Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/johanna/dtls

Browse source
This commit is contained in:
Johanna Amann 2015-03-18 12:25:39 -07:00
commit 28e6aa9561
57 changed files with 882 additions and 537 deletions
Download patch file Download diff file Expand all files Collapse all files

52
CHANGES
View file

@ -1,4 +1,56 @@
2.3-555 | 2015-03-17 15:57:13 -0700
* Splitting test-all Makefile target into Bro tests and test-aux.
(Robin Sommer)
2.3-554 | 2015-03-17 15:40:39 -0700
* Deprecate &rotate_interval, &rotate_size, &encrypt. Addresses
BIT-1305. (Jon Siwek)
2.3-549 | 2015-03-17 09:12:18 -0700
* BIT-1077: Fix HTTP::log_server_header_names. Before, it just
re-logged fields from the client side. (Jon Siwek)
2.3-547 | 2015-03-17 09:07:51 -0700
* Update certificate validation script to cache valid intermediate
chains that it encounters on the wire and use those to try to
validate chains that might be missing intermediate certificates.
(Johanna Amann)
2.3-541 | 2015-03-13 15:44:08 -0500
* Make INSTALL a symlink to doc/install/install.rst (Jon siwek)
* Fix Broxygen coverage. (Jon Siwek)
2.3-539 | 2015-03-13 14:19:27 -0500
* BIT-1335: Include timestamp in default extracted file names.
And add a policy script to extract all files. (Jon Siwek)
* BIT-1311: Identify GRE tunnels as Tunnel::GRE, not Tunnel::IP.
(Jon Siwek)
* BIT-1309: Add Connection class getter methods for flow labels.
(Jon Siwek)
2.3-536 | 2015-03-12 16:16:24 -0500
* Fix Broker leak tests. (Jon Siwek)
2.3-534 | 2015-03-12 10:59:49 -0500
* Update NEWS file. (Jon Siwek)
2.3-533 | 2015-03-12 10:18:53 -0500
* Give broker python bindings default install path within --prefix.
(Jon Siwek)
2.3-530 | 2015-03-10 13:22:39 -0500
* Fix broker data stores in absence of --enable-debug. (Jon Siwek)

3
INSTALL
View file

@ -1,3 +0,0 @@
See doc/install/install.rst for installation instructions.

1
INSTALL Symbolic link
View file

@ -0,0 +1 @@
doc/install/install.rst

14
Makefile
View file

@ -51,13 +51,15 @@ distclean:
$(MAKE) -C testing $@
test:
@( cd testing && make )
-@( cd testing && make )
test-all: test
test -d aux/broctl && ( cd aux/broctl && make test-all )
test -d aux/btest && ( cd aux/btest && make test )
test -d aux/bro-aux && ( cd aux/bro-aux && make test )
test -d aux/plugins && ( cd aux/plugins && make test-all )
test-aux:
-test -d aux/broctl && ( cd aux/broctl && make test-all )
-test -d aux/btest && ( cd aux/btest && make test )
-test -d aux/bro-aux && ( cd aux/bro-aux && make test )
-test -d aux/plugins && ( cd aux/plugins && make test-all )
test-all: test test-aux
configured:
@test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 )

17
NEWS
View file

@ -46,11 +46,9 @@ New Functionality
TODO: Extend with some more information on Broker.
Broker support is by default off for now; it can be enabled at
configure time with --enable-broker. It requires CAF
configure time with --enable-broker. It requires CAF version 0.13+
(https://github.com/actor-framework/actor-framework) as well as a
C++11 compiler.
TODO: Add minumim version for CAF.
C++11 compiler (e.g. GCC 4.8+ or Clang 3.3+).
Broker will become a mandatory dependency in future Bro versions.
@ -75,6 +73,11 @@ Changed Functionality
have been added which contain the same information. The
``mime_type`` field of ``Files::Info`` also still has this info.
* The earliest point that new mime type information is available is
in the ``file_mime_type`` event which comes after the ``file_new``
and ``file_over_new_connection`` events. Scripts which inspected
mime type info within those events will need to be adapted.
* Removed ``Files::add_analyzers_for_mime_type`` function.
* Removed ``offset`` parameter of the ``file_extraction_limit``
@ -91,6 +94,12 @@ Changed Functionality
- conn.log gained a new field local_resp that works like local_orig,
just for the responder address of the connection.
- GRE tunnels are now identified as ``Tunnel::GRE`` instead of
``Tunnel::IP``.
- The default name for extracted files changed from extract-protocol-id
to extract-timestamp-protocol-id.
- [TODO] Add changed BroControl features.
Deprecated Functionality

2
VERSION
View file

@ -1 +1 @@
2.3-530
2.3-555

2
aux/broctl

@ -1 +1 @@
Subproject commit 762d2722290ca0004d0da2b0b96baea6a3a7f3f4
Subproject commit 71c86d87ffd1750278a185ecff0ba5f5ae8fcf6e

2
aux/broker

@ -1 +1 @@
Subproject commit 1a49b0e3d23fdfe8da3187dddb310883b641e4a3
Subproject commit 1a2ab9ee7c80ca905e86a2a11283e7c0477341a9

2
aux/plugins

@ -1 +1 @@
Subproject commit 71d820e9d8ca753fea8fb34ea3987993b28d79e4
Subproject commit 172e0559ec508c86abb81b371ee28e79130faec6

6
configure vendored
View file

@ -149,6 +149,10 @@ while [ $# -ne 0 ]; do
append_cache_entry CMAKE_INSTALL_PREFIX PATH $optarg
append_cache_entry BRO_ROOT_DIR PATH $optarg
append_cache_entry PY_MOD_INSTALL_DIR PATH $optarg/lib/broctl
if [ -n "$user_enabled_broker" ]; then
append_cache_entry BROKER_PYTHON_HOME PATH $prefix
fi
;;
--scriptdir=*)
append_cache_entry BRO_SCRIPT_INSTALL_PATH STRING $optarg
@ -189,6 +193,8 @@ while [ $# -ne 0 ]; do
--enable-broker)
append_cache_entry ENABLE_CXX11 BOOL true
append_cache_entry ENABLE_BROKER BOOL true
append_cache_entry BROKER_PYTHON_HOME PATH $prefix
user_enabled_broker="true"
;;
--disable-broccoli)
append_cache_entry INSTALL_BROCCOLI BOOL false

7
doc/script-reference/attributes.rst
View file

@ -43,8 +43,6 @@ The Bro scripting language supports the following attributes.
+-----------------------------+-----------------------------------------------+
| :bro:attr:`&mergeable` |Prefer set union for synchronized state. |
+-----------------------------+-----------------------------------------------+
| :bro:attr:`&group` |Group event handlers to activate/deactivate. |
+-----------------------------+-----------------------------------------------+
| :bro:attr:`&error_handler` |Used internally for reporter framework events. |
+-----------------------------+-----------------------------------------------+
| :bro:attr:`&type_column` |Used by input framework for "port" type. |
@ -198,11 +196,6 @@ Here is a more detailed explanation of each attribute:
inconsistencies and can be avoided by unifying the two sets, rather
than merely overwriting the old value.
.. bro:attr:: &group
Groups event handlers such that those in the same group can be
jointly activated or deactivated.
.. bro:attr:: &error_handler
Internally set on the events that are associated with the reporter

3
scripts/base/files/extract/main.bro
View file

@ -53,7 +53,8 @@ function set_limit(f: fa_file, args: Files::AnalyzerArgs, n: count): bool
function on_add(f: fa_file, args: Files::AnalyzerArgs)
{
if ( ! args?$extract_filename )
args$extract_filename = cat("extract-", f$source, "-", f$id);
args$extract_filename = cat("extract-", f$last_active, "-", f$source,
"-", f$id);
f$info$extracted = args$extract_filename;
args$extract_filename = build_path_compressed(prefix, args$extract_filename);

