diff --git a/CHANGES b/CHANGES index 1a2e0de160..3a9c95d39d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,10 @@ +7.1.0-dev.393 | 2024-10-15 09:56:19 +0200 + + * Test `.evt` file `&priority` (Evan Typanski, Corelight) + + This was not documented nor tested, so this tests the behavior. + Documentation should be added later. + 7.1.0-dev.390 | 2024-10-09 15:36:41 -0700 * removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs (Vern Paxson, Corelight) diff --git a/VERSION b/VERSION index 342e888e7b..605800ca36 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -7.1.0-dev.390 +7.1.0-dev.393 diff --git a/testing/btest/Baseline/spicy.hook-priority/output b/testing/btest/Baseline/spicy.hook-priority/output index dc72568d4c..c4c3dcb4de 100644 --- a/testing/btest/Baseline/spicy.hook-priority/output +++ b/testing/btest/Baseline/spicy.hook-priority/output @@ -2,4 +2,6 @@ Spicy: highest prio Spicy: default prio Spicy: lowest prio +Zeek: highest prio, [x=default] Zeek: default prio, [x=default] +Zeek: lowest prio, [x=default] diff --git a/testing/btest/spicy/hook-priority.zeek b/testing/btest/spicy/hook-priority.zeek index 0ab6139127..b7f8f3ca0b 100644 --- a/testing/btest/spicy/hook-priority.zeek +++ b/testing/btest/spicy/hook-priority.zeek @@ -12,11 +12,21 @@ event zeek_init() Analyzer::register_for_port(Analyzer::ANALYZER_FOO, 80/tcp); } +event foo_last(x: foo::X) + { + print "Zeek: lowest prio", x; + } + event foo(x: foo::X) { print "Zeek: default prio", x; } +event foo_first(x: foo::X) + { + print "Zeek: highest prio", x; + } + # @TEST-START-FILE foo.spicy module foo; @@ -54,8 +64,8 @@ protocol analyzer Foo over TCP: # by examining the data though which above Spicy hooks mutate; we expect to see # data from the default priority handler since we should run right after it. on foo::X -> event foo(self); +on foo::X -> event foo_first(self) &priority=-500; +on foo::X -> event foo_last(self) &priority=-1500; export foo::X; - -# TODO(bbannier): test that EVT hook priority can correctly be overriden. # @TEST-END-FILE