Merge remote-tracking branch 'origin/topic/robin/gh-4007-spicy-eod'

* origin/topic/robin/gh-4007-spicy-eod:
  Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down.

src/spicy/protocol-analyzer.cc

@@ -40,10 +40,7 @@ ProtocolAnalyzer::~ProtocolAnalyzer() {}
 
 void ProtocolAnalyzer::Init() {}
 
-void ProtocolAnalyzer::Done() {
-    Finish(true);
-    Finish(false);
-}
+void ProtocolAnalyzer::Done() {}
 
 void ProtocolAnalyzer::Process(bool is_orig, int len, const u_char* data) {
     auto* endp = is_orig ? &_originator : &_responder;
@@ -162,16 +159,7 @@ void TCP_Analyzer::Undelivered(uint64_t seq, int len, bool is_orig) {
     Process(is_orig, len, nullptr);
 }
 
-void TCP_Analyzer::EndOfData(bool is_orig) {
-    analyzer::tcp::TCP_ApplicationAnalyzer::EndOfData(is_orig);
-
-    if ( TCP() && TCP()->IsPartial() ) {
-        STATE_DEBUG_MSG(is_orig, "skipping end-of-data delivery on partial TCP connection");
-        return;
-    }
-
-    Finish(is_orig);
-}
+void TCP_Analyzer::EndOfData(bool is_orig) { analyzer::tcp::TCP_ApplicationAnalyzer::EndOfData(is_orig); }
 
 void TCP_Analyzer::FlipRoles() {
     analyzer::tcp::TCP_ApplicationAnalyzer::FlipRoles();
@@ -211,6 +199,9 @@ void UDP_Analyzer::Init() {
 void UDP_Analyzer::Done() {
     analyzer::Analyzer::Done();
     ProtocolAnalyzer::Done();
+
+    Finish(true);
+    Finish(false);
 }
 
 void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64_t seq, const IP_Hdr* ip,

testing/btest/Baseline/spicy.tcp-eod-behavior/output-1024-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Not enough data, regular FINs (expect analyzer error)
+violation	expected 1024 bytes (136 available) (<...>/test.spicy:12:5-12:23)

testing/btest/Baseline/spicy.tcp-eod-behavior/output-1024-no-fins

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Not enough data, missing FINs (expect no output)

testing/btest/Baseline/spicy.tcp-eod-behavior/output-136-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Exact data, regular FINs (expect event output)
+event foo()

testing/btest/Baseline/spicy.tcp-eod-behavior/output-136-no-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Exact data, missing FINs (expect event output)
+event foo()

testing/btest/Baseline/spicy.tcp-eod-behavior/output-16-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Too much data, regular FINs (expect event output)
+event foo()

testing/btest/Baseline/spicy.tcp-eod-behavior/output-16-no-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Too much data, missing FINs (expect event output)
+event foo()

testing/btest/Baseline/spicy.tcp-eod-behavior/output-eod-fins

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Until EOD, regular FINs (expect event output)
+event foo()

testing/btest/Baseline/spicy.tcp-eod-behavior/output-eod-no-fins

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+=== Until EOD, missing FINs (expect no output)

testing/btest/spicy/tcp-eod-behavior.zeek

@@ -0,0 +1,107 @@
+# @TEST-REQUIRES: have-spicy
+#
+# @TEST-DOC: Exercise end-of-data behavior for combinations of units expected certain amounts and regular vs non-regular connection termination.
+#
+# @TEST-EXEC: spicyz -d -o foo-16.hlto test.spicy foo-16.evt
+# @TEST-EXEC: spicyz -d -o foo-136.hlto test.spicy foo-136.evt
+# @TEST-EXEC: spicyz -d -o foo-1024.hlto test.spicy foo-1024.evt
+# @TEST-EXEC: spicyz -d -o foo-eod.hlto test.spicy foo-eod.evt
+
+# @TEST-EXEC: echo "=== Too much data, regular FINs (expect event output)" >>output-16-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get.trace Zeek::Spicy foo-16.hlto %INPUT >>output-16-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-16-fins
+
+# @TEST-EXEC: echo "=== Too much data, missing FINs (expect event output)" >>output-16-no-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get-without-fins.trace Zeek::Spicy foo-16.hlto %INPUT >>output-16-no-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-16-no-fins
+
+# @TEST-EXEC: echo "=== Exact data, regular FINs (expect event output)" >>output-136-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get.trace Zeek::Spicy foo-136.hlto %INPUT >>output-136-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-136-fins
+
+# @TEST-EXEC: echo "=== Exact data, missing FINs (expect event output)" >>output-136-no-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get-without-fins.trace Zeek::Spicy foo-136.hlto %INPUT >>output-136-no-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-136-no-fins
+
+# @TEST-EXEC: echo "=== Not enough data, regular FINs (expect analyzer error)" >>output-1024-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get.trace Zeek::Spicy foo-1024.hlto %INPUT >>output-1024-fins
+# @TEST-EXEC: test -f analyzer.log && zeek-cut cause failure_reason <analyzer.log | diff-remove-abspath >>output-1024-fins
+# @TEST-EXEC: btest-diff output-1024-fins
+
+# @TEST-EXEC: echo "=== Not enough data, missing FINs (expect no output)" >>output-1024-no-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get-without-fins.trace Zeek::Spicy foo-1024.hlto %INPUT >>output-1024-no-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-1024-no-fins
+
+# @TEST-EXEC: echo "=== Until EOD, regular FINs (expect event output)" >>output-eod-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get.trace Zeek::Spicy foo-eod.hlto %INPUT >>output-eod-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-eod-fins
+
+# @TEST-EXEC: echo "=== Until EOD, missing FINs (expect no output)" >>output-eod-no-fins
+# @TEST-EXEC: rm -f analyzer.log && zeek -b -r ${TRACES}/http/get-without-fins.trace Zeek::Spicy foo-eod.hlto %INPUT >>output-eod-no-fins
+# @TEST-EXEC: test '!' -f analyzer.log
+# @TEST-EXEC: btest-diff output-eod-no-fins
+
+event Test::foo() {
+    print "event foo()";
+    }
+
+# @TEST-START-FILE test.spicy
+module Test;
+
+public type Foo16 = unit {
+    : bytes &size=16;
+};
+
+public type Foo136 = unit {
+    : bytes &size=136;
+};
+
+public type Foo1024 = unit {
+    : bytes &size=1024;
+};
+
+public type FooEOD = unit {
+    : bytes &eod;
+};
+
+# @TEST-END-FILE
+
+# @TEST-START-FILE foo-16.evt
+
+protocol analyzer spicy::Foo over TCP:
+    parse originator with Test::Foo16,
+    port 80/tcp;
+
+on Test::Foo16 -> event Test::foo();
+# @TEST-END-FILE
+
+# @TEST-START-FILE foo-136.evt
+protocol analyzer spicy::Foo over TCP:
+    parse originator with Test::Foo136,
+    port 80/tcp;
+
+on Test::Foo136 -> event Test::foo();
+# @TEST-END-FILE
+
+# @TEST-START-FILE foo-1024.evt
+protocol analyzer spicy::Foo over TCP:
+    parse originator with Test::Foo1024,
+    port 80/tcp;
+
+on Test::Foo1024 -> event Test::foo();
+# @TEST-END-FILE
+
+# @TEST-START-FILE foo-eod.evt
+protocol analyzer spicy::Foo over TCP:
+    parse originator with Test::FooEOD,
+    port 80/tcp;
+
+on Test::FooEOD -> event Test::foo();
+# @TEST-END-FILE
+