Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/seth/file-entropy

Browse source 
Conflicts:
	testing/btest/Baseline/plugins.hooks/output
This commit is contained in:
Seth Hall 2015-02-26 16:46:37 -05:00
commit 2e47c277d8
107 changed files with 1441 additions and 550 deletions
Download patch file Download diff file Expand all files Collapse all files

93
CHANGES
View file

@ -1,4 +1,97 @@
2.3-451 | 2015-02-24 16:37:08 -0800
* Updating submodule(s).
2.3-448 | 2015-02-23 16:58:10 -0800
* Updating NEWS. (Robin Sommer)
2.3-447 | 2015-02-23 16:28:30 -0800
* Fix potential crash in logging framework when deserializing
WriterInfo from remote. where config is present. Testcase crashes
on unpatched versions of Bro. (Aaron Eppert)
* Fix wrong value test in WriterBackend. (Aaron Eppert)
2.3-442 | 2015-02-23 13:29:30 -0800
* Add a "local_resp" field to conn.log, along the lines of the
existing "local_orig". (Mike Smiley)
2.3-440 | 2015-02-23 11:39:17 -0600
* Updating plugin docs to recent changes. (Robin Sommer)
* Updating plugin tests to recent changes. (Robin Sommer)
* Making plugin names case-insensitive for some internal comparisions.
Makes plugin system more tolerant against spelling inconsistencies
are hard to catch otherwise. (Robin Sommer)
* Explicitly removing some old scripts on install that have moved
into plugins to prevent them causing confusion. (Robin Sommer)
* BIT-1312: Removing setting installation plugin path from
bro-path-dev.sh. Also, adding to existing BRO_PLUGIN_PATH rather
than replacing. (Robin Sommer)
* Creating the installation directory for plugins at install time.
(Robin Sommer)
2.3-427 | 2015-02-20 13:49:33 -0800
* Removing dependency on PCAP_NETMASK_UNKNOWN to compile with
libpcap < 1.1.1. (Robin Sommer)
2.3-426 | 2015-02-20 12:45:51 -0800
* Add 'while' statement to Bro language. Really. (Jon Siwek)
2.3-424 | 2015-02-20 12:39:10 -0800
* Add the ability to remove surrounding braces from the JSON
formatter. (Seth Hall)
2.3-419 | 2015-02-13 09:10:44 -0600
* BIT-1011: Update the SOCKS analyzer to support user/pass login.
(Nicolas Retrain, Seth Hall, Jon Siwek)
- Add a new field to socks.log: "password".
- Two new events: "socks_login_userpass_request" and
"socks_login_userpass_reply".
- Two new weirds for unsupported SOCKS authentication method or
version.
- A new test for authenticated socks traffic.
2.3-416 | 2015-02-12 12:18:42 -0600
* Submodule update - newest sqlite version (Johanna Amann)
* Fix use of deprecated gperftools headers. (Jon Siwek)
2.3-413 | 2015-02-08 18:23:05 -0800
* Fixing analyzer tag types for some Files::* functions. (Robin Sommer)
* Changing load order for plugin scripts. (Robin Sommer)
2.3-411 | 2015-02-05 10:05:48 -0600
* Fix file analysis of files with total size below the bof_buffer size
never delivering content to stream analyzers. (Seth Hall)
* Add/fix log fields in x509 diff canonifier. (Jon Siwek)
* "id" not defined for debug code when using -DPROFILE_BRO_FUNCTIONS
(Mike Smiley)
2.3-406 | 2015-02-03 17:02:45 -0600
* Add x509 canonifier to a unit test. (Jon Siwek)
2.3-405 | 2015-02-02 11:14:24 -0600 2.3-405 | 2015-02-02 11:14:24 -0600
* Fix memory leak in new split_string* functions. (Jon Siwek) * Fix memory leak in new split_string* functions. (Jon Siwek)

4
CMakeLists.txt
View file

@ -31,12 +31,12 @@ configure_file(bro-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev)
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.sh file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.sh
"export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" "export BROPATH=`${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n"
"export BRO_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src:${BRO_PLUGIN_INSTALL_PATH}\"\n" "export BRO_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n"
"export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n")
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.csh file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev.csh
"setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n" "setenv BROPATH `${CMAKE_CURRENT_BINARY_DIR}/bro-path-dev`\n"
"setenv BRO_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src:${BRO_PLUGIN_INSTALL_PATH}\"\n" "setenv BRO_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${BRO_PLUGIN_PATH}\n"
"setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n") "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":$PATH\n")
file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1)

11
NEWS
View file

@ -31,6 +31,14 @@ New Functionality
- Bro's file analysis now supports reassembly of files that are not - Bro's file analysis now supports reassembly of files that are not
transferred/seen sequentially. transferred/seen sequentially.
- Bro's scripting language now has a ``while`` statement::
while ( i < 5 )
print ++i;
``next`` and ``break`` can be used inside the loop's body just like
with ``for`` loops.
Changed Functionality Changed Functionality
--------------------- ---------------------
@ -56,6 +64,9 @@ Changed Functionality
- has_valid_octets: now uses a string_vec parameter instead of - has_valid_octets: now uses a string_vec parameter instead of
string_array. string_array.
- conn.log gained a new field local_resp that works like local_orig,
just for the responder address of the connection.
Deprecated Functionality Deprecated Functionality
------------------------ ------------------------

2
VERSION
View file

@ -1 +1 @@
2.3-405 2.3-451

2
aux/binpac

@ -1 +1 @@
Subproject commit 77a86591dcf89d7252d3676d3f1199d6c927d073 Subproject commit 33cb1f8e6bf2e33c2773e86b157e1f343ee85dc6

2
aux/bro-aux

@ -1 +1 @@
Subproject commit 0b713c027d3efaaca50e5df995c02656175573cd Subproject commit c9d340847c668590a450f1881e6e3d763abe1138

2
aux/broccoli

@ -1 +1 @@
Subproject commit d43cc790e5b8709b5e032e52ad0e00936494739b Subproject commit 1d55a0a84c5b1d0aa1727829300b388c92f92daa

2
aux/broctl

@ -1 +1 @@
Subproject commit 8c9b87bc73e1ddaa304e3d89028c1e7b95d37a91 Subproject commit 76f99ea52c3e021cade3d03eda7865d4f4d1793e

2
aux/plugins

@ -1 +1 @@
Subproject commit ad600b5bdcd56a2723e323c0f2c8e1708956ca4f Subproject commit 71d820e9d8ca753fea8fb34ea3987993b28d79e4

2
cmake

@ -1 +1 @@
Subproject commit 1316c07f7059647b6c4a496ea36e4b83bb5d8f0f Subproject commit ff08be5aa1b8eaadbe2775cbc11b499c5f93349e

122
doc/devel/plugins.rst
View file

@ -3,7 +3,7 @@
Writing Bro Plugins Writing Bro Plugins
=================== ===================
Bro is internally moving to a plugin structure that enables extending Bro internally provides plugin API that enables extending
the system dynamically, without modifying the core code base. That way the system dynamically, without modifying the core code base. That way
custom code remains self-contained and can be maintained, compiled, custom code remains self-contained and can be maintained, compiled,
and installed independently. Currently, plugins can add the following and installed independently. Currently, plugins can add the following
@ -42,18 +42,17 @@ certain structure. To get started, Bro's distribution provides a
helper script ``aux/bro-aux/plugin-support/init-plugin`` that creates helper script ``aux/bro-aux/plugin-support/init-plugin`` that creates
a skeleton plugin that can then be customized. Let's use that:: a skeleton plugin that can then be customized. Let's use that::
# mkdir rot13-plugin # init-plugin ./rot13-plugin Demo Rot13
# cd rot13-plugin
# init-plugin Demo Rot13
As you can see the script takes two arguments. The first is a As you can see, the script takes three arguments. The first is a
namespace the plugin will live in, and the second a descriptive name directory inside which the plugin skeleton will be created. The second
for the plugin itself. Bro uses the combination of the two to identify is the namespace the plugin will live in, and the third is a descriptive
a plugin. The namespace serves to avoid naming conflicts between name for the plugin itself relative to the namespace. Bro uses the
plugins written by independent developers; pick, e.g., the name of combination of namespace and name to identify a plugin. The namespace
your organisation. The namespace ``Bro`` is reserved for functionality serves to avoid naming conflicts between plugins written by independent
distributed by the Bro Project. In our example, the plugin will be developers; pick, e.g., the name of your organisation. The namespace
called ``Demo::Rot13``. ``Bro`` is reserved for functionality distributed by the Bro Project. In
our example, the plugin will be called ``Demo::Rot13``.
The ``init-plugin`` script puts a number of files in place. The full The ``init-plugin`` script puts a number of files in place. The full
layout is described later. For now, all we need is layout is described later. For now, all we need is
@ -61,7 +60,7 @@ layout is described later. For now, all we need is
there as follows:: there as follows::
# cat src/rot13.bif # cat src/rot13.bif
module CaesarCipher; module Demo;
function rot13%(s: string%) : string function rot13%(s: string%) : string
%{ %{
@ -82,18 +81,22 @@ The syntax of this file is just like any other ``*.bif`` file; we
won't go into it here. won't go into it here.
Now we can already compile our plugin, we just need to tell the Now we can already compile our plugin, we just need to tell the
configure script put in place by ``init-plugin`` where the Bro source configure script that ``init-plugin`` put in place where the Bro
tree is located (Bro needs to have been built there first):: source tree is located (Bro needs to have been built there first)::
# cd rot13-plugin
# ./configure --bro-dist=/path/to/bro/dist && make # ./configure --bro-dist=/path/to/bro/dist && make
[... cmake output ...] [... cmake output ...]
Now our ``rot13-plugin`` directory has everything that it needs This builds the plugin in a subdirectory ``build/``. In fact, that
for Bro to recognize it as a dynamic plugin. Once we point Bro to it, subdirectory *becomes* the plugin: when ``make`` finishes, ``build/``
it will pull it in automatically, as we can check with the ``-N`` has everything it needs for Bro to recognize it as a dynamic plugin.
Let's try that. Once we point Bro to the ``build/`` directory, it will
pull in our new plugin automatically, as we can check with the ``-N``
option:: option::
# export BRO_PLUGIN_PATH=/path/to/rot13-plugin # export BRO_PLUGIN_PATH=/path/to/rot13-plugin/build
# bro -N # bro -N
[...] [...]
Plugin: Demo::Rot13 - <Insert brief description of plugin> (dynamic, version 1) Plugin: Demo::Rot13 - <Insert brief description of plugin> (dynamic, version 1)
@ -127,12 +130,12 @@ more verbose option ``-NN``::
# bro -NN # bro -NN
[...] [...]
Plugin: Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1) Plugin: Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1)
[Function] CaesarCipher::rot13 [Function] Demo::rot13
[...] [...]
There's our function. Now let's use it:: There's our function. Now let's use it::
# bro -e 'print CaesarCipher::rot13("Hello")' # bro -e 'print Demo::rot13("Hello")'
Uryyb Uryyb
It works. We next install the plugin along with Bro itself, so that it It works. We next install the plugin along with Bro itself, so that it
@ -141,36 +144,40 @@ environment variable. If we first unset the variable, the function
will no longer be available:: will no longer be available::
# unset BRO_PLUGIN_PATH # unset BRO_PLUGIN_PATH
# bro -e 'print CaesarCipher::rot13("Hello")' # bro -e 'print Demo::rot13("Hello")'
error in <command line>, line 1: unknown identifier CaesarCipher::rot13, at or near "CaesarCipher::rot13" error in <command line>, line 1: unknown identifier Demo::rot13, at or near "Demo::rot13"
Once we install it, it works again:: Once we install it, it works again::
# make install # make install
# bro -e 'print CaesarCipher::rot13("Hello")' # bro -e 'print Demo::rot13("Hello")'
Uryyb Uryyb
The installed version went into The installed version went into
``<bro-install-prefix>/lib/bro/plugins/Demo_Rot13``. ``<bro-install-prefix>/lib/bro/plugins/Demo_Rot13``.
We can distribute the plugin in either source or binary form by using One can distribute the plugin independently of Bro for others to use.
the Makefile's ``sdist`` and ``bdist`` target, respectively. Both To distribute in source form, just remove the ``build/`` (``make
create corrsponding tarballs:: distclean`` does that) and then tar up the whole ``rot13-plugin/``
directory. Others then follow the same process as above after
unpacking. To distribute the plugin in binary form, the build process
conveniently creates a corresponding tarball in ``build/dist/``. In
this case, it's called ``Demo_Rot13-0.1.tar.gz``, with the version
number coming out of the ``VERSION`` file that ``init-plugin`` put
into place. The binary tarball has everything needed to run the
plugin, but no further source files. Optionally, one can include
further files by specifying them in the plugin's ``CMakeLists.txt``
through the ``bro_plugin_dist_files`` macro; the skeleton does that
for ``README``, ``VERSION``, ``CHANGES``, and ``COPYING``. To use the
plugin through the binary tarball, just unpack it and point
``BRO_PLUGIN_PATH`` there; or copy it into
``<bro-install-prefix>/lib/bro/plugins/`` directly.
# make sdist Before distributing your plugin, you should edit some of the meta
[...] files that ``init-plugin`` puts in place. Edit ``README`` and
Source distribution in build/sdist/Demo_Rot13.tar.gz ``VERSION``, and update ``CHANGES`` when you make changes. Also put a
license file in place as ``COPYING``; if BSD is fine, you find a
# make bdist template in ``COPYING.edit-me``.
[...]
Binary distribution in build/Demo_Rot13-darwin-x86_64.tar.gz
The source archive will contain everything in the plugin directory
except any generated files. The binary archive will contain anything
needed to install and run the plugin, i.e., just what ``make install``
puts into place as well. As the binary distribution is
platform-dependent, its name includes the OS and architecture the
plugin was built on.
Plugin Directory Layout Plugin Directory Layout
======================= =======================
@ -179,7 +186,7 @@ A plugin's directory needs to follow a set of conventions so that Bro
(1) recognizes it as a plugin, and (2) knows what to load. While (1) recognizes it as a plugin, and (2) knows what to load. While
``init-plugin`` takes care of most of this, the following is the full ``init-plugin`` takes care of most of this, the following is the full
story. We'll use ``<base>`` to represent a plugin's top-level story. We'll use ``<base>`` to represent a plugin's top-level
directory. directory. With the skeleton, ``<base>`` corresponds to ``build/``.
``<base>/__bro_plugin__`` ``<base>/__bro_plugin__``
A file that marks a directory as containing a Bro plugin. The file A file that marks a directory as containing a Bro plugin. The file
@ -205,6 +212,8 @@ directory.
Directory with auto-generated Bro scripts that declare the plugin's Directory with auto-generated Bro scripts that declare the plugin's
bif elements. The files here are produced by ``bifcl``. bif elements. The files here are produced by ``bifcl``.
Any other files in ``<base>`` are ignored by Bro.
By convention, a plugin should put its custom scripts into sub folders By convention, a plugin should put its custom scripts into sub folders
of ``scripts/``, i.e., ``scripts/<script-namespace>/<script>.bro`` to of ``scripts/``, i.e., ``scripts/<script-namespace>/<script>.bro`` to
avoid conflicts. As usual, you can then put a ``__load__.bro`` in avoid conflicts. As usual, you can then put a ``__load__.bro`` in
@ -229,15 +238,19 @@ their source directory (after ``make`` and setting Bro's
install``). install``).
``make install`` copies over the ``lib`` and ``scripts`` directories, ``make install`` copies over the ``lib`` and ``scripts`` directories,
as well as the ``__bro_plugin__`` magic file and the ``README`` (which as well as the ``__bro_plugin__`` magic file and any further
you should customize). One can add further CMake ``install`` rules to distribution files specified in ``CMakeLists.txt`` (e.g., README,
install additional files if needed. VERSION). You can find a full list of files installed in
``build/MANIFEST``. Behind the scenes, ``make install`` really just
copies over the binary tarball in ``build/dist``.
``init-plugin`` will never overwrite existing files, so it's safe to ``init-plugin`` will never overwrite existing files. If its target
rerun in an existing plugin directory; it only put files in place that directory already exists, it will be default decline to do anything.
don't exist yet. That also provides a convenient way to revert a file You can run it with ``-u`` instead to update an existing plugin,
back to what ``init-plugin`` created originally: just delete it and however it will never overwrite any existing files; it will only put
rerun. in place files it doesn't find yet. To revert a file back to what
``init-plugin`` created originally, delete it first and then rerun
with ``-u``.
Activating a Plugin Activating a Plugin
=================== ===================
@ -355,7 +368,7 @@ let's get that in place::
% cat .diag % cat .diag
== File =============================== == File ===============================
Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0) Demo::Rot13 - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0)
[Function] CaesarCipher::rot13 [Function] Demo::rot13
== Error =============================== == Error ===============================
test-diff: no baseline found. test-diff: no baseline found.
@ -375,14 +388,14 @@ Now let's add a custom test that ensures that our bif works
correctly:: correctly::
# cd tests # cd tests
# cat >plugin/rot13.bro # cat >rot13/bif-rot13.bro
# @TEST-EXEC: bro %INPUT >output # @TEST-EXEC: bro %INPUT >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
event bro_init() event bro_init()
{ {
print CaesarCipher::rot13("Hello"); print Demo::rot13("Hello");
} }
Check the output:: Check the output::
@ -415,7 +428,7 @@ Debugging Plugins
================= =================
If your plugin isn't loading as expected, Bro's debugging facilities If your plugin isn't loading as expected, Bro's debugging facilities
can help to illuminate what's going on. To enable, recompile Bro can help illuminate what's going on. To enable, recompile Bro
with debugging support (``./configure --enable-debug``), and with debugging support (``./configure --enable-debug``), and
afterwards rebuild your plugin as well. If you then run Bro with ``-B afterwards rebuild your plugin as well. If you then run Bro with ``-B
plugins``, it will produce a file ``debug.log`` that records details plugins``, it will produce a file ``debug.log`` that records details
@ -435,7 +448,6 @@ replaced with a simple dash. Example: If the plugin is called
output will be recorded to ``debug.log`` if Bro's compiled in debug output will be recorded to ``debug.log`` if Bro's compiled in debug
mode. mode.
Documenting Plugins Documenting Plugins
=================== ===================

37
doc/script-reference/statements.rst
View file

@ -45,8 +45,11 @@ Statements
| | file | | | file |
+----------------------------+------------------------+ +----------------------------+------------------------+
| :bro:keyword:`for`, | Loop over each | | :bro:keyword:`for`, | Loop over each |
| :bro:keyword:`next`, | element in a container | | :bro:keyword:`while`, | element in a container |
| :bro:keyword:`break` | object | | :bro:keyword:`next`, | object (``for``), or |
| :bro:keyword:`break` | as long as a condition |
| | evaluates to true |
| | (``while``). |
+----------------------------+------------------------+ +----------------------------+------------------------+
| :bro:keyword:`if` | Evaluate boolean | | :bro:keyword:`if` | Evaluate boolean |
| | expression and if true,| | | expression and if true,|
@ -563,6 +566,36 @@ Here are the statements that the Bro scripting language supports.
See the :bro:keyword:`return` statement for an explanation of how to See the :bro:keyword:`return` statement for an explanation of how to
create an asynchronous function in a Bro script. create an asynchronous function in a Bro script.
.. bro:keyword:: while
A "while" loop iterates over a body statement as long a given
condition remains true.
A :bro:keyword:`break` statement can be used at any time to immediately
terminate the "while" loop, and a :bro:keyword:`next` statement can be
used to skip to the next loop iteration.
Example::
local i = 0;
while ( i < 5 )
print ++i;
while ( some_cond() )
{
local finish_up = F;
if ( skip_ahead() )
next;
[...]
if ( finish_up )
break;
[...]
}
.. _compound statement: .. _compound statement:

22
scripts/base/frameworks/files/main.bro
View file

@ -267,7 +267,7 @@ export {
## mts: The set of MIME types, each in the form "foo/bar" (case-insensitive). ## mts: The set of MIME types, each in the form "foo/bar" (case-insensitive).
## ##
## Returns: True if the MIME types were successfully registered. ## Returns: True if the MIME types were successfully registered.
global register_for_mime_types: function(tag: Analyzer::Tag, mts: set[string]) : bool; global register_for_mime_types: function(tag: Files::Tag, mts: set[string]) : bool;
## Registers a MIME type for an analyzer. If a future file with this type is seen, ## Registers a MIME type for an analyzer. If a future file with this type is seen,
## the analyzer will be automatically assigned to parsing it. The function *adds* ## the analyzer will be automatically assigned to parsing it. The function *adds*
@ -278,20 +278,20 @@ export {
## mt: The MIME type in the form "foo/bar" (case-insensitive). ## mt: The MIME type in the form "foo/bar" (case-insensitive).
## ##
## Returns: True if the MIME type was successfully registered. ## Returns: True if the MIME type was successfully registered.
global register_for_mime_type: function(tag: Analyzer::Tag, mt: string) : bool; global register_for_mime_type: function(tag: Files::Tag, mt: string) : bool;
## Returns a set of all MIME types currently registered for a specific analyzer. ## Returns a set of all MIME types currently registered for a specific analyzer.
## ##
## tag: The tag of the analyzer. ## tag: The tag of the analyzer.
## ##
## Returns: The set of MIME types. ## Returns: The set of MIME types.
global registered_mime_types: function(tag: Analyzer::Tag) : set[string]; global registered_mime_types: function(tag: Files::Tag) : set[string];
## Returns a table of all MIME-type-to-analyzer mappings currently registered. ## Returns a table of all MIME-type-to-analyzer mappings currently registered.
## ##
## Returns: A table mapping each analyzer to the set of MIME types ## Returns: A table mapping each analyzer to the set of MIME types
## registered for it. ## registered for it.
global all_registered_mime_types: function() : table[Analyzer::Tag] of set[string]; global all_registered_mime_types: function() : table[Files::Tag] of set[string];
## Event that can be handled to access the Info record as it is sent on ## Event that can be handled to access the Info record as it is sent on
## to the logging framework. ## to the logging framework.
@ -306,8 +306,8 @@ redef record fa_file += {
global registered_protocols: table[Analyzer::Tag] of ProtoRegistration = table(); global registered_protocols: table[Analyzer::Tag] of ProtoRegistration = table();
# Store the MIME type to analyzer mappings. # Store the MIME type to analyzer mappings.
global mime_types: table[Analyzer::Tag] of set[string]; global mime_types: table[Files::Tag] of set[string];
global mime_type_to_analyzers: table[string] of set[Analyzer::Tag]; global mime_type_to_analyzers: table[string] of set[Files::Tag];
global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: AnalyzerArgs) = table(); global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: AnalyzerArgs) = table();
@ -401,7 +401,7 @@ function register_protocol(tag: Analyzer::Tag, reg: ProtoRegistration): bool
return result; return result;
} }
function register_for_mime_types(tag: Analyzer::Tag, mime_types: set[string]) : bool function register_for_mime_types(tag: Files::Tag, mime_types: set[string]) : bool
{ {
local rc = T; local rc = T;
@ -414,7 +414,7 @@ function register_for_mime_types(tag: Analyzer::Tag, mime_types: set[string]) :
return rc; return rc;
} }
function register_for_mime_type(tag: Analyzer::Tag, mt: string) : bool function register_for_mime_type(tag: Files::Tag, mt: string) : bool
{ {
if ( tag !in mime_types ) if ( tag !in mime_types )
{ {
@ -431,12 +431,12 @@ function register_for_mime_type(tag: Analyzer::Tag, mt: string) : bool
return T; return T;
} }
function registered_mime_types(tag: Analyzer::Tag) : set[string] function registered_mime_types(tag: Files::Tag) : set[string]
{ {
return tag in mime_types ? mime_types[tag] : set(); return tag in mime_types ? mime_types[tag] : set();
} }
function all_registered_mime_types(): table[Analyzer::Tag] of set[string] function all_registered_mime_types(): table[Files::Tag] of set[string]
{ {
return mime_types; return mime_types;
} }
@ -451,7 +451,7 @@ function describe(f: fa_file): string
return handler$describe(f); return handler$describe(f);
} }
event get_file_handle(tag: Analyzer::Tag, c: connection, is_orig: bool) &priority=5 event get_file_handle(tag: Files::Tag, c: connection, is_orig: bool) &priority=5
{ {
if ( tag !in registered_protocols ) if ( tag !in registered_protocols )
return; return;

9
scripts/base/protocols/conn/main.bro
View file

@ -62,6 +62,12 @@ export {
## field will be left empty at all times. ## field will be left empty at all times.
local_orig: bool &log &optional; local_orig: bool &log &optional;
## If the connection is responded to locally, this value will be T.
## If it was responded to remotely it will be F. In the case that
## the :bro:id:`Site::local_nets` variable is undefined, this
## field will be left empty at all times.
local_resp: bool &log &optional;
## Indicates the number of bytes missed in content gaps, which ## Indicates the number of bytes missed in content gaps, which
## is representative of packet loss. A value other than zero ## is representative of packet loss. A value other than zero
## will normally cause protocol analysis to fail but some ## will normally cause protocol analysis to fail but some
@ -201,7 +207,10 @@ function set_conn(c: connection, eoc: bool)
add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid]; add c$conn$tunnel_parents[c$tunnel[|c$tunnel|-1]$uid];
c$conn$proto=get_port_transport_proto(c$id$resp_p); c$conn$proto=get_port_transport_proto(c$id$resp_p);
if( |Site::local_nets| > 0 ) if( |Site::local_nets| > 0 )
{
c$conn$local_orig=Site::is_local_addr(c$id$orig_h); c$conn$local_orig=Site::is_local_addr(c$id$orig_h);
c$conn$local_resp=Site::is_local_addr(c$id$resp_h);
}
if ( eoc ) if ( eoc )
{ {

22
scripts/base/protocols/socks/main.bro
View file

@ -16,8 +16,10 @@ export {
id: conn_id &log; id: conn_id &log;
## Protocol version of SOCKS. ## Protocol version of SOCKS.
version: count &log; version: count &log;
## Username for the proxy if extracted from the network. ## Username used to request a login to the proxy.
user: string &log &optional; user: string &log &optional;
## Password used to request a login to the proxy.
password: string &log &optional;
## Server status for the attempt at using the proxy. ## Server status for the attempt at using the proxy.
status: string &log &optional; status: string &log &optional;
## Client requested SOCKS address. Could be an address, a name ## Client requested SOCKS address. Could be an address, a name
@ -91,3 +93,21 @@ event socks_reply(c: connection, version: count, reply: count, sa: SOCKS::Addres
if ( "SOCKS" in c$service ) if ( "SOCKS" in c$service )
Log::write(SOCKS::LOG, c$socks); Log::write(SOCKS::LOG, c$socks);
} }
event socks_login_userpass_request(c: connection, user: string, password: string) &priority=5
{
# Authentication only possible with the version 5.
set_session(c, 5);
c$socks$user = user;
c$socks$password = password;
}
event socks_login_userpass_reply(c: connection, code: count) &priority=5
{
# Authentication only possible with the version 5.
set_session(c, 5);
c$socks$status = v5_status[code];
}

2
src/3rdparty

@ -1 +1 @@
Subproject commit 7e15efe9d28d46bfa662fcdd1cbb15ce1db285c9 Subproject commit f2e34d731ed29bb993fbb065846faa342a8c824f

12
src/CMakeLists.txt
View file

@ -408,6 +408,18 @@ add_dependencies(bro bif_loader_plugins)
# Install *.bif.bro. # Install *.bif.bro.
install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base)
# Create plugin directory at install time.
install(DIRECTORY DESTINATION ${BRO_PLUGIN_INSTALL_PATH})
# Make clean removes the bif directory. # Make clean removes the bif directory.
set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${CMAKE_BINARY_DIR}/scripts/base/bif) set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES ${CMAKE_BINARY_DIR}/scripts/base/bif)
# Remove some stale files and scripts that previous Bro versions put in
# place, yet make confuse us now. This makes upgrading easier.
install(CODE "
file(REMOVE_RECURSE
${BRO_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/dataseries.bro
${BRO_SCRIPT_INSTALL_PATH}/base/frameworks/logging/writers/elasticsearch.bro
${BRO_SCRIPT_INSTALL_PATH}/policy/tuning/logs-to-elasticsearch.bro
)
")

2
src/Func.cc
View file

@ -323,7 +323,7 @@ int BroFunc::IsPure() const
Val* BroFunc::Call(val_list* args, Frame* parent) const Val* BroFunc::Call(val_list* args, Frame* parent) const
{ {
#ifdef PROFILE_BRO_FUNCTIONS #ifdef PROFILE_BRO_FUNCTIONS
DEBUG_MSG("Function: %s\n", id->Name()); DEBUG_MSG("Function: %s\n", Name());
#endif #endif
SegmentProfiler(segment_logger, location); SegmentProfiler(segment_logger, location);

1
src/SerialTypes.h
View file

@ -181,6 +181,7 @@ SERIAL_STMT(INIT_STMT, 17)
SERIAL_STMT(NULL_STMT, 18) SERIAL_STMT(NULL_STMT, 18)
SERIAL_STMT(WHEN_STMT, 19) SERIAL_STMT(WHEN_STMT, 19)
SERIAL_STMT(FALLTHROUGH_STMT, 20) SERIAL_STMT(FALLTHROUGH_STMT, 20)
SERIAL_STMT(WHILE_STMT, 21)
#define SERIAL_TYPE(name, val) SERIAL_CONST(name, val, BRO_TYPE) #define SERIAL_TYPE(name, val) SERIAL_CONST(name, val, BRO_TYPE)
SERIAL_TYPE(BRO_TYPE, 1) SERIAL_TYPE(BRO_TYPE, 1)

122
src/Stmt.cc
View file

@ -23,7 +23,7 @@ const char* stmt_name(BroStmtTag t)
"print", "event", "expr", "if", "when", "switch", "print", "event", "expr", "if", "when", "switch",
"for", "next", "break", "return", "add", "delete", "for", "next", "break", "return", "add", "delete",
"list", "bodylist", "list", "bodylist",
"<init>", "fallthrough", "<init>", "fallthrough", "while",
"null", "null",
}; };
@ -1127,6 +1127,126 @@ bool EventStmt::DoUnserialize(UnserialInfo* info)
return event_expr != 0; return event_expr != 0;
} }
WhileStmt::WhileStmt(Expr* arg_loop_condition, Stmt* arg_body)
: loop_condition(arg_loop_condition), body(arg_body)
{
if ( ! loop_condition->IsError() &&
! IsBool(loop_condition->Type()->Tag()) )
loop_condition->Error("while conditional must be boolean");
}
WhileStmt::~WhileStmt()
{
Unref(loop_condition);
Unref(body);
}
int WhileStmt::IsPure() const
{
return loop_condition->IsPure() && body->IsPure();
}
void WhileStmt::Describe(ODesc* d) const
{
Stmt::Describe(d);
if ( d->IsReadable() )
d->Add("(");
loop_condition->Describe(d);
if ( d->IsReadable() )
d->Add(")");
d->SP();
d->PushIndent();
body->AccessStats(d);
body->Describe(d);
d->PopIndent();
}
TraversalCode WhileStmt::Traverse(TraversalCallback* cb) const
{
TraversalCode tc = cb->PreStmt(this);
HANDLE_TC_STMT_PRE(tc);
tc = loop_condition->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
tc = body->Traverse(cb);
HANDLE_TC_STMT_PRE(tc);
tc = cb->PostStmt(this);
HANDLE_TC_STMT_POST(tc);
}
Val* WhileStmt::Exec(Frame* f, stmt_flow_type& flow) const
{
RegisterAccess();
flow = FLOW_NEXT;
Val* rval = 0;
for ( ; ; )
{
Val* cond = loop_condition->Eval(f);
if ( ! cond )
break;
bool cont = cond->AsBool();
Unref(cond);
if ( ! cont )
break;
flow = FLOW_NEXT;
rval = body->Exec(f, flow);
if ( flow == FLOW_BREAK || flow == FLOW_RETURN )
break;
}
if ( flow == FLOW_LOOP || flow == FLOW_BREAK )
flow = FLOW_NEXT;
return rval;
}
Stmt* WhileStmt::Simplify()
{
loop_condition = simplify_expr(loop_condition, SIMPLIFY_GENERAL);
if ( loop_condition->IsConst() && loop_condition->IsZero() )
return new NullStmt();
body = simplify_stmt(body);
return this;
}
IMPLEMENT_SERIAL(WhileStmt, SER_WHILE_STMT);
bool WhileStmt::DoSerialize(SerialInfo* info) const
{
DO_SERIALIZE(SER_WHILE_STMT, Stmt);
if ( ! loop_condition->Serialize(info) )
return false;
return body->Serialize(info);
}
bool WhileStmt::DoUnserialize(UnserialInfo* info)
{
DO_UNSERIALIZE(Stmt);
loop_condition = Expr::Unserialize(info);
if ( ! loop_condition )
return false;
body = Stmt::Unserialize(info);
return body != 0;
}
ForStmt::ForStmt(id_list* arg_loop_vars, Expr* loop_expr) ForStmt::ForStmt(id_list* arg_loop_vars, Expr* loop_expr)
: ExprStmt(STMT_FOR, loop_expr) : ExprStmt(STMT_FOR, loop_expr)
{ {

27
src/Stmt.h
View file

@ -310,6 +310,33 @@ protected:
EventExpr* event_expr; EventExpr* event_expr;
}; };
class WhileStmt : public Stmt {
public:
WhileStmt(Expr* loop_condition, Stmt* body);
~WhileStmt();
int IsPure() const;
void Describe(ODesc* d) const;
TraversalCode Traverse(TraversalCallback* cb) const;
protected:
friend class Stmt;
WhileStmt()
{ loop_condition = 0; body = 0; }
Val* Exec(Frame* f, stmt_flow_type& flow) const;
Stmt* Simplify();
DECLARE_SERIAL(WhileStmt);
Expr* loop_condition;
Stmt* body;
};
class ForStmt : public ExprStmt { class ForStmt : public ExprStmt {
public: public:
ForStmt(id_list* loop_vars, Expr* loop_expr); ForStmt(id_list* loop_vars, Expr* loop_expr);

1
src/StmtEnums.h
View file

@ -17,6 +17,7 @@ typedef enum {
STMT_LIST, STMT_EVENT_BODY_LIST, STMT_LIST, STMT_EVENT_BODY_LIST,
STMT_INIT, STMT_INIT,
STMT_FALLTHROUGH, STMT_FALLTHROUGH,
STMT_WHILE,
STMT_NULL STMT_NULL
#define NUM_STMTS (int(STMT_NULL) + 1) #define NUM_STMTS (int(STMT_NULL) + 1)
} BroStmtTag; } BroStmtTag;

3
src/analyzer/protocol/socks/SOCKS.cc
View file

@ -57,8 +57,7 @@ void SOCKS_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
// with the rest of the conneciton. // with the rest of the conneciton.
// //
// Note that we assume that no payload data arrives before both endpoints // Note that we assume that no payload data arrives before both endpoints
// are done with there part of the SOCKS protocol. // are done with their part of the SOCKS protocol.
if ( ! pia ) if ( ! pia )
{ {
pia = new pia::PIA_TCP(Conn()); pia = new pia::PIA_TCP(Conn());

16
src/analyzer/protocol/socks/events.bif
View file

@ -27,3 +27,19 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC
## p: The destination port for the proxied traffic. ## p: The destination port for the proxied traffic.
event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%); event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%);
## Generated when a SOCKS client performs username and password based login.
##
## c: The parent connection of the proxy.
##
## user: The given username.
##
## password: The given password.
event socks_login_userpass_request%(c: connection, user: string, password: string%);
## Generated when a SOCKS server replies to a username/password login attempt.
##
## c: The parent connection of the proxy.
##
## code: The response code for the attempted login.
event socks_login_userpass_reply%(c: connection, code: count%);

50
src/analyzer/protocol/socks/socks-analyzer.pac
View file

@ -148,6 +148,37 @@ refine connection SOCKS_Conn += {
return true; return true;
%} %}
function socks5_auth_request_userpass(request: SOCKS5_Auth_Request_UserPass_v1): bool
%{
StringVal* user = new StringVal(${request.username}.length(), (const char*) ${request.username}.begin());
StringVal* pass = new StringVal(${request.password}.length(), (const char*) ${request.password}.begin());
BifEvent::generate_socks_login_userpass_request(bro_analyzer(),
bro_analyzer()->Conn(),
user, pass);
return true;
%}
function socks5_unsupported_authentication_method(auth_method: uint8): bool
%{
reporter->Weird(bro_analyzer()->Conn(), fmt("socks5_unsupported_authentication_method_%d", auth_method));
return true;
%}
function socks5_unsupported_authentication_version(auth_method: uint8, version: uint8): bool
%{
reporter->Weird(bro_analyzer()->Conn(), fmt("socks5_unsupported_authentication_%d_%d", auth_method, version));
return true;
%}
function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool
%{
BifEvent::generate_socks_login_userpass_reply(bro_analyzer(),
bro_analyzer()->Conn(),
${reply.code});
return true;
%}
function version_error(version: uint8): bool function version_error(version: uint8): bool
%{ %{
bro_analyzer()->ProtocolViolation(fmt("unsupported/unknown SOCKS version %d", version)); bro_analyzer()->ProtocolViolation(fmt("unsupported/unknown SOCKS version %d", version));
@ -176,3 +207,22 @@ refine typeattr SOCKS5_Request += &let {
refine typeattr SOCKS5_Reply += &let { refine typeattr SOCKS5_Reply += &let {
proc: bool = $context.connection.socks5_reply(this); proc: bool = $context.connection.socks5_reply(this);
}; };
refine typeattr SOCKS5_Auth_Negotiation_Reply += &let {
};
refine typeattr SOCKS5_Auth_Request_UserPass_v1 += &let {
proc: bool = $context.connection.socks5_auth_request_userpass(this);
};
refine typeattr SOCKS5_Auth_Reply_UserPass_v1 += &let {
proc: bool = $context.connection.socks5_auth_reply_userpass(this);
};
refine typeattr SOCKS5_Unsupported_Authentication_Method += &let {
proc: bool = $context.connection.socks5_unsupported_authentication_method($context.connection.v5_auth_method());
};
refine typeattr SOCKS5_Unsupported_Authentication_Version += &let {
proc: bool = $context.connection.socks5_unsupported_authentication_version($context.connection.v5_auth_method(), version);
};

102
src/analyzer/protocol/socks/socks-protocol.pac
View file

@ -1,10 +1,15 @@
type SOCKS_Message(is_orig: bool) = case $context.connection.v5_in_auth_sub_negotiation() of {
true -> auth: SOCKS5_Auth_Message(is_orig);
false -> msg: SOCKS_Version(is_orig);
};
type SOCKS_Version(is_orig: bool) = record { type SOCKS_Version(is_orig: bool) = record {
version: uint8; version: uint8;
msg: case version of { msg: case version of {
4 -> socks4_msg: SOCKS4_Message(is_orig); 4 -> socks4_msg: SOCKS4_Message(is_orig);
5 -> socks5_msg: SOCKS5_Message(is_orig); 5 -> socks5_msg: SOCKS5_Message(is_orig);
default -> socks_msg_fail: SOCKS_Version_Error(version); default -> socks_msg_fail: SOCKS_Version_Error(version);
}; };
}; };
@ -14,10 +19,11 @@ type SOCKS_Version_Error(version: uint8) = record {
# SOCKS5 Implementation # SOCKS5 Implementation
type SOCKS5_Message(is_orig: bool) = case $context.connection.v5_past_authentication() of { type SOCKS5_Message(is_orig: bool) = case $context.connection.v5_past_authentication() of {
true -> msg: SOCKS5_Real_Message(is_orig);
false -> auth: SOCKS5_Auth_Negotiation(is_orig); false -> auth: SOCKS5_Auth_Negotiation(is_orig);
true -> msg: SOCKS5_Real_Message(is_orig);
}; };
type SOCKS5_Auth_Negotiation(is_orig: bool) = case is_orig of { type SOCKS5_Auth_Negotiation(is_orig: bool) = case is_orig of {
true -> req: SOCKS5_Auth_Negotiation_Request; true -> req: SOCKS5_Auth_Negotiation_Request;
false -> rep: SOCKS5_Auth_Negotiation_Reply; false -> rep: SOCKS5_Auth_Negotiation_Reply;
@ -31,7 +37,61 @@ type SOCKS5_Auth_Negotiation_Request = record {
type SOCKS5_Auth_Negotiation_Reply = record { type SOCKS5_Auth_Negotiation_Reply = record {
selected_auth_method: uint8; selected_auth_method: uint8;
} &let { } &let {
in_auth_sub_neg = $context.connection.set_v5_in_auth_sub_negotiation(selected_auth_method == 0 || selected_auth_method == 0xff ? false : true);
past_auth = $context.connection.set_v5_past_authentication(); past_auth = $context.connection.set_v5_past_authentication();
set_auth = $context.connection.set_v5_auth_method(selected_auth_method);
};
type SOCKS5_Auth_Message(is_orig: bool) = case is_orig of {
true -> req: SOCKS5_Auth_Request;
false -> rep: SOCKS5_Auth_Reply;
};
type SOCKS5_Auth_Request = case $context.connection.v5_auth_method() of {
0x02 -> userpass : SOCKS5_Auth_Request_UserPass;
default -> unsupported : SOCKS5_Unsupported_Authentication_Method;
};
type SOCKS5_Unsupported_Authentication_Method = record {
crap: bytestring &restofdata;
};
type SOCKS5_Unsupported_Authentication_Version(version: uint8) = record {
crap: bytestring &restofdata;
};
type SOCKS5_Auth_Request_UserPass = record {
version: uint8;
msg: case version of {
1 -> v1: SOCKS5_Auth_Request_UserPass_v1;
default -> unsupported: SOCKS5_Unsupported_Authentication_Version(version);
};
};
type SOCKS5_Auth_Request_UserPass_v1 = record {
ulen : uint8;
username : bytestring &length=ulen;
plen : uint8;
password : bytestring &length=plen;
};
type SOCKS5_Auth_Reply = case $context.connection.v5_auth_method() of {
0x02 -> userpass : SOCKS5_Auth_Reply_UserPass;
default -> unsupported : SOCKS5_Unsupported_Authentication_Method;
} &let {
in_auth_sub_neg = $context.connection.set_v5_in_auth_sub_negotiation(false);
};
type SOCKS5_Auth_Reply_UserPass = record {
version: uint8;
msg: case version of {
1 -> v1: SOCKS5_Auth_Reply_UserPass_v1;
default -> unsupported: SOCKS5_Unsupported_Authentication_Version(version);
};
};
type SOCKS5_Auth_Reply_UserPass_v1 = record {
code : uint8;
}; };
type SOCKS5_Real_Message(is_orig: bool) = case is_orig of { type SOCKS5_Real_Message(is_orig: bool) = case is_orig of {
@ -55,10 +115,10 @@ type SOCKS5_Address = record {
} &byteorder = bigendian; } &byteorder = bigendian;
type SOCKS5_Request = record { type SOCKS5_Request = record {
command: uint8; command : uint8;
reserved: uint8; reserved : uint8;
remote_name: SOCKS5_Address; remote_name : SOCKS5_Address;
port: uint16; port : uint16;
} &byteorder = bigendian; } &byteorder = bigendian;
type SOCKS5_Reply = record { type SOCKS5_Reply = record {
@ -98,13 +158,28 @@ type SOCKS4_Reply = record {
refine connection SOCKS_Conn += { refine connection SOCKS_Conn += {
%member{ %member{
bool v5_in_auth_sub_negotiation_;
bool v5_authenticated_; bool v5_authenticated_;
uint8 selected_auth_method_;
%} %}
%init{ %init{
v5_in_auth_sub_negotiation_ = false;
v5_authenticated_ = false; v5_authenticated_ = false;
selected_auth_method_ = 255;
%} %}
function v5_in_auth_sub_negotiation(): bool
%{
return v5_in_auth_sub_negotiation_;
%}
function set_v5_in_auth_sub_negotiation(b: bool): bool
%{
v5_in_auth_sub_negotiation_ = b;
return true;
%}
function v5_past_authentication(): bool function v5_past_authentication(): bool
%{ %{
return v5_authenticated_; return v5_authenticated_;
@ -115,5 +190,16 @@ refine connection SOCKS_Conn += {
v5_authenticated_ = true; v5_authenticated_ = true;
return true; return true;
%} %}
function set_v5_auth_method(method: uint8): bool
%{
selected_auth_method_ = method;
return true;
%}
function v5_auth_method(): uint8
%{
return selected_auth_method_;
%}
}; };

2
src/analyzer/protocol/socks/socks.pac
View file

@ -20,7 +20,7 @@ connection SOCKS_Conn(bro_analyzer: BroAnalyzer) {
%include socks-protocol.pac %include socks-protocol.pac
flow SOCKS_Flow(is_orig: bool) { flow SOCKS_Flow(is_orig: bool) {
datagram = SOCKS_Version(is_orig) withcontext(connection, this); datagram = SOCKS_Message(is_orig) withcontext(connection, this);
}; };
%include socks-analyzer.pac %include socks-analyzer.pac

18
src/file_analysis/File.cc
View file

@ -492,18 +492,22 @@ void File::EndOfFile()
if ( done ) if ( done )
return; return;
if ( ! did_mime_type &&
LookupFieldDefaultCount(missing_bytes_idx) == 0 )
DetectMIME();
analyzers.DrainModifications();
if ( file_reassembler ) if ( file_reassembler )
{ {
file_reassembler->Flush(); file_reassembler->Flush();
analyzers.DrainModifications();
} }
// Mark the bof_buffer as full in case it isn't yet
// so that the whole thing can be flushed out to
// any stream analyzers.
if ( ! bof_buffer.full )
{
bof_buffer.full = true;
DeliverStream((const u_char*) "", 0);
}
analyzers.DrainModifications();
done = true; done = true;
file_analysis::Analyzer* a = 0; file_analysis::Analyzer* a = 0;

11
src/iosource/PktSrc.cc
View file

@ -13,6 +13,15 @@
using namespace iosource; using namespace iosource;
PktSrc::Properties::Properties()
{
selectable_fd = -1;
link_type = -1;
hdr_size = -1;
netmask = NETMASK_UNKNOWN;
is_live = false;
}
PktSrc::PktSrc() PktSrc::PktSrc()
{ {
have_packet = false; have_packet = false;
@ -50,7 +59,7 @@ int PktSrc::LinkType() const
uint32 PktSrc::Netmask() const uint32 PktSrc::Netmask() const
{ {
return IsOpen() ? props.netmask : PCAP_NETMASK_UNKNOWN; return IsOpen() ? props.netmask : NETMASK_UNKNOWN;
} }
bool PktSrc::IsError() const bool PktSrc::IsError() const

17
src/iosource/PktSrc.h
View file

@ -16,6 +16,8 @@ namespace iosource {
*/ */
class PktSrc : public IOSource { class PktSrc : public IOSource {
public: public:
static const int NETMASK_UNKNOWN = 0xffffffff;
/** /**
* Struct for returning statistics on a packet source. * Struct for returning statistics on a packet source.
*/ */
@ -67,7 +69,7 @@ public:
/** /**
* Returns the netmask associated with the source, or \c * Returns the netmask associated with the source, or \c
* PCAP_NETMASK_UNKNOWN if unknown. * NETMASK_UNKNOWN if unknown.
*/ */
uint32 Netmask() const; uint32 Netmask() const;
@ -253,8 +255,8 @@ protected:
int hdr_size; int hdr_size;
/** /**
* The netmask associated with the source, or \c * Returns the netmask associated with the source, or \c
* PCAP_NETMASK_UNKNOWN if unknown. * NETMASK_UNKNOWN if unknown.
*/ */
uint32 netmask; uint32 netmask;
@ -264,14 +266,7 @@ protected:
*/ */
bool is_live; bool is_live;
Properties() Properties();
{
selectable_fd = -1;
link_type = -1;
hdr_size = -1;
netmask = PCAP_NETMASK_UNKNOWN;
is_live = false;
}
}; };
/** /**

6
src/iosource/pcap/Source.cc
View file

@ -77,6 +77,12 @@ void PcapSource::OpenLive()
props.netmask = 0xffffff00; props.netmask = 0xffffff00;
} }
#ifdef PCAP_NETMASK_UNKNOWN
// Defined in libpcap >= 1.1.1
if ( props.netmask == PCAP_NETMASK_UNKNOWN )
props.netmask = PktSrc::NETMASK_UNKNOWN;
#endif
// We use the smallest time-out possible to return almost immediately if // We use the smallest time-out possible to return almost immediately if
// no packets are available. (We can't use set_nonblocking() as it's // no packets are available. (We can't use set_nonblocking() as it's
// broken on FreeBSD: even when select() indicates that we can read // broken on FreeBSD: even when select() indicates that we can read

4
src/logging/WriterBackend.cc
View file

@ -84,12 +84,12 @@ bool WriterBackend::WriterInfo::Read(SerializationFormat* fmt)
config.clear(); config.clear();
while ( size ) while ( size-- )
{ {
string value; string value;
string key; string key;
if ( ! (fmt->Read(&value, "config-value") && fmt->Read(&value, "config-key")) ) if ( ! (fmt->Read(&value, "config-value") && fmt->Read(&key, "config-key")) )
return false; return false;
config.insert(std::make_pair(copy_string(value.c_str()), copy_string(key.c_str()))); config.insert(std::make_pair(copy_string(value.c_str()), copy_string(key.c_str())));

6
src/parse.y
View file

@ -16,6 +16,7 @@
%token TOK_REMOVE_FROM TOK_RETURN TOK_SCHEDULE TOK_SET %token TOK_REMOVE_FROM TOK_RETURN TOK_SCHEDULE TOK_SET
%token TOK_STRING TOK_SUBNET TOK_SWITCH TOK_TABLE %token TOK_STRING TOK_SUBNET TOK_SWITCH TOK_TABLE
%token TOK_TIME TOK_TIMEOUT TOK_TIMER TOK_TYPE TOK_UNION TOK_VECTOR TOK_WHEN %token TOK_TIME TOK_TIMEOUT TOK_TIMER TOK_TYPE TOK_UNION TOK_VECTOR TOK_WHEN
%token TOK_WHILE
%token TOK_ATTR_ADD_FUNC TOK_ATTR_ENCRYPT TOK_ATTR_DEFAULT %token TOK_ATTR_ADD_FUNC TOK_ATTR_ENCRYPT TOK_ATTR_DEFAULT
%token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL %token TOK_ATTR_OPTIONAL TOK_ATTR_REDEF TOK_ATTR_ROTATE_INTERVAL
@ -1340,6 +1341,11 @@ stmt:
$1->AsForStmt()->AddBody($2); $1->AsForStmt()->AddBody($2);
} }
| TOK_WHILE '(' expr ')' stmt
{
$$ = new WhileStmt($3, $5);
}
| TOK_NEXT ';' opt_no_test | TOK_NEXT ';' opt_no_test
{ {
set_location(@1, @2); set_location(@1, @2);

26
src/plugin/Manager.cc
View file

@ -79,18 +79,19 @@ void Manager::SearchDynamicPlugins(const std::string& dir)
std::string name; std::string name;
std::getline(in, name); std::getline(in, name);
strstrip(name); strstrip(name);
string lower_name = strtolower(name);
if ( name.empty() ) if ( name.empty() )
reporter->FatalError("empty plugin magic file %s", magic.c_str()); reporter->FatalError("empty plugin magic file %s", magic.c_str());
if ( dynamic_plugins.find(name) != dynamic_plugins.end() ) if ( dynamic_plugins.find(lower_name) != dynamic_plugins.end() )
{ {
DBG_LOG(DBG_PLUGINS, "Found already known plugin %s in %s, ignoring", name.c_str(), dir.c_str()); DBG_LOG(DBG_PLUGINS, "Found already known plugin %s in %s, ignoring", name.c_str(), dir.c_str());
return; return;
} }
// Record it, so that we can later activate it. // Record it, so that we can later activate it.
dynamic_plugins.insert(std::make_pair(name, dir)); dynamic_plugins.insert(std::make_pair(lower_name, dir));
DBG_LOG(DBG_PLUGINS, "Found plugin %s in %s", name.c_str(), dir.c_str()); DBG_LOG(DBG_PLUGINS, "Found plugin %s in %s", name.c_str(), dir.c_str());
return; return;
@ -135,7 +136,7 @@ void Manager::SearchDynamicPlugins(const std::string& dir)
bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found) bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_not_found)
{ {
dynamic_plugin_map::iterator m = dynamic_plugins.find(name); dynamic_plugin_map::iterator m = dynamic_plugins.find(strtolower(name));
if ( m == dynamic_plugins.end() ) if ( m == dynamic_plugins.end() )
{ {
@ -172,7 +173,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
// Load {bif,scripts}/__load__.bro automatically. // Load {bif,scripts}/__load__.bro automatically.
string init = dir + "scripts/__load__.bro"; string init = dir + "lib/bif/__load__.bro";
if ( is_file(init) ) if ( is_file(init) )
{ {
@ -180,7 +181,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
scripts_to_load.push_back(init); scripts_to_load.push_back(init);
} }
init = dir + "lib/bif/__load__.bro"; init = dir + "scripts/__load__.bro";
if ( is_file(init) ) if ( is_file(init) )
{ {
@ -230,7 +231,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_
// Make sure the name the plugin reports is consistent with // Make sure the name the plugin reports is consistent with
// what we expect from its magic file. // what we expect from its magic file.
if ( string(current_plugin->Name()) != name ) if ( strtolower(current_plugin->Name()) != strtolower(name) )
reporter->FatalError("inconsistent plugin name: %s vs %s", reporter->FatalError("inconsistent plugin name: %s vs %s",
current_plugin->Name().c_str(), name.c_str()); current_plugin->Name().c_str(), name.c_str());
@ -297,7 +298,7 @@ void Manager::UpdateInputFiles()
static bool plugin_cmp(const Plugin* a, const Plugin* b) static bool plugin_cmp(const Plugin* a, const Plugin* b)
{ {
return a->Name() < b->Name(); return strtolower(a->Name()) < strtolower(b->Name());
} }
void Manager::RegisterPlugin(Plugin *plugin) void Manager::RegisterPlugin(Plugin *plugin)
@ -318,10 +319,11 @@ void Manager::RegisterBifFile(const char* plugin, bif_init_func c)
{ {
bif_init_func_map* bifs = BifFilesInternal(); bif_init_func_map* bifs = BifFilesInternal();
bif_init_func_map::iterator i = bifs->find(plugin); std::string lower_plugin = strtolower(plugin);
bif_init_func_map::iterator i = bifs->find(lower_plugin);
if ( i == bifs->end() ) if ( i == bifs->end() )
i = bifs->insert(std::make_pair(std::string(plugin), new bif_init_func_list())).first; i = bifs->insert(std::make_pair(lower_plugin, new bif_init_func_list())).first;
i->second->push_back(c); i->second->push_back(c);
} }
@ -348,7 +350,7 @@ void Manager::InitBifs()
for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin(); for ( plugin_list::iterator i = Manager::ActivePluginsInternal()->begin();
i != Manager::ActivePluginsInternal()->end(); i++ ) i != Manager::ActivePluginsInternal()->end(); i++ )
{ {
bif_init_func_map::const_iterator b = bifs->find((*i)->Name()); bif_init_func_map::const_iterator b = bifs->find(strtolower((*i)->Name()));
if ( b != bifs->end() ) if ( b != bifs->end() )
{ {
@ -397,7 +399,7 @@ Manager::inactive_plugin_list Manager::InactivePlugins() const
for ( plugin_list::const_iterator j = all->begin(); j != all->end(); j++ ) for ( plugin_list::const_iterator j = all->begin(); j != all->end(); j++ )
{ {
if ( (*i).first == (*j)->Name() ) if ( (*i).first == strtolower((*j)->Name()) )
{ {
found = true; found = true;
break; break;
@ -434,7 +436,7 @@ Manager::bif_init_func_map* Manager::BifFilesInternal()
static bool hook_cmp(std::pair<int, Plugin*> a, std::pair<int, Plugin*> b) static bool hook_cmp(std::pair<int, Plugin*> a, std::pair<int, Plugin*> b)
{ {
if ( a.first == b.first ) if ( a.first == b.first )
return a.second->Name() < a.second->Name(); return strtolower(a.second->Name()) < strtolower(a.second->Name());
// Reverse sort. // Reverse sort.
return a.first > b.first; return a.first > b.first;

1
src/scan.l
View file

@ -221,6 +221,7 @@ export return TOK_EXPORT;
fallthrough return TOK_FALLTHROUGH; fallthrough return TOK_FALLTHROUGH;
file return TOK_FILE; file return TOK_FILE;
for return TOK_FOR; for return TOK_FOR;
while return TOK_WHILE;
function return TOK_FUNCTION; function return TOK_FUNCTION;
global return TOK_GLOBAL; global return TOK_GLOBAL;
"?$" return TOK_HAS_FIELD; "?$" return TOK_HAS_FIELD;

13
src/threading/formatters/JSON.cc
View file

@ -15,7 +15,7 @@
using namespace threading::formatter; using namespace threading::formatter;
JSON::JSON(MsgThread* t, TimeFormat tf) : Formatter(t) JSON::JSON(MsgThread* t, TimeFormat tf) : Formatter(t), surrounding_braces(true)
{ {
timestamps = tf; timestamps = tf;
} }
@ -27,7 +27,8 @@ JSON::~JSON()
bool JSON::Describe(ODesc* desc, int num_fields, const Field* const * fields, bool JSON::Describe(ODesc* desc, int num_fields, const Field* const * fields,
Value** vals) const Value** vals) const
{ {
desc->AddRaw("{"); if ( surrounding_braces )
desc->AddRaw("{");
for ( int i = 0; i < num_fields; i++ ) for ( int i = 0; i < num_fields; i++ )
{ {
@ -41,7 +42,8 @@ bool JSON::Describe(ODesc* desc, int num_fields, const Field* const * fields,
return false; return false;
} }
desc->AddRaw("}"); if ( surrounding_braces )
desc->AddRaw("}");
return true; return true;
} }
@ -217,3 +219,8 @@ threading::Value* JSON::ParseValue(const string& s, const string& name, TypeTag
GetThread()->Error("JSON formatter does not support parsing yet."); GetThread()->Error("JSON formatter does not support parsing yet.");
return NULL; return NULL;
} }
void JSON::SurroundingBraces(bool use_braces)
{
surrounding_braces = use_braces;
}

3
src/threading/formatters/JSON.h
View file

@ -27,8 +27,11 @@ public:
threading::Value** vals) const; threading::Value** vals) const;
virtual threading::Value* ParseValue(const string& s, const string& name, TypeTag type, TypeTag subtype = TYPE_ERROR) const; virtual threading::Value* ParseValue(const string& s, const string& name, TypeTag type, TypeTag subtype = TYPE_ERROR) const;
void SurroundingBraces(bool use_braces);
private: private:
TimeFormat timestamps; TimeFormat timestamps;
bool surrounding_braces;
}; };
}} }}

7
src/util.cc
View file

@ -541,6 +541,13 @@ bool is_printable(const char* s, int len)
return true; return true;
} }
std::string strtolower(const std::string& s)
{
std::string t = s;
std::transform(t.begin(), t.end(), t.begin(), ::tolower);
return t;
}
const char* fmt_bytes(const char* data, int len) const char* fmt_bytes(const char* data, int len)
{ {
static char buf[1024]; static char buf[1024];

7
src/util.h
View file

@ -48,8 +48,8 @@
#endif #endif
#ifdef USE_PERFTOOLS_DEBUG #ifdef USE_PERFTOOLS_DEBUG
#include <google/heap-checker.h> #include <gperftools/heap-checker.h>
#include <google/heap-profiler.h> #include <gperftools/heap-profiler.h>
extern HeapLeakChecker* heap_checker; extern HeapLeakChecker* heap_checker;
#endif #endif
@ -159,6 +159,9 @@ int strstr_n(const int big_len, const unsigned char* big,
extern int fputs(int len, const char* s, FILE* fp); extern int fputs(int len, const char* s, FILE* fp);
extern bool is_printable(const char* s, int len); extern bool is_printable(const char* s, int len);
// Return a lower-cased version of the string.
extern std::string strtolower(const std::string& s);
extern const char* fmt_bytes(const char* data, int len); extern const char* fmt_bytes(const char* data, int len);
// Note: returns a pointer into a shared buffer. // Note: returns a pointer into a shared buffer.

14
testing/btest/Baseline/core.mpls-in-vlan/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-13 #open 2015-02-23-21-32-33
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - 0 D 1 257 0 0 (empty) 1371685686.536606 CXWv6p3arKYeMETxOg 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 257 0 0 (empty)
1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - 0 d 0 0 1 1500 (empty) 1371686961.156859 CjhGID4nQcgTWjvg4c 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH - - 0 d 0 0 1 1500 (empty)
1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - 0 D 1 710 0 0 (empty) 1371686961.479321 CCvvfg3TEfuqmmG4bh 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH - - 0 D 1 710 0 0 (empty)
#close 2014-04-01-22-56-13 #close 2015-02-23-21-32-33

40
testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
View file

@ -3,23 +3,23 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-08-24-15-51-55 #open 2015-02-23-21-32-35
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty) 1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
1300475168.853899 CCvvfg3TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.853899 CCvvfg3TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.854378 CsRx2w45OKnoww6xl4 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty) 1300475168.854378 CsRx2w45OKnoww6xl4 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CRJuHdVW0XPVINV8a 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty) 1300475168.854837 CRJuHdVW0XPVINV8a 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CPbrpk1qSsw6ESzHV4 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.857956 CPbrpk1qSsw6ESzHV4 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.858306 C6pKV8GSxOnSLghOa 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 (empty) 1300475168.858306 C6pKV8GSxOnSLghOa 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.858713 CIPOse170MGiRM1Qf4 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 (empty) 1300475168.858713 CIPOse170MGiRM1Qf4 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.891644 C7XEbhP654jzLoe3a 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.891644 C7XEbhP654jzLoe3a 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.892037 CJ3xTn1c4Zw9TmAE05 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 (empty) 1300475168.892037 CJ3xTn1c4Zw9TmAE05 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.892414 CMXxB5GvmoxJFXdTa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 (empty) 1300475168.892414 CMXxB5GvmoxJFXdTa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.893988 Caby8b1slFea8xwSmb 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.893988 Caby8b1slFea8xwSmb 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.894422 Che1bq3i2rO3KD1Syg 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 (empty) 1300475168.894422 Che1bq3i2rO3KD1Syg 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.894787 C3SfNE4BWaU4aSuwkc 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 (empty) 1300475168.894787 C3SfNE4BWaU4aSuwkc 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.901749 CEle3f3zno26fFZkrh 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 (empty) 1300475168.901749 CEle3f3zno26fFZkrh 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - - 0 Dd 1 64 1 159 (empty)
1300475168.902195 CwSkQu4eWZCH7OONC1 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 (empty) 1300475168.902195 CwSkQu4eWZCH7OONC1 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - - 0 Dd 1 64 1 226 (empty)
1300475168.652003 CjhGID4nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - 0 D 1 515 0 0 (empty) 1300475168.652003 CjhGID4nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH - - 0 D 1 515 0 0 (empty)
#close 2014-08-24-15-51-55 #close 2015-02-23-21-32-35

10
testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-08-23-18-29-48 #open 2015-02-23-21-32-46
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475168.892936 CXWv6p3arKYeMETxOg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 (empty) 1300475168.892936 CXWv6p3arKYeMETxOg 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - - 0 ShADad 6 1468 4 950 (empty)
#close 2014-08-23-18-29-48 #close 2015-02-23-21-32-46

22
testing/btest/Baseline/core.pppoe/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-20 #open 2015-02-23-21-32-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - 0 D 2 288 0 0 (empty) 1284385418.014560 CPbrpk1qSsw6ESzHV4 fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 - - 0 D 2 288 0 0 (empty)
1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - 0 D 2 210 0 0 (empty) 1284385417.962560 CRJuHdVW0XPVINV8a fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 - - 0 D 2 210 0 0 (empty)
1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - 0 - 1 64 0 0 (empty) 1284385411.091560 CjhGID4nQcgTWjvg4c fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
1284385411.035560 CXWv6p3arKYeMETxOg fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - 0 - 8 608 0 0 (empty) 1284385411.035560 CXWv6p3arKYeMETxOg fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH - - 0 - 8 608 0 0 (empty)
1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - 0 - 5 500 5 500 (empty) 1284385451.658560 C6pKV8GSxOnSLghOa fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH - - 0 - 5 500 5 500 (empty)
1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - 0 - 1 64 0 0 (empty) 1284385413.027560 CsRx2w45OKnoww6xl4 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH - - 0 - 1 64 0 0 (empty)
1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - 0 - 1 48 0 0 (empty) 1284385412.963560 CCvvfg3TEfuqmmG4bh fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 48 0 0 (empty)
#close 2014-04-01-22-56-20 #close 2015-02-23-21-32-47

10
testing/btest/Baseline/core.print-bpf-filters/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-24 #open 2015-02-23-21-32-49
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty) 1278600802.069419 CXWv6p3arKYeMETxOg 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
#close 2014-04-01-22-56-24 #close 2015-02-23-21-32-49

12
testing/btest/Baseline/core.q-in-q/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-29 #open 2015-02-23-21-32-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - 0 D 2 92 0 0 (empty) 1363900699.548138 CXWv6p3arKYeMETxOg 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 - - 0 D 2 92 0 0 (empty)
1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - 0 D 2 608 0 0 (empty) 1363900699.549647 CjhGID4nQcgTWjvg4c 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 - - 0 D 2 608 0 0 (empty)
#close 2014-04-01-22-56-29 #close 2015-02-23-21-32-51

14
testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-09-16-44-53 #open 2015-02-23-21-32-56
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1395939406.175845 CjhGID4nQcgTWjvg4c 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - 0 ShAdfFa 5 272 4 486 (empty) 1395939406.175845 CjhGID4nQcgTWjvg4c 192.168.56.1 59763 192.168.56.101 63988 tcp ftp-data 0.001676 0 270 SF - - 0 ShAdfFa 5 272 4 486 (empty)
1395939411.361078 CCvvfg3TEfuqmmG4bh 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - 4675708816 ShAdfFa 13 688 12 24454 (empty) 1395939411.361078 CCvvfg3TEfuqmmG4bh 192.168.56.1 59764 192.168.56.101 37150 tcp ftp-data 150.496065 0 5416666670 SF - - 4675708816 ShAdfFa 13 688 12 24454 (empty)
1395939399.984671 CXWv6p3arKYeMETxOg 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - 0 ShAdDaFf 31 1728 18 1985 (empty) 1395939399.984671 CXWv6p3arKYeMETxOg 192.168.56.1 59762 192.168.56.101 21 tcp ftp 169.634297 104 1041 SF - - 0 ShAdDaFf 31 1728 18 1985 (empty)
#close 2014-04-09-16-44-54 #close 2015-02-23-21-32-56

10
testing/btest/Baseline/core.tcp.miss-end-data/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-36 #open 2015-02-23-21-32-57
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - 2902 ShADafF 5 750 4 172 (empty) 1331764471.664131 CXWv6p3arKYeMETxOg 192.168.122.230 60648 77.238.160.184 80 tcp http 10.048360 538 2902 SF - - 2902 ShADafF 5 750 4 172 (empty)
#close 2014-04-01-22-56-36 #close 2015-02-23-21-32-57

24
testing/btest/Baseline/core.tunnels.ayiya/conn.log
View file

@ -3,15 +3,15 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-43 #open 2015-02-23-21-33-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh 1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh
1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - 0 Dd 21 5717 13 6473 (empty) 1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 udp ayiya 20.879001 5129 6109 SF - - 0 Dd 21 5717 13 6473 (empty)
1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - 0 d 0 0 1 176 (empty) 1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 udp ayiya - - - SHR - - 0 d 0 0 1 176 (empty)
1257655296.585333 C6pKV8GSxOnSLghOa :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - 0 - 1 64 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585333 C6pKV8GSxOnSLghOa :: 135 ff02::1:ff00:2 136 icmp - - - - OTH - - 0 - 1 64 0 0 CCvvfg3TEfuqmmG4bh
1257655293.629048 CjhGID4nQcgTWjvg4c 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - 0 - 3 312 1 104 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh 1257655293.629048 CjhGID4nQcgTWjvg4c 2001:4978:f:4c::1 128 2001:4978:f:4c::2 129 icmp - 23.834987 168 56 OTH - - 0 - 3 312 1 104 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh
#close 2014-04-01-22-56-43 #close 2015-02-23-21-33-02

14
testing/btest/Baseline/core.tunnels.gre-in-gre/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-55 #open 2015-02-23-21-33-06
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c 1341436440.002928 CRJuHdVW0XPVINV8a 3.3.3.2 520 224.0.0.9 520 udp - 26.148268 48 0 S0 - - 0 D 2 104 0 0 CjhGID4nQcgTWjvg4c
1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c 1341436424.378840 CsRx2w45OKnoww6xl4 3.3.3.1 520 224.0.0.9 520 udp - 28.555457 168 0 S0 - - 0 D 2 224 0 0 CjhGID4nQcgTWjvg4c
1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c 1341436424.204043 CCvvfg3TEfuqmmG4bh 10.10.25.1 8 192.168.1.2 0 icmp - 42.380221 22464 22464 OTH - - 0 - 312 31200 312 31200 CjhGID4nQcgTWjvg4c
#close 2014-04-01-22-56-55 #close 2015-02-23-21-33-06

22
testing/btest/Baseline/core.tunnels.gre/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-51 #open 2015-02-23-21-33-05
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg 1055289978.756932 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 tcp ssh 3.157831 952 1671 SF - - 0 ShAdDaFf 12 1584 10 2199 CXWv6p3arKYeMETxOg
1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg 1055289987.055189 CRJuHdVW0XPVINV8a 66.59.111.190 37675 172.28.2.3 53 udp dns 5.001141 66 0 S0 - - 0 D 2 122 0 0 CXWv6p3arKYeMETxOg
1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg 1055289996.849099 CIPOse170MGiRM1Qf4 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289973.849878 CCvvfg3TEfuqmmG4bh 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg 1055289973.849878 CCvvfg3TEfuqmmG4bh 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg 1055289992.849231 C6pKV8GSxOnSLghOa 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF - - 0 Dd 1 76 1 76 CXWv6p3arKYeMETxOg
1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg 1055289968.793044 CjhGID4nQcgTWjvg4c 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH - - 0 - 4 336 4 336 CXWv6p3arKYeMETxOg
1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg 1055289987.106744 CPbrpk1qSsw6ESzHV4 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH - - 0 - 2 178 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-56-51 #close 2015-02-23-21-33-05

14
testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-56-58 #open 2015-02-23-21-33-07
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh 1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - 0 D 49 67160 0 0 (empty) 1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty)
1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - 0 D 29 3354 0 0 (empty) 1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty)
#close 2014-04-01-22-56-58 #close 2015-02-23-21-33-07

10
testing/btest/Baseline/core.tunnels.gtp.false_gtp/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-03 #open 2015-02-23-21-33-08
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - 0 D 1 64 0 0 (empty) 1333458871.219794 CXWv6p3arKYeMETxOg 10.131.24.6 2152 195.178.38.3 53 udp dns - - - S0 - - 0 D 1 64 0 0 (empty)
#close 2014-04-01-22-57-03 #close 2015-02-23-21-33-09

14
testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-05 #open 2015-02-23-21-33-09
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg 1333458851.770000 CjhGID4nQcgTWjvg4c fe80::224c:4fff:fe43:414c 1234 ff02::1:3 5355 udp dns - - - S0 - - 0 D 1 80 0 0 CXWv6p3arKYeMETxOg
1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - 0 D 2 208 0 0 (empty) 1333458851.770000 CXWv6p3arKYeMETxOg 118.92.124.41 2152 118.92.124.72 2152 udp gtpv1 0.199236 152 0 S0 - - 0 D 2 208 0 0 (empty)
1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg 1333458851.969236 CCvvfg3TEfuqmmG4bh fe80::224c:4fff:fe43:414c 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 56 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-57-05 #close 2015-02-23-21-33-09

42
testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
View file

@ -3,24 +3,24 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-08 #open 2015-02-23-21-33-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - 0 d 0 0 1 84 C3SfNE4BWaU4aSuwkc 1333458850.037956 CEle3f3zno26fFZkrh 10.131.112.102 51403 94.245.121.253 3544 udp teredo - - - SHR - - 0 d 0 0 1 84 C3SfNE4BWaU4aSuwkc
1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - 0 D 2 248 0 0 (empty) 1333458850.040098 CwSkQu4eWZCH7OONC1 174.94.190.229 2152 190.104.181.57 2152 udp gtpv1 0.003698 192 0 S0 - - 0 D 2 248 0 0 (empty)
1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh 1333458850.016620 CsRx2w45OKnoww6xl4 172.24.16.121 61901 94.245.121.251 3544 udp teredo - - - S0 - - 0 D 1 80 0 0 CCvvfg3TEfuqmmG4bh
1333458850.029781 C6pKV8GSxOnSLghOa 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4 1333458850.029781 C6pKV8GSxOnSLghOa 172.24.16.67 52298 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - 0 D 2 250 0 0 (empty) 1333458850.035456 CJ3xTn1c4Zw9TmAE05 190.104.181.210 2152 190.104.181.125 2152 udp gtpv1 0.000004 194 0 S0 - - 0 D 2 250 0 0 (empty)
1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - 0 Dd 1 116 1 120 (empty) 1333458850.016620 CCvvfg3TEfuqmmG4bh 174.94.190.229 2152 190.104.181.62 2152 udp gtpv1 0.016267 88 92 SF - - 0 Dd 1 116 1 120 (empty)
1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - 0 D 2 248 0 0 (empty) 1333458850.029781 CPbrpk1qSsw6ESzHV4 190.104.181.254 2152 190.104.181.62 2152 udp gtpv1 0.000002 192 0 S0 - - 0 D 2 248 0 0 (empty)
1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05 1333458850.035460 Che1bq3i2rO3KD1Syg 172.27.159.9 63912 94.245.121.254 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - 0 D 1 120 0 0 (empty) 1333458850.037956 C3SfNE4BWaU4aSuwkc 190.104.181.57 2152 190.104.181.222 2152 udp gtpv1 - - - S0 - - 0 D 1 120 0 0 (empty)
1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - 0 D 1 124 0 0 (empty) 1333458850.014199 CXWv6p3arKYeMETxOg 174.94.190.213 2152 190.104.181.57 2152 udp gtpv1 - - - S0 - - 0 D 1 124 0 0 (empty)
1333458850.040098 CfTOmO0HKorjr8Zp7 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - 0 D 2 176 0 0 CwSkQu4eWZCH7OONC1 1333458850.040098 CfTOmO0HKorjr8Zp7 172.24.203.81 54447 65.55.158.118 3544 udp teredo 0.003698 120 0 S0 - - 0 D 2 176 0 0 CwSkQu4eWZCH7OONC1
1333458850.029783 CIPOse170MGiRM1Qf4 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4 1333458850.029783 CIPOse170MGiRM1Qf4 172.24.16.67 52298 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CPbrpk1qSsw6ESzHV4
1333458850.032887 C7XEbhP654jzLoe3a 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - 0 d 0 0 1 84 CCvvfg3TEfuqmmG4bh 1333458850.032887 C7XEbhP654jzLoe3a 10.131.42.160 62069 94.245.121.253 3544 udp teredo - - - SHR - - 0 d 0 0 1 84 CCvvfg3TEfuqmmG4bh
1333458850.014199 CjhGID4nQcgTWjvg4c 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - 0 D 1 88 0 0 CXWv6p3arKYeMETxOg 1333458850.014199 CjhGID4nQcgTWjvg4c 172.24.204.200 56528 65.55.158.118 3544 udp teredo - - - S0 - - 0 D 1 88 0 0 CXWv6p3arKYeMETxOg
1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05 1333458850.035456 CMXxB5GvmoxJFXdTa 172.27.159.9 63912 94.245.121.253 3544 udp teredo - - - S0 - - 0 D 1 89 0 0 CJ3xTn1c4Zw9TmAE05
1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4 1333458850.016620 CRJuHdVW0XPVINV8a 2001:0:5ef5:79fb:38b8:1695:2b37:be8e 128 2002:2571:c817::2571:c817 129 icmp - - - - OTH - - 0 - 1 52 0 0 CsRx2w45OKnoww6xl4
1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa 1333458850.035456 Caby8b1slFea8xwSmb fe80::ffff:ffff:fffe 133 ff02::2 134 icmp - 0.000004 0 0 OTH - - 0 - 2 96 0 0 Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
#close 2014-04-01-22-57-08 #close 2015-02-23-21-33-10

12
testing/btest/Baseline/core.tunnels.gtp.not_user_plane_data/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-11 #open 2015-02-23-21-33-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - 0 D 1 52 0 0 (empty) 1333458850.532814 CXWv6p3arKYeMETxOg 247.56.43.90 2152 247.56.43.248 2152 udp - - - - S0 - - 0 D 1 52 0 0 (empty)
1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - 0 Dd 1 40 1 42 (empty) 1333458850.867091 CjhGID4nQcgTWjvg4c 247.56.43.214 2152 237.56.101.238 2152 udp - 0.028676 12 14 SF - - 0 Dd 1 40 1 42 (empty)
#close 2014-04-01-22-57-11 #close 2015-02-23-21-33-12

12
testing/btest/Baseline/core.tunnels.gtp.opt_header/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-12 #open 2015-02-23-21-33-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg 1333458852.011535 CjhGID4nQcgTWjvg4c 10.222.10.10 44960 173.194.69.188 5228 tcp ssl 0.573499 704 1026 S1 - - 0 ShADad 17 1604 14 1762 CXWv6p3arKYeMETxOg
1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - 0 Dd 17 2216 14 2322 (empty) 1333458852.011535 CXWv6p3arKYeMETxOg 79.188.154.91 2152 243.149.173.198 2152 udp gtpv1 0.573499 1740 1930 SF - - 0 Dd 17 2216 14 2322 (empty)
#close 2014-04-01-22-57-12 #close 2015-02-23-21-33-13

12
testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-15 #open 2015-02-23-21-33-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg 1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg
1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - 0 Dd 27 4176 41 54070 (empty) 1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty)
#close 2014-04-01-22-57-15 #close 2015-02-23-21-33-14

50
testing/btest/Baseline/core.tunnels.teredo/conn.log
View file

@ -3,28 +3,28 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-21 #open 2015-02-23-21-33-18
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - 0 fA 1 40 1 40 (empty) 1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 fA 1 40 1 40 (empty)
1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - 0 fA 1 40 1 40 (empty) 1210953050.867067 CCvvfg3TEfuqmmG4bh 192.168.2.16 1577 75.126.203.78 80 tcp - 0.000387 0 0 SHR - - 0 fA 1 40 1 40 (empty)
1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - 0 Fa 1 40 1 40 (empty) 1210953057.833364 CIPOse170MGiRM1Qf4 192.168.2.16 1577 75.126.203.78 80 tcp - 0.079208 0 0 SH - - 0 Fa 1 40 1 40 (empty)
1210953058.007081 CJ3xTn1c4Zw9TmAE05 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - 0 R 1 40 0 0 (empty) 1210953058.007081 CJ3xTn1c4Zw9TmAE05 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTOS0 - - 0 R 1 40 0 0 (empty)
1210953057.834454 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - 0 ShADadR 6 1038 4 335 (empty) 1210953057.834454 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 tcp http 0.407908 790 171 RSTO - - 0 ShADadR 6 1038 4 335 (empty)
1210953058.350065 CMXxB5GvmoxJFXdTa 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - 0 Dd 2 122 2 494 (empty) 1210953058.350065 CMXxB5GvmoxJFXdTa 192.168.2.16 1920 192.168.2.1 53 udp dns 0.223055 66 438 SF - - 0 Dd 2 122 2 494 (empty)
1210953058.577231 Caby8b1slFea8xwSmb 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - 0 D 3 234 0 0 (empty) 1210953058.577231 Caby8b1slFea8xwSmb 192.168.2.16 137 192.168.2.255 137 udp dns 1.499261 150 0 S0 - - 0 D 3 234 0 0 (empty)
1210953074.264819 CyAhVIzHqb7t7kv28 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - 0 Dd 3 207 3 682 (empty) 1210953074.264819 CyAhVIzHqb7t7kv28 192.168.2.16 1920 192.168.2.1 53 udp dns 0.297723 123 598 SF - - 0 Dd 3 207 3 682 (empty)
1210953061.312379 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - 0 ShADad 10 2279 12 11191 C3SfNE4BWaU4aSuwkc 1210953061.312379 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 12.810848 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 C3SfNE4BWaU4aSuwkc
1210953076.058333 Cx2FqO23omNawSNrxj 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) 1210953076.058333 Cx2FqO23omNawSNrxj 192.168.2.16 1578 75.126.203.78 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.055744 CfTOmO0HKorjr8Zp7 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) 1210953074.055744 CfTOmO0HKorjr8Zp7 192.168.2.16 1577 75.126.203.78 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.057124 CzA03V1VcgagLjnO92 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - 0 r 0 0 1 40 (empty) 1210953074.057124 CzA03V1VcgagLjnO92 192.168.2.16 1576 75.126.130.163 80 tcp - - - - RSTRH - - 0 r 0 0 1 40 (empty)
1210953074.570439 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - 0 ShADadFf 7 757 6 4164 (empty) 1210953074.570439 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 tcp http 0.466677 469 3916 SF - - 0 ShADadFf 7 757 6 4164 (empty)
1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - 0 Dd 2 185 1 76 (empty) 1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 udp teredo 8.928880 129 48 SF - - 0 Dd 2 185 1 76 (empty)
1210953060.829233 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - 0 Dd 12 2695 13 11607 (empty) 1210953060.829233 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 udp teredo 13.293994 2359 11243 SF - - 0 Dd 12 2695 13 11607 (empty)
1210953058.933954 Che1bq3i2rO3KD1Syg 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - 0 D 1 328 0 0 (empty) 1210953058.933954 Che1bq3i2rO3KD1Syg 0.0.0.0 68 255.255.255.255 67 udp dhcp - - - S0 - - 0 D 1 328 0 0 (empty)
1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - 0 d 0 0 1 137 (empty) 1210953052.324629 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 d 0 0 1 137 (empty)
1210953046.591933 CXWv6p3arKYeMETxOg 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - 0 D 2 472 0 0 (empty) 1210953046.591933 CXWv6p3arKYeMETxOg 192.168.2.16 138 192.168.2.255 138 udp - 28.448321 416 0 S0 - - 0 D 2 472 0 0 (empty)
1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4 1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4
1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4 1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4 1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4
#close 2014-04-01-22-57-21 #close 2015-02-23-21-33-18

22
testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
View file

@ -3,14 +3,14 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-27 #open 2015-02-23-21-33-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a 1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a
1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - 0 Dd 2 185 1 80 (empty) 1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 udp teredo 0.010291 129 52 SF - - 0 Dd 2 185 1 80 (empty)
1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - 0 Dd 12 2703 13 11607 (empty) 1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 udp teredo 0.065485 2367 11243 SF - - 0 Dd 12 2703 13 11607 (empty)
1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - 0 d 0 0 1 137 (empty) 1340127577.339015 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 udp - - - - SHR - - 0 d 0 0 1 137 (empty)
1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh 1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh
1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a 1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg 1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg
#close 2014-04-01-22-57-27 #close 2015-02-23-21-33-21

14
testing/btest/Baseline/core.vlan-mpls/conn.log
View file

@ -3,10 +3,10 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-57-31 #open 2015-02-23-21-33-22
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - 0 SADF 11 470 0 0 (empty) 952109346.874907 CXWv6p3arKYeMETxOg 10.1.2.1 11001 10.34.0.1 23 tcp - 2.102560 26 0 SH - - 0 SADF 11 470 0 0 (empty)
1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - 0 ShADdFaf 12 730 10 9945 (empty) 1128727435.450898 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 tcp http 1.733303 98 9417 SF - - 0 ShADdFaf 12 730 10 9945 (empty)
1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty) 1278600802.069419 CCvvfg3TEfuqmmG4bh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - - 0 ShADadfF 7 381 7 3801 (empty)
#close 2014-04-01-22-57-31 #close 2015-02-23-21-33-22

2
testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
View file

@ -7,7 +7,7 @@
# bro -b -r http/get.trace connection_record_01.bro # bro -b -r http/get.trace connection_record_01.bro
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={ [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={ }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}], extract_orig=F, extract_resp=F] }], extract_orig=F, extract_resp=F]

2
testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
View file

@ -7,7 +7,7 @@
# bro -b -r http/get.trace connection_record_02.bro # bro -b -r http/get.trace connection_record_02.bro
[id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={ [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0], start_time=1362692526.869344, duration=0.211484, service={
}, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={ }, addl=, hot=0, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
}], extract_orig=F, extract_resp=F, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={ }], extract_orig=F, extract_resp=F, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, filename=<uninitialized>, tags={

20
testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1
View file

@ -16,15 +16,15 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-22-59-28 #open 2015-02-24-00-03-50
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty) 1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 73 0 0 (empty)
1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - 0 D 1 199 0 0 (empty) 1300475167.097012 CjhGID4nQcgTWjvg4c fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 199 0 0 (empty)
1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 179 0 0 (empty) 1300475167.099816 CCvvfg3TEfuqmmG4bh 141.142.220.50 5353 224.0.0.251 5353 udp dns - - - S0 - - 0 D 1 179 0 0 (empty)
1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.853899 CPbrpk1qSsw6ESzHV4 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - - 0 Dd 1 66 1 117 (empty)
1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 (empty) 1300475168.854378 C6pKV8GSxOnSLghOa 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - - 0 Dd 1 80 1 127 (empty)
1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 (empty) 1300475168.854837 CIPOse170MGiRM1Qf4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - - 0 Dd 1 66 1 211 (empty)
1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 (empty) 1300475168.857956 CMXxB5GvmoxJFXdTa 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - - 0 Dd 1 66 1 117 (empty)
[...] [...]

12
testing/btest/Baseline/language.while/out Normal file
View file

@ -0,0 +1,12 @@
10
s
ss
sss
{
7,
1,
9,
5,
3
}
[number 0, number 1, number 2, number 3, number 4, number 5, number 6, number 7, number 8, number 9, number 10, number 11, number 12]

2
testing/btest/Baseline/plugins.api-version-mismatch/output
View file

@ -1 +1 @@
fatal error in /home/robin/bro/master/scripts/base/init-bare.bro, line 1: plugin's API version does not match Bro (expected 2, got 42 in /home/robin/bro/master/testing/btest/.tmp/plugins.api-version-mismatch//lib/XXX) fatal error in /home/robin/bro/plugins/scripts/base/init-bare.bro, line 1: plugin's API version does not match Bro (expected 2, got 42 in /home/robin/bro/plugins/testing/btest/.tmp/plugins.api-version-mismatch/build//lib/XXX)

2
testing/btest/Baseline/plugins.bifs-and-scripts-install/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 1.0) Demo::Foo - <Insert description> (dynamic, version 0.1)
[Function] hello_plugin_world [Function] hello_plugin_world
[Event] plugin_event [Event] plugin_event

2
testing/btest/Baseline/plugins.bifs-and-scripts/output
View file

@ -1,4 +1,4 @@
Demo::Foo - <Insert description> (dynamic, version 1.0) Demo::Foo - <Insert description> (dynamic, version 0.1)
[Function] hello_plugin_world [Function] hello_plugin_world
[Event] plugin_event [Event] plugin_event

36
testing/btest/Baseline/plugins.hooks/output
View file

@ -191,7 +191,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null> 0.000000 MetaHookPost CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
0.000000 MetaHookPost CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null> 0.000000 MetaHookPost CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
0.000000 MetaHookPost CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null> 0.000000 MetaHookPost CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null> 0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Cluster::LOG)) -> <null> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Cluster::LOG)) -> <null>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Communication::LOG)) -> <null> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Communication::LOG)) -> <null>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Conn::LOG)) -> <null> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Conn::LOG)) -> <null>
@ -285,8 +285,8 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null> 0.000000 MetaHookPost CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) -> <null>
0.000000 MetaHookPost CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null> 0.000000 MetaHookPost CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) -> <null>
0.000000 MetaHookPost CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null> 0.000000 MetaHookPost CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) -> <null>
0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null> 0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) -> <null> 0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])) -> <null>
0.000000 MetaHookPost CallFunction(Notice::want_pp, ()) -> <null> 0.000000 MetaHookPost CallFunction(Notice::want_pp, ()) -> <null>
0.000000 MetaHookPost CallFunction(PacketFilter::build, ()) -> <null> 0.000000 MetaHookPost CallFunction(PacketFilter::build, ()) -> <null>
0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> <null> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> <null>
@ -731,7 +731,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Communication::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Conn::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Conn::LOG))
@ -825,8 +825,8 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, (X509::LOG, [columns=<no value description>, ev=X509::log_x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])) 0.000000 MetaHookPre CallFunction(Log::create_stream, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]))
0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Notice::want_pp, ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, ())
0.000000 MetaHookPre CallFunction(PacketFilter::build, ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, ())
0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, (ip or not ip, and, ))
@ -1271,7 +1271,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@ -1365,8 +1365,8 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql])
0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1424960167.277735, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1424736245.843493, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction Notice::want_pp()
0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::build()
0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
@ -1864,9 +1864,9 @@
1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null> 1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null> 1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null> 1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) -> <null>
1362692527.080972 MetaHookPost CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null> 1362692527.080972 MetaHookPost CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
1362692527.080972 MetaHookPost CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null> 1362692527.080972 MetaHookPost CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
1362692527.080972 MetaHookPost CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null> 1362692527.080972 MetaHookPost CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> <null>
1362692527.080972 MetaHookPost CallFunction(bro_done, ()) -> <null> 1362692527.080972 MetaHookPost CallFunction(bro_done, ()) -> <null>
1362692527.080972 MetaHookPost CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null> 1362692527.080972 MetaHookPost CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> <null>
1362692527.080972 MetaHookPost CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null> 1362692527.080972 MetaHookPost CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <null>
@ -1898,9 +1898,9 @@
1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)) 1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T))
1362692527.080972 MetaHookPre CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::__write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
1362692527.080972 MetaHookPre CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::default_path_func, (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
1362692527.080972 MetaHookPre CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::write, (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]))
1362692527.080972 MetaHookPre CallFunction(bro_done, ()) 1362692527.080972 MetaHookPre CallFunction(bro_done, ())
1362692527.080972 MetaHookPre CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.080972 MetaHookPre CallFunction(cat, (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80))
1362692527.080972 MetaHookPre CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) 1362692527.080972 MetaHookPre CallFunction(connection_state_remove, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
@ -1933,9 +1933,9 @@
1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)
1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])
1362692527.080972 | HookCallFunction bro_done() 1362692527.080972 | HookCallFunction bro_done()
1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)
1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])

2
testing/btest/Baseline/plugins.init-plugin/output
View file

@ -1,3 +1,3 @@
Demo::Foo - <Insert description> (dynamic, version 1.0) Demo::Foo - <Insert description> (dynamic, version 0.1)
=== ===

10
testing/btest/Baseline/plugins.pktsrc/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-09-04-18-06-05 #open 2015-02-23-21-37-52
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1409193037.000000 CXWv6p3arKYeMETxOg 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - 0 S 1 64 0 0 (empty) 1409193037.000000 CXWv6p3arKYeMETxOg 1.2.0.2 2527 1.2.0.3 6649 tcp - - - - S0 - - 0 S 1 64 0 0 (empty)
#close 2014-09-04-18-06-05 #close 2015-02-23-21-37-52

18
testing/btest/Baseline/plugins.writer/output
View file

@ -2,13 +2,13 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
[Writer] Foo (Log::WRITER_FOO) [Writer] Foo (Log::WRITER_FOO)
=== ===
[conn] 1340213005.165293|CXWv6p3arKYeMETxOg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|0|S|5|320|0|0| [conn] 1340213005.165293|CXWv6p3arKYeMETxOg|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|
[conn] 1340213010.582723|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|0|ShADadfF|23|5080|20|3986| [conn] 1340213010.582723|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|
[conn] 1340213048.780152|CCvvfg3TEfuqmmG4bh|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0| [conn] 1340213048.780152|CCvvfg3TEfuqmmG4bh|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213097.272764|CsRx2w45OKnoww6xl4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0| [conn] 1340213097.272764|CsRx2w45OKnoww6xl4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213162.160367|CRJuHdVW0XPVINV8a|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0| [conn] 1340213162.160367|CRJuHdVW0XPVINV8a|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0| [conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|0|F|1|52|0|0| [conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|
[files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|CjhGID4nQcgTWjvg4c|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|- [files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|CjhGID4nQcgTWjvg4c|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|-
[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- [http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- [http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0)
[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- [http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- [http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- [http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|-
[packet_filter] 1412721099.419280|bro|ip or not ip|T|T [packet_filter] 1424736260.256998|bro|ip or not ip|T|T
[socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688 [socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
[tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER [tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER

10
testing/btest/Baseline/scripts.base.frameworks.file-analysis.big-bof-buffer/files.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path files
#open 2015-02-05-13-55-41
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string string string string string
1362692527.009512 FakNcS1Jfe01uljb3 192.150.187.43 141.142.228.5 CXWv6p3arKYeMETxOg HTTP 0 MD5,SHA1 text/plain - 0.000263 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 - -
#close 2015-02-05-13-55-41

68
testing/btest/Baseline/scripts.base.frameworks.input.sqlite.basic/out
View file