1
scripts/broxygen/__load__.bro
View file

@ -5,6 +5,7 @@
@load frameworks/communication/listen.bro
@load frameworks/control/controllee.bro
@load frameworks/control/controller.bro
@load frameworks/files/extract-all-files.bro
@load policy/misc/dump-events.bro
@load ./example.bro

8
scripts/policy/frameworks/files/extract-all-files.bro Normal file
View file

@ -0,0 +1,8 @@
##! Extract all files to disk.
@load base/files/extract
event file_new(f: fa_file)
{
Files::add_analyzer(f, Files::ANALYZER_EXTRACT);
}

9
scripts/policy/protocols/http/header-names.bro
View file

@ -26,16 +26,20 @@ export {
event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3
{
if ( ! is_orig || ! c?$http )
if ( ! c?$http )
return;
if ( is_orig )
{
if ( log_client_header_names )
{
if ( ! c$http?$client_header_names )
c$http$client_header_names = vector();
c$http$client_header_names[|c$http$client_header_names|] = name;
}
}
else
{
if ( log_server_header_names )
{
if ( ! c$http?$server_header_names )
@ -43,3 +47,4 @@ event http_header(c: connection, is_orig: bool, name: string, value: string) &pr
c$http$server_header_names[|c$http$server_header_names|] = name;
}
}
}

142
scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -1,4 +1,7 @@
##! Perform full certificate chain validation for SSL certificates.
#
# Also caches all intermediate certificates encountered so far and use them
# for future validations.
@load base/frameworks/notice
@load base/protocols/ssl
@ -19,12 +22,107 @@ export {
};
## MD5 hash values for recently validated chains along with the
## validation status message are kept in this table to avoid constant
## validation status are kept in this table to avoid constant
## validation every time the same certificate chain is seen.
global recently_validated_certs: table[string] of string = table()
&read_expire=5mins &synchronized &redef;
&read_expire=5mins &redef;
## Use intermediate CA certificate caching when trying to validate
## certificates. When this is enabled, Bro keeps track of all valid
## intermediate CA certificates that it has seen in the past. When
## encountering a host certificate that cannot be validated because
## of missing intermediate CA certificate, the cached list is used
## to try to validate the cert. This is similar to how Firefox is
## doing certificate validation.
##
## Disabling this will usually greatly increase the number of validation warnings
## that you encounter. Only disable if you want to find misconfigured servers.
global ssl_cache_intermediate_ca: bool = T &redef;
## Event from a worker to the manager that it has encountered a new
## valid intermediate.
global intermediate_add: event(key: string, value: vector of opaque of x509);
## Event from the manager to the workers that a new intermediate chain
## is to be added.
global new_intermediate: event(key: string, value: vector of opaque of x509);
}
global intermediate_cache: table[string] of vector of opaque of x509;
@if ( Cluster::is_enabled() )
@load base/frameworks/cluster
redef Cluster::manager2worker_events += /SSL::intermediate_add/;
redef Cluster::worker2manager_events += /SSL::new_intermediate/;
@endif
function add_to_cache(key: string, value: vector of opaque of x509)
{
intermediate_cache[key] = value;
@if ( Cluster::is_enabled() )
event SSL::new_intermediate(key, value);
@endif
}
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
event SSL::intermediate_add(key: string, value: vector of opaque of x509)
{
intermediate_cache[key] = value;
}
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
event SSL::new_intermediate(key: string, value: vector of opaque of x509)
{
if ( key in intermediate_cache )
return;
intermediate_cache[key] = value;
event SSL::intermediate_add(key, value);
}
@endif
function cache_validate(chain: vector of opaque of x509): string
{
local chain_hash: vector of string = vector();
for ( i in chain )
chain_hash[i] = sha1_hash(x509_get_certificate_string(chain[i]));
local chain_id = join_string_vec(chain_hash, ".");
# If we tried this certificate recently, just return the cached result.
if ( chain_id in recently_validated_certs )
return recently_validated_certs[chain_id];
local result = x509_verify(chain, root_certs);
recently_validated_certs[chain_id] = result$result_string;
# if we have a working chain where we did not store the intermediate certs
# in our cache yet - do so
if ( ssl_cache_intermediate_ca &&
result$result_string == "ok" &&
result?$chain_certs &&
|result$chain_certs| > 2 )
{
local result_chain = result$chain_certs;
local icert = x509_parse(result_chain[1]);
if ( icert$subject !in intermediate_cache )
{
local cachechain: vector of opaque of x509;
for ( i in result_chain )
{
if ( i >=1 && i<=|result_chain|-2 )
cachechain[i-1] = result_chain[i];
}
add_to_cache(icert$subject, cachechain);
}
}
return result$result_string;
}
event ssl_established(c: connection) &priority=3
{
# If there aren't any certs we can't very well do certificate validation.
@ -32,9 +130,31 @@ event ssl_established(c: connection) &priority=3
! c$ssl$cert_chain[0]?$x509 )
return;
local chain_id = join_string_vec(c$ssl$cert_chain_fuids, ".");
local intermediate_chain: vector of opaque of x509 = vector();
local issuer = c$ssl$cert_chain[0]$x509$certificate$issuer;
local hash = c$ssl$cert_chain[0]$sha1;
local result: string;
# Look if we already have a working chain for the issuer of this cert.
# If yes, try this chain first instead of using the chain supplied from
# the server.
if ( ssl_cache_intermediate_ca && issuer in intermediate_cache )
{
intermediate_chain[0] = c$ssl$cert_chain[0]$x509$handle;
for ( i in intermediate_cache[issuer] )
intermediate_chain[i+1] = intermediate_cache[issuer][i];
result = cache_validate(intermediate_chain);
if ( result == "ok" )
{
c$ssl$validation_status = result;
return;
}
}
# Validation with known chains failed or there was no fitting intermediate
# in our store.
# Fall back to validating the certificate with the server-supplied chain.
local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain )
{
@ -42,18 +162,10 @@ event ssl_established(c: connection) &priority=3
chain[i] = c$ssl$cert_chain[i]$x509$handle;
}
if ( chain_id in recently_validated_certs )
{
c$ssl$validation_status = recently_validated_certs[chain_id];
}
else
{
local result = x509_verify(chain, root_certs);
c$ssl$validation_status = result$result_string;
recently_validated_certs[chain_id] = result$result_string;
}
result = cache_validate(chain);
c$ssl$validation_status = result;
if ( c$ssl$validation_status != "ok" )
if ( result != "ok" )
{
local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
NOTICE([$note=Invalid_Server_Cert, $msg=message,
@ -61,5 +173,3 @@ event ssl_established(c: connection) &priority=3
$identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_status)]);
}
}

1
scripts/test-all-policy.bro
View file

@ -28,6 +28,7 @@
@load frameworks/intel/seen/where-locations.bro
@load frameworks/intel/seen/x509.bro
@load frameworks/files/detect-MHR.bro
#@load frameworks/files/extract-all-files.bro
@load frameworks/files/hash-all-files.bro
@load frameworks/packet-filter/shunt.bro
@load frameworks/software/version-changes.bro

3
src/Conn.h
View file

@ -263,6 +263,9 @@ public:
void CheckFlowLabel(bool is_orig, uint32 flow_label);
uint32 GetOrigFlowLabel() { return orig_flow_label; }
uint32 GetRespFlowLabel() { return resp_flow_label; }
protected:
Connection() { persistent = 0; }

6
src/Sessions.cc
View file

@ -466,6 +466,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
id.src_addr = ip_hdr->SrcAddr();
id.dst_addr = ip_hdr->DstAddr();
Dictionary* d = 0;
BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP;
switch ( proto ) {
case IPPROTO_TCP:
@ -606,6 +607,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
// Treat GRE tunnel like IP tunnels, fallthrough to logic below now
// that GRE header is stripped and only payload packet remains.
// The only thing different is the tunnel type enum value to use.
tunnel_type = BifEnum::Tunnel::GRE;
}
case IPPROTO_IPV4:
@ -653,7 +656,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
if ( it == ip_tunnels.end() )
{
EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr());
EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(),
tunnel_type);
ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time);
timer_mgr->Add(new IPTunnelTimer(network_time, tunnel_idx));
}

9
src/TunnelEncapsulation.h
View file

@ -37,10 +37,12 @@ public:
*
* @param s The tunnel source address, likely taken from an IP header.
* @param d The tunnel destination address, likely taken from an IP header.
* @param t The type of IP tunnel.
*/
EncapsulatingConn(const IPAddr& s, const IPAddr& d)
EncapsulatingConn(const IPAddr& s, const IPAddr& d,
BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP)
: src_addr(s), dst_addr(d), src_port(0), dst_port(0),
proto(TRANSPORT_UNKNOWN), type(BifEnum::Tunnel::IP),
proto(TRANSPORT_UNKNOWN), type(t),
uid(Bro::UID(bits_per_uid))
{
}
@ -85,7 +87,8 @@ public:
if ( ec1.type != ec2.type )
return false;
if ( ec1.type == BifEnum::Tunnel::IP )
if ( ec1.type == BifEnum::Tunnel::IP ||
ec1.type == BifEnum::Tunnel::GRE )
// Reversing endpoints is still same tunnel.
return ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||

45
src/scan.l
View file

@ -56,6 +56,11 @@ char last_tok[128];
if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \
reporter->Error("read failed with \"%s\"", strerror(errno));
static void deprecated_attr(const char* attr)
{
reporter->Warning("Use of deprecated attribute: %s", attr);
}
static string find_relative_file(const string& filename, const string& ext)
{
if ( filename.empty() )
@ -263,22 +268,50 @@ when return TOK_WHEN;
&delete_func return TOK_ATTR_DEL_FUNC;
&deprecated return TOK_ATTR_DEPRECATED;
&raw_output return TOK_ATTR_RAW_OUTPUT;
&encrypt return TOK_ATTR_ENCRYPT;
&error_handler return TOK_ATTR_ERROR_HANDLER;
&expire_func return TOK_ATTR_EXPIRE_FUNC;
&log return TOK_ATTR_LOG;
&mergeable return TOK_ATTR_MERGEABLE;
&optional return TOK_ATTR_OPTIONAL;
&persistent return TOK_ATTR_PERSISTENT;
&priority return TOK_ATTR_PRIORITY;
&type_column return TOK_ATTR_TYPE_COLUMN;
&read_expire return TOK_ATTR_EXPIRE_READ;
&redef return TOK_ATTR_REDEF;
&rotate_interval return TOK_ATTR_ROTATE_INTERVAL;
&rotate_size return TOK_ATTR_ROTATE_SIZE;
&synchronized return TOK_ATTR_SYNCHRONIZED;
&write_expire return TOK_ATTR_EXPIRE_WRITE;
&encrypt {
deprecated_attr(yytext);
return TOK_ATTR_ENCRYPT;
}
&mergeable {
// Not yet deprecated, but soon.
//deprecated_attr(yytext);
return TOK_ATTR_MERGEABLE;
}
&persistent {
// Not yet deprecated, but soon.
//deprecated_attr(yytext);
return TOK_ATTR_PERSISTENT;
}
&rotate_interval {
deprecated_attr(yytext);
return TOK_ATTR_ROTATE_INTERVAL;
}
&rotate_size {
deprecated_attr(yytext);
return TOK_ATTR_ROTATE_SIZE;
}
&synchronized {
// Not yet deprecated, but soon.
//deprecated_attr(yytext);
return TOK_ATTR_SYNCHRONIZED;
}
@DEBUG return TOK_DEBUG; // marks input for debugger
@DIR {

1
src/types.bif
View file

@ -172,6 +172,7 @@ enum Type %{
SOCKS,
GTPv1,
HTTP,
GRE,
%}
type EncapsulatingConn: record;

5
testing/btest/Baseline/core.leaks.broker.clone_store/clone.clone.out Normal file
View file

@ -0,0 +1,5 @@
clone keys, [status=BrokerStore::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
lookup, one, [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup, two, [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup, myset, [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup, myvec, [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]

32
testing/btest/Baseline/core.leaks.comm.data/bro..stdout → testing/btest/Baseline/core.leaks.broker.data/bro..stdout
View file

@ -1,18 +1,18 @@
Comm::BOOL
Comm::INT
Comm::COUNT
Comm::DOUBLE
Comm::STRING
Comm::ADDR
Comm::SUBNET
Comm::PORT
Comm::TIME
Comm::INTERVAL
Comm::ENUM
Comm::SET
Comm::TABLE
Comm::VECTOR
Comm::RECORD
BrokerComm::BOOL
BrokerComm::INT
BrokerComm::COUNT
BrokerComm::DOUBLE
BrokerComm::STRING
BrokerComm::ADDR
BrokerComm::SUBNET
BrokerComm::PORT
BrokerComm::TIME
BrokerComm::INTERVAL
BrokerComm::ENUM
BrokerComm::SET
BrokerComm::TABLE
BrokerComm::VECTOR
BrokerComm::RECORD
***************************
T
F
@ -29,7 +29,7 @@ hello
22/tcp
42.0
180.0
Comm::BOOL
BrokerComm::BOOL
***************************
{
two,

14
testing/btest/Baseline/core.leaks.broker.master_store/bro..stdout Normal file
View file

@ -0,0 +1,14 @@
lookup(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{222}]]
lookup(four): [status=BrokerStore::SUCCESS, result=[d=<uninitialized>]]
lookup(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{111}]]
lookup(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
exists(one): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(two): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
exists(myset): [status=BrokerStore::SUCCESS, result=[d=broker::data{1}]]
exists(four): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]
pop_right(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{omega}]]
pop_left(myvec): [status=BrokerStore::SUCCESS, result=[d=broker::data{delta}]]
keys: [status=BrokerStore::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
size: [status=BrokerStore::SUCCESS, result=[d=broker::data{3}]]
size (after clear): [status=BrokerStore::SUCCESS, result=[d=broker::data{0}]]

0
testing/btest/Baseline/core.leaks.comm.remote_event/recv.recv.out → testing/btest/Baseline/core.leaks.broker.remote_event/recv.recv.out
View file

2
testing/btest/Baseline/core.leaks.comm.remote_event/send.send.out → testing/btest/Baseline/core.leaks.broker.remote_event/send.send.out
View file

@ -1,4 +1,4 @@
Comm::outgoing_connection_established, 127.0.0.1, 9999/tcp
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got event msg, pong, 0
got auto event msg, ping, 0
got event msg, pong, 1

0
testing/btest/Baseline/core.leaks.comm.remote_log/recv.recv.out → testing/btest/Baseline/core.leaks.broker.remote_log/recv.recv.out
View file

0
testing/btest/Baseline/core.leaks.comm.remote_log/recv.test.log → testing/btest/Baseline/core.leaks.broker.remote_log/recv.test.log
View file

1
testing/btest/Baseline/core.leaks.broker.remote_log/send.send.out Normal file
View file

@ -0,0 +1 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp

0
testing/btest/Baseline/core.leaks.comm.remote_log/send.test.log → testing/btest/Baseline/core.leaks.broker.remote_log/send.test.log
View file

0
testing/btest/Baseline/core.leaks.comm.remote_print/recv.recv.out → testing/btest/Baseline/core.leaks.broker.remote_print/recv.recv.out
View file

2
testing/btest/Baseline/core.leaks.comm.remote_print/send.send.out → testing/btest/Baseline/core.leaks.broker.remote_print/send.send.out
View file

@ -1,4 +1,4 @@
Comm::outgoing_connection_established, 127.0.0.1, 9999/tcp
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
got print msg, pong 0
got print msg, pong 1
got print msg, pong 2

5
testing/btest/Baseline/core.leaks.comm.clone_store/clone.clone.out
View file

@ -1,5 +0,0 @@
clone keys, [status=Store::SUCCESS, result=[d=broker::data{[one, two, myset, myvec]}]]
lookup, one, [status=Store::SUCCESS, result=[d=broker::data{111}]]
lookup, two, [status=Store::SUCCESS, result=[d=broker::data{222}]]
lookup, myset, [status=Store::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup, myvec, [status=Store::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]

14
testing/btest/Baseline/core.leaks.comm.master_store/bro..stdout
View file

@ -1,14 +0,0 @@
lookup(two): [status=Store::SUCCESS, result=[d=broker::data{222}]]
lookup(four): [status=Store::SUCCESS, result=[d=<uninitialized>]]
lookup(myset): [status=Store::SUCCESS, result=[d=broker::data{{a, c, d}}]]
lookup(one): [status=Store::SUCCESS, result=[d=broker::data{111}]]
lookup(myvec): [status=Store::SUCCESS, result=[d=broker::data{[delta, alpha, beta, gamma, omega]}]]
exists(one): [status=Store::SUCCESS, result=[d=broker::data{1}]]
exists(two): [status=Store::SUCCESS, result=[d=broker::data{0}]]
exists(myset): [status=Store::SUCCESS, result=[d=broker::data{1}]]
exists(four): [status=Store::SUCCESS, result=[d=broker::data{0}]]
pop_right(myvec): [status=Store::SUCCESS, result=[d=broker::data{omega}]]
pop_left(myvec): [status=Store::SUCCESS, result=[d=broker::data{delta}]]
keys: [status=Store::SUCCESS, result=[d=broker::data{[myvec, myset, one]}]]
size: [status=Store::SUCCESS, result=[d=broker::data{3}]]
size (after clear): [status=Store::SUCCESS, result=[d=broker::data{0}]]

1
testing/btest/Baseline/core.leaks.comm.remote_log/send.send.out
View file

@ -1 +0,0 @@
Comm::outgoing_connection_established, 127.0.0.1, 9999/tcp

4
testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
View file

@ -6,6 +6,6 @@
#open 2014-01-16-21-51-36
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::IP Tunnel::DISCOVER
1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::IP Tunnel::DISCOVER
1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::GRE Tunnel::DISCOVER
1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::GRE Tunnel::DISCOVER
#close 2014-01-16-21-51-36

2
testing/btest/Baseline/core.tunnels.gre/tunnel.log
View file

@ -6,5 +6,5 @@
#open 2014-01-16-21-51-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::IP Tunnel::DISCOVER
1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::GRE Tunnel::DISCOVER
#close 2014-01-16-21-51-12

24
testing/btest/Baseline/plugins.hooks/output
View file

@ -124,7 +124,7 @@
0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::is_enabled, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Cluster::is_enabled, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])) -> <no result>
0.000000 MetaHookPost CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) -> <no result>
@ -192,7 +192,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
@ -286,8 +286,8 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::default_path_func, <null>, (PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::default_path_func, <null>, (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
@ -669,7 +669,7 @@
0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
0.000000 MetaHookPre CallFunction(Cluster::is_enabled, <frame>, ())
0.000000 MetaHookPre CallFunction(Cluster::is_enabled, <null>, ())
0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}))
0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, <frame>, (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}))
0.000000 MetaHookPre CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}]))
0.000000 MetaHookPre CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}]))
0.000000 MetaHookPre CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}]))
@ -737,7 +737,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
@ -831,8 +831,8 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
0.000000 MetaHookPre CallFunction(Log::default_path_func, <null>, (PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::default_path_func, <null>, (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
0.000000 MetaHookPre CallFunction(PacketFilter::build, <frame>, ())
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
@ -1213,7 +1213,7 @@
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp})
0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
0.000000 | HookCallFunction Cluster::is_enabled()
0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})
0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})
0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ <init> FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])
0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ <init> HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])
0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])
@ -1281,7 +1281,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@ -1375,8 +1375,8 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Notice::want_pp()
0.000000 | HookCallFunction PacketFilter::build()
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )

23
testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log Normal file
View file

@ -0,0 +1,23 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open 2015-03-16-20-10-52
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names
#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION
1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION
#close 2015-03-16-20-10-52

15
testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log Normal file
View file

@ -0,0 +1,15 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2015-03-09-19-32-44
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
1425929564.247511 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FTzCuuqU5y7w85H89 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate
1425929565.270104 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FXzQOu1ZSKSF7H8Ez6 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate
1425929566.843026 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T F5l2dVkZHiwiOWR67,Fkw2ETDXfIXIvatba,Fbgf8A3V6m8v33wTcj (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
1425929571.372511 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FhEtvg4pQ90832J56f (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
1425929567.865619 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fyc6cQ2rMCAhpIGcM5,FoJ8j735m9ogDYopYj,FHaYhA3ykzVlKPnnsc (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
1425929572.395104 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FwZZ8034tgyXSponwg (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
#close 2015-03-09-19-32-53

12
testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log Normal file
View file

@ -0,0 +1,12 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2015-03-09-19-51-25
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
1417039703.224578 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FghNi02cFL9n6ttuMa (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate
1417039705.820093 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
1417039710.349578 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FRcFYq3e3hgYkZ8dS1 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate
#close 2015-03-09-19-51-25

23
testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log Normal file
View file

@ -0,0 +1,23 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2015-03-09-19-44-42
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - F - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired
1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok
#close 2015-03-09-19-44-42
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2015-03-09-19-44-42
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
1417039703.224578 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FghNi02cFL9n6ttuMa (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate
1417039705.820093 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
1417039710.349578 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FRcFYq3e3hgYkZ8dS1 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok
#close 2015-03-09-19-44-42

11
testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log
View file

@ -1,11 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2014-08-08-17-13-58
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string
1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - F - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired
1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok
#close 2014-08-08-17-13-58

BIN
testing/btest/Traces/tls/missing-intermediate.pcap Normal file
View file

Binary file not shown.

113
testing/btest/core/leaks/broker/clone_store.bro Normal file
View file

@ -0,0 +1,113 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-GROUP: leak
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.bro broker_port=$BROKER_PORT >clone.out"
# @TEST-EXEC: btest-bg-run master "bro -b ../master.bro broker_port=$BROKER_PORT >master.out"
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
@TEST-START-FILE clone.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
global expected_key_count = 4;
global key_count = 0;
function do_lookup(key: string)
{
when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
{
++key_count;
print "lookup", key, res;
if ( key_count == expected_key_count )
terminate();
}
timeout 10sec
{ print "timeout"; }
}
event ready()
{
h = BrokerStore::create_clone("mystore");
when ( local res = BrokerStore::keys(h) )
{
print "clone keys", res;
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 0)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 1)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 2)));
do_lookup(BrokerComm::refine_to_string(BrokerComm::vector_lookup(res$result, 3)));
}
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
BrokerComm::enable();
BrokerComm::listen(broker_port, "127.0.0.1");
BrokerComm::subscribe_to_events("bro/event/ready");
}
@TEST-END-FILE
@TEST-START-FILE master.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of BrokerStore::Handle;
function dv(d: BrokerComm::Data): BrokerComm::DataVector
{
local rval: BrokerComm::DataVector;
rval[0] = d;
return rval;
}
global ready: event();
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
BrokerStore::increment(h, BrokerComm::data("one"));
BrokerStore::decrement(h, BrokerComm::data("two"));
BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
when ( local res = BrokerStore::size(h) )
{ event ready(); }
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
BrokerComm::enable();
h = BrokerStore::create_master("mystore");
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
BrokerComm::auto_event("bro/event/ready", ready);
}
@TEST-END-FILE

233
testing/btest/core/leaks/broker/data.bro Normal file
View file

@ -0,0 +1,233 @@
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-GROUP: leaks
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff bro/.stdout
type bro_set: set[string];
type bro_table: table[string] of count;
type bro_vector: vector of string;
type bro_record : record {
a: string &optional;
b: string &default = "bee";
c: count;
};
function comm_record_to_bro_record_recurse(it: opaque of BrokerComm::RecordIterator,
rval: bro_record,
idx: count): bro_record
{
if ( BrokerComm::record_iterator_last(it) )
return rval;
local field_value = BrokerComm::record_iterator_value(it);
if ( field_value?$d )
switch ( idx ) {
case 0:
rval$a = BrokerComm::refine_to_string(field_value);
break;
case 1:
rval$b = BrokerComm::refine_to_string(field_value);
break;
case 2:
rval$c = BrokerComm::refine_to_count(field_value);
break;
};
++idx;
BrokerComm::record_iterator_next(it);
return comm_record_to_bro_record_recurse(it, rval, idx);
}
function comm_record_to_bro_record(d: BrokerComm::Data): bro_record
{
return comm_record_to_bro_record_recurse(BrokerComm::record_iterator(d),
bro_record($c = 0), 0);
}
function
comm_set_to_bro_set_recurse(it: opaque of BrokerComm::SetIterator,
rval: bro_set): bro_set
{
if ( BrokerComm::set_iterator_last(it) )
return rval;
add rval[BrokerComm::refine_to_string(BrokerComm::set_iterator_value(it))];
BrokerComm::set_iterator_next(it);
return comm_set_to_bro_set_recurse(it, rval);
}
function comm_set_to_bro_set(d: BrokerComm::Data): bro_set
{
return comm_set_to_bro_set_recurse(BrokerComm::set_iterator(d), bro_set());
}
function
comm_table_to_bro_table_recurse(it: opaque of BrokerComm::TableIterator,
rval: bro_table): bro_table
{
if ( BrokerComm::table_iterator_last(it) )
return rval;
local item = BrokerComm::table_iterator_value(it);
rval[BrokerComm::refine_to_string(item$key)] = BrokerComm::refine_to_count(item$val);
BrokerComm::table_iterator_next(it);
return comm_table_to_bro_table_recurse(it, rval);
}
function comm_table_to_bro_table(d: BrokerComm::Data): bro_table
{
return comm_table_to_bro_table_recurse(BrokerComm::table_iterator(d),
bro_table());
}
function comm_vector_to_bro_vector_recurse(it: opaque of BrokerComm::VectorIterator,
rval: bro_vector): bro_vector
{
if ( BrokerComm::vector_iterator_last(it) )
return rval;
rval[|rval|] = BrokerComm::refine_to_string(BrokerComm::vector_iterator_value(it));
BrokerComm::vector_iterator_next(it);
return comm_vector_to_bro_vector_recurse(it, rval);
}
function comm_vector_to_bro_vector(d: BrokerComm::Data): bro_vector
{
return comm_vector_to_bro_vector_recurse(BrokerComm::vector_iterator(d),
bro_vector());
}
event bro_init()
{
BrokerComm::enable();
}
global did_it = F;
event new_connection(c: connection)
{
if ( did_it ) return;
did_it = T;
print BrokerComm::data_type(BrokerComm::data(T));
print BrokerComm::data_type(BrokerComm::data(+1));
print BrokerComm::data_type(BrokerComm::data(1));
print BrokerComm::data_type(BrokerComm::data(1.1));
print BrokerComm::data_type(BrokerComm::data("1 (how creative)"));
print BrokerComm::data_type(BrokerComm::data(1.1.1.1));
print BrokerComm::data_type(BrokerComm::data(1.1.1.1/1));
print BrokerComm::data_type(BrokerComm::data(1/udp));
print BrokerComm::data_type(BrokerComm::data(double_to_time(1)));
print BrokerComm::data_type(BrokerComm::data(1sec));
print BrokerComm::data_type(BrokerComm::data(BrokerComm::BOOL));
local s: bro_set = bro_set("one", "two", "three");
local t: bro_table = bro_table(["one"] = 1, ["two"] = 2, ["three"] = 3);
local v: bro_vector = bro_vector("zero", "one", "two");
local r: bro_record = bro_record($c = 1);
print BrokerComm::data_type(BrokerComm::data(s));
print BrokerComm::data_type(BrokerComm::data(t));
print BrokerComm::data_type(BrokerComm::data(v));
print BrokerComm::data_type(BrokerComm::data(r));
print "***************************";
print BrokerComm::refine_to_bool(BrokerComm::data(T));
print BrokerComm::refine_to_bool(BrokerComm::data(F));
print BrokerComm::refine_to_int(BrokerComm::data(+1));
print BrokerComm::refine_to_int(BrokerComm::data(+0));
print BrokerComm::refine_to_int(BrokerComm::data(-1));
print BrokerComm::refine_to_count(BrokerComm::data(1));
print BrokerComm::refine_to_count(BrokerComm::data(0));
print BrokerComm::refine_to_double(BrokerComm::data(1.1));
print BrokerComm::refine_to_double(BrokerComm::data(-11.1));
print BrokerComm::refine_to_string(BrokerComm::data("hello"));
print BrokerComm::refine_to_addr(BrokerComm::data(1.2.3.4));
print BrokerComm::refine_to_subnet(BrokerComm::data(192.168.1.1/16));
print BrokerComm::refine_to_port(BrokerComm::data(22/tcp));
print BrokerComm::refine_to_time(BrokerComm::data(double_to_time(42)));
print BrokerComm::refine_to_interval(BrokerComm::data(3min));
print BrokerComm::refine_to_enum_name(BrokerComm::data(BrokerComm::BOOL));
print "***************************";
local cs = BrokerComm::data(s);
print comm_set_to_bro_set(cs);
cs = BrokerComm::set_create();
print BrokerComm::set_size(cs);
print BrokerComm::set_insert(cs, BrokerComm::data("hi"));
print BrokerComm::set_size(cs);
print BrokerComm::set_contains(cs, BrokerComm::data("hi"));
print BrokerComm::set_contains(cs, BrokerComm::data("bye"));
print BrokerComm::set_insert(cs, BrokerComm::data("bye"));
print BrokerComm::set_size(cs);
print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
print BrokerComm::set_size(cs);
print BrokerComm::set_remove(cs, BrokerComm::data("hi"));
print comm_set_to_bro_set(cs);
BrokerComm::set_clear(cs);
print BrokerComm::set_size(cs);
print "***************************";
local ct = BrokerComm::data(t);
print comm_table_to_bro_table(ct);
ct = BrokerComm::table_create();
print BrokerComm::table_size(ct);
print BrokerComm::table_insert(ct, BrokerComm::data("hi"), BrokerComm::data(42));
print BrokerComm::table_size(ct);
print BrokerComm::table_contains(ct, BrokerComm::data("hi"));
print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("hi")));
print BrokerComm::table_contains(ct, BrokerComm::data("bye"));
print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(7));
print BrokerComm::table_size(ct);
print BrokerComm::table_insert(ct, BrokerComm::data("bye"), BrokerComm::data(37));
print BrokerComm::table_size(ct);
print BrokerComm::refine_to_count(BrokerComm::table_lookup(ct, BrokerComm::data("bye")));
print BrokerComm::table_remove(ct, BrokerComm::data("hi"));
print BrokerComm::table_size(ct);
print "***************************";
local cv = BrokerComm::data(v);
print comm_vector_to_bro_vector(cv);
cv = BrokerComm::vector_create();
print BrokerComm::vector_size(cv);
print BrokerComm::vector_insert(cv, BrokerComm::data("hi"), 0);
print BrokerComm::vector_insert(cv, BrokerComm::data("hello"), 1);
print BrokerComm::vector_insert(cv, BrokerComm::data("greetings"), 2);
print BrokerComm::vector_insert(cv, BrokerComm::data("salutations"), 1);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_size(cv);
print BrokerComm::vector_replace(cv, BrokerComm::data("bah"), 2);
print BrokerComm::vector_lookup(cv, 2);
print BrokerComm::vector_lookup(cv, 0);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_remove(cv, 2);
print comm_vector_to_bro_vector(cv);
print BrokerComm::vector_size(cv);
print "***************************";
local cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
r$a = "test";
cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
r$b = "testagain";
cr = BrokerComm::data(r);
print comm_record_to_bro_record(cr);
cr = BrokerComm::record_create(3);
print BrokerComm::record_size(cr);
print BrokerComm::record_assign(cr, BrokerComm::data("hi"), 0);
print BrokerComm::record_assign(cr, BrokerComm::data("hello"), 1);
print BrokerComm::record_assign(cr, BrokerComm::data(37), 2);
print BrokerComm::record_lookup(cr, 0);
print BrokerComm::record_lookup(cr, 1);
print BrokerComm::record_lookup(cr, 2);
print BrokerComm::record_size(cr);
}

46
testing/btest/core/leaks/comm/master_store.bro → testing/btest/core/leaks/broker/master_store.bro
View file

@ -8,7 +8,7 @@
redef exit_only_after_terminate = T;
global h: opaque of Store::Handle;
global h: opaque of BrokerStore::Handle;
global lookup_count = 0;
const lookup_expect_count = 5;
global exists_count = 0;
@ -20,13 +20,13 @@ global test_size: event(where: string &default = "");
event test_clear()
{
Store::clear(h);
BrokerStore::clear(h);
event test_size("after clear");
}
event test_size(where: string)
{
when ( local res = Store::size(h) )
when ( local res = BrokerStore::size(h) )
{
if ( where == "" )
{
@ -45,7 +45,7 @@ event test_size(where: string)
event test_keys()
{
when ( local res = Store::keys(h) )
when ( local res = BrokerStore::keys(h) )
{
print fmt("keys: %s", res);
event test_size();
@ -56,7 +56,7 @@ event test_keys()
event test_pop(key: string)
{
when ( local lres = Store::pop_left(h, Comm::data(key)) )
when ( local lres = BrokerStore::pop_left(h, BrokerComm::data(key)) )
{
print fmt("pop_left(%s): %s", key, lres);
++pop_count;
@ -67,7 +67,7 @@ event test_pop(key: string)
timeout 10sec
{ print "timeout"; }
when ( local rres = Store::pop_right(h, Comm::data(key)) )
when ( local rres = BrokerStore::pop_right(h, BrokerComm::data(key)) )
{
print fmt("pop_right(%s): %s", key, rres);
++pop_count;
@ -81,7 +81,7 @@ event test_pop(key: string)
function do_exists(key: string)
{
when ( local res = Store::exists(h, Comm::data(key)) )
when ( local res = BrokerStore::exists(h, BrokerComm::data(key)) )
{
print fmt("exists(%s): %s", key, res);
++exists_count;
@ -95,7 +95,7 @@ function do_exists(key: string)
event test_erase()
{
Store::erase(h, Comm::data("two"));
BrokerStore::erase(h, BrokerComm::data("two"));
do_exists("one");
do_exists("two");
do_exists("myset");
@ -104,7 +104,7 @@ event test_erase()
function do_lookup(key: string)
{
when ( local res = Store::lookup(h, Comm::data(key)) )
when ( local res = BrokerStore::lookup(h, BrokerComm::data(key)) )
{
print fmt("lookup(%s): %s", key, res);
++lookup_count;
@ -116,9 +116,9 @@ function do_lookup(key: string)
{ print "timeout"; }
}
function dv(d: Comm::Data): Comm::DataVector
function dv(d: BrokerComm::Data): BrokerComm::DataVector
{
local rval: Comm::DataVector;
local rval: BrokerComm::DataVector;
rval[0] = d;
return rval;
}
@ -127,8 +127,8 @@ global did_it = F;
event bro_init()
{
Comm::enable();
h = Store::create_master("master");
BrokerComm::enable();
h = BrokerStore::create_master("master");
}
event new_connection(c: connection)
@ -137,16 +137,16 @@ event new_connection(c: connection)
did_it = T;
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
Store::insert(h, Comm::data("one"), Comm::data(110));
Store::insert(h, Comm::data("two"), Comm::data(223));
Store::insert(h, Comm::data("myset"), Comm::data(myset));
Store::insert(h, Comm::data("myvec"), Comm::data(myvec));
Store::increment(h, Comm::data("one"));
Store::decrement(h, Comm::data("two"));
Store::add_to_set(h, Comm::data("myset"), Comm::data("d"));
Store::remove_from_set(h, Comm::data("myset"), Comm::data("b"));
Store::push_left(h, Comm::data("myvec"), dv(Comm::data("delta")));
Store::push_right(h, Comm::data("myvec"), dv(Comm::data("omega")));
BrokerStore::insert(h, BrokerComm::data("one"), BrokerComm::data(110));
BrokerStore::insert(h, BrokerComm::data("two"), BrokerComm::data(223));
BrokerStore::insert(h, BrokerComm::data("myset"), BrokerComm::data(myset));
BrokerStore::insert(h, BrokerComm::data("myvec"), BrokerComm::data(myvec));
BrokerStore::increment(h, BrokerComm::data("one"));
BrokerStore::decrement(h, BrokerComm::data("two"));
BrokerStore::add_to_set(h, BrokerComm::data("myset"), BrokerComm::data("d"));
BrokerStore::remove_from_set(h, BrokerComm::data("myset"), BrokerComm::data("b"));
BrokerStore::push_left(h, BrokerComm::data("myvec"), dv(BrokerComm::data("delta")));
BrokerStore::push_right(h, BrokerComm::data("myvec"), dv(BrokerComm::data("omega")));
do_lookup("one");
do_lookup("two");
do_lookup("myset");

32
testing/btest/core/leaks/comm/remote_event.test → testing/btest/core/leaks/broker/remote_event.test
View file

@ -20,10 +20,10 @@ global auto_event_handler: event(msg: string, c: count);
event bro_init()
{
Comm::enable();
Comm::listen(broker_port, "127.0.0.1");
Comm::subscribe_to_events("bro/event/");
Comm::auto_event("bro/event/my_topic", auto_event_handler);
BrokerComm::enable();
BrokerComm::listen(broker_port, "127.0.0.1");
BrokerComm::subscribe_to_events("bro/event/");
BrokerComm::auto_event("bro/event/my_topic", auto_event_handler);
}
global event_count = 0;
@ -41,8 +41,8 @@ event event_handler(msg: string, n: count)
}
event auto_event_handler(msg, n);
local args = Comm::event_args(event_handler, "pong", n);
Comm::event("bro/event/my_topic", args);
local args = BrokerComm::event_args(event_handler, "pong", n);
BrokerComm::event("bro/event/my_topic", args);
}
@TEST-END-FILE
@ -57,24 +57,24 @@ global auto_event_handler: event(msg: string, c: count);
event bro_init()
{
Comm::enable();
Comm::subscribe_to_events("bro/event/my_topic");
Comm::connect("127.0.0.1", broker_port, 1secs);
BrokerComm::enable();
BrokerComm::subscribe_to_events("bro/event/my_topic");
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
}
global event_count = 0;
event Comm::outgoing_connection_established(peer_address: string,
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "Comm::outgoing_connection_established", peer_address, peer_port;
local args = Comm::event_args(event_handler, "ping", event_count);
Comm::event("bro/event/hi", args);
print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
local args = BrokerComm::event_args(event_handler, "ping", event_count);
BrokerComm::event("bro/event/hi", args);
++event_count;
}
event Comm::outgoing_connection_broken(peer_address: string,
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
@ -83,8 +83,8 @@ event Comm::outgoing_connection_broken(peer_address: string,
event event_handler(msg: string, n: count)
{
print "got event msg", msg, n;
local args = Comm::event_args(event_handler, "ping", event_count);
Comm::event("bro/event/hi", args);
local args = BrokerComm::event_args(event_handler, "ping", event_count);
BrokerComm::event("bro/event/hi", args);
++event_count;
}

16
testing/btest/core/leaks/comm/remote_log.test → testing/btest/core/leaks/broker/remote_log.test
View file

@ -29,7 +29,7 @@ export {
event bro_init() &priority=5
{
Comm::enable();
BrokerComm::enable();
Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]);
}
@ -42,8 +42,8 @@ redef exit_only_after_terminate = T;
event bro_init()
{
Comm::listen(broker_port, "127.0.0.1");
Comm::subscribe_to_logs("bro/log/");
BrokerComm::listen(broker_port, "127.0.0.1");
BrokerComm::subscribe_to_logs("bro/log/");
}
event Test::log_test(rec: Test::Info)
@ -63,8 +63,8 @@ redef exit_only_after_terminate = T;
event bro_init()
{
Comm::enable_remote_logs(Test::LOG);
Comm::connect("127.0.0.1", broker_port, 1secs);
BrokerComm::enable_remote_logs(Test::LOG);
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
}
global n = 0;
@ -81,15 +81,15 @@ event do_write()
}
}
event Comm::outgoing_connection_established(peer_address: string,
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "Comm::outgoing_connection_established", peer_address, peer_port;
print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
event do_write();
}
event Comm::outgoing_connection_broken(peer_address: string,
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();

28
testing/btest/core/leaks/comm/remote_print.test → testing/btest/core/leaks/broker/remote_print.test
View file

@ -17,16 +17,16 @@ redef exit_only_after_terminate = T;
event bro_init()
{
Comm::enable();
Comm::listen(broker_port, "127.0.0.1");
Comm::subscribe_to_prints("bro/print/");
BrokerComm::enable();
BrokerComm::listen(broker_port, "127.0.0.1");
BrokerComm::subscribe_to_prints("bro/print/");
}
global messages_to_recv = 6;
global messages_sent = 0;
global messages_recv = 0;
event Comm::print_handler(msg: string)
event BrokerComm::print_handler(msg: string)
{
++messages_recv;
print "got print msg", msg;
@ -37,7 +37,7 @@ event Comm::print_handler(msg: string)
return;
}
Comm::print("bro/print/my_topic", fmt("pong %d", messages_sent));
BrokerComm::print("bro/print/my_topic", fmt("pong %d", messages_sent));
++messages_sent;
}
@ -50,35 +50,35 @@ redef exit_only_after_terminate = T;
event bro_init()
{
Comm::enable();
Comm::subscribe_to_prints("bro/print/my_topic");
Comm::connect("127.0.0.1", broker_port, 1secs);
BrokerComm::enable();
BrokerComm::subscribe_to_prints("bro/print/my_topic");
BrokerComm::connect("127.0.0.1", broker_port, 1secs);
}
global messages_sent = 0;
global messages_recv = 0;
global peer_disconnected = F;
event Comm::outgoing_connection_established(peer_address: string,
event BrokerComm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
print "Comm::outgoing_connection_established", peer_address, peer_port;
Comm::print("bro/print/hi", fmt("ping %d", messages_sent));
print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
++messages_sent;
}
event Comm::outgoing_connection_broken(peer_address: string,
event BrokerComm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event Comm::print_handler(msg: string)
event BrokerComm::print_handler(msg: string)
{
++messages_recv;
print "got print msg", msg;
Comm::print("bro/print/hi", fmt("ping %d", messages_sent));
BrokerComm::print("bro/print/hi", fmt("ping %d", messages_sent));
++messages_sent;
}

113
testing/btest/core/leaks/comm/clone_store.bro
View file

@ -1,113 +0,0 @@
# @TEST-SERIALIZE: brokercomm
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-GROUP: leak
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run clone "bro -m -b ../clone.bro broker_port=$BROKER_PORT >clone.out"
# @TEST-EXEC: btest-bg-run master "bro -b ../master.bro broker_port=$BROKER_PORT >master.out"
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out
@TEST-START-FILE clone.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of Store::Handle;
global expected_key_count = 4;
global key_count = 0;
function do_lookup(key: string)
{
when ( local res = Store::lookup(h, Comm::data(key)) )
{
++key_count;
print "lookup", key, res;
if ( key_count == expected_key_count )
terminate();
}
timeout 10sec
{ print "timeout"; }
}
event ready()
{
h = Store::create_clone("mystore");
when ( local res = Store::keys(h) )
{
print "clone keys", res;
do_lookup(Comm::refine_to_string(Comm::vector_lookup(res$result, 0)));
do_lookup(Comm::refine_to_string(Comm::vector_lookup(res$result, 1)));
do_lookup(Comm::refine_to_string(Comm::vector_lookup(res$result, 2)));
do_lookup(Comm::refine_to_string(Comm::vector_lookup(res$result, 3)));
}
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
Comm::enable();
Comm::listen(broker_port, "127.0.0.1");
Comm::subscribe_to_events("bro/event/ready");
}
@TEST-END-FILE
@TEST-START-FILE master.bro
const broker_port: port &redef;
redef exit_only_after_terminate = T;
global h: opaque of Store::Handle;
function dv(d: Comm::Data): Comm::DataVector
{
local rval: Comm::DataVector;
rval[0] = d;
return rval;
}
global ready: event();
event Comm::outgoing_connection_broken(peer_address: string,
peer_port: port)
{
terminate();
}
event Comm::outgoing_connection_established(peer_address: string,
peer_port: port,
peer_name: string)
{
local myset: set[string] = {"a", "b", "c"};
local myvec: vector of string = {"alpha", "beta", "gamma"};
Store::insert(h, Comm::data("one"), Comm::data(110));
Store::insert(h, Comm::data("two"), Comm::data(223));
Store::insert(h, Comm::data("myset"), Comm::data(myset));
Store::insert(h, Comm::data("myvec"), Comm::data(myvec));
Store::increment(h, Comm::data("one"));
Store::decrement(h, Comm::data("two"));
Store::add_to_set(h, Comm::data("myset"), Comm::data("d"));
Store::remove_from_set(h, Comm::data("myset"), Comm::data("b"));
Store::push_left(h, Comm::data("myvec"), dv(Comm::data("delta")));
Store::push_right(h, Comm::data("myvec"), dv(Comm::data("omega")));
when ( local res = Store::size(h) )
{ event ready(); }
timeout 10sec
{ print "timeout"; }
}
event bro_init()
{
Comm::enable();
h = Store::create_master("mystore");
Comm::connect("127.0.0.1", broker_port, 1secs);
Comm::auto_event("bro/event/ready", ready);
}
@TEST-END-FILE

