Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ARP: remove unnecessary variables and add testcase

Browse source 
BIT-1573 #close
This commit is contained in:
Johanna Amann 2016-04-27 06:51:04 -07:00
parent e9a87566ef
commit 3a70289e91
5 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyzer/protocol/arp/ARP.cc
View file

@ -10,9 +10,6 @@ using namespace analyzer::arp;
ARP_Analyzer::ARP_Analyzer()
{
bad_arp = internal_handler("bad_arp");
arp_request = internal_handler("arp_request");
arp_reply = internal_handler("arp_reply");
}
ARP_Analyzer::~ARP_Analyzer()

4
src/analyzer/protocol/arp/ARP.h
View file

@ -50,10 +50,6 @@ protected:
StringVal* EthAddrToStr(const u_char* addr);
void BadARP(const struct arp_pkthdr* hdr, const char* string);
void Corrupted(const char* string);
EventHandlerPtr arp_corrupted_packet;
EventHandlerPtr arp_request;
EventHandlerPtr arp_reply;
};
} } // namespace analyzer::*

2
testing/btest/Baseline/scripts.base.protocols.arp.basic/.stdout Normal file
View file

@ -0,0 +1,2 @@
78:31:c1:c6:3f:c2, ff:ff:ff:ff:ff:ff, 10.0.0.2, 78:31:c1:c6:3f:c2, 10.0.0.1, 00:00:00:00:00:00
f8:ed:a5:c0:a4:f1, 78:31:c1:c6:3f:c2, 10.0.0.1, f8:ed:a5:c0:a4:f1, 10.0.0.2, 78:31:c1:c6:3f:c2

BIN
testing/btest/Traces/arp-who-has.pcap Normal file
View file

Binary file not shown.

13
testing/btest/scripts/base/protocols/arp/basic.test Normal file
View file

@ -0,0 +1,13 @@
# @TEST-EXEC: bro -r $TRACES/arp-who-has.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout
event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
{
print mac_src, mac_dst, SPA, SHA, TPA, THA;
}
event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
{
print mac_src, mac_dst, SPA, SHA, TPA, THA;
}