diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc index 6491063585..76b1ba4b04 100644 --- a/src/threading/formatters/Ascii.cc +++ b/src/threading/formatters/Ascii.cc @@ -261,8 +261,10 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag break; case TYPE_PORT: + { val->val.port_val.proto = TRANSPORT_UNKNOWN; pos = s.find('/'); + string numberpart; if ( pos != std::string::npos && s.length() > pos + 1 ) { auto proto = s.substr(pos+1); @@ -272,10 +274,22 @@ threading::Value* Ascii::ParseValue(const string& s, const string& name, TypeTag val->val.port_val.proto = TRANSPORT_UDP; else if ( strtolower(proto) == "icmp" ) val->val.port_val.proto = TRANSPORT_ICMP; + else if ( strtolower(proto) == "unknown" ) + val->val.port_val.proto = TRANSPORT_UNKNOWN; + else + GetThread()->Warning(GetThread()->Fmt("Port '%s' contained unknown protocol '%s'", s.c_str(), proto.c_str())); + } + + // make the string end at the position of "/"; + if ( pos != std::string::npos && pos > 0 ) + { + numberpart = s.substr(0, pos); + start = numberpart.c_str(); } val->val.port_val.port = strtoull(start, &end, 10); if ( CheckNumberError(start, end) ) goto parse_error; + } break; case TYPE_SUBNET: diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr new file mode 100644 index 0000000000..977e8fc37a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro..stderr @@ -0,0 +1 @@ +received termination signal diff --git a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log b/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log index b1e03411e5..0d96d0f111 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log +++ b/testing/btest/Baseline/scripts.base.frameworks.config.basic/bro.config.log @@ -3,21 +3,23 @@ #empty_field (empty) #unset_field - #path config -#open 2017-10-11-20-23-11 +#open 2018-08-10-18-16-52 #fields ts id old_value new_value location #types time string string string string -1507753391.587107 testbool T F ../configfile -1507753391.587107 testcount 0 1 ../configfile -1507753391.587107 testcount 1 2 ../configfile -1507753391.587107 testint 0 -1 ../configfile -1507753391.587107 testenum SSH::LOG Conn::LOG ../configfile -1507753391.587107 testport 42/tcp 45/unknown ../configfile -1507753391.587107 testaddr 127.0.0.1 127.0.0.1 ../configfile -1507753391.587107 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile -1507753391.587107 testinterval 1.0 sec 60.0 ../configfile -1507753391.587107 testtime 0.0 1507321987.0 ../configfile -1507753391.587107 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile -1507753391.587107 test_vector (empty) 1,2,3,4,5,6 ../configfile -1507753391.587107 test_set b,c,a,d,erdbeerschnitzel (empty) ../configfile -1507753391.587107 test_set (empty) \x2d ../configfile -#close 2017-10-11-20-23-11 +1533925012.140634 testbool T F ../configfile +1533925012.140634 testcount 0 1 ../configfile +1533925012.140634 testcount 1 2 ../configfile +1533925012.140634 testint 0 -1 ../configfile +1533925012.140634 testenum SSH::LOG Conn::LOG ../configfile +1533925012.140634 testport 42/tcp 45/unknown ../configfile +1533925012.140634 testporttcp 40/udp 42/tcp ../configfile +1533925012.140634 testportudp 40/tcp 42/udp ../configfile +1533925012.140634 testaddr 127.0.0.1 127.0.0.1 ../configfile +1533925012.140634 testaddr 127.0.0.1 2607:f8b0:4005:801::200e ../configfile +1533925012.140634 testinterval 1.0 sec 60.0 ../configfile +1533925012.140634 testtime 0.0 1507321987.0 ../configfile +1533925012.140634 test_set (empty) b,c,a,d,erdbeerschnitzel ../configfile +1533925012.140634 test_vector (empty) 1,2,3,4,5,6 ../configfile +1533925012.140634 test_set b,c,a,d,erdbeerschnitzel (empty) ../configfile +1533925012.140634 test_set (empty) \x2d ../configfile +#close 2018-08-10-18-16-52 diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr new file mode 100644 index 0000000000..fee70a8699 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stderr @@ -0,0 +1,2 @@ +warning: ../input.log/Input::READER_ASCII: Port '50/trash' contained unknown protocol 'trash' +received termination signal diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout new file mode 100644 index 0000000000..d1d886b370 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.port-embedded/bro..stdout @@ -0,0 +1,4 @@ +[i=1.2.3.4], [p=80/tcp] +[i=1.2.3.5], [p=52/udp] +[i=1.2.3.6], [p=30/unknown] +[i=1.2.3.7], [p=50/unknown] diff --git a/testing/btest/scripts/base/frameworks/config/basic.bro b/testing/btest/scripts/base/frameworks/config/basic.bro index 3b72f6572d..f5a02983fd 100644 --- a/testing/btest/scripts/base/frameworks/config/basic.bro +++ b/testing/btest/scripts/base/frameworks/config/basic.bro @@ -1,6 +1,7 @@ # @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: btest-diff bro/config.log +# @TEST-EXEC: btest-diff bro/.stderr @load base/frameworks/config @load base/protocols/conn @@ -16,6 +17,8 @@ testcount 2 testint -1 testenum Conn::LOG testport 45 +testporttcp 42/tcp +testportudp 42/udp testaddr 127.0.0.1 testaddr 2607:f8b0:4005:801::200e testinterval 60 @@ -35,6 +38,8 @@ export { option testint: int = 0; option testenum = SSH::LOG; option testport = 42/tcp; + option testporttcp = 40/udp; + option testportudp = 40/tcp; option testaddr = 127.0.0.1; option testtime = network_time(); option testinterval = 1sec; diff --git a/testing/btest/scripts/base/frameworks/input/port-embedded.bro b/testing/btest/scripts/base/frameworks/input/port-embedded.bro new file mode 100644 index 0000000000..8aab733069 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/input/port-embedded.bro @@ -0,0 +1,44 @@ +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-diff bro/.stdout +# @TEST-EXEC: btest-diff bro/.stderr + +@TEST-START-FILE input.log +#fields i p +1.2.3.4 80/tcp +1.2.3.5 52/udp +1.2.3.6 30/unknown +1.2.3.7 50/trash +@TEST-END-FILE + +redef exit_only_after_terminate = T; + +redef InputAscii::empty_field = "EMPTY"; + +module A; + +type Idx: record { + i: addr; +}; + +type Val: record { + p: port; +}; + +global servers: table[addr] of Val = table(); + +event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) + { + print left, right; + } + +event bro_init() + { + Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $ev=line, $destination=servers]); + } + +event Input::end_of_data(name: string, source: string) + { + Input::remove("input"); + terminate(); + }