SetShort();
|
d.SetShort();
|
||||||
|
|
||||||
zeek::plugin::HookArgument(func).Describe(&d);
|
zeek::plugin::HookArgument(func).Describe(&d);
|
||||||
zeek::plugin::HookArgument(args).Describe(&d);
|
|
||||||
|
// For function calls we remove args for unstable arguments
|
||||||
|
// from parsing the version in `base/misc/version`.
|
||||||
|
if ( ::strcmp(d.Description(), "Version::parse") == 0 ||
|
||||||
|
::strcmp(d.Description(), "gsub") == 0 ||
|
||||||
|
::strcmp(d.Description(), "split_string1") == 0 ||
|
||||||
|
::strcmp(d.Description(), "lstrip") == 0 ||
|
||||||
|
::strcmp(d.Description(), "to_count") == 0)
|
||||||
|
d.Add("(...)");
|
||||||
|
else
|
||||||
|
zeek::plugin::HookArgument(args).Describe(&d);
|
||||||
|
|
||||||
fprintf(stderr, "%.6f %-15s %s\n", zeek::run_state::network_time, "| HookCallFunction",
|
fprintf(stderr, "%.6f %-15s %s\n", zeek::run_state::network_time, "| HookCallFunction",
|
||||||
d.Description());
|
d.Description());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,9 @@
|
||||||
# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo Hooks
|
# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo Hooks
|
||||||
# @TEST-EXEC: cp -r %DIR/hooks-plugin/* .
|
# @TEST-EXEC: cp -r %DIR/hooks-plugin/* .
|
||||||
# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
|
# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
|
||||||
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT s1.sig 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output
|
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -r $TRACES/http/get.trace %INPUT s1.sig 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output
|
||||||
# @TEST-EXEC: btest-diff output
|
# @TEST-EXEC: btest-diff output
|
||||||
|
|
||||||
@unload base/misc/version
|
|
||||||
@load base/init-default
|
|
||||||
|
|
||||||
@load-sigs s2
|
@load-sigs s2
|
||||||
|
|
||||||
@TEST-START-FILE s1.sig
|
@TEST-START-FILE s1.sig
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue