Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/dev/2.7'

Browse source 
* origin/dev/2.7:
  Improve introspection of Record and TypeType values
  Bro plugins should support a patch version (x.y.z)
  GH-148: add priority to DNSSEC event handlers
  DNSSEC support in Bro
This commit is contained in:
Jon Siwek 2018-11-29 16:27:38 -06:00
commit 28a2964e38
79 changed files with 1652 additions and 403 deletions
Download patch file Download diff file Expand all files Collapse all files

15
CHANGES
View file

@ -1,4 +1,19 @@
2.6-14 | 2018-11-29 16:27:38 -0600
* Improve introspection of Record and TypeType values (Jon Siwek, Corelight)
* TypeType values are now printable and yield the type name/alias
* Fix record_fields BIF to return correct type name for fields
* Allow TypeType values that point to a RecordType to be used with
record_fields BIF
* Bro plugins should support a patch version (x.y.z) (Jon Zeolla)
* GH-148: add priority to DNSSEC event handlers (Jon Siwek, Corelight)
* DNSSEC support (Fatema Bannat Wala)
2.6 | 2018-11-29 10:03:33 -0600 2.6 | 2018-11-29 10:03:33 -0600
* Release 2.6. * Release 2.6.

36
NEWS
View file

@ -1,8 +1,40 @@
This document summarizes the most important changes in the current Bro This document summarizes the most important changes in the current Bro
release. For an exhaustive list of changes, see the ``CHANGES`` file release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as BroControl and Broccoli, come with (note that submodules, such as Broker, come with their own ``CHANGES``.)
their own ``CHANGES``.)
Bro 2.7
=======
New Functionality
-----------------
- Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3.
The associated events are:
- dns_RRSIG
- dns_DNSKEY
- dns_DS
- dns_NSEC
- dns_NSEC3
- Bro's Plugin framework now allows a patch version. If a patch version is not
provided, it will default to 0. To specify this, modify the plugin
Configuration class in your ``src/Plugin.cc` and set
``config.version.patch``. Note that the default plugin skeleton
includes a unit test whose Baseline has the plugin version number in
it and that will now fail due to the version number now including a
patch number. For those that want to keep the unit test, simply adapt
the unit test/baseline to include the new plugin patch number.
Changed Functionality
---------------------
Removed Functionality
---------------------
Deprecated Functionality
------------------------
Bro 2.6 Bro 2.6
======= =======

2
VERSION
View file

@ -1 +1 @@
2.6 2.6-14

2
aux/bro-aux

@ -1 +1 @@
Subproject commit a0d9d311fa3f17912d3cabc6ab51a01fd4762535 Subproject commit 8a57979457db66957163cf0c15f0c9f1d273c52e

11
doc/devel/plugins.rst
View file

@ -99,7 +99,7 @@ option::
# export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build # export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build
# bro -N # bro -N
[...] [...]
Demo::Rot13 - <Insert description> (dynamic, version 0.1) Demo::Rot13 - <Insert description> (dynamic, version 0.1.0)
[...] [...]
That looks quite good, except for the dummy description that we should That looks quite good, except for the dummy description that we should
@ -115,6 +115,7 @@ is about. We do this by editing the ``config.description`` line in
config.description = "Caesar cipher rotating a string's characters by 13 places."; config.description = "Caesar cipher rotating a string's characters by 13 places.";
config.version.major = 0; config.version.major = 0;
config.version.minor = 1; config.version.minor = 1;
config.version.patch = 0;
return config; return config;
} }
[...] [...]
@ -124,14 +125,14 @@ Now rebuild and verify that the description is visible::
# make # make
[...] [...]
# bro -N | grep Rot13 # bro -N | grep Rot13
Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1) Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
Bro can also show us what exactly the plugin provides with the Bro can also show us what exactly the plugin provides with the
more verbose option ``-NN``:: more verbose option ``-NN``::
# bro -NN # bro -NN
[...] [...]
Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1) Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
[Function] Demo::rot13 [Function] Demo::rot13
[...] [...]
@ -166,7 +167,7 @@ unpacking.
To distribute the plugin in binary form, the build process To distribute the plugin in binary form, the build process
conveniently creates a corresponding tarball in ``build/dist/``. In conveniently creates a corresponding tarball in ``build/dist/``. In
this case, it's called ``Demo_Rot13-0.1.tar.gz``, with the version this case, it's called ``Demo_Rot13-0.1.0.tar.gz``, with the version
number coming out of the ``VERSION`` file that ``init-plugin`` put number coming out of the ``VERSION`` file that ``init-plugin`` put
into place. The binary tarball has everything needed to run the into place. The binary tarball has everything needed to run the
plugin, but no further source files. Optionally, one can include plugin, but no further source files. Optionally, one can include
@ -395,7 +396,7 @@ let's get that in place::
% 'btest-diff output' failed unexpectedly (exit code 100) % 'btest-diff output' failed unexpectedly (exit code 100)
% cat .diag % cat .diag
== File =============================== == File ===============================
Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1) Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 0.1.0)
[Function] Demo::rot13 [Function] Demo::rot13
== Error =============================== == Error ===============================

61
scripts/base/init-bare.bro
View file

@ -3544,6 +3544,67 @@ type dns_tsig_additional: record {
is_query: count; ##< TODO. is_query: count; ##< TODO.
}; };
## A DNSSEC RRSIG record.
##
## .. bro:see:: dns_RRSIG
type dns_rrsig_rr: record {
query: string; ##< Query.
answer_type: count; ##< Ans type.
type_covered: count; ##< qtype covered by RRSIG RR.
algorithm: count; ##< Algorithm.
labels: count; ##< Labels in the owner's name.
orig_ttl: interval; ##< Original TTL.
sig_exp: time; ##< Time when signed RR expires.
sig_incep: time; ##< Time when signed.
key_tag: count; ##< Key tag value.
signer_name: string; ##< Signature.
signature: string; ##< Hash of the RRDATA.
is_query: count; ##< The RR is a query/Response.
};
## A DNSSEC DNSKEY record.
##
## .. bro:see:: dns_DNSKEY
type dns_dnskey_rr: record {
query: string; ##< Query.
answer_type: count; ##< Ans type.
flags: count; ##< flags filed.
protocol: count; ##< Protocol, should be always 3 for DNSSEC.
algorithm: count; ##< Algorithm for Public Key.
public_key: string; ##< Public Key
is_query: count; ##< The RR is a query/Response.
};
## A DNSSEC NSEC3 record.
##
## .. bro:see:: dns_NSEC3
type dns_nsec3_rr: record {
query: string; ##< Query.
answer_type: count; ##< Ans type.
nsec_flags: count; ##< flags field.
nsec_hash_algo: count; ##< Hash algorithm.
nsec_iter: count; ##< Iterations.
nsec_salt_len: count; ##< Salt length.
nsec_salt: string; ##< Salt value
nsec_hlen: count; ##< Hash length.
nsec_hash: string; ##< Hash value.
bitmaps: string_vec; ##< Type Bit Maps.
is_query: count; ##< The RR is a query/Response.
};
## A DNSSEC DS record.
##
## .. bro:see:: dns_DS
type dns_ds_rr: record {
query: string; ##< Query.
answer_type: count; ##< Ans type.
key_tag: count; ##< flags filed.
algorithm: count; ##< Algorithm for Public Key.
digest_type: count; ##< Digest Type.
digest_val: string; ##< Digest Value.
is_query: count; ##< The RR is a query/Response.
};
# DNS answer types. # DNS answer types.
# #
# .. bro:see:: dns_answerr # .. bro:see:: dns_answerr

33
scripts/base/protocols/dns/consts.bro
View file

@ -130,4 +130,37 @@ export {
[254] = "C_NONE", [254] = "C_NONE",
[255] = "C_ANY", [255] = "C_ANY",
} &default = function(n: count): string { return fmt("qclass-%d", n); }; } &default = function(n: count): string { return fmt("qclass-%d", n); };
## Possible values of the algorithms used in DNSKEY, DS and RRSIG records
const algorithms = {
[0] = "reserved0",
[1] = "RSA_MD5",
[2] = "Diffie_Hellman",
[3] = "DSA_SHA1",
[4] = "Elliptic_Curve",
[5] = "RSA_SHA1",
[6] = "DSA_NSEC3_SHA1",
[7] = "RSA_SHA1_NSEC3_SHA1",
[8] = "RSA_SHA256",
[10] = "RSA_SHA512",
[12] = "GOST_R_34_10_2001",
[13] = "ECDSA_curveP256withSHA256",
[14] = "ECDSA_curveP384withSHA384",
[15] = "Ed25519",
[16] = "Ed448",
[252] = "Indirect",
[253] = "PrivateDNS",
[254] = "PrivateOID",
[255] = "reserved255",
} &default = function(n: count): string { return fmt("algorithm-%d", n); };
## Possible digest types used in DNSSEC.
const digests = {
[0] = "reserved0",
[1] = "SHA1",
[2] = "SHA256",
[3] = "GOST_R_34_11_94",
[4] = "SHA384",
} &default = function(n: count): string { return fmt("digest-%d", n); };
} }

32
scripts/base/protocols/dns/main.bro
View file

@ -466,6 +466,38 @@ event dns_SRV_reply(c: connection, msg: dns_msg, ans: dns_answer, target: string
# #
# } # }
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) &priority=5
{
local s: string;
s = fmt("RRSIG %s %s", rrsig$type_covered,
rrsig$signer_name == "" ? "<Root>" : rrsig$signer_name);
hook DNS::do_reply(c, msg, ans, s);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr) &priority=5
{
local s: string;
s = fmt("DNSKEY %s", dnskey$algorithm);
hook DNS::do_reply(c, msg, ans, s);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec) &priority=5
{
hook DNS::do_reply(c, msg, ans, fmt("NSEC %s %s", ans$query, next_name));
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr) &priority=5
{
hook DNS::do_reply(c, msg, ans, "NSEC3");
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr) &priority=5
{
local s: string;
s = fmt("DS %s %s", ds$algorithm, ds$digest_type);
hook DNS::do_reply(c, msg, ans, s);
}
event dns_rejected(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) &priority=5 event dns_rejected(c: connection, msg: dns_msg, query: string, qtype: count, qclass: count) &priority=5
{ {
if ( c?$dns ) if ( c?$dns )

9
src/NetVar.cc
View file

@ -115,6 +115,10 @@ RecordType* dns_answer;
RecordType* dns_soa; RecordType* dns_soa;
RecordType* dns_edns_additional; RecordType* dns_edns_additional;
RecordType* dns_tsig_additional; RecordType* dns_tsig_additional;
RecordType* dns_rrsig_rr;
RecordType* dns_dnskey_rr;
RecordType* dns_nsec3_rr;
RecordType* dns_ds_rr;
TableVal* dns_skip_auth; TableVal* dns_skip_auth;
TableVal* dns_skip_addl; TableVal* dns_skip_addl;
int dns_skip_all_auth; int dns_skip_all_auth;
@ -430,7 +434,10 @@ void init_net_var()
internal_type("dns_edns_additional")->AsRecordType(); internal_type("dns_edns_additional")->AsRecordType();
dns_tsig_additional = dns_tsig_additional =
internal_type("dns_tsig_additional")->AsRecordType(); internal_type("dns_tsig_additional")->AsRecordType();
dns_rrsig_rr = internal_type("dns_rrsig_rr")->AsRecordType();
dns_dnskey_rr = internal_type("dns_dnskey_rr")->AsRecordType();
dns_nsec3_rr = internal_type("dns_nsec3_rr")->AsRecordType();
dns_ds_rr = internal_type("dns_ds_rr")->AsRecordType();
dns_skip_auth = internal_val("dns_skip_auth")->AsTableVal(); dns_skip_auth = internal_val("dns_skip_auth")->AsTableVal();
dns_skip_addl = internal_val("dns_skip_addl")->AsTableVal(); dns_skip_addl = internal_val("dns_skip_addl")->AsTableVal();
dns_skip_all_auth = opt_internal_int("dns_skip_all_auth"); dns_skip_all_auth = opt_internal_int("dns_skip_all_auth");

4
src/NetVar.h
View file

@ -118,6 +118,10 @@ extern RecordType* dns_answer;
extern RecordType* dns_soa; extern RecordType* dns_soa;
extern RecordType* dns_edns_additional; extern RecordType* dns_edns_additional;
extern RecordType* dns_tsig_additional; extern RecordType* dns_tsig_additional;
extern RecordType* dns_rrsig_rr;
extern RecordType* dns_dnskey_rr;
extern RecordType* dns_nsec3_rr;
extern RecordType* dns_ds_rr;
extern TableVal* dns_skip_auth; extern TableVal* dns_skip_auth;
extern TableVal* dns_skip_addl; extern TableVal* dns_skip_addl;
extern int dns_skip_all_auth; extern int dns_skip_all_auth;

2
src/Val.cc
View file

@ -500,6 +500,8 @@ void Val::ValDescribe(ODesc* d) const
AsFunc()->Describe(d); AsFunc()->Describe(d);
else if ( type->Tag() == TYPE_FILE ) else if ( type->Tag() == TYPE_FILE )
AsFile()->Describe(d); AsFile()->Describe(d);
else if ( type->Tag() == TYPE_TYPE )
d->Add(type->AsTypeType()->Type()->GetName());
else else
d->Add("<no value description>"); d->Add("<no value description>");
break; break;

489
src/analyzer/protocol/dns/DNS.cc
View file

@ -312,6 +312,26 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
status = ParseRR_TSIG(msg, data, len, rdlength, msg_start); status = ParseRR_TSIG(msg, data, len, rdlength, msg_start);
break; break;
case TYPE_RRSIG:
status = ParseRR_RRSIG(msg, data, len, rdlength, msg_start);
break;
case TYPE_DNSKEY:
status = ParseRR_DNSKEY(msg, data, len, rdlength, msg_start);
break;
case TYPE_NSEC:
status = ParseRR_NSEC(msg, data, len, rdlength, msg_start);
break;
case TYPE_NSEC3:
status = ParseRR_NSEC3(msg, data, len, rdlength, msg_start);
break;
case TYPE_DS:
status = ParseRR_DS(msg, data, len, rdlength, msg_start);
break;
default: default:
if ( dns_unknown_reply && ! msg->skip_event ) if ( dns_unknown_reply && ! msg->skip_event )
@ -724,6 +744,17 @@ void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len,
len -= dlen; len -= dlen;
} }
BroString* DNS_Interpreter::ExtractStream(const u_char*& data, int& len, int l)
{
l = max(l, 0);
int dlen = min(len, l); // Len in bytes of the algorithm use
auto rval = new BroString(data, dlen, 0);
data += dlen;
len -= dlen;
return rval;
}
int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength, const u_char*& data, int& len, int rdlength,
const u_char* msg_start) const u_char* msg_start)
@ -769,6 +800,389 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
return 1; return 1;
} }
int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start)
{
if ( ! dns_RRSIG || msg->skip_event )
{
data += rdlength;
len -= rdlength;
return 1;
}
if ( len < 18 )
return 0;
unsigned int type_covered = ExtractShort(data, len);
// split the two bytes for algo and labels extraction
uint32 algo_lab = ExtractShort(data, len);
unsigned int algo = (algo_lab >> 8) & 0xff;
unsigned int lab = algo_lab & 0xff;
uint32 orig_ttl = ExtractLong(data, len);
uint32 sign_exp = ExtractLong(data, len);
uint32 sign_incp = ExtractLong(data, len);
unsigned int key_tag = ExtractShort(data, len);
//implement signer's name with the msg_start offset
const u_char* data_start = data;
u_char name[513];
int name_len = sizeof(name) - 1;
u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
if ( ! name_end )
return 0;
int sig_len = rdlength - ((data - data_start) + 18);
DNSSEC_Algo dsa = DNSSEC_Algo(algo);
BroString* sign = ExtractStream(data, len, sig_len);
switch ( dsa ) {
case RSA_MD5:
analyzer->Weird("DNSSEC_RRSIG_NotRecommended_ZoneSignAlgo", fmt("%d", algo));
break;
case Diffie_Hellman:
break;
case DSA_SHA1:
break;
case Elliptic_Curve:
break;
case RSA_SHA1:
break;
case DSA_NSEC3_SHA1:
break;
case RSA_SHA1_NSEC3_SHA1:
break;
case RSA_SHA256:
break;
case RSA_SHA512:
break;
case GOST_R_34_10_2001:
break;
case ECDSA_curveP256withSHA256:
break;
case ECDSA_curveP384withSHA384:
break;
case Indirect:
analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", fmt("%d", algo));
break;
case PrivateDNS:
analyzer->Weird("DNSSEC_RRSIG_PrivateDNS_ZoneSignAlgo", fmt("%d", algo));
break;
case PrivateOID:
analyzer->Weird("DNSSEC_RRSIG_PrivateOID_ZoneSignAlgo", fmt("%d", algo));
break;
default:
analyzer->Weird("DNSSEC_RRSIG_unknown_ZoneSignAlgo", fmt("%d", algo));
break;
}
RRSIG_DATA rrsig;
rrsig.type_covered = type_covered;
rrsig.algorithm = algo;
rrsig.labels = lab;
rrsig.orig_ttl = orig_ttl;
rrsig.sig_exp = sign_exp;
rrsig.sig_incep = sign_incp;
rrsig.key_tag = key_tag;
rrsig.signer_name = new BroString(name, name_end - name, 1);
rrsig.signature = sign;
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(msg->BuildRRSIG_Val(&rrsig));
analyzer->ConnectionEvent(dns_RRSIG, vl);
return 1;
}
int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start)
{
if ( ! dns_DNSKEY || msg->skip_event )
{
data += rdlength;
len -= rdlength;
return 1;
}
if ( len < 4 )
return 0;
auto dflags = ExtractShort(data, len);
// split the two bytes for protocol and algorithm extraction
auto proto_algo = ExtractShort(data, len);
unsigned int dprotocol = (proto_algo >> 8) & 0xff;
unsigned int dalgorithm = proto_algo & 0xff;
DNSSEC_Algo dsa = DNSSEC_Algo(dalgorithm);
//Evaluating the size of remaining bytes for Public Key
BroString* key = ExtractStream(data, len, rdlength - 4);
if ( dflags != 256 and dflags != 257 and dflags != 0 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
if ( dprotocol != 3 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));
switch ( dsa ) {
case RSA_MD5:
analyzer->Weird("DNSSEC_DNSKEY_NotRecommended_ZoneSignAlgo", fmt("%d", dalgorithm));
break;
case Diffie_Hellman:
break;
case DSA_SHA1:
break;
case Elliptic_Curve:
break;
case RSA_SHA1:
break;
case DSA_NSEC3_SHA1:
break;
case RSA_SHA1_NSEC3_SHA1:
break;
case RSA_SHA256:
break;
case RSA_SHA512:
break;
case GOST_R_34_10_2001:
break;
case ECDSA_curveP256withSHA256:
break;
case ECDSA_curveP384withSHA384:
break;
case Indirect:
analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", fmt("%d", dalgorithm));
break;
case PrivateDNS:
analyzer->Weird("DNSSEC_DNSKEY_PrivateDNS_ZoneSignAlgo", fmt("%d", dalgorithm));
break;
case PrivateOID:
analyzer->Weird("DNSSEC_DNSKEY_PrivateOID_ZoneSignAlgo", fmt("%d", dalgorithm));
break;
default:
analyzer->Weird("DNSSEC_DNSKEY_unknown_ZoneSignAlgo", fmt("%d", dalgorithm));
break;
}
DNSKEY_DATA dnskey;
dnskey.dflags = dflags;
dnskey.dalgorithm = dalgorithm;
dnskey.dprotocol = dprotocol;
dnskey.public_key = key;
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(msg->BuildDNSKEY_Val(&dnskey));
analyzer->ConnectionEvent(dns_DNSKEY, vl);
return 1;
}
int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start)
{
if ( ! dns_NSEC || msg->skip_event )
{
data += rdlength;
len -= rdlength;
return 1;
}
const u_char* data_start = data;
u_char name[513];
int name_len = sizeof(name) - 1;
u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
if ( ! name_end )
return 0;
int typebitmaps_len = rdlength - (data - data_start);
VectorVal* char_strings = new VectorVal(string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
uint32 block_bmlen = ExtractShort(data, len);
unsigned int win_blck = (block_bmlen >> 8) & 0xff;
unsigned int bmlen = block_bmlen & 0xff;
if ( bmlen == 0 )
{
analyzer->Weird("DNSSEC_NSEC_bitmapLen0", fmt("%d", win_blck));
break;
}
BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), new StringVal(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen);
}
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(new StringVal(new BroString(name, name_end - name, 1)));
vl->append(char_strings);
analyzer->ConnectionEvent(dns_NSEC, vl);
return 1;
}
int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start)
{
if ( ! dns_NSEC3 || msg->skip_event )
{
data += rdlength;
len -= rdlength;
return 1;
}
if ( len < 6 )
return 0;
const u_char* data_start = data;
uint32 halgo_flags = ExtractShort(data, len);
unsigned int hash_algo = (halgo_flags >> 8) & 0xff;
unsigned int nsec_flags = halgo_flags & 0xff;
unsigned int iter = ExtractShort(data, len);
uint8 salt_len = 0;
if ( len > 0 )
{
salt_len = data[0];
++data;
--len;
}
auto salt_val = ExtractStream(data, len, static_cast<int>(salt_len));
uint8 hash_len = 0;
if ( len > 0 )
{
hash_len = data[0];
++data;
--len;
}
auto hash_val = ExtractStream(data, len, static_cast<int>(hash_len));
int typebitmaps_len = rdlength - (data - data_start);
VectorVal* char_strings = new VectorVal(string_vec);
while ( typebitmaps_len > 0 && len > 0 )
{
uint32 block_bmlen = ExtractShort(data, len);
unsigned int win_blck = ( block_bmlen >> 8) & 0xff;
unsigned int bmlen = block_bmlen & 0xff;
if ( bmlen == 0 )
{
analyzer->Weird("DNSSEC_NSEC3_bitmapLen0", fmt("%d", win_blck));
break;
}
BroString* bitmap = ExtractStream(data, len, bmlen);
char_strings->Assign(char_strings->Size(), new StringVal(bitmap));
typebitmaps_len = typebitmaps_len - (2 + bmlen);
}
NSEC3_DATA nsec3;
nsec3.nsec_flags = nsec_flags;
nsec3.nsec_hash_algo = hash_algo;
nsec3.nsec_iter = iter;
nsec3.nsec_salt_len = salt_len;
nsec3.nsec_salt = salt_val;
nsec3.nsec_hlen = hash_len;
nsec3.nsec_hash = hash_val;
nsec3.bitmaps = char_strings;
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(msg->BuildNSEC3_Val(&nsec3));
analyzer->ConnectionEvent(dns_NSEC3, vl);
return 1;
}
int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start)
{
if ( ! dns_DS || msg->skip_event )
{
data += rdlength;
len -= rdlength;
return 1;
}
if ( len < 4 )
return 0;
unsigned int ds_key_tag = ExtractShort(data, len);
// split the two bytes for algorithm and digest type extraction
uint32 ds_algo_dtype = ExtractShort(data, len);
unsigned int ds_algo = (ds_algo_dtype >> 8) & 0xff;
unsigned int ds_dtype = ds_algo_dtype & 0xff;
DNSSEC_Digest ds_digest_type = DNSSEC_Digest(ds_dtype);
BroString* ds_digest = ExtractStream(data, len, rdlength - 4);
switch ( ds_digest_type ) {
case SHA1:
break;
case SHA256:
break;
case GOST_R_34_11_94:
break;
case SHA384:
break;
case reserved0:
analyzer->Weird("DNSSEC_DS_ResrevedDigestType", fmt("%d", ds_dtype));
break;
default:
analyzer->Weird("DNSSEC_DS_unknown_DigestType", fmt("%d", ds_dtype));
break;
}
DS_DATA ds;
ds.key_tag = ds_key_tag;
ds.algorithm = ds_algo;
ds.digest_type = ds_dtype;
ds.digest_val = ds_digest;
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(msg->BuildDS_Val(&ds));
analyzer->ConnectionEvent(dns_DS, vl);
return 1;
}
int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg, int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength) const u_char*& data, int& len, int rdlength)
{ {
@ -1063,7 +1477,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val()
// Need to break the TTL field into three components: // Need to break the TTL field into three components:
// initial: [------------- ttl (32) ---------------------] // initial: [------------- ttl (32) ---------------------]
// after: [DO][ ext rcode (7)][ver # (8)][ Z field (16)] // after: [ ext rcode (8)][ver # (8)][ Z field (16) ]
unsigned int ercode = (ttl >> 24) & 0xff; unsigned int ercode = (ttl >> 24) & 0xff;
unsigned int version = (ttl >> 16) & 0xff; unsigned int version = (ttl >> 16) & 0xff;
@ -1104,6 +1518,79 @@ Val* DNS_MsgInfo::BuildTSIG_Val()
return r; return r;
} }
Val* DNS_MsgInfo::BuildRRSIG_Val(RRSIG_DATA* rrsig)
{
RecordVal* r = new RecordVal(dns_rrsig_rr);
Ref(query_name);
r->Assign(0, query_name);
r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
r->Assign(2, new Val(rrsig->type_covered, TYPE_COUNT));
r->Assign(3, new Val(rrsig->algorithm, TYPE_COUNT));
r->Assign(4, new Val(rrsig->labels, TYPE_COUNT));
r->Assign(5, new IntervalVal(double(rrsig->orig_ttl), Seconds));
r->Assign(6, new Val(double(rrsig->sig_exp), TYPE_TIME));
r->Assign(7, new Val(double(rrsig->sig_incep), TYPE_TIME));
r->Assign(8, new Val(rrsig->key_tag, TYPE_COUNT));
r->Assign(9, new StringVal(rrsig->signer_name));
r->Assign(10, new StringVal(rrsig->signature));
r->Assign(11, new Val(is_query, TYPE_COUNT));
return r;
}
Val* DNS_MsgInfo::BuildDNSKEY_Val(DNSKEY_DATA* dnskey)
{
RecordVal* r = new RecordVal(dns_dnskey_rr);
Ref(query_name);
r->Assign(0, query_name);
r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
r->Assign(2, new Val(dnskey->dflags, TYPE_COUNT));
r->Assign(3, new Val(dnskey->dprotocol, TYPE_COUNT));
r->Assign(4, new Val(dnskey->dalgorithm, TYPE_COUNT));
r->Assign(5, new StringVal(dnskey->public_key));
r->Assign(6, new Val(is_query, TYPE_COUNT));
return r;
}
Val* DNS_MsgInfo::BuildNSEC3_Val(NSEC3_DATA* nsec3)
{
RecordVal* r = new RecordVal(dns_nsec3_rr);
Ref(query_name);
r->Assign(0, query_name);
r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
r->Assign(2, new Val(nsec3->nsec_flags, TYPE_COUNT));
r->Assign(3, new Val(nsec3->nsec_hash_algo, TYPE_COUNT));
r->Assign(4, new Val(nsec3->nsec_iter, TYPE_COUNT));
r->Assign(5, new Val(nsec3->nsec_salt_len, TYPE_COUNT));
r->Assign(6, new StringVal(nsec3->nsec_salt));
r->Assign(7, new Val(nsec3->nsec_hlen, TYPE_COUNT));
r->Assign(8, new StringVal(nsec3->nsec_hash));
r->Assign(9, nsec3->bitmaps);
r->Assign(10, new Val(is_query, TYPE_COUNT));
return r;
}
Val* DNS_MsgInfo::BuildDS_Val(DS_DATA* ds)
{
RecordVal* r = new RecordVal(dns_ds_rr);
Ref(query_name);
r->Assign(0, query_name);
r->Assign(1, new Val(int(answer_type), TYPE_COUNT));
r->Assign(2, new Val(ds->key_tag, TYPE_COUNT));
r->Assign(3, new Val(ds->algorithm, TYPE_COUNT));
r->Assign(4, new Val(ds->digest_type, TYPE_COUNT));
r->Assign(5, new StringVal(ds->digest_val));
r->Assign(6, new Val(is_query, TYPE_COUNT));
return r;
}
Contents_DNS::Contents_DNS(Connection* conn, bool orig, Contents_DNS::Contents_DNS(Connection* conn, bool orig,
DNS_Interpreter* arg_interp) DNS_Interpreter* arg_interp)
: tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig) : tcp::TCP_SupportAnalyzer("CONTENTS_DNS", conn, orig)

97
src/analyzer/protocol/dns/DNS.h
View file

@ -57,7 +57,12 @@ typedef enum {
TYPE_TKEY = 249, ///< Transaction Key (RFC 2930) TYPE_TKEY = 249, ///< Transaction Key (RFC 2930)
TYPE_TSIG = 250, ///< Transaction Signature (RFC 2845) TYPE_TSIG = 250, ///< Transaction Signature (RFC 2845)
TYPE_CAA = 257, ///< Certification Authority Authorization (RFC 6844) TYPE_CAA = 257, ///< Certification Authority Authorization (RFC 6844)
// DNSSEC RR's
TYPE_RRSIG = 46, ///< RR Signature record type (RFC4043)
TYPE_NSEC = 47, ///< Next Secure record (RFC4043)
TYPE_DNSKEY = 48, ///< DNS Key record (RFC 4034)
TYPE_DS = 43, ///< Delegation signer (RFC 4034)
TYPE_NSEC3 = 50,
// The following are only valid in queries. // The following are only valid in queries.
TYPE_AXFR = 252, TYPE_AXFR = 252,
TYPE_ALL = 255, TYPE_ALL = 255,
@ -75,6 +80,33 @@ typedef enum {
DNS_ADDITIONAL, DNS_ADDITIONAL,
} DNS_AnswerType; } DNS_AnswerType;
typedef enum {
reserved0 = 0,
RSA_MD5 = 1, ///< [RFC2537] NOT RECOMMENDED
Diffie_Hellman = 2, ///< [RFC2539]
DSA_SHA1 = 3, ///< [RFC2536] OPTIONAL
Elliptic_Curve = 4,
RSA_SHA1 = 5, ///< [RFC3110] MANDATORY
DSA_NSEC3_SHA1 = 6,
RSA_SHA1_NSEC3_SHA1 = 7,
RSA_SHA256 = 8,
RSA_SHA512 = 10,
GOST_R_34_10_2001 = 12,
ECDSA_curveP256withSHA256 = 13,
ECDSA_curveP384withSHA384 =14,
Indirect = 252, ///<
PrivateDNS = 253, ///< OPTIONAL
PrivateOID = 254, ///< OPTIONAL
reserved255 = 255,
} DNSSEC_Algo;
typedef enum {
reserved = 0,
SHA1 = 1, ///< [RFC3110] MANDATORY
SHA256 = 2,
GOST_R_34_11_94 = 3,
SHA384 = 4,
} DNSSEC_Digest;
struct DNS_RawMsgHdr { struct DNS_RawMsgHdr {
unsigned short id; unsigned short id;
@ -105,6 +137,43 @@ struct TSIG_DATA {
unsigned short rr_error; unsigned short rr_error;
}; };
struct RRSIG_DATA {
unsigned short type_covered; // 16 : ExtractShort(data, len)
unsigned short algorithm; // 8
unsigned short labels; // 8
uint32 orig_ttl; // 32
unsigned long sig_exp; // 32
unsigned long sig_incep; // 32
unsigned short key_tag; //16
BroString* signer_name;
BroString* signature;
};
struct DNSKEY_DATA {
unsigned short dflags; // 16 : ExtractShort(data, len)
unsigned short dalgorithm; // 8
unsigned short dprotocol; // 8
BroString* public_key; // Variable lenght Public Key
};
struct NSEC3_DATA {
unsigned short nsec_flags;
unsigned short nsec_hash_algo;
unsigned short nsec_iter;
unsigned short nsec_salt_len;
BroString* nsec_salt;
unsigned short nsec_hlen;
BroString* nsec_hash;
VectorVal* bitmaps;
};
struct DS_DATA {
unsigned short key_tag; // 16 : ExtractShort(data, len)
unsigned short algorithm; // 8
unsigned short digest_type; // 8
BroString* digest_val; // Variable lenght Digest of DNSKEY RR
};
class DNS_MsgInfo { class DNS_MsgInfo {
public: public:
DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query); DNS_MsgInfo(DNS_RawMsgHdr* hdr, int is_query);
@ -114,6 +183,10 @@ public:
Val* BuildAnswerVal(); Val* BuildAnswerVal();
Val* BuildEDNS_Val(); Val* BuildEDNS_Val();
Val* BuildTSIG_Val(); Val* BuildTSIG_Val();
Val* BuildRRSIG_Val(struct RRSIG_DATA*);
Val* BuildDNSKEY_Val(struct DNSKEY_DATA*);
Val* BuildNSEC3_Val(struct NSEC3_DATA*);
Val* BuildDS_Val(struct DS_DATA*);
int id; int id;
int opcode; ///< query type, see DNS_Opcode int opcode; ///< query type, see DNS_Opcode
@ -143,8 +216,7 @@ public:
///< for forward lookups ///< for forward lookups
// More values for spesific DNS types. // More values for spesific DNS types.
// struct EDNS_ADDITIONAL* edns; //struct EDNS_ADDITIONAL* edns;
struct TSIG_DATA* tsig; struct TSIG_DATA* tsig;
}; };
@ -183,6 +255,8 @@ protected:
uint32 ExtractLong(const u_char*& data, int& len); uint32 ExtractLong(const u_char*& data, int& len);
void ExtractOctets(const u_char*& data, int& len, BroString** p); void ExtractOctets(const u_char*& data, int& len, BroString** p);
BroString* ExtractStream(const u_char*& data, int& len, int sig_len);
int ParseRR_Name(DNS_MsgInfo* msg, int ParseRR_Name(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength, const u_char*& data, int& len, int rdlength,
const u_char* msg_start); const u_char* msg_start);
@ -218,7 +292,21 @@ protected:
int ParseRR_TSIG(DNS_MsgInfo* msg, int ParseRR_TSIG(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength, const u_char*& data, int& len, int rdlength,
const u_char* msg_start); const u_char* msg_start);
int ParseRR_RRSIG(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start);
int ParseRR_DNSKEY(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start);
int ParseRR_NSEC(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start);
int ParseRR_NSEC3(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start);
int ParseRR_DS(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength,
const u_char* msg_start);
void SendReplyOrRejectEvent(DNS_MsgInfo* msg, EventHandlerPtr event, void SendReplyOrRejectEvent(DNS_MsgInfo* msg, EventHandlerPtr event,
const u_char*& data, int& len, const u_char*& data, int& len,
BroString* question_name); BroString* question_name);
@ -270,7 +358,6 @@ public:
void Done() override; void Done() override;
void ConnectionClosed(tcp::TCP_Endpoint* endpoint, void ConnectionClosed(tcp::TCP_Endpoint* endpoint,
tcp::TCP_Endpoint* peer, int gen_event) override; tcp::TCP_Endpoint* peer, int gen_event) override;
void ExpireTimer(double t); void ExpireTimer(double t);
static analyzer::Analyzer* Instantiate(Connection* conn) static analyzer::Analyzer* Instantiate(Connection* conn)

67
src/analyzer/protocol/dns/events.bif
View file

@ -493,6 +493,73 @@ event dns_EDNS_addl%(c: connection, msg: dns_msg, ans: dns_edns_additional%);
## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth ## dns_skip_addl dns_skip_all_addl dns_skip_all_auth dns_skip_auth
event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%); event dns_TSIG_addl%(c: connection, msg: dns_msg, ans: dns_tsig_additional%);
## Generated for DNS replies of type *RRSIG*. For replies with multiple answers,
## an individual event of the corresponding type is raised for each.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## ans: The type-independent part of the parsed answer record.
##
## rrsig: The parsed RRSIG record.
event dns_RRSIG%(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr%);
## Generated for DNS replies of type *DNSKEY*. For replies with multiple answers,
## an individual event of the corresponding type is raised for each.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## ans: The type-independent part of the parsed answer record.
##
## dnskey: The parsed DNSKEY record.
event dns_DNSKEY%(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr%);
## Generated for DNS replies of type *NSEC*. For replies with multiple answers,
## an individual event of the corresponding type is raised for each.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## ans: The type-independent part of the parsed answer record.
##
## next_name: The parsed next secure domain name.
##
## bitmaps: vector of strings in hex for the bit maps present.
event dns_NSEC%(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec%);
## Generated for DNS replies of type *NSEC3*. For replies with multiple answers,
## an individual event of the corresponding type is raised for each.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## ans: The type-independent part of the parsed answer record.
##
## nsec3: The parsed RDATA of Nsec3 record.
event dns_NSEC3%(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr%);
## Generated for DNS replies of type *DS*. For replies with multiple answers,
## an individual event of the corresponding type is raised for each.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## ans: The type-independent part of the parsed answer record.
##
## ds: The parsed RDATA of DS record.
event dns_DS%(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr%);
## Generated at the end of processing a DNS packet. This event is the last ## Generated at the end of processing a DNS packet. This event is the last
## ``dns_*`` event that will be raised for a DNS query/reply and signals that ## ``dns_*`` event that will be raised for a DNS query/reply and signals that
## all resource records have been passed on. ## all resource records have been passed on.

42
src/bro.bif
View file

@ -1896,27 +1896,50 @@ function lookup_ID%(id: string%) : any
## includes the field name, whether it is logged, its value (if it has one), ## includes the field name, whether it is logged, its value (if it has one),
## and its default value (if specified). ## and its default value (if specified).
## ##
## rec: The record to inspect. ## rec: The record value or type to inspect.
## ##
## Returns: A table that describes the fields of a record. ## Returns: A table that describes the fields of a record.
function record_fields%(rec: any%): record_field_table function record_fields%(rec: any%): record_field_table
%{ %{
TableVal* fields = new TableVal(record_field_table); TableVal* fields = new TableVal(record_field_table);
RecordVal* rv = rec->AsRecordVal(); auto t = rec->Type();
RecordType* rt = rv->Type()->AsRecordType();
if ( rt->Tag() != TYPE_RECORD ) if ( t->Tag() != TYPE_RECORD && t->Tag() != TYPE_TYPE )
{ {
reporter->Error("non-record passed to record_fields"); reporter->Error("non-record value/type passed to record_fields");
return fields; return fields;
} }
RecordType* rt = nullptr;
RecordVal* rv = nullptr;
if ( t->Tag() == TYPE_RECORD )
{
rt = t->AsRecordType();
rv = rec->AsRecordVal();
}
else
{
t = t->AsTypeType()->Type();
if ( t->Tag() != TYPE_RECORD )
{
reporter->Error("non-record value/type passed to record_fields");
return fields;
}
rt = t->AsRecordType();
}
for ( int i = 0; i < rt->NumFields(); ++i ) for ( int i = 0; i < rt->NumFields(); ++i )
{ {
BroType* ft = rt->FieldType(i); BroType* ft = rt->FieldType(i);
TypeDecl* fd = rt->FieldDecl(i); TypeDecl* fd = rt->FieldDecl(i);
Val* fv = rv->Lookup(i); Val* fv = nullptr;
if ( rv )
fv = rv->Lookup(i);
if ( fv ) if ( fv )
Ref(fv); Ref(fv);
@ -1924,7 +1947,12 @@ function record_fields%(rec: any%): record_field_table
bool logged = (fd->attrs && fd->FindAttr(ATTR_LOG) != 0); bool logged = (fd->attrs && fd->FindAttr(ATTR_LOG) != 0);
RecordVal* nr = new RecordVal(record_field); RecordVal* nr = new RecordVal(record_field);
nr->Assign(0, new StringVal(type_name(rt->Tag())));
if ( ft->Tag() == TYPE_RECORD )
nr->Assign(0, new StringVal("record " + ft->GetName()));
else
nr->Assign(0, new StringVal(type_name(ft->Tag())));
nr->Assign(1, new Val(logged, TYPE_BOOL)); nr->Assign(1, new Val(logged, TYPE_BOOL));
nr->Assign(2, fv); nr->Assign(2, fv);
nr->Assign(3, rt->FieldDefault(i)); nr->Assign(3, rt->FieldDefault(i));

2
src/plugin/Plugin.cc
View file

@ -445,6 +445,8 @@ void Plugin::Describe(ODesc* d) const
d->Add(config.version.major); d->Add(config.version.major);
d->Add("."); d->Add(".");
d->Add(config.version.minor); d->Add(config.version.minor);
d->Add(".");
d->Add(config.version.patch);
d->Add(")"); d->Add(")");
} }
else else

16
src/plugin/Plugin.h
View file

@ -15,7 +15,7 @@
// Increase this when making incompatible changes to the plugin API. Note // Increase this when making incompatible changes to the plugin API. Note
// that the constant is never used in C code. It's picked up on by CMake. // that the constant is never used in C code. It's picked up on by CMake.
#define BRO_PLUGIN_API_VERSION 6 #define BRO_PLUGIN_API_VERSION 7
#define BRO_PLUGIN_BRO_VERSION BRO_VERSION_FUNCTION #define BRO_PLUGIN_BRO_VERSION BRO_VERSION_FUNCTION
@ -67,18 +67,24 @@ extern const char* hook_name(HookType h);
* Helper class to capture a plugin's version. * Helper class to capture a plugin's version.
* */ * */
struct VersionNumber { struct VersionNumber {
int major; //< Major version number; int major; //< Major version number.
int minor; //< Minor version number; int minor; //< Minor version number.
int patch; //< Patch version number (available since Bro 2.7).
/** /**
* Constructor. * Constructor.
*/ */
VersionNumber() { major = minor = -1; } VersionNumber() {
// Major and minor versions are required.
major = minor = -1;
// Patch version is optional, and set to 0 if not manually set.
patch = 0;
}
/** /**
* Returns true if the version is set to a non-negative value. * Returns true if the version is set to a non-negative value.
*/ */
explicit operator bool() const { return major >= 0 && minor >= 0; } explicit operator bool() const { return major >= 0 && minor >= 0 && patch >= 0; }
}; };
/** /**

35
testing/btest/Baseline/bifs.records_fields/out
View file

@ -1,8 +1,33 @@
[a=42, b=Foo, c=<uninitialized>, d=Bar] [a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
{ {
[b] = [type_name=record, log=F, value=Foo, default_val=Foo], [b] = [type_name=string, log=F, value=Foo, default_val=Foo],
[c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>], [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>], [e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
[d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>] [a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
} }
F F
{
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
}
{
[b] = [type_name=string, log=F, value=Foo, default_val=Foo],
[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
}
{
}

2
testing/btest/Baseline/plugins.bifs-and-scripts-install/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 0.1) Demo::Foo - <Insert description> (dynamic, version 0.1.0)
[Function] hello_plugin_world [Function] hello_plugin_world
[Event] plugin_event [Event] plugin_event

2
testing/btest/Baseline/plugins.bifs-and-scripts/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 0.1) Demo::Foo - <Insert description> (dynamic, version 0.1.0)
[Function] hello_plugin_world [Function] hello_plugin_world
[Event] plugin_event [Event] plugin_event

2
testing/btest/Baseline/plugins.file/output
View file

@ -1,4 +1,4 @@
Demo::Foo - A Foo test analyzer (dynamic, version 1.0) Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
[File Analyzer] Foo (ANALYZER_FOO) [File Analyzer] Foo (ANALYZER_FOO)
[Event] foo_piece [Event] foo_piece

566
testing/btest/Baseline/plugins.hooks/output
View file

@ -228,53 +228,53 @@
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -413,53 +413,53 @@
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result> 0.000000 MetaHookPost CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result> 0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -1122,53 +1122,53 @@
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1307,53 +1307,53 @@
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default))
0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) 0.000000 MetaHookPre CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) 0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ()) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ()) 0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -2015,53 +2015,53 @@
0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]) 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]) 0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}]) 0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=anonymous-function, interv=0 secs, postprocessor=<uninitialized>, config={}])
0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]) 0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]) 0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]) 0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]) 0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]) 0.000000 | HookCallFunction Log::__create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]) 0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]) 0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]) 0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]) 0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]) 0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]) 0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]) 0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]) 0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]) 0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]) 0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]) 0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]) 0.000000 | HookCallFunction Log::__create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]) 0.000000 | HookCallFunction Log::__create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]) 0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]) 0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]) 0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]) 0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]) 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]) 0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]) 0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]) 0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]) 0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]) 0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]) 0.000000 | HookCallFunction Log::__create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]) 0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]) 0.000000 | HookCallFunction Log::__create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]) 0.000000 | HookCallFunction Log::__create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]) 0.000000 | HookCallFunction Log::__create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]) 0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]) 0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]) 0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]) 0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]) 0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]) 0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]) 0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]) 0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]) 0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]) 0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2200,53 +2200,53 @@
0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default)
0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default) 0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default)
0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=<no value description>, ev=<uninitialized>, path=broker]) 0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker])
0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=<no value description>, ev=<uninitialized>, path=cluster]) 0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster])
0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=<no value description>, ev=Config::log_config, path=config]) 0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config])
0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=<no value description>, ev=Conn::log_conn, path=conn]) 0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=Conn::Info, ev=Conn::log_conn, path=conn])
0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=<no value description>, ev=<uninitialized>, path=dce_rpc]) 0.000000 | HookCallFunction Log::create_stream(DCE_RPC::LOG, [columns=DCE_RPC::Info, ev=<uninitialized>, path=dce_rpc])
0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=<no value description>, ev=DHCP::log_dhcp, path=dhcp]) 0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=DHCP::Info, ev=DHCP::log_dhcp, path=dhcp])
0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=<no value description>, ev=DNP3::log_dnp3, path=dnp3]) 0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=DNP3::Info, ev=DNP3::log_dnp3, path=dnp3])
0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=<no value description>, ev=DNS::log_dns, path=dns]) 0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=DNS::Info, ev=DNS::log_dns, path=dns])
0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=<no value description>, ev=<uninitialized>, path=dpd]) 0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=DPD::Info, ev=<uninitialized>, path=dpd])
0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=<no value description>, ev=FTP::log_ftp, path=ftp]) 0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=FTP::Info, ev=FTP::log_ftp, path=ftp])
0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=<no value description>, ev=Files::log_files, path=files]) 0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=Files::Info, ev=Files::log_files, path=files])
0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=<no value description>, ev=HTTP::log_http, path=http]) 0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=HTTP::Info, ev=HTTP::log_http, path=http])
0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=<no value description>, ev=IRC::irc_log, path=irc]) 0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=IRC::Info, ev=IRC::irc_log, path=irc])
0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]) 0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=Intel::Info, ev=Intel::log_intel, path=intel])
0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]) 0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=KRB::Info, ev=KRB::log_krb, path=kerberos])
0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]) 0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=Modbus::Info, ev=Modbus::log_modbus, path=modbus])
0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=<no value description>, ev=<uninitialized>, path=ntlm]) 0.000000 | HookCallFunction Log::create_stream(NTLM::LOG, [columns=NTLM::Info, ev=<uninitialized>, path=ntlm])
0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=<no value description>, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release]) 0.000000 | HookCallFunction Log::create_stream(NetControl::CATCH_RELEASE, [columns=NetControl::CatchReleaseInfo, ev=NetControl::log_netcontrol_catch_release, path=netcontrol_catch_release])
0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]) 0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=NetControl::DropInfo, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]) 0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=NetControl::Info, ev=NetControl::log_netcontrol, path=netcontrol])
0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]) 0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=NetControl::ShuntInfo, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]) 0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=Notice::Info, ev=<uninitialized>, path=notice_alarm])
0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]) 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=Notice::Info, ev=Notice::log_notice, path=notice])
0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]) 0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=OpenFlow::Info, ev=OpenFlow::log_openflow, path=openflow])
0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]) 0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=PE::Info, ev=PE::log_pe, path=pe])
0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]) 0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=PacketFilter::Info, ev=<uninitialized>, path=packet_filter])
0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]) 0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=RADIUS::Info, ev=RADIUS::log_radius, path=radius])
0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=<no value description>, ev=RDP::log_rdp, path=rdp]) 0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=RDP::Info, ev=RDP::log_rdp, path=rdp])
0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=<no value description>, ev=RFB::log_rfb, path=rfb]) 0.000000 | HookCallFunction Log::create_stream(RFB::LOG, [columns=RFB::Info, ev=RFB::log_rfb, path=rfb])
0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=<no value description>, ev=<uninitialized>, path=reporter]) 0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=Reporter::Info, ev=<uninitialized>, path=reporter])
0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=<no value description>, ev=SIP::log_sip, path=sip]) 0.000000 | HookCallFunction Log::create_stream(SIP::LOG, [columns=SIP::Info, ev=SIP::log_sip, path=sip])
0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_files]) 0.000000 | HookCallFunction Log::create_stream(SMB::FILES_LOG, [columns=SMB::FileInfo, ev=<uninitialized>, path=smb_files])
0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=<no value description>, ev=<uninitialized>, path=smb_mapping]) 0.000000 | HookCallFunction Log::create_stream(SMB::MAPPING_LOG, [columns=SMB::TreeInfo, ev=<uninitialized>, path=smb_mapping])
0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=<no value description>, ev=SMTP::log_smtp, path=smtp]) 0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=SMTP::Info, ev=SMTP::log_smtp, path=smtp])
0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=<no value description>, ev=SNMP::log_snmp, path=snmp]) 0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=SNMP::Info, ev=SNMP::log_snmp, path=snmp])
0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=<no value description>, ev=SOCKS::log_socks, path=socks]) 0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=SOCKS::Info, ev=SOCKS::log_socks, path=socks])
0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=<no value description>, ev=SSH::log_ssh, path=ssh]) 0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=SSH::Info, ev=SSH::log_ssh, path=ssh])
0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=<no value description>, ev=SSL::log_ssl, path=ssl]) 0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=SSL::Info, ev=SSL::log_ssl, path=ssl])
0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=<no value description>, ev=Signatures::log_signature, path=signatures]) 0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=Signatures::Info, ev=Signatures::log_signature, path=signatures])
0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=<no value description>, ev=Software::log_software, path=software]) 0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=Software::Info, ev=Software::log_software, path=software])
0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=<no value description>, ev=<uninitialized>, path=syslog]) 0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=Syslog::Info, ev=<uninitialized>, path=syslog])
0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=<no value description>, ev=<uninitialized>, path=tunnel]) 0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=Tunnel::Info, ev=<uninitialized>, path=tunnel])
0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=<no value description>, ev=Unified2::log_unified2, path=unified2]) 0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=Unified2::Info, ev=Unified2::log_unified2, path=unified2])
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction Notice::want_pp()
@ -2675,7 +2675,7 @@
0.000000 | HookLoadFile base<...>/x509 0.000000 | HookLoadFile base<...>/x509
0.000000 | HookLoadFile base<...>/xmpp 0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1541517939.221621, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookLogWrite packet_filter [ts=1541702572.740462, node=bro, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent bro_init() 0.000000 | HookQueueEvent bro_init()
0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent filter_change_tracking()