@ -1,136 +1,136 @@
[ts=1300475167.096535, uid=dnGM1AdIVyh, id=[orig_h=141.142.220.202, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=73, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475167.096535, uid=dnGM1AdIVyh, id=[orig_h=141.142.220.202, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=73, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475167.097012, uid=fv9q7WjEgp1, id=[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/unknown, resp_h=ff02::fb, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=199, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475167.097012, uid=fv9q7WjEgp1, id=[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/unknown, resp_h=ff02::fb, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=199, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475167.099816, uid=0Ox0H56yl88, id=[orig_h=141.142.220.50, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=179, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475167.099816, uid=0Ox0H56yl88, id=[orig_h=141.142.220.50, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=179, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000435, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.853899, uid=rvmSc7rDQub, id=[orig_h=141.142.220.118, orig_p=43927/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000435, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.00042, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.854378, uid=ogkztouSArh, id=[orig_h=141.142.220.118, orig_p=37676/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.00042, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000392, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.854837, uid=0UIDdXFt7Tb, id=[orig_h=141.142.220.118, orig_p=40526/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000392, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.857956, uid=WqFYV51UIq7, id=[orig_h=141.142.220.118, orig_p=32902/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000343, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.858306, uid=ylcqZpbz6K2, id=[orig_h=141.142.220.118, orig_p=59816/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000343, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000375, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.858713, uid=blhldTzA7Y6, id=[orig_h=141.142.220.118, orig_p=59714/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000375, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000339, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.891644, uid=Sc34cGJo3Kg, id=[orig_h=141.142.220.118, orig_p=58206/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000339, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000335, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.892037, uid=RzvFrfXSRfk, id=[orig_h=141.142.220.118, orig_p=38911/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000335, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000421, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.892414, uid=GaaFI58mpbe, id=[orig_h=141.142.220.118, orig_p=59746/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000421, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000384, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={ [ts=1300475168.893988, uid=tr7M6tvAIQa, id=[orig_h=141.142.220.118, orig_p=45000/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000384, orig_bytes=38, resp_bytes=89, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=117, tunnel_parents={
}] }]
0 0
[ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={ [ts=1300475168.894422, uid=gV0TcSc2pb4, id=[orig_h=141.142.220.118, orig_p=48479/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000317, orig_bytes=52, resp_bytes=99, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=80, resp_pkts=1, resp_ip_bytes=127, tunnel_parents={
}] }]
0 0
[ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000423, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={ [ts=1300475168.894787, uid=MOG0z4PYOhk, id=[orig_h=141.142.220.118, orig_p=48128/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000423, orig_bytes=38, resp_bytes=183, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=66, resp_pkts=1, resp_ip_bytes=211, tunnel_parents={
}] }]
0 0
[ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000402, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={ [ts=1300475168.901749, uid=PlehgEduUyj, id=[orig_h=141.142.220.118, orig_p=56056/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000402, orig_bytes=36, resp_bytes=131, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=159, tunnel_parents={
}] }]
0 0
[ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000374, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={ [ts=1300475168.902195, uid=4eZgk09f2Re, id=[orig_h=141.142.220.118, orig_p=55092/unknown, resp_h=141.142.2.2, resp_p=53/unknown], proto=udp, service=dns, duration=0.000374, orig_bytes=36, resp_bytes=198, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=Dd, orig_pkts=1, orig_ip_bytes=64, resp_pkts=1, resp_ip_bytes=226, tunnel_parents={
}] }]
0 0
[ts=1300475169.899438, uid=3xwJPc7mQ9a, id=[orig_h=141.142.220.44, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=85, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475169.899438, uid=3xwJPc7mQ9a, id=[orig_h=141.142.220.44, orig_p=5353/unknown, resp_h=224.0.0.251, resp_p=5353/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=85, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.613017, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475170.862384, uid=yxTcvvTKWQ4, id=[orig_h=141.142.220.226, orig_p=137/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=2.613017, orig_bytes=350, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=7, orig_ip_bytes=546, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100096, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475171.675372, uid=8bLW3XNfhCj, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100096, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100021, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475171.677081, uid=rqjhiiRPjEe, id=[orig_h=141.142.220.226, orig_p=55131/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.100021, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099801, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475173.116749, uid=hTPyfL3QSGa, id=[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/unknown, resp_h=ff02::1:3, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099801, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=162, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099849, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475173.117362, uid=EruUQ9AJRj4, id=[orig_h=141.142.220.226, orig_p=55671/unknown, resp_h=224.0.0.252, resp_p=5355/unknown], proto=udp, service=dns, duration=0.099849, orig_bytes=66, resp_bytes=0, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=2, orig_ip_bytes=122, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475173.153679, uid=sw1bKJOMjuk, id=[orig_h=141.142.220.238, orig_p=56641/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=78, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={ [ts=1300475173.153679, uid=sw1bKJOMjuk, id=[orig_h=141.142.220.238, orig_p=56641/unknown, resp_h=141.142.220.255, resp_p=137/unknown], proto=udp, service=dns, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=S0, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=D, orig_pkts=1, orig_ip_bytes=78, resp_pkts=0, resp_ip_bytes=0, tunnel_parents={
}] }]
0 0
[ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=0.119905, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={ [ts=1300475168.724007, uid=NPHCuyWykE7, id=[orig_h=141.142.220.118, orig_p=48649/unknown, resp_h=208.80.152.118, resp_p=80/unknown], proto=tcp, service=http, duration=0.119905, orig_bytes=525, resp_bytes=232, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=741, resp_pkts=3, resp_ip_bytes=396, tunnel_parents={
}] }]
0 0
[ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.229603, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.892936, uid=VapPqRhPgJ4, id=[orig_h=141.142.220.118, orig_p=50000/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.229603, orig_bytes=1148, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1468, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.215893, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.859163, uid=3607hh8C3bc, id=[orig_h=141.142.220.118, orig_p=49998/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.215893, orig_bytes=1130, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1450, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.218501, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={ [ts=1300475168.855305, uid=tgYMrIvzDSg, id=[orig_h=141.142.220.118, orig_p=49996/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.218501, orig_bytes=1171, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1491, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}] }]
0 0
[ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.227284, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.895267, uid=xQsjPwNBrXd, id=[orig_h=141.142.220.118, orig_p=50001/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.227284, orig_bytes=1178, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1498, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=0.120041, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={ [ts=1300475168.902635, uid=Ap3GzMI1vM9, id=[orig_h=141.142.220.118, orig_p=35642/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=http, duration=0.120041, orig_bytes=534, resp_bytes=412, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=4, orig_ip_bytes=750, resp_pkts=3, resp_ip_bytes=576, tunnel_parents={
}] }]
0 0
[ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.21972, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={ [ts=1300475168.85533, uid=FTVcgrmNy52, id=[orig_h=141.142.220.118, orig_p=49997/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.21972, orig_bytes=1125, resp_bytes=734, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1445, resp_pkts=4, resp_ip_bytes=950, tunnel_parents={
}] }]
0 0
[ts=1300475169.780331, uid=1xFx4PGdeq5, id=[orig_h=141.142.220.235, orig_p=6705/unknown, resp_h=173.192.163.128, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=OTH, local_orig=<uninitialized>, missed_bytes=0, history=h, orig_pkts=0, orig_ip_bytes=0, resp_pkts=1, resp_ip_bytes=48, tunnel_parents={ [ts=1300475169.780331, uid=1xFx4PGdeq5, id=[orig_h=141.142.220.235, orig_p=6705/unknown, resp_h=173.192.163.128, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=<uninitialized>, orig_bytes=<uninitialized>, resp_bytes=<uninitialized>, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=h, orig_pkts=0, orig_ip_bytes=0, resp_pkts=1, resp_ip_bytes=48, tunnel_parents={
}] }]
0 0
[ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=0.061329, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={ [ts=1300475168.652003, uid=WIG1ud65z22, id=[orig_h=141.142.220.118, orig_p=35634/unknown, resp_h=208.80.152.2, resp_p=80/unknown], proto=tcp, service=<uninitialized>, duration=0.061329, orig_bytes=463, resp_bytes=350, conn_state=OTH, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=DdA, orig_pkts=2, orig_ip_bytes=567, resp_pkts=1, resp_ip_bytes=402, tunnel_parents={
}] }]
0 0
[ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.220961, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={ [ts=1300475168.892913, uid=o2gAkl4V7sa, id=[orig_h=141.142.220.118, orig_p=49999/unknown, resp_h=208.80.152.3, resp_p=80/unknown], proto=tcp, service=http, duration=0.220961, orig_bytes=1137, resp_bytes=733, conn_state=S1, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADad, orig_pkts=6, orig_ip_bytes=1457, resp_pkts=4, resp_ip_bytes=949, tunnel_parents={
}] }]
0 0

4
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.failure.log Normal file
View file

@ -0,0 +1,4 @@
t id.orig_h id.orig_p id.resp_h id.resp_p status country
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX

14
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.log Normal file
View file

@ -0,0 +1,14 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test
#open 2015-02-23-21-54-13
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure US
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure UK
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 failure MX
#close 2015-02-23-21-54-13

11
testing/btest/Baseline/scripts.base.frameworks.logging.remote-config/sender.test.success.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path test.success
#open 2015-02-23-21-54-13
#fields t id.orig_h id.orig_p id.resp_h id.resp_p status country
#types time addr port addr port string string
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success unknown
1424728450.994495 1.2.3.4 1234 2.3.4.5 80 success BR
#close 2015-02-23-21-54-13

68
testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/conn.select
View file

@ -1,34 +1,34 @@
1300475167.09653|CXWv6p3arKYeMETxOg|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|73|0|0|(empty) 1300475167.09653|CXWv6p3arKYeMETxOg|141.142.220.202|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|73|0|0|(empty)
1300475167.09701|CjhGID4nQcgTWjvg4c|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0||0|D|1|199|0|0|(empty) 1300475167.09701|CjhGID4nQcgTWjvg4c|fe80::217:f2ff:fed7:cf65|5353|ff02::fb|5353|udp|dns||||S0|||0|D|1|199|0|0|(empty)
1300475167.09982|CCvvfg3TEfuqmmG4bh|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|179|0|0|(empty) 1300475167.09982|CCvvfg3TEfuqmmG4bh|141.142.220.50|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|179|0|0|(empty)
1300475168.652|CsRx2w45OKnoww6xl4|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH||0|DdA|2|567|1|402|(empty) 1300475168.652|CsRx2w45OKnoww6xl4|141.142.220.118|35634|208.80.152.2|80|tcp||0.0613288879394531|463|350|OTH|||0|DdA|2|567|1|402|(empty)
1300475168.72401|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1||0|ShADad|4|741|3|396|(empty) 1300475168.72401|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|tcp|http|0.1199049949646|525|232|S1|||0|ShADad|4|741|3|396|(empty)
1300475168.8539|CPbrpk1qSsw6ESzHV4|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF||0|Dd|1|66|1|117|(empty) 1300475168.8539|CPbrpk1qSsw6ESzHV4|141.142.220.118|43927|141.142.2.2|53|udp|dns|0.000435113906860352|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.85438|C6pKV8GSxOnSLghOa|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF||0|Dd|1|80|1|127|(empty) 1300475168.85438|C6pKV8GSxOnSLghOa|141.142.220.118|37676|141.142.2.2|53|udp|dns|0.000420093536376953|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.85484|CIPOse170MGiRM1Qf4|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF||0|Dd|1|66|1|211|(empty) 1300475168.85484|CIPOse170MGiRM1Qf4|141.142.220.118|40526|141.142.2.2|53|udp|dns|0.000391960144042969|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.8553|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1||0|ShADad|6|1491|4|949|(empty) 1300475168.8553|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|tcp|http|0.218501091003418|1171|733|S1|||0|ShADad|6|1491|4|949|(empty)
1300475168.85533|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1||0|ShADad|6|1445|4|950|(empty) 1300475168.85533|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|tcp|http|0.219720125198364|1125|734|S1|||0|ShADad|6|1445|4|950|(empty)
1300475168.85796|CMXxB5GvmoxJFXdTa|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF||0|Dd|1|66|1|117|(empty) 1300475168.85796|CMXxB5GvmoxJFXdTa|141.142.220.118|32902|141.142.2.2|53|udp|dns|0.000317096710205078|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.85831|Caby8b1slFea8xwSmb|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF||0|Dd|1|80|1|127|(empty) 1300475168.85831|Caby8b1slFea8xwSmb|141.142.220.118|59816|141.142.2.2|53|udp|dns|0.000343084335327148|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.85871|Che1bq3i2rO3KD1Syg|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF||0|Dd|1|66|1|211|(empty) 1300475168.85871|Che1bq3i2rO3KD1Syg|141.142.220.118|59714|141.142.2.2|53|udp|dns|0.000375032424926758|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.85916|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1||0|ShADad|6|1450|4|950|(empty) 1300475168.85916|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|tcp|http|0.215893030166626|1130|734|S1|||0|ShADad|6|1450|4|950|(empty)
1300475168.89164|CEle3f3zno26fFZkrh|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF||0|Dd|1|66|1|117|(empty) 1300475168.89164|CEle3f3zno26fFZkrh|141.142.220.118|58206|141.142.2.2|53|udp|dns|0.000339031219482422|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.89204|CwSkQu4eWZCH7OONC1|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF||0|Dd|1|80|1|127|(empty) 1300475168.89204|CwSkQu4eWZCH7OONC1|141.142.220.118|38911|141.142.2.2|53|udp|dns|0.000334978103637695|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.89241|CfTOmO0HKorjr8Zp7|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF||0|Dd|1|66|1|211|(empty) 1300475168.89241|CfTOmO0HKorjr8Zp7|141.142.220.118|59746|141.142.2.2|53|udp|dns|0.000420808792114258|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.89291|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1||0|ShADad|6|1457|4|949|(empty) 1300475168.89291|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|tcp|http|0.220960855484009|1137|733|S1|||0|ShADad|6|1457|4|949|(empty)
1300475168.89294|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1||0|ShADad|6|1468|4|950|(empty) 1300475168.89294|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|tcp|http|0.229603052139282|1148|734|S1|||0|ShADad|6|1468|4|950|(empty)
1300475168.89399|Cab0vO1xNYSS2hJkle|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF||0|Dd|1|66|1|117|(empty) 1300475168.89399|Cab0vO1xNYSS2hJkle|141.142.220.118|45000|141.142.2.2|53|udp|dns|0.000384092330932617|38|89|SF|||0|Dd|1|66|1|117|(empty)
1300475168.89442|Cx2FqO23omNawSNrxj|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF||0|Dd|1|80|1|127|(empty) 1300475168.89442|Cx2FqO23omNawSNrxj|141.142.220.118|48479|141.142.2.2|53|udp|dns|0.000316858291625977|52|99|SF|||0|Dd|1|80|1|127|(empty)
1300475168.89479|Cx3C534wEyF3OvvcQe|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF||0|Dd|1|66|1|211|(empty) 1300475168.89479|Cx3C534wEyF3OvvcQe|141.142.220.118|48128|141.142.2.2|53|udp|dns|0.000422954559326172|38|183|SF|||0|Dd|1|66|1|211|(empty)
1300475168.89527|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1||0|ShADad|6|1498|4|950|(empty) 1300475168.89527|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|tcp|http|0.227283954620361|1178|734|S1|||0|ShADad|6|1498|4|950|(empty)
1300475168.90175|CUKS0W3HFYOnBqSE5e|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF||0|Dd|1|64|1|159|(empty) 1300475168.90175|CUKS0W3HFYOnBqSE5e|141.142.220.118|56056|141.142.2.2|53|udp|dns|0.000402212142944336|36|131|SF|||0|Dd|1|64|1|159|(empty)
1300475168.90219|CRrfvP2lalMAYOCLhj|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF||0|Dd|1|64|1|226|(empty) 1300475168.90219|CRrfvP2lalMAYOCLhj|141.142.220.118|55092|141.142.2.2|53|udp|dns|0.000374078750610352|36|198|SF|||0|Dd|1|64|1|226|(empty)
1300475168.90264|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1||0|ShADad|4|750|3|576|(empty) 1300475168.90264|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|tcp|http|0.120040893554688|534|412|S1|||0|ShADad|4|750|3|576|(empty)
1300475169.78033|CUof3F2yAIid8QS3dk|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH||0|h|0|0|1|48|(empty) 1300475169.78033|CUof3F2yAIid8QS3dk|141.142.220.235|6705|173.192.163.128|80|tcp|||||OTH|||0|h|0|0|1|48|(empty)
1300475169.89944|CojBOU3CXcLHl1r6x1|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0||0|D|1|85|0|0|(empty) 1300475169.89944|CojBOU3CXcLHl1r6x1|141.142.220.44|5353|224.0.0.251|5353|udp|dns||||S0|||0|D|1|85|0|0|(empty)
1300475170.86238|CJzVQRGJrX6V15ik7|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0||0|D|7|546|0|0|(empty) 1300475170.86238|CJzVQRGJrX6V15ik7|141.142.220.226|137|141.142.220.255|137|udp|dns|2.61301684379578|350|0|S0|||0|D|7|546|0|0|(empty)
1300475171.67537|ClAbxY1nmdjCuo0Le2|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0||0|D|2|162|0|0|(empty) 1300475171.67537|ClAbxY1nmdjCuo0Le2|fe80::3074:17d5:2052:c324|65373|ff02::1:3|5355|udp|dns|0.100096225738525|66|0|S0|||0|D|2|162|0|0|(empty)
1300475171.67708|CwG0BF1VXE0gWgs78|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0||0|D|2|122|0|0|(empty) 1300475171.67708|CwG0BF1VXE0gWgs78|141.142.220.226|55131|224.0.0.252|5355|udp|dns|0.100020885467529|66|0|S0|||0|D|2|122|0|0|(empty)
1300475173.11675|CisNaL1Cm73CiNOmcg|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0||0|D|2|162|0|0|(empty) 1300475173.11675|CisNaL1Cm73CiNOmcg|fe80::3074:17d5:2052:c324|54213|ff02::1:3|5355|udp|dns|0.0998010635375977|66|0|S0|||0|D|2|162|0|0|(empty)
1300475173.11736|CBQnJn22qN8TOeeZil|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0||0|D|2|122|0|0|(empty) 1300475173.11736|CBQnJn22qN8TOeeZil|141.142.220.226|55671|224.0.0.252|5355|udp|dns|0.0998489856719971|66|0|S0|||0|D|2|122|0|0|(empty)
1300475173.15368|CbEsuD3dgDDngdlbKf|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0||0|D|1|78|0|0|(empty) 1300475173.15368|CbEsuD3dgDDngdlbKf|141.142.220.238|56641|141.142.220.255|137|udp|dns||||S0|||0|D|1|78|0|0|(empty)