233
testing/btest/core/leaks/comm/data.bro
View file

@ -1,233 +0,0 @@
# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-GROUP: leaks
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff bro/.stdout
type bro_set: set[string];
type bro_table: table[string] of count;
type bro_vector: vector of string;
type bro_record : record {
a: string &optional;
b: string &default = "bee";
c: count;
};
function comm_record_to_bro_record_recurse(it: opaque of Comm::RecordIterator,
rval: bro_record,
idx: count): bro_record
{
if ( Comm::record_iterator_last(it) )
return rval;
local field_value = Comm::record_iterator_value(it);
if ( field_value?$d )
switch ( idx ) {
case 0:
rval$a = Comm::refine_to_string(field_value);
break;
case 1:
rval$b = Comm::refine_to_string(field_value);
break;
case 2:
rval$c = Comm::refine_to_count(field_value);
break;
};
++idx;
Comm::record_iterator_next(it);
return comm_record_to_bro_record_recurse(it, rval, idx);
}
function comm_record_to_bro_record(d: Comm::Data): bro_record
{
return comm_record_to_bro_record_recurse(Comm::record_iterator(d),
bro_record($c = 0), 0);
}
function
comm_set_to_bro_set_recurse(it: opaque of Comm::SetIterator,
rval: bro_set): bro_set
{
if ( Comm::set_iterator_last(it) )
return rval;
add rval[Comm::refine_to_string(Comm::set_iterator_value(it))];
Comm::set_iterator_next(it);
return comm_set_to_bro_set_recurse(it, rval);
}
function comm_set_to_bro_set(d: Comm::Data): bro_set
{
return comm_set_to_bro_set_recurse(Comm::set_iterator(d), bro_set());
}
function
comm_table_to_bro_table_recurse(it: opaque of Comm::TableIterator,
rval: bro_table): bro_table
{
if ( Comm::table_iterator_last(it) )
return rval;
local item = Comm::table_iterator_value(it);
rval[Comm::refine_to_string(item$key)] = Comm::refine_to_count(item$val);
Comm::table_iterator_next(it);
return comm_table_to_bro_table_recurse(it, rval);
}
function comm_table_to_bro_table(d: Comm::Data): bro_table
{
return comm_table_to_bro_table_recurse(Comm::table_iterator(d),
bro_table());
}
function comm_vector_to_bro_vector_recurse(it: opaque of Comm::VectorIterator,
rval: bro_vector): bro_vector
{
if ( Comm::vector_iterator_last(it) )
return rval;
rval[|rval|] = Comm::refine_to_string(Comm::vector_iterator_value(it));
Comm::vector_iterator_next(it);
return comm_vector_to_bro_vector_recurse(it, rval);
}
function comm_vector_to_bro_vector(d: Comm::Data): bro_vector
{
return comm_vector_to_bro_vector_recurse(Comm::vector_iterator(d),
bro_vector());
}
event bro_init()
{
Comm::enable();
}
global did_it = F;
event new_connection(c: connection)
{
if ( did_it ) return;
did_it = T;
print Comm::data_type(Comm::data(T));
print Comm::data_type(Comm::data(+1));
print Comm::data_type(Comm::data(1));
print Comm::data_type(Comm::data(1.1));
print Comm::data_type(Comm::data("1 (how creative)"));
print Comm::data_type(Comm::data(1.1.1.1));
print Comm::data_type(Comm::data(1.1.1.1/1));
print Comm::data_type(Comm::data(1/udp));
print Comm::data_type(Comm::data(double_to_time(1)));
print Comm::data_type(Comm::data(1sec));
print Comm::data_type(Comm::data(Comm::BOOL));
local s: bro_set = bro_set("one", "two", "three");
local t: bro_table = bro_table(["one"] = 1, ["two"] = 2, ["three"] = 3);
local v: bro_vector = bro_vector("zero", "one", "two");
local r: bro_record = bro_record($c = 1);
print Comm::data_type(Comm::data(s));
print Comm::data_type(Comm::data(t));
print Comm::data_type(Comm::data(v));
print Comm::data_type(Comm::data(r));
print "***************************";
print Comm::refine_to_bool(Comm::data(T));
print Comm::refine_to_bool(Comm::data(F));
print Comm::refine_to_int(Comm::data(+1));
print Comm::refine_to_int(Comm::data(+0));
print Comm::refine_to_int(Comm::data(-1));
print Comm::refine_to_count(Comm::data(1));
print Comm::refine_to_count(Comm::data(0));
print Comm::refine_to_double(Comm::data(1.1));
print Comm::refine_to_double(Comm::data(-11.1));
print Comm::refine_to_string(Comm::data("hello"));
print Comm::refine_to_addr(Comm::data(1.2.3.4));
print Comm::refine_to_subnet(Comm::data(192.168.1.1/16));
print Comm::refine_to_port(Comm::data(22/tcp));
print Comm::refine_to_time(Comm::data(double_to_time(42)));
print Comm::refine_to_interval(Comm::data(3min));
print Comm::refine_to_enum_name(Comm::data(Comm::BOOL));
print "***************************";
local cs = Comm::data(s);
print comm_set_to_bro_set(cs);
cs = Comm::set_create();
print Comm::set_size(cs);
print Comm::set_insert(cs, Comm::data("hi"));
print Comm::set_size(cs);
print Comm::set_contains(cs, Comm::data("hi"));
print Comm::set_contains(cs, Comm::data("bye"));
print Comm::set_insert(cs, Comm::data("bye"));
print Comm::set_size(cs);
print Comm::set_remove(cs, Comm::data("hi"));
print Comm::set_size(cs);
print Comm::set_remove(cs, Comm::data("hi"));
print comm_set_to_bro_set(cs);
Comm::set_clear(cs);
print Comm::set_size(cs);
print "***************************";
local ct = Comm::data(t);
print comm_table_to_bro_table(ct);
ct = Comm::table_create();
print Comm::table_size(ct);
print Comm::table_insert(ct, Comm::data("hi"), Comm::data(42));
print Comm::table_size(ct);
print Comm::table_contains(ct, Comm::data("hi"));
print Comm::refine_to_count(Comm::table_lookup(ct, Comm::data("hi")));
print Comm::table_contains(ct, Comm::data("bye"));
print Comm::table_insert(ct, Comm::data("bye"), Comm::data(7));
print Comm::table_size(ct);
print Comm::table_insert(ct, Comm::data("bye"), Comm::data(37));
print Comm::table_size(ct);
print Comm::refine_to_count(Comm::table_lookup(ct, Comm::data("bye")));
print Comm::table_remove(ct, Comm::data("hi"));
print Comm::table_size(ct);
print "***************************";
local cv = Comm::data(v);
print comm_vector_to_bro_vector(cv);
cv = Comm::vector_create();
print Comm::vector_size(cv);
print Comm::vector_insert(cv, Comm::data("hi"), 0);
print Comm::vector_insert(cv, Comm::data("hello"), 1);
print Comm::vector_insert(cv, Comm::data("greetings"), 2);
print Comm::vector_insert(cv, Comm::data("salutations"), 1);
print comm_vector_to_bro_vector(cv);
print Comm::vector_size(cv);
print Comm::vector_replace(cv, Comm::data("bah"), 2);
print Comm::vector_lookup(cv, 2);
print Comm::vector_lookup(cv, 0);
print comm_vector_to_bro_vector(cv);
print Comm::vector_remove(cv, 2);
print comm_vector_to_bro_vector(cv);
print Comm::vector_size(cv);
print "***************************";
local cr = Comm::data(r);
print comm_record_to_bro_record(cr);
r$a = "test";
cr = Comm::data(r);
print comm_record_to_bro_record(cr);
r$b = "testagain";
cr = Comm::data(r);
print comm_record_to_bro_record(cr);
cr = Comm::record_create(3);
print Comm::record_size(cr);
print Comm::record_assign(cr, Comm::data("hi"), 0);
print Comm::record_assign(cr, Comm::data("hello"), 1);
print Comm::record_assign(cr, Comm::data(37), 2);
print Comm::record_lookup(cr, 0);
print Comm::record_lookup(cr, 1);
print Comm::record_lookup(cr, 2);
print Comm::record_size(cr);
}

2
testing/btest/scripts/policy/frameworks/files/extract-all.bro Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files
# @TEST-EXEC: grep -q EXTRACT files.log

5
testing/btest/scripts/policy/protocols/http/header-names.bro Normal file
View file

@ -0,0 +1,5 @@
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff http.log
@load protocols/http/header-names
redef HTTP::log_server_header_names=T;

37
testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro Normal file
View file

@ -0,0 +1,37 @@
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run proxy-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-1 bro %INPUT"
# @TEST-EXEC: btest-bg-run proxy-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-2 bro %INPUT"
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log
#
redef Log::default_rotation_interval = 0secs;
@TEST-START-FILE cluster-layout.bro
redef Cluster::nodes = {
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")],
["proxy-2"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")],
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth1"],
};
@TEST-END-FILE
event terminate_me() {
terminate();
}
event remote_connection_closed(p: event_peer) {
schedule 1sec { terminate_me() };
}
@load base/frameworks/cluster
@load protocols/ssl/validate-certs.bro

6
testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro Normal file
View file

@ -0,0 +1,6 @@
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
@load protocols/ssl/validate-certs.bro
redef SSL::ssl_cache_intermediate_ca = F;

7
testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -1,4 +1,7 @@
# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: cat ssl.log > ssl-all.log
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log
@load protocols/ssl/validate-certs
@load protocols/ssl/validate-certs.bro