2
testing/btest/Baseline/plugins.init-plugin/output
View file

@ -1,3 +1,3 @@
Demo::Foo - <Insert description> (dynamic, version 0.1) Demo::Foo - <Insert description> (dynamic, version 0.1.0)
=== ===

2
testing/btest/Baseline/plugins.pktdumper/output
View file

@ -1,4 +1,4 @@
Demo::Foo - A Foo packet dumper (dynamic, version 1.0) Demo::Foo - A Foo packet dumper (dynamic, version 1.0.0)
[Packet Dumper] FooPktDumper (dumper prefix: "foo") [Packet Dumper] FooPktDumper (dumper prefix: "foo")
=== ===

1
testing/btest/Baseline/plugins.plugin-nopatchversion/output Normal file
View file

@ -0,0 +1 @@
Testing::NoPatchVersion - Testing a plugin without a specified patch version (dynamic, version 0.1.0)

1
testing/btest/Baseline/plugins.plugin-withpatchversion/output Normal file
View file

@ -0,0 +1 @@
Testing::WithPatchVersion - Testing a plugin with a specified patch version (dynamic, version 0.1.4)

2
testing/btest/Baseline/plugins.protocol/output
View file

@ -1,4 +1,4 @@
Demo::Foo - A Foo test analyzer (dynamic, version 1.0) Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
[Analyzer] Foo (ANALYZER_FOO, enabled) [Analyzer] Foo (ANALYZER_FOO, enabled)
[Event] foo_message [Event] foo_message

2
testing/btest/Baseline/plugins.reader/output
View file

@ -1,4 +1,4 @@
Demo::Foo - A Foo test input reader (dynamic, version 1.0) Demo::Foo - A Foo test input reader (dynamic, version 1.0.0)
[Reader] Foo (Input::READER_FOO) [Reader] Foo (Input::READER_FOO)
=== ===

2
testing/btest/Baseline/plugins.writer/output
View file

@ -1,4 +1,4 @@
Demo::Foo - A Foo test logging writer (dynamic, version 1.0) Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
[Writer] Foo (Log::WRITER_FOO) [Writer] Foo (Log::WRITER_FOO)
=== ===

8
testing/btest/Baseline/scripts.base.frameworks.input.empty-values-hashing/out
View file

@ -11,7 +11,7 @@ Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[2] = [s=<uninitialized>, ss=<uninitialized>], [2] = [s=<uninitialized>, ss=<uninitialized>],
[1] = [s=<uninitialized>, ss=TEST] [1] = [s=<uninitialized>, ss=TEST]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -43,7 +43,7 @@ Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[2] = [s=<uninitialized>, ss=<uninitialized>], [2] = [s=<uninitialized>, ss=<uninitialized>],
[1] = [s=<uninitialized>, ss=TEST] [1] = [s=<uninitialized>, ss=TEST]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -88,7 +88,7 @@ Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[2] = [s=TEST, ss=TEST], [2] = [s=TEST, ss=TEST],
[1] = [s=TEST, ss=<uninitialized>] [1] = [s=TEST, ss=<uninitialized>]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -120,7 +120,7 @@ Description
[source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::REREAD, name=ssh, destination={
[2] = [s=TEST, ss=TEST], [2] = [s=TEST, ss=TEST],
[1] = [s=TEST, ss=<uninitialized>] [1] = [s=TEST, ss=<uninitialized>]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;

14
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,4 +1,4 @@
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -10,7 +10,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
1 1
T T
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -22,7 +22,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
2 2
T T
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -34,7 +34,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
3 3
F F
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -46,7 +46,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
4 4
F F
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -58,7 +58,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
5 5
F F
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -70,7 +70,7 @@ print outfile, A::b;
Input::EVENT_NEW Input::EVENT_NEW
6 6
F F
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;

16
testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out
View file

@ -1,4 +1,4 @@
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -16,7 +16,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -34,7 +34,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -52,7 +52,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -70,7 +70,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -88,7 +88,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -106,7 +106,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -124,7 +124,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;

2
testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out
View file

@ -1,4 +1,4 @@
[source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=wc -l ../input.log |, reader=Input::READER_RAW, mode=Input::MANUAL, name=input, fields=Val, want_record=F, ev=line
{ {
print outfile, description; print outfile, description;
print outfile, tpe; print outfile, tpe;

32
testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out
View file

@ -1,4 +1,4 @@
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -16,7 +16,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -34,7 +34,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -52,7 +52,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -70,7 +70,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -88,7 +88,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -106,7 +106,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -124,7 +124,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -142,7 +142,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -160,7 +160,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -178,7 +178,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -196,7 +196,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -214,7 +214,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -232,7 +232,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -250,7 +250,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;
@ -268,7 +268,7 @@ terminate();
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line
{ {
print outfile, A::description; print outfile, A::description;
print outfile, A::tpe; print outfile, A::tpe;

28
testing/btest/Baseline/scripts.base.frameworks.input.reread/out
View file

@ -28,7 +28,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -123,7 +123,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -230,7 +230,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -457,7 +457,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -582,7 +582,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -707,7 +707,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -832,7 +832,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -957,7 +957,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1187,7 +1187,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1240,7 +1240,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1293,7 +1293,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1346,7 +1346,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1399,7 +1399,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;
@ -1452,7 +1452,7 @@ CC
}, se={ }, se={
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
}, idx=<no value description>, val=<no value description>, want_record=T, ev=line }, idx=A::Idx, val=A::Val, want_record=T, ev=line
{ {
print A::outfile, ============EVENT============; print A::outfile, ============EVENT============;
print A::outfile, Description; print A::outfile, Description;

6
testing/btest/Baseline/scripts.base.protocols.dns.dns-key/dns.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path dns #path dns
#open 2016-07-13-16-16-11 #open 2018-09-21-21-01-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
1359565680.761790 CHhAvVGS1DHFjwGM9 192.168.6.10 53209 192.168.129.36 53 udp 41477 0.075138 paypal.com 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 1 <unknown type=48>,<unknown type=48>,<unknown type=46>,<unknown type=46> 455.000000,455.000000,455.000000,455.000000 F 1359565680.761790 CHhAvVGS1DHFjwGM9 192.168.6.10 53209 192.168.129.36 53 udp 41477 0.075138 paypal.com 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 1 DNSKEY 5,DNSKEY 5,RRSIG 48 paypal.com,RRSIG 48 paypal.com 455.000000,455.000000,455.000000,455.000000 F
#close 2016-07-13-16-16-11 #close 2018-09-21-21-01-10

10
testing/btest/Baseline/scripts.base.protocols.dns.dnskey/dns.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2018-09-21-21-02-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
1537557808.534727 CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 22666 0.018166 upenn.edu 1 C_INTERNET 48 DNSKEY 0 NOERROR F F T T 2 DNSKEY 5,DNSKEY 5,DNSKEY 5,RRSIG 48 upenn.edu,RRSIG 48 upenn.edu 5.000000,5.000000,5.000000,3444.000000,3444.000000 F
#close 2018-09-21-21-02-08

5
testing/btest/Baseline/scripts.base.protocols.dns.dnskey/output Normal file
View file

@ -0,0 +1,5 @@
DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xa83\xd4\x99\xe7\x9bz\x7f\xe8\xf4\x15\xeb\x80F\xc9\x1e\xfdo5\xff\x8dAd\xa8\x84\x81\xa2PB\xfc\xc6{!\x1f\xd9\xfc/\x08S_\x97\x89O;\x09\x1a*\x99\x94\x19"\x90\xf8R\xcb\xad\x10\x00\xd4\xef\x91\x02\x16\xab\x1f\xb2\xee\xe8\xde\x06\x95\xb2\x8c\x8f\x03\xe3\x8a,\x06\x99X\x11\xae\x0d\x9f\xcf\xe8\x15\xb9\xd0\xc3\x02%\xbfI\x8bC\x1e \xc3\xdb]\x9e\xda\xc4\xbf\xdf\x97\xfe\xf6.\x8cr\x00zhW\xdd\x08\xd9\x996?\x19''\xa0\x8f, is_query=0], 03010001a833d499e79b7a7fe8f415eb8046c91efd6f35ff8d4164a88481a25042fcc67b211fd9fc2f08535f97894f3b091a2a9994192290f852cbad1000d4ef910216ab1fb2eee8de0695b28c8f03e38a2c06995811ae0d9fcfe815b9d0c30225bf498b431e20c3db5d9edac4bfdf97fef62e8c72007a6857dd08d999363f192727a08f
DNSKEY, [query=upenn.edu, answer_type=1, flags=256, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xf7a\x0b\x04\x88\x99/\xef\xaaS\xd5\xeet\x0c< \xa3w\xb3\xfc\xcd\xad\xfc<Q\xfa\xd3\xac\xe1\xcf\xbc\xdc\xeeX\xabU\xec\x14\xa6\x16"\x8e\x90\xd3y\xe5\xf6\x9cG\xea\xdeW\x85*a\xeaC\x0e\x0es\xb2q\xa7\xbf\xc1u\xfa\xf6\xb9\x97\xde\x0b\x0b4\xcf\x06\xa5\xdaFC%\x7f\xce\xfb\x00M\xaa\xd2%\xb5\xce\xadw\x0c\xd7\xb4e6\xd5Q/\x0e\xc1]\x97|bB\x94G\x91{}=\xc9U"\xa9\xc6\xbf\x7fa+\xd9\xa2\x9b\x1e\xdb, is_query=0], 03010001f7610b0488992fefaa53d5ee740c3c20a377b3fccdadfc3c51fad3ace1cfbcdcee58ab55ec14a616228e90d379e5f69c47eade57852a61ea430e0e73b271a7bfc175faf6b997de0b0b34cf06a5da4643257fcefb004daad225b5cead770cd7b46536d5512f0ec15d977c62429447917b7d3dc95522a9c6bf7f612bd9a29b1edb
DNSKEY, [query=upenn.edu, answer_type=1, flags=257, protocol=3, algorithm=5, public_key=\x03\x01\x00\x01\xfd6\xc1\x96L\xb5\x00\x00\x00\x05\x9f'\xfchA\xf7\xe7\xd7\xb3E%]\x18\xe6\xce\x05\xde\xd3\x1d\x92KB\xfd\xa6\xc3k\x1f\x92\x07C\x09Y\x10\x1c\xcex\xa0*\x88\xabuR\xfbe\xb5R\xd86\x11\xa1K\xc9\xbf\x8e\x15-\x1bK\x95\xb8 \xc49\xe1\xa4\xfe\x1f\x08\x9f<b\xed\xf7\xff\x91\x85g\x09\xa0\xc5\xca88\x0e\xb2\xc6\x1c\x04\x9e"/y\x0eA\xec\xb2tV\x1f\x0a\xc9\xfa\x94\xea\x86\xee\xef\x01Q\xee\x94\x95\xd5Erl\xb6_\x17y\xf5)\xbf\xba)\x15\xadj\xf7\xb9$\xb6\xe1}\x87\xd7c\x18T\xa5U\xa5m\xe2\x98\x9a\x8a\xe8;\xd4\x87\xb1\x06\xa8G{\xeb\xec\xbdz\xf0\xc1\x1e\xe1TD\xf9"\x9c\xb8\xd4d\xcc\xb0F\xe5t\x03\x9c\x89\x98j{\xfa=\xfe-a\xa3S\x19\x83\xe0\x91t\x95$\xa7\x86Q\xd9\xdc$\xecY\xf0\xda\xc0\xa8\xe9\xdc\x188\x100\xbd\xf1\x00\xb1\x96\x1dik\xa6g\x8d\xe8D\x1d\x7f\xbf\xaa\xbf[\xe6\xee\xe1\xf17R\xf42\x14\xbb\x07\x85, is_query=0], 03010001fd36c1964cb5000000059f27fc6841f7e7d7b345255d18e6ce05ded31d924b42fda6c36b1f9207430959101cce78a02a88ab7552fb65b552d83611a14bc9bf8e152d1b4b95b820c439e1a4fe1f089f3c62edf7ff91856709a0c5ca38380eb2c61c049e222f790e41ecb274561f0ac9fa94ea86eeef0151ee9495d545726cb65f1779f529bfba2915ad6af7b924b6e17d87d7631854a555a56de2989a8ae83bd487b106a8477bebecbd7af0c11ee15444f9229cb8d464ccb046e574039c89986a7bfa3dfe2d61a3531983e091749524a78651d9dc24ec59f0dac0a8e9dc18381030bdf100b1961d696ba6678de8441d7fbfaabf5be6eee1f13752f43214bb0785
RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=18463, signer_name=upenn.edu, signature=t\xca\xfd\xe33v\x01\xd7Hi\x9c5j\xa7\xda2.\xa7\x9fO\x7f\xad\xd8\xb4\x02:w\xa3\x93Wgy\xba\xc4S\xbe\x19O$A\xe0\x1fD\xec\x9dL\xf1\xdfz\x82\xb4\xdd\xf2\x82K\xa2+\xcc\x89\xe6\xc6m\xfb\x1a\xeb\xc4)6\x8e8\xc6\x18\x8ba\xc6\x8a\xe9X\xbdzIT\x15[h\x81hH\x89\x95\xc9\x0b\x81\x05\x93\xbe\xc0\xb3\x8d\xbe\xc0\xa4\xa0a\xea\xc2\x09\xa7\xd5\x09/\x17u\xa8R?\x9e\xd3\x9e\x172H:\x83\xb6\xc6\xb5c\x13\xb4\xfc\x1b\xa1\xfd\x94\xd0\xd7:\xa59\xe9oz;u\x15R]\xd9\x09Xq-\x06e\x93\x03#\xe5\x94\xc9\xe7B\xa4pC\x19\xda\xa9\x91\xa8\xed\xd6\xad\x0e\xee\x84\xe9/\x90\xf2\xbd\x16\x12\x0b\x03j\xcf\xb6u\x88\xb7[\x1aO\x7f\xf2CK\xccS\x88\x1d\xd0\x13\x0b\xfe\xa9XJiQ\x06\xe3"!\xc2E\xd5s\x9d?\xbf\xcdn\xf1\x87\x02$O\x9b\x0a\x9c\x06\x81\xc4V\xf3-\x07t>(k\x12)i\xdd\xc1\xf6S.a\x8b\xd3\x15, is_query=0], 74cafde3337601d748699c356aa7da322ea79f4f7fadd8b4023a77a393576779bac453be194f2441e01f44ec9d4cf1df7a82b4ddf2824ba22bcc89e6c66dfb1aebc429368e38c6188b61c68ae958bd7a4954155b688168488995c90b810593bec0b38dbec0a4a061eac209a7d5092f1775a8523f9ed39e1732483a83b6c6b56313b4fc1ba1fd94d0d73aa539e96f7a3b7515525dd90958712d0665930323e594c9e742a4704319daa991a8edd6ad0eee84e92f90f2bd16120b036acfb67588b75b1a4f7ff2434bcc53881dd0130bfea9584a695106e32221c245d5739d3fbfcd6ef18702244f9b0a9c0681c456f32d07743e286b122969ddc1f6532e618bd315
RRSIG, [query=upenn.edu, answer_type=1, type_covered=48, algorithm=5, labels=2, orig_ttl=2.0 hrs, sig_exp=1538431668.0, sig_incep=1535838004.0, key_tag=50475, signer_name=upenn.edu, signature=S\x88\xbd\x1aP\xb4]\xc3y\xeb\xb1\xc0\xb8\x12~\x8f\xfc\x94\xf8\xa90`\xc5\x93\x8c[\xcb\xf5\xdc(J\x9e\xaf\x9854!\xd9\xca\xb1\xd5>\xab\xe2\xa2\xc7q\xb3\xf1\xcf\xf50\x7fc\x83Z\x9af\xcb\xcb\xae\x8f\xcc\xe5\xa6@}\x8cG\xdf\xe2?\xe405\xff\xdf\xf9|\xd61\xb3\xb2M+\xc9y"\x93\xd0\xc6\xee\xa0o\xbb\x87\xdaa\x92Q\xef\xfds\x9e\xf7\xcbw\x7fL\xc6\x06\xe4\x95\xd3j\xc6e\x1a-\xb6C}e\xdb3\x88m\xd0, is_query=0], 5388bd1a50b45dc379ebb1c0b8127e8ffc94f8a93060c5938c5bcbf5dc284a9eaf98353421d9cab1d53eabe2a2c771b3f1cff5307f63835a9a66cbcbae8fcce5a6407d8c47dfe23fe43035ffdff97cd631b3b24d2bc9792293d0c6eea06fbb87da619251effd739ef7cb777f4cc606e495d36ac6651a2db6437d65db33886dd0

10
testing/btest/Baseline/scripts.base.protocols.dns.ds/dns.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2018-09-21-21-02-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
1537557828.343603 CHhAvVGS1DHFjwGM9 192.168.153.129 50729 192.168.153.2 53 udp 39080 0.017821 upenn.edu 1 C_INTERNET 43 DS 0 NOERROR F F T T 2 DS 5 1,DS 5 2,RRSIG 43 edu 5.000000,5.000000,5.000000 F
#close 2018-09-21-21-02-51

3
testing/btest/Baseline/scripts.base.protocols.dns.ds/output Normal file
View file

@ -0,0 +1,3 @@
DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=1, digest_val=\x0cE\xb3\xd0\x90\xb2!\xe0\xe3;\xbe\xb5\xa6\x19\xd8\x94\x16\xba\xf1\x97, is_query=0], 0c45b3d090b221e0e33bbeb5a619d89416baf197
DS, [query=upenn.edu, answer_type=1, key_tag=18463, algorithm=5, digest_type=2, digest_val=`\x03\x99#&\xda\x06x\\x9e0\xb2Yu\x0f\xab\x09`\xbfW\x05K\xdd\xff\xde\xee\x11\x88\x97}\xab\xb8, is_query=0], 6003992326da06785c9e30b259750fab0960bf57054bddffdeee1188977dabb8
RRSIG, [query=upenn.edu, answer_type=1, type_covered=43, algorithm=8, labels=2, orig_ttl=1.0 day, sig_exp=1538112220.0, sig_incep=1537503220.0, key_tag=50219, signer_name=edu, signature=\x9a\xd4`ppv\x154\x98\xe9\x9d\xf9#|\xa2\xb2v\xf6\x1dj\x1a\x07d\x8c\xd2\xea\xd8\xeeG`\x14=\xc33\xd4)\xb3C\xb9T\xe8r\xba.4\xcb\x96\xa7\xe3\x95\xf4#\xfd<"\xa8\x1c\x1b1R\x18\xd1\xac.x\xa0\xb1\xef\xf4\x163y\x85\xb4K\x0e\x84\xd2\x16\x05\x9et\xa7\xc5|\x0d9f\xd4\x8ea\xdd\x8d&\x863\x14\xd6i\xe6\xf6|%\xbf\xd8\x91\xb3\x87\xd1\x918r\x0a\xb8\x0e\x87\xdf?\xee\xf3Pyn\xdd=%\xd3p, is_query=0], 9ad460707076153498e99df9237ca2b276f61d6a1a07648cd2ead8ee4760143dc333d429b343b954e872ba2e34cb96a7e395f423fd3c22a81c1b315218d1ac2e78a0b1eff416337985b44b0e84d216059e74a7c57c0d3966d48e61dd8d26863314d669e6f67c25bfd891b387d19138720ab80e87df3feef350796edd3d25d370

8
testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path dns #path dns
#open 2016-07-13-16-16-12 #open 2018-09-21-21-07-55
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool #types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
1363716396.798072 CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 0.000214 www.cmu.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F 1363716396.798072 CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 0.000214 www.cmu.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F
1363716396.798374 CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 - www.cmu.edu - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,<unknown type=46>,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F 1363716396.798374 CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 udp 21140 - www.cmu.edu - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,RRSIG 5 cmu.edu,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F
#close 2016-07-13-16-16-12 #close 2018-09-21-21-07-55

10
testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
View file

@ -1,10 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2017-12-13-19-40-49
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1363716396.798286 CHhAvVGS1DHFjwGM9 55.247.223.174 27285 222.195.43.124 53 DNS_RR_unknown_type 46 F bro
#close 2017-12-13-19-40-49

11
testing/btest/Baseline/scripts.base.protocols.dns.nsec/dns.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2018-09-21-21-04-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string]
1533310046.924340 CHhAvVGS1DHFjwGM9 35.184.172.191 57073 128.175.13.16 53 udp 130 - dla.library.upenn.edu 1 C_INTERNET 28 AAAA 0 NOERROR F F F F 1 - - F NSEC dla.library.upenn.edu dlxssvr.library.upenn.edu,assailants.net.isc.upenn.edu,RRSIG 6 upenn.edu,RRSIG 47 upenn.edu -
1533310049.812056 ClEkJM2Vm5giqnMf4h 35.184.172.191 50693 128.175.13.16 53 udp 51063 0.001515 www.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www.upenn.edgekey.net,RRSIG 5 upenn.edu 300.000000,300.000000 F - -
#close 2018-09-21-21-04-27

5
testing/btest/Baseline/scripts.base.protocols.dns.nsec/output Normal file
View file

@ -0,0 +1,5 @@
RRSIG, [query=upenn.edu, answer_type=2, type_covered=6, algorithm=5, labels=2, orig_ttl=1.0 hr, sig_exp=1535901996.0, sig_incep=1533306396.0, key_tag=50475, signer_name=upenn.edu, signature=\xdd=,iY\xd9\x0b\xdbmi\xc9L<\xdd\x03-\xaa\xda5Z\x1b\x0aK\x94.\x97p\xd8\x96\x7f\xa8*Cc\x9c\xa4\x86\xee\xd4\xc4\x0c\x88\x03v\xdf\x14\xef\x0c"|l\xfc)\xc7E\xd1I\xa3\x0dM/^\x98\xe9\xd8P\xbbDZ\xb1|z\xd5H8\xde\xf0\xeb\x14\x19\x99gm\xbdg\xbf\xe0\xe9CU\xf5_\xf0\x01\xe5\x1a\x8f7\x0e\x7foJ\xc1`\x09\xd9%\xc0x9\xe7\x81\xfco\xad\xa5\xd8\xfa\xf5I\xb6\x9f\xca\x9b#\xd9d\xd0, is_query=0], dd3d2c6959d90bdb6d69c94c3cdd032daada355a1b0a4b942e9770d8967fa82a43639ca486eed4c40c880376df14ef0c227c6cfc29c745d149a30d4d2f5e98e9d850bb445ab17c7ad54838def0eb141999676dbd67bfe0e94355f55ff001e51a8f370e7f6f4ac16009d925c07839e781fc6fada5d8faf549b69fca9b23d964d0
NSEC, dlxssvr.library.upenn.edu, [@\x00\x00\x00\x00\x03]
400000000003
RRSIG, [query=dla.library.upenn.edu, answer_type=2, type_covered=47, algorithm=5, labels=4, orig_ttl=1.0 hr, sig_exp=1534400915.0, sig_incep=1531807585.0, key_tag=50475, signer_name=upenn.edu, signature=\x9fhH\x95K7\xd5u\xa5\xbc\xf5\x17\xccM\xe3=T\xd05u\xfa\xea\xfa\xfe\x0eH-W\xbb\xa3l\xa9\xe2\x8f\xef\x05\xf0\xdc\xb1\xf2\xe8u\x8c<v\x80WsaJ\xfc\xc1\x90qr\x1e\x0b\xd0k`B\x8c\x0c\x88\xb2\xf2{D\xf9\xb2M\xd2\xd6\x85W\xb9^\xd9\xea\xc7W\x0c\xc5\x99Td\x83D\xa1\x00,8\xfaYoh\xff\xb2\x08K\x19\xe6\xcdo\x98\x1c\xaa\xe5\x89\x09G\x9c\xf1\x9f\x0bx\xdc\xf6l\xfc\x1d8\x07b\x0a\x1b\xde1, is_query=0], 9f6848954b37d575a5bcf517cc4de33d54d03575faeafafe0e482d57bba36ca9e28fef05f0dcb1f2e8758c3c76805773614afcc19071721e0bd06b60428c0c88b2f27b44f9b24dd2d68557b95ed9eac7570cc59954648344a1002c38fa596f68ffb2084b19e6cd6f981caae58909479cf19f0b78dcf66cfc1d3807620a1bde31
RRSIG, [query=www.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=3, orig_ttl=5.0 mins, sig_exp=1534786816.0, sig_incep=1532193166.0, key_tag=50475, signer_name=upenn.edu, signature=\xa4\xac\x18\x14\xcac\x9d\x81\xbck[5\x1c\xf53F\x10\xf0w\xec/\xb3Z{\xe5\x11\xff\xfc\xfdu\xa1\xa7o\xdd\x19\x82G2]\xcb[\xcd\xc7\?\xa7,\xc8\xfa;\xdb#=\xc4\x08\xe0WJJ\x19\x87Pp<\xc9\xa8E\xdcM\xb2.\xc1P\xa4\xb7\xe1G\xde<\xb0\xa6>d\xf72\x02\xfd;u\xde\x19\xe8\xda\xe9\x0aAVz!\xa7\xa5\xc2\x8d\xad\xa9\xe1\x87\x136\xd7\xfal\x827\xd1\xb1\xcd\x11c\x15F(\xd0=\x967\xc3\x1b, is_query=0], a4ac1814ca639d81bc6b5b351cf5334610f077ec2fb35a7be511fffcfd75a1a76fdd198247325dcb5bcdc75c3fa72cc8fa3bdb233dc408e0574a4a198750703cc9a845dc4db22ec150a4b7e147de3cb0a63e64f73202fd3b75de19e8dae90a41567a21a7a5c28dada9e1871336d7fa6c8237d1b1cd1163154628d03d9637c31b

10
testing/btest/Baseline/scripts.base.protocols.dns.nsec3/dns.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2018-09-21-21-04-55
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected auth addl
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool set[string] set[string]
1537560385.602565 CHhAvVGS1DHFjwGM9 192.168.1.102 49324 192.168.1.1 53 udp 9835 - foobar.sshfp.net 1 C_INTERNET 1 A 3 NXDOMAIN F F T F 2 - - F ns0.weberdns.de,RRSIG 6 sshfp.net,NSEC3,RRSIG 50 sshfp.net -
#close 2018-09-21-21-04-55

5
testing/btest/Baseline/scripts.base.protocols.dns.nsec3/output Normal file
View file

@ -0,0 +1,5 @@
NSEC3, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash==\x8a>\xb6\x1a\x9d\xfa\x95\x1aB\xd7w\x9c\x1f\x15\x06\x85\xa0\x19G, bitmaps=[b\x01\x80\x08\x00\x02\x90], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, 3d8a3eb61a9dfa951a42d7779c1f150685a01947
RRSIG, [query=vlq247qi8p1tt3a8cgmd7glfndtigsdu.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1538967745.0, sig_incep=1536374962.0, key_tag=31055, signer_name=sshfp.net, signature=es\xe2\x01:\x10B$|\x93\xdf\xc8\x8c\xc0\x0bk\x8e\x8f\xad\xf44y3\x81x\x11\xeb H\xef\xb5\x941^\xc4\xba\x91\x12\xb7\xcdHua"\xa6\x13o\xe1\x86\xc6z\x80\x9c\xc2\x00\x93\xe2\xaa@\x15YH\xea^0\xfd\xf0:\xbej-\xe2\xb9K\x87wN\xdc\xc3_\x0c\x0ew\x96c\xd2\x09\x0e;i\xbef\xb9\xc22\xdf#\xdfy\xa7\x9f\xc4S\x8d-\x84\xfa0\xd0\xbc\xf3|c3\x04\x9e*\xbd\x82\x9fC\x89`\x15V\x08o\xea\xd6\xd0I\xc5b\x94WpOJ\x82\x12Z\xd6A\xad\x1cV\xb5\x15sCv\xe2Tq>\xffU\x88Ji\xa7I\xd4\xc6$\xb8\xdd\xc1\x8a4_a\xd9\xb6\xdbk\xde\x80\xc7\xad\xea\x16\xe4\xf5\x09\xdd<\x8fR\xcb\x00\x04|\xbc\xc3\xae\xac\xd1+\xc0\xf7\xe3\xad\x09d\xd0!\xc4AL\xfd\xb0=p\x86\x84\x89\x18\xd8\xab\x9d\xbb\xf1\xe4\xd9\x8ak\xfc\xb8\x98a )\xffX\x0cj>D\xe9oi\xbfh\x13`\xfco%0\xc5O\xe2\xa2i\x1b, is_query=0], 6573e2013a1042247c93dfc88cc00b6b8e8fadf4347933817811eb2048efb594315ec4ba9112b7cd48756122a6136fe186c67a809cc20093e2aa40155948ea5e30fdf03abe6a2de2b94b87774edcc35f0c0e779663d2090e3b69be66b9c232df23df79a79fc4538d2d84fa30d0bcf37c6333049e2abd829f4389601556086fead6d049c5629457704f4a82125ad641ad1c56b515734376e254713eff55884a69a749d4c624b8ddc18a345f61d9b6db6bde80c7adea16e4f509dd3c8f52cb00047cbcc3aeacd12bc0f7e3ad0964d021c4414cfdb03d7086848918d8ab9dbbf1e4d98a6bfcb898612029ff580c6a3e44e96f69bf681360fc6f2530c54fe2a2691b
NSEC3, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, nsec_flags=0, nsec_hash_algo=1, nsec_iter=20, nsec_salt_len=16, nsec_salt=\x80c}\x8a\xf0U\xb5\xee\xca*b\x1e\xda\xaa<^, nsec_hlen=20, nsec_hash=\xe6\x0f\x07\xa33z\x0c\xd9kaT^\x12D\x96\xfa\xe35K\xc6, bitmaps=[@\x00\x00\x08\x00\x02], is_query=0], 80637d8af055b5eeca2a621edaaa3c5e, e60f07a3337a0cd96b61545e124496fae3354bc6
RRSIG, [query=l0oop5o98lf6fb7e620sabaqf0nctco6.sshfp.net, answer_type=2, type_covered=50, algorithm=10, labels=3, orig_ttl=3.0 mins, sig_exp=1539303070.0, sig_incep=1536708214.0, key_tag=31055, signer_name=sshfp.net, signature=V\xa0\x1f\xa69\xd4H\xffWQ1"n\x89\xc5\x14_\x15ow[\xfbv9h\xd4\xcfd|\xfc\x9f\x83Y\x0ax\x81D@\xb5\x9e\x8fQEp\x99\xb6\x91ovG\\x86\xf2W5\xe9\\x99-\xa6\x91\xe7\xd8\x96\x1e\xa9f\x0e\xc82\xde\xb1"\x1bu\x80cL\x95\x06\xae\x9a\x996\xe3\x98\xd6\x10\x1awJ\x0fX\x00z@\xd9\x0b\x93\xda\xcf\xe2i\x8f1\xf5\x99\xf1\xb3S|\x8b\x13\xf3\xed/\xab\xb8\x0b\x04\xc9\xe5Y/\xe7\xcb\x84\x03\xfaB\xf4C\xa5q\xfe\xd6\xed\xc7/\xbd&\xf2;\xad\xcb\xad\xb8q\xd0[O\xdaM\xcf\x89m\x8f\x983\x163\xdb\xf3?\xd6s\xb6D\xe2\x80v\x83M\x136\xd1\xb3>:p0B\xd8\x1d\x07\x87\\x99\x12V\x96\xeb\xb6%\xef^\xebS\xf0\xbb\x1fF\\xc3\x16\xe1\x16T\xa84<c6a\xf6\xf8\x89\xc4\xce\xb4\x81P]D0\xa5:\x08\x81\xaa> \x14\xac\xe7G\x0b:E\x98\x01U\xf8`\x15\xcc(\x83\x19\xce\xba\xb8\x18\xcd\xd5L, is_query=0], 56a01fa639d448ff575131226e89c5145f156f775bfb763968d4cf647cfc9f83590a78814440b59e8f51457099b6916f76475c86f25735e95c992da691e7d8961ea9660ec832deb1221b7580634c9506ae9a9936e398d6101a774a0f58007a40d90b93dacfe2698f31f599f1b3537c8b13f3ed2fabb80b04c9e5592fe7cb8403fa42f443a571fed6edc72fbd26f23badcbadb871d05b4fda4dcf896d8f98331633dbf33fd673b644e28076834d1336d1b33e3a703042d81d07875c99125696ebb625ef5eeb53f0bb1f465cc316e11654a8343c633661f6f889c4ceb481505d4430a53a0881aa3e2014ace7470b3a45980155f86015cc288319cebab818cdd54c
RRSIG, [query=sshfp.net, answer_type=2, type_covered=6, algorithm=10, labels=2, orig_ttl=1.0 day, sig_exp=1540066160.0, sig_incep=1537470560.0, key_tag=31055, signer_name=sshfp.net, signature=|\x9aJ\xc1\x8c\xc6\x0e\x051l1Jz<\x19\x07Xv\x06\xea\xe5\xf7n\x0b\x09\xc0K\xcf\xa1\x10\xb2\xfb\xa3\x84\xe3\xc9\xeer\xa1Z\x0a\x1a\xb6B\xb6-\x98\x8f\x97\xd4E*\x99a\x0cI\xba\xd3(\xdf\xbe\xaa\xd1\xd4\x1b\xcb\x8a\x96\xe8\xc6\x07\xf2W\xa3\xba\x15^\xf7;\xa9\x99\xeb`@\xe5F`\xcd\xc6\xb5aw\xd8\xc5bkl\xc1 \xa7\x93T\xaa\xbf\x15\x0e\xd8\xf8\x9cY\xdfe\xda\x811\x09\x9a\x10\x10S},E\x94]>\xc2\xecD9\x19\x9al\x9c[\x82\xf1'Ri\x8e\xb4\x0d*\xa4\x07D&%\xa5\xf1\xb18\xd6l\xd6\xee\xbe`\x06\x96\x8cU\xe6\x04y\x84\xf9[\x08\xb9\xb6\xe6P\xba?\x88F\x81I>\xb1\xef\xbf\x993\x0d[O}#s\x83\xa5\x14\xe7_\x98\xdd\xf5}\xf9A\xf1\x1e\xc0\x12\xed\x0b\xf3\x99\x91\x1ay\xaa;\xa4\xef&6\x86y`\xb4\xee\xf2u/\x9c\xda\xfc>\x8d\xdb\xaf\m\x8e]\xb2\xf8\xce\xd9\xa1\x8d\xe6<\xb8\xe5\xb9\x8cEd\x97\xdb\xbd, is_query=0], 7c9a4ac18cc60e05316c314a7a3c1907587606eae5f76e0b09c04bcfa110b2fba384e3c9ee72a15a0a1ab642b62d988f97d4452a99610c49bad328dfbeaad1d41bcb8a96e8c607f257a3ba155ef73ba999eb6040e54660cdc6b56177d8c5626b6cc120a79354aabf150ed8f89c59df65da8131099a1010537d2c45945d3ec2ec4439199a6c9c5b82f12752698eb40d2aa407442625a5f1b138d66cd6eebe6006968c55e6047984f95b08b9b6e650ba3f884681493eb1efbf99330d5b4f7d237383a514e75f98ddf57df941f11ec012ed0bf399911a79aa3ba4ef2636867960b4eef2752f9cdafc3e8ddbaf5c6d8e5db2f8ced9a18de63cb8e5b98c456497dbbd

13
testing/btest/Baseline/scripts.base.protocols.dns.rrsig/dns.log Normal file
View file

@ -0,0 +1,13 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dns
#open 2018-09-21-20-48-53
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id rtt query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected
#types time string addr port addr port enum count interval string count string count string count string bool bool bool bool count vector[string] vector[interval] bool
1533309955.393636 ClEkJM2Vm5giqnMf4h 35.184.172.191 10267 128.175.13.16 53 udp 17129 0.003405 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F
1533309959.571738 C4J4Th3PJpwUYZZ6gc 35.184.172.191 50056 128.175.13.16 53 udp 26222 0.003363 virgo.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 128.91.234.142,RRSIG 1 upenn.edu 30.000000,30.000000 F
1533309959.968589 CtPZjS20MLrsMUOJi2 35.184.172.191 39975 128.175.13.16 53 udp 27118 0.003748 workfamily.sas.upenn.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 quasar.sas.upenn.edu,RRSIG 5 upenn.edu,128.91.234.145,RRSIG 1 upenn.edu 900.000000,900.000000,30.000000,30.000000 F
1533309950.391966 CHhAvVGS1DHFjwGM9 35.184.172.191 5386 128.175.13.16 53 udp 62809 - virgo.sas.upenn.edu 1 C_INTERNET 1 A - - F F F F 1 - - F
#close 2018-09-21-20-48-53

4
testing/btest/Baseline/scripts.base.protocols.dns.rrsig/output Normal file
View file

@ -0,0 +1,4 @@
RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
RRSIG, [query=virgo.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535441489.0, sig_incep=1532846032.0, key_tag=50475, signer_name=upenn.edu, signature=k:\xbd\\?)\xa4\x03\x1fw\xd4\x18#\x1d\\x9fV\xe6\xc5\x06w\xa7\x97\xb9\xc9\x7f\xa9\xe3<\xc8h\xf8\x81\xd5D\x09\Z\x19\x0a\xb7\x87`\x9d\xcbp\x9c\xcf\xcc\xf1#J\xc6\xd1P{\x11\xf5J\xcb\x02\x14n"y\x0e\xcb\x8f\x1cR\x14;B\x94]\xda\x9d~\x93\xe9\x96*U\xc7\xa7\xde\x02\xfeD\xbb\xab\xfa\xc2In\xed?\x8e\xe3D\xfb\xf1\xd3I\x9dj\xab\xcan\xa7\x16\xd4M]\xe0\xc5\xcbm\xf6\xd0\x8cAV\xaau\xa2\xd4, is_query=0], 6b3abd5c5c3f29a4031f77d418231d5c9f56e6c50677a797b9c97fa9e33cc868f881d544095c5a190ab787609dcb709ccfccf1234ac6d1507b11f54acb02146e22790ecb8f1c52143b42945dda9d7e93e9962a55c7a7de02fe44bbabfac2496eed3f8ee344fbf1d3499d6aabca6ea716d44d5de0c5cb6df6d08c4156aa75a2d4
RRSIG, [query=workfamily.sas.upenn.edu, answer_type=1, type_covered=5, algorithm=5, labels=4, orig_ttl=15.0 mins, sig_exp=1534263016.0, sig_incep=1531669322.0, key_tag=50475, signer_name=upenn.edu, signature='I\xe2_d\xe4\xe6S\x85\xe5\x8a\xe2w\xcd\xd4\xe0\xc4j7<\xf8\x02\xf2\xc1\x07\x9d\x05\xe8\x84\x01\xe8|t\x98\x07\xdb5\xba\xf3T\xcc%\x91\x0d&\xe3\x8f\xfd@ZS\xf7\xf4\xa9\xe6\xe6\x13\x17\x99^\xd8\xa7g\xe2\xa5+\xcb\x9cyZ\xeb$4\xfd}\xa5\xe4N\xa8\xb9\xb63\x8a\xebe\x0f\xd8\x80\xd4\xa8\x13#S\xe57d\xd8\xd8\x08\xa2%\x0c\x99K\xa7!\x08\xac\x1byi!\xe0\xeb\x9cX\xfc\xd8E\xdeH\xf4\xad\xc8/#\x19a, is_query=0], 2749e25f64e4e65385e58ae277cdd4e0c46a373cf802f2c1079d05e88401e87c749807db35baf354cc25910d26e38ffd405a53f7f4a9e6e61317995ed8a767e2a52bcb9c795aeb2434fd7da5e44ea8b9b6338aeb650fd880d4a8132353e53764d8d808a2250c994ba72108ac1b796921e0eb9c58fcd845de48f4adc82f231961
RRSIG, [query=quasar.sas.upenn.edu, answer_type=1, type_covered=1, algorithm=5, labels=4, orig_ttl=30.0 secs, sig_exp=1535438502.0, sig_incep=1532845422.0, key_tag=50475, signer_name=upenn.edu, signature=a8"\x80\xc3\x92\xa3\x83lu{H>\xd4\xc3H\x8d.\xb4\x96/E\x09\x99\x9d\x0c\x17\xdd\x10\xb8ZT&\xb1H\x10\x1ak,\x98\x0d\xaf\x8dx}\xac\xf9\x9asyf\xce\xf8L\x04\x06\xc5y\xc4A,\xf6|\xaa\xc3tG\xb6\xcc^\xae\x9e\xb2\xb6ok`V\x15b\xd6\xab\xa4\xe3\x04\xe6\x019\xaf\x9f\xb0\xf6yM {P\xb0C\xa0\x85CVR\xfd\x97@,\xe0\xad\xdc7\xa4\xfc\x12\xc4\xee2)\x12\xefIkk\xdaA11, is_query=0], 61382280c392a3836c757b483ed4c3488d2eb4962f4509999d0c17dd10b85a5426b148101a6b2c980daf8d787dacf99a737966cef84c0406c579c4412cf67caac37447b6cc5eae9eb2b66f6b60561562d6aba4e304e60139af9fb0f6794d207b50b043a085435652fd97402ce0addc37a4fc12c4ee322912ef496b6bda413131

18
testing/btest/README
View file

@ -20,17 +20,17 @@ Significant Subdirectories
Packet captures utilized by the various BTest tests. Packet captures utilized by the various BTest tests.
* scripts/ * scripts/
This hierarchy of tests emulates the hierarchy of the Bro scripts/ This hierarchy of tests emulates the hierarchy of the Bro scripts/
directory. directory.
* coverage/ * coverage/
This collection of tests relates to checking whether we're covering This collection of tests relates to checking whether we're covering
everything we want to in terms of tests, documentation, and which everything we want to in terms of tests, documentation, and which
scripts get loaded in different Bro configurations. These tests are scripts get loaded in different Bro configurations. These tests are
more prone to fail as new Bro scripts are developed and added to the more prone to fail as new Bro scripts are developed and added to the
distribution -- checking the individual test's comments is the best distribution -- checking the individual test's comments is the best
place to check for more details on what exactly the test is checking place to check for more details on what exactly the test is checking
and hints on how to fix it when it fails. and hints on how to fix it when it fails.
Running Tests Running Tests
============= =============

BIN
testing/btest/Traces/dnssec/dnskey.pcap Normal file
View file

Binary file not shown.

0
testing/btest/Traces/dns-dnskey.trace → testing/btest/Traces/dnssec/dnskey2.pcap
View file

BIN
testing/btest/Traces/dnssec/ds.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnssec/nsec.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnssec/nsec3.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnssec/rrsig.pcap Normal file
View file

Binary file not shown.

28
testing/btest/bifs/records_fields.bro
View file

@ -2,19 +2,45 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
type myrec: record {
myfield: bool;
};
type tt: record {
a: bool;
b: string &default="Bar";
c: double &optional;
d: string &log;
m: myrec;
};
type r: record { type r: record {
a: count; a: count;
b: string &default="Foo"; b: string &default="Foo";
c: double &optional; c: double &optional;
d: string &log; d: string &log;
e: any;
}; };
type mystring: string;
event bro_init() event bro_init()
{ {
local x: r = [$a=42, $d="Bar"]; local x: r = [$a=42, $d="Bar", $e=tt];
print x; print x;
local t: record_field_table; local t: record_field_table;
t = record_fields(x); t = record_fields(x);
print t; print t;
print t["c"]?$value; print t["c"]?$value;
t = record_fields(x$e);
print t;
t = record_fields(tt);
print t;
x = [$a=42, $d="Bar", $e=mystring];
t = record_fields(x);
print t;
t = record_fields(x$e);
print t;
} }

40
testing/btest/core/leaks/dns-nsec3.bro Normal file
View file

@ -0,0 +1,40 @@
# Needs perftools support.
#
# @TEST-GROUP: leaks
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -C -m -r $TRACES/dnssec/nsec3.pcap %INPUT
# @TEST-EXEC: btest-bg-wait 60
@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}

1
testing/btest/plugins/file-plugin/src/Plugin.cc
View file

@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo test analyzer"; config.description = "A Foo test analyzer";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/hooks-plugin/src/Plugin.cc
View file

@ -29,6 +29,7 @@ plugin::Configuration Plugin::Configure()
config.description = "Exercises all plugin hooks"; config.description = "Exercises all plugin hooks";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc
View file

@ -21,6 +21,7 @@ plugin::Configuration Plugin::Configure()
config.description = "Exercises Log hooks"; config.description = "Exercises Log hooks";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/pktdumper-plugin/src/Plugin.cc
View file

@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo packet dumper"; config.description = "A Foo packet dumper";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/pktsrc-plugin/src/Plugin.cc
View file

@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo packet source"; config.description = "A Foo packet source";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

0
testing/btest/plugins/plugin-nopatchversion-plugin/.btest-ignore Normal file
View file

16
testing/btest/plugins/plugin-nopatchversion-plugin/src/Plugin.cc Normal file
View file

@ -0,0 +1,16 @@
#include "Plugin.h"
namespace plugin { namespace Testing_NoPatchVersion { Plugin plugin; } }
using namespace plugin::Testing_NoPatchVersion;
plugin::Configuration Plugin::Configure()
{
plugin::Configuration config;
config.name = "Testing::NoPatchVersion";
config.description = "Testing a plugin without a specified patch version";
config.version.major = 0;
config.version.minor = 1;
return config;
}

5
testing/btest/plugins/plugin-nopatchversion.bro Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing NoPatchVersion
# @TEST-EXEC: cp -r %DIR/plugin-nopatchversion-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::NoPatchVersion >> output
# @TEST-EXEC: btest-diff output

0
testing/btest/plugins/plugin-withpatchversion-plugin/.btest-ignore Normal file
View file

17
testing/btest/plugins/plugin-withpatchversion-plugin/src/Plugin.cc Normal file
View file

@ -0,0 +1,17 @@
#include "Plugin.h"
namespace plugin { namespace Testing_WithPatchVersion { Plugin plugin; } }
using namespace plugin::Testing_WithPatchVersion;
plugin::Configuration Plugin::Configure()
{
plugin::Configuration config;
config.name = "Testing::WithPatchVersion";
config.description = "Testing a plugin with a specified patch version";
config.version.major = 0;
config.version.minor = 1;
config.version.patch = 4;
return config;
}

5
testing/btest/plugins/plugin-withpatchversion.bro Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Testing WithPatchVersion
# @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=$(pwd) bro -N Testing::WithPatchVersion >> output
# @TEST-EXEC: btest-diff output

1
testing/btest/plugins/protocol-plugin/src/Plugin.cc
View file

@ -16,5 +16,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo test analyzer"; config.description = "A Foo test analyzer";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/reader-plugin/src/Plugin.cc
View file

@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo test input reader"; config.description = "A Foo test input reader";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc
View file

@ -19,6 +19,7 @@ plugin::Configuration Plugin::Configure()
config.description = "Exercise Reporter Hook"; config.description = "Exercise Reporter Hook";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

1
testing/btest/plugins/writer-plugin/src/Plugin.cc
View file

@ -15,5 +15,6 @@ plugin::Configuration Plugin::Configure()
config.description = "A Foo test logging writer"; config.description = "A Foo test logging writer";
config.version.major = 1; config.version.major = 1;
config.version.minor = 0; config.version.minor = 0;
config.version.patch = 0;
return config; return config;
} }

2
testing/btest/scripts/base/protocols/dns/dns-key.bro
View file

@ -1,4 +1,4 @@
# Making sure DNSKEY gets logged as such. # Making sure DNSKEY gets logged as such.
# #
# @TEST-EXEC: bro -r $TRACES/dns-dnskey.trace # @TEST-EXEC: bro -r $TRACES/dnssec/dnskey2.pcap
# @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff dns.log

35
testing/btest/scripts/base/protocols/dns/dnskey.bro Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: bro -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff output
#@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}

35
testing/btest/scripts/base/protocols/dns/ds.bro Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: bro -C -r $TRACES/dnssec/ds.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff output
#@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}

1
testing/btest/scripts/base/protocols/dns/duplicate-reponses.bro
View file

@ -2,4 +2,3 @@
# #
# @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace # @TEST-EXEC: bro -r $TRACES/dns-two-responses.trace
# @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff weird.log

35
testing/btest/scripts/base/protocols/dns/nsec.bro Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff output
@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}

35
testing/btest/scripts/base/protocols/dns/nsec3.bro Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: bro -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff output
@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}

35
testing/btest/scripts/base/protocols/dns/rrsig.bro Normal file
View file

@ -0,0 +1,35 @@
# @TEST-EXEC: bro -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output
# @TEST-EXEC: btest-diff dns.log
# @TEST-EXEC: btest-diff output
#@load policy/protocols/dns/auth-addl
event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr)
{
print "RRSIG", rrsig, bytestring_to_hexstr(rrsig$signature);
}
event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr)
{
print "DNSKEY", dnskey, bytestring_to_hexstr(dnskey$public_key);
}
event dns_NSEC(c: connection, msg: dns_msg, ans: dns_answer, next_name: string, bitmaps: string_vec)
{
print "NSEC", next_name, bitmaps;
for ( i in bitmaps )
print bytestring_to_hexstr(bitmaps[i]);
}
event dns_NSEC3(c: connection, msg: dns_msg, ans: dns_answer, nsec3: dns_nsec3_rr)
{
print "NSEC3", nsec3,
bytestring_to_hexstr(nsec3$nsec_salt),
bytestring_to_hexstr(nsec3$nsec_hash);
}
event dns_DS(c: connection, msg: dns_msg, ans: dns_answer, ds: dns_ds_rr)
{
print "DS", ds, bytestring_to_hexstr(ds$digest_val);
}