18
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv4/conn.log
View file

@ -3,12 +3,12 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-23-15-49 #open 2015-02-23-21-43-45
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2014-04-01-23-15-49 #close 2015-02-23-21-43-45

20
testing/btest/Baseline/scripts.base.protocols.ftp.ftp-ipv6/conn.log
View file

@ -3,13 +3,13 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-23-15-51 #open 2015-02-23-21-43-46
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - 0 ShAdfFa 5 372 4 642 (empty) 1329327783.316897 CjhGID4nQcgTWjvg4c 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49186 2001:470:4867:99::21 57086 tcp ftp-data 0.219721 0 342 SF - - 0 ShAdfFa 5 372 4 642 (empty)
1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - 0 ShAdfFa 5 372 4 343 (empty) 1329327786.524332 CCvvfg3TEfuqmmG4bh 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49187 2001:470:4867:99::21 57087 tcp ftp-data 0.217501 0 43 SF - - 0 ShAdfFa 5 372 4 343 (empty)
1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - 0 ShAdfFa 5 372 4 377 (empty) 1329327787.289095 CsRx2w45OKnoww6xl4 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49188 2001:470:4867:99::21 57088 tcp ftp-data 0.217941 0 77 SF - - 0 ShAdfFa 5 372 4 377 (empty)
1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - 0 ShADFaf 5 449 4 300 (empty) 1329327795.571921 CRJuHdVW0XPVINV8a 2001:470:4867:99::21 55785 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49189 tcp ftp-data 0.109813 77 0 SF - - 0 ShADFaf 5 449 4 300 (empty)
1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - 0 ShAdDfFa 57 4426 34 5908 (empty) 1329327777.822004 CXWv6p3arKYeMETxOg 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49185 2001:470:4867:99::21 21 tcp ftp 26.658219 310 3448 SF - - 0 ShAdDfFa 57 4426 34 5908 (empty)
1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - 0 ShADFaf 5 714 4 300 (empty) 1329327800.017649 CPbrpk1qSsw6ESzHV4 2001:470:4867:99::21 55647 2001:470:1f11:81f:c999:d94:aa7c:2e3e 49190 tcp ftp-data 0.109181 342 0 SF - - 0 ShADFaf 5 714 4 300 (empty)
#close 2014-04-01-23-15-51 #close 2015-02-23-21-43-46

12
testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-23-15-53 #open 2015-02-23-21-43-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1348168976.274919 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 tcp ssl,ftp,gridftp 0.294743 4491 6659 SF - 0 ShAdDaFf 22 5643 21 7759 (empty) 1348168976.274919 CXWv6p3arKYeMETxOg 192.168.57.103 60108 192.168.57.101 2811 tcp ssl,ftp,gridftp 0.294743 4491 6659 SF - - 0 ShAdDaFf 22 5643 21 7759 (empty)
1348168976.546371 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.011938 2135 3196 S1 - 0 ShADad 8 2559 6 3516 (empty) 1348168976.546371 CjhGID4nQcgTWjvg4c 192.168.57.103 35391 192.168.57.101 55968 tcp ssl,gridftp-data 0.011938 2135 3196 S1 - - 0 ShADad 8 2559 6 3516 (empty)
#close 2014-04-01-23-15-53 #close 2015-02-23-21-43-47

10
testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-23-15-59 #open 2015-02-23-21-43-52
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - 0 ShADadfF 14 2257 16 944 (empty) 1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 (empty)
#close 2014-04-01-23-15-59 #close 2015-02-23-21-43-52

12
testing/btest/Baseline/scripts.base.protocols.irc.basic/conn.log
View file

@ -3,9 +3,9 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-05-01-19-07-07 #open 2015-02-23-21-43-57
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1311189318.898709 CjhGID4nQcgTWjvg4c 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - 0 ShAdDaFf 28 1592 43 44452 (empty) 1311189318.898709 CjhGID4nQcgTWjvg4c 192.168.1.77 57655 209.197.168.151 1024 tcp irc-dcc-data 2.256935 124 42208 SF - - 0 ShAdDaFf 28 1592 43 44452 (empty)
1311189164.064603 CXWv6p3arKYeMETxOg 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - 0 ShADdaf 63 3761 52 28194 (empty) 1311189164.064603 CXWv6p3arKYeMETxOg 192.168.1.77 57640 66.198.80.67 6667 tcp irc 178.237017 453 25404 S3 - - 0 ShADdaf 63 3761 52 28194 (empty)
#close 2014-05-01-19-07-07 #close 2015-02-23-21-43-57

10
testing/btest/Baseline/scripts.base.protocols.socks.socks-auth/socks.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path socks
#open 2015-02-05-16-13-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string string addr string port addr string port
1368517392.724989 CXWv6p3arKYeMETxOg 192.168.0.2 55951 192.168.0.1 1080 5 bob alice succeeded 192.168.0.2 - 22 192.168.0.1 - 55951
#close 2015-02-05-16-13-12

10
testing/btest/Baseline/scripts.base.protocols.socks.socks-auth/tunnel.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path tunnel
#open 2015-02-05-16-13-12
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action
#types time string addr port addr port enum enum
1368517392.728523 - 192.168.0.2 0 192.168.0.1 1080 Tunnel::SOCKS Tunnel::DISCOVER
#close 2015-02-05-16-13-12

10
testing/btest/Baseline/scripts.base.protocols.socks.trace1/socks.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path socks #path socks
#open 2013-08-26-19-04-20 #open 2015-02-05-17-39-14
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string addr string port addr string port #types time string addr port addr port count string string string addr string port addr string port
1340213015.276495 CjhGID4nQcgTWjvg4c 10.0.0.55 53994 60.190.189.214 8124 5 - succeeded - www.osnews.com 80 192.168.0.31 - 2688 1340213015.276495 CjhGID4nQcgTWjvg4c 10.0.0.55 53994 60.190.189.214 8124 5 - - succeeded - www.osnews.com 80 192.168.0.31 - 2688
#close 2013-08-26-19-04-20 #close 2015-02-05-17-39-14

10
testing/btest/Baseline/scripts.base.protocols.socks.trace2/socks.log
View file

@ -3,8 +3,8 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path socks #path socks
#open 2013-08-26-19-04-20 #open 2015-02-05-17-39-29
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user status request.host request.name request_p bound.host bound.name bound_p #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version user password status request.host request.name request_p bound.host bound.name bound_p
#types time string addr port addr port count string string addr string port addr string port #types time string addr port addr port count string string string addr string port addr string port
1340113261.914619 CXWv6p3arKYeMETxOg 10.0.0.50 59580 85.194.84.197 1080 5 - succeeded - www.google.com 443 0.0.0.0 - 443 1340113261.914619 CXWv6p3arKYeMETxOg 10.0.0.50 59580 85.194.84.197 1080 5 - - succeeded - www.google.com 443 0.0.0.0 - 443
#close 2013-08-26-19-04-20 #close 2015-02-05-17-39-29

18
testing/btest/Baseline/signatures.eval-condition/conn.log
View file

@ -3,12 +3,12 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2014-04-01-23-16-29 #open 2015-02-23-21-45-47
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count set[string] #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - 0 ShAdfFa 4 216 4 562 (empty) 1329843175.736107 CjhGID4nQcgTWjvg4c 141.142.220.235 37604 199.233.217.249 56666 tcp ftp-data 0.112432 0 342 SF - - 0 ShAdfFa 4 216 4 562 (empty)
1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - 0 ShAdfFa 4 216 4 297 (empty) 1329843179.871641 CCvvfg3TEfuqmmG4bh 141.142.220.235 59378 199.233.217.249 56667 tcp ftp-data 0.111218 0 77 SF - - 0 ShAdfFa 4 216 4 297 (empty)
1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - 0 ShADaFf 5 614 3 164 (empty) 1329843194.151526 CsRx2w45OKnoww6xl4 199.233.217.249 61920 141.142.220.235 33582 tcp ftp-data 0.056211 342 0 SF - - 0 ShADaFf 5 614 3 164 (empty)
1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - 0 ShADaFf 5 349 3 164 (empty) 1329843197.783443 CRJuHdVW0XPVINV8a 199.233.217.249 61918 141.142.220.235 37835 tcp ftp-data 0.056005 77 0 SF - - 0 ShADaFf 5 349 3 164 (empty)
1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - 0 ShAdDfFa 38 2164 25 4458 (empty) 1329843161.968492 CXWv6p3arKYeMETxOg 141.142.220.235 50003 199.233.217.249 21 tcp ftp,blah 38.055625 180 3146 SF - - 0 ShAdDfFa 38 2164 25 4458 (empty)
#close 2014-04-01-23-16-29 #close 2015-02-23-21-45-47

BIN
testing/btest/Traces/socks-auth.pcap Normal file
View file

Binary file not shown.

80
testing/btest/core/leaks/while.bro Normal file
View file

@ -0,0 +1,80 @@
# @TEST-GROUP: leaks
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: btest-bg-wait 30
function test_noop()
{
while ( F )
print "noooooooooo";
}
function test_it()
{
local i = 0;
while ( i < 10 )
++i;
print i;
}
function test_break()
{
local s = "";
while ( T )
{
s += "s";
print s;
if ( s == "sss" )
break;
}
}
function test_next()
{
local s: set[count];
local i = 0;
while ( 9 !in s )
{
++i;
if ( i % 2 == 0 )
next;
add s[i];
}
print s;
}
function test_return(): vector of string
{
local i = 0;
local rval: vector of string;
while ( T )
{
rval[i] = fmt("number %d", i);
++i;
if ( i == 13 )
return rval;
}
rval[0] = "noooo";
return rval;
}
event new_connection(c: connection)
{
test_noop();
test_it();
test_break();
test_next();
print test_return();
}

77
testing/btest/language/while.bro Normal file
View file

@ -0,0 +1,77 @@
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
function test_noop()
{
while ( F )
print "noooooooooo";
}
function test_it()
{
local i = 0;
while ( i < 10 )
++i;
print i;
}
function test_break()
{
local s = "";
while ( T )
{
s += "s";
print s;
if ( s == "sss" )
break;
}
}
function test_next()
{
local s: set[count];
local i = 0;
while ( 9 !in s )
{
++i;
if ( i % 2 == 0 )
next;
add s[i];
}
print s;
}
function test_return(): vector of string
{
local i = 0;
local rval: vector of string;
while ( T )
{
rval[i] = fmt("number %d", i);
++i;
if ( i == 13 )
return rval;
}
rval[0] = "noooo";
return rval;
}
event bro_init()
{
test_noop();
test_it();
test_break();
test_next();
print test_return();
}

2
testing/btest/plugins/api-version-mismatch.sh
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: bash %INPUT # @TEST-EXEC: bash %INPUT
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >tmp 2>&1 # @TEST-EXEC-FAIL: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >tmp 2>&1

4
testing/btest/plugins/bifs-and-scripts-install.sh
View file

@ -1,10 +1,10 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: bash %INPUT # @TEST-EXEC: bash %INPUT
# @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install # @TEST-EXEC: ./configure --bro-dist=${DIST} --install-root=`pwd`/test-install
# @TEST-EXEC: make # @TEST-EXEC: make
# @TEST-EXEC: make install # @TEST-EXEC: make install
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro -NN Demo::Foo >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro demo/foo -r $TRACES/empty.trace >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd`/test-install bro demo/foo -r $TRACES/empty.trace >>output
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
mkdir -p scripts/demo/foo/base/ mkdir -p scripts/demo/foo/base/

2
testing/btest/plugins/bifs-and-scripts.sh
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: bash %INPUT # @TEST-EXEC: bash %INPUT
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

2
testing/btest/plugins/file.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/file-plugin/* . # @TEST-EXEC: cp -r %DIR/file-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

2
testing/btest/plugins/hooks.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Hooks # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Hooks
# @TEST-EXEC: cp -r %DIR/hooks-plugin/* . # @TEST-EXEC: cp -r %DIR/hooks-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/http/get.trace %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output

2
testing/btest/plugins/init-plugin.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output
# @TEST-EXEC: echo === >>output # @TEST-EXEC: echo === >>output

2
testing/btest/plugins/pktdumper.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* . # @TEST-EXEC: cp -r %DIR/pktdumper-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

2
testing/btest/plugins/pktsrc.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* . # @TEST-EXEC: cp -r %DIR/pktsrc-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

2
testing/btest/plugins/protocol.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/protocol-plugin/* . # @TEST-EXEC: cp -r %DIR/protocol-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

2
testing/btest/plugins/reader.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin -u . Demo Foo
# @TEST-EXEC: cp -r %DIR/reader-plugin/* . # @TEST-EXEC: cp -r %DIR/reader-plugin/* .
# @TEST-EXEC: ./configure --bro-dist=${DIST} && make # @TEST-EXEC: ./configure --bro-dist=${DIST} && make
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output

Some files were not shown because too many files have changed in this diff Show more