mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 10:08:20 +00:00
Merge remote-tracking branch 'origin/master' into topic/robin/reader-writer-plugins
This commit is contained in:
Robin Sommer
commit
2b505b07c1
37 changed files with 91122 additions and 79726 deletions
4
testing/btest/Baseline/bifs.count_to_addr/out
Normal file
4
testing/btest/Baseline/bifs.count_to_addr/out
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
0.0.0.1
|
||||
48.21.133.122
|
||||
255.255.255.255
|
||||
0.0.0.0
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
Demo::Foo - <Insert description> (dynamic, version 1.0)
|
||||
[Event] plugin_event
|
||||
[Function] hello_plugin_world
|
||||
|
||||
plugin: automatically loaded at startup
|
||||
calling bif, Hello from the plugin!
|
||||
plugin: manually loaded
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Demo::Foo - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0)
|
||||
Demo::Foo - <Insert description> (dynamic, version 1.0)
|
||||
[Event] plugin_event
|
||||
[Function] hello_plugin_world
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
5 of 28 events triggered by trace
|
||||
File diff suppressed because it is too large
Load diff
|
|
@ -0,0 +1 @@
|
|||
5 of 28 events triggered by trace
|
||||
|
|
@ -0,0 +1,64 @@
|
|||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], T
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], F
|
||||
1 modbus_message, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], T
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_request, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=1], 0, 3
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55481/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [F, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55483/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [F, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55485/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [F, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55487/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [F, T, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55489/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [T, F, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55491/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [T, F, T, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55494/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [T, T, F, F, F, F, F, F]
|
||||
1 modbus_read_coils_response, [orig_h=118.189.96.132, orig_p=55496/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=4, uid=1, function_code=1], [T, T, T, F, F, F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [F, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [F, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [F, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [F, T, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [T, F, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [T, F, T]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [T, T, F]
|
||||
1 modbus_write_multiple_coils_request, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=8, uid=1, function_code=15], 0, [T, T, T]
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55480/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55482/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55484/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55486/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55488/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55490/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55493/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
1 modbus_write_multiple_coils_response, [orig_h=118.189.96.132, orig_p=55495/tcp, resp_h=118.189.96.132, resp_p=502/tcp], [tid=1, pid=0, len=6, uid=1, function_code=15], 0, 3
|
||||
File diff suppressed because it is too large
Load diff
|
|
@ -3,10 +3,10 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path modbus
|
||||
#open 2013-08-26-19-04-19
|
||||
#open 2014-06-18-02-19-52
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p func exception
|
||||
#types time string addr port addr port string string
|
||||
1342774775.305761 CXWv6p3arKYeMETxOg 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
1342775209.493066 CjhGID4nQcgTWjvg4c 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
1342776371.617757 CsRx2w45OKnoww6xl4 10.1.1.234 51411 10.10.5.104 502 READ_INPUT_REGISTERS -
|
||||
#close 2013-08-26-19-04-19
|
||||
#close 2014-06-18-02-19-52
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=1119, pid=0, uid=255, function_code=4], 900, 147
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=2606, pid=0, uid=255, function_code=4], [0, 0, 0, 0, 0, 0, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=12993, pid=0, uid=255, function_code=4], 400, 100
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=17667, pid=0, uid=255, function_code=4], [49, 18012, 51, 42, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 54324, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 69, 63, 64, 65, 66, 67, 68, 49, 189, 51, 52, 53, 54, 4151, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 136, 49, 50, 51, 212, 53, 54, 170, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=1119, pid=0, len=6, uid=255, function_code=4], 900, 147
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=2606, pid=0, len=203, uid=255, function_code=4], [0, 0, 0, 0, 0, 0, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
modbus_read_input_registers_request, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=12993, pid=0, len=6, uid=255, function_code=4], 400, 100
|
||||
modbus_read_input_registers_response, [orig_h=10.1.1.234, orig_p=51411/tcp, resp_h=10.10.5.104, resp_p=502/tcp], [tid=17667, pid=0, len=203, uid=255, function_code=4], [49, 18012, 51, 42, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 54324, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 69, 63, 64, 65, 66, 67, 68, 49, 189, 51, 52, 53, 54, 4151, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 136, 49, 50, 51, 212, 53, 54, 170, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690, 43690], 100
|
||||
|
|
|
|||
BIN
testing/btest/Traces/modbus/modbusBig.pcap
Normal file
BIN
testing/btest/Traces/modbus/modbusBig.pcap
Normal file
Binary file not shown.
BIN
testing/btest/Traces/modbus/modbusSmall.pcap
Normal file
BIN
testing/btest/Traces/modbus/modbusSmall.pcap
Normal file
Binary file not shown.
47
testing/btest/plugins/bifs-and-scripts-install.sh
Normal file
47
testing/btest/plugins/bifs-and-scripts-install.sh
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo
|
||||
# @TEST-EXEC: bash %INPUT
|
||||
# @TEST-EXEC: BRO_PLUGIN_INSTALL=`pwd`/test-install make BRO=${DIST}
|
||||
# @TEST-EXEC: make install
|
||||
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output
|
||||
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro demo/foo -r $TRACES/empty.trace >>output
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
|
||||
|
||||
cat >scripts/__load__.bro <<EOF
|
||||
@load ./demo/foo/base/at-startup.bro
|
||||
EOF
|
||||
|
||||
cat >scripts/demo/foo/__load__.bro <<EOF
|
||||
@load ./manually.bro
|
||||
EOF
|
||||
|
||||
cat >scripts/demo/foo/manually.bro <<EOF
|
||||
event bro_init() &priority=-10
|
||||
{
|
||||
print "plugin: manually loaded";
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir -p scripts/demo/foo/base/
|
||||
|
||||
cat >scripts/demo/foo/base/at-startup.bro <<EOF
|
||||
event bro_init() &priority=10
|
||||
{
|
||||
print "plugin: automatically loaded at startup";
|
||||
print "calling bif", hello_plugin_world();
|
||||
}
|
||||
EOF
|
||||
|
||||
cat >src/functions.bif <<EOF
|
||||
function hello_plugin_world%(%): string
|
||||
%{
|
||||
return new StringVal("Hello from the plugin!");
|
||||
%}
|
||||
EOF
|
||||
|
||||
cat >activate.bro <<EOF
|
||||
@load-plugin Demo::Foo
|
||||
EOF
|
||||
|
||||
cat >src/events.bif <<EOF
|
||||
event plugin_event%(foo: count%);
|
||||
EOF
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
|
||||
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total
|
||||
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
|
||||
# @TEST-EXEC: btest-diff coverage
|
||||
|
||||
event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
|
||||
{
|
||||
print "modbus_message", c$id, headers, is_orig;
|
||||
}
|
||||
|
||||
event modbus_exception(c: connection, headers: ModbusHeaders, code: count)
|
||||
{
|
||||
print "modbus_exception", c$id, headers, code;
|
||||
}
|
||||
|
||||
event modbus_read_coils_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_coils_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_coils_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_read_coils_response", c$id, headers, coils;
|
||||
}
|
||||
event modbus_write_single_coil_request(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_request", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_single_coil_response(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_response", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_request(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_write_multiple_coils_request", c$id, headers, start_address, coils;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_write_multiple_coils_response", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
|
||||
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total
|
||||
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
|
||||
# @TEST-EXEC: btest-diff coverage
|
||||
|
||||
event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
|
||||
{
|
||||
print "modbus_message", c$id, headers, is_orig;
|
||||
}
|
||||
|
||||
event modbus_exception(c: connection, headers: ModbusHeaders, code: count)
|
||||
{
|
||||
print "modbus_exception", c$id, headers, code;
|
||||
}
|
||||
|
||||
event modbus_read_coils_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_read_coils_request", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
event modbus_read_coils_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_read_coils_response", c$id, headers, coils;
|
||||
}
|
||||
event modbus_write_single_coil_request(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_request", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_single_coil_response(c: connection, headers: ModbusHeaders, address: count, value: bool)
|
||||
{
|
||||
print "modbus_write_single_coil_response", c$id, headers, address, value;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_request(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils)
|
||||
{
|
||||
print "modbus_write_multiple_coils_request", c$id, headers, start_address, coils;
|
||||
}
|
||||
|
||||
event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
|
||||
{
|
||||
print "modbus_write_multiple_coils_response", c$id, headers, start_address, quantity;
|
||||
}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue