Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/3915-unknown-ip-protocol'

Browse source 
* origin/topic/timw/3915-unknown-ip-protocol:
  Add NEWS entry for ip_proto feature
  Move IP protocol names table out of policy script to init-bare
  Minor review nits
  Fixes for community ID hashing with new proto values
  Use new_connection instead of connection_state_remove
  Add policy script to remove ip_proto field, rename protocol naming script
  Rename protocol_id field to ip_proto and similar renaming for name field
  Increase size of proto fields to uint16_t, add common default value
  Disable part of core/dict-iteration-expire5 btest to avoid iteration bug
  Add conn.log entries for connections with unhandled IP protocols
This commit is contained in:
Tim Wojtulewicz 2024-11-13 14:36:04 -07:00
commit 3c08c57be3
412 changed files with 97725 additions and 97218 deletions
Download patch file Download diff file Expand all files Collapse all files

26
CHANGES
View file

@ -1,3 +1,29 @@
7.1.0-dev.529 | 2024-11-13 14:36:04 -0700
* Add NEWS entry for ip_proto feature (Tim Wojtulewicz, Corelight)
* Move IP protocol names table out of policy script to init-bare (Tim Wojtulewicz, Corelight)
* Minor review nits (Tim Wojtulewicz, Corelight)
* Fixes for community ID hashing with new proto values (Tim Wojtulewicz, Corelight)
* Use new_connection instead of connection_state_remove (Tim Wojtulewicz, Corelight)
* Add policy script to remove ip_proto field, rename protocol naming script (Tim Wojtulewicz, Corelight)
* Rename protocol_id field to ip_proto and similar renaming for name field (Tim Wojtulewicz, Corelight)
* Increase size of proto fields to uint16_t, add common default value (Tim Wojtulewicz, Corelight)
* Disable part of core/dict-iteration-expire5 btest to avoid iteration bug (Tim Wojtulewicz)
The second set of seeds in this test trip the bug reported in #3538
* Add conn.log entries for connections with unhandled IP protocols (Tim Wojtulewicz, Corelight)
* CI: Add Ubuntu 24.10 (Johanna Amann, Corelight)
7.1.0-dev.516 | 2024-11-12 12:26:41 -0700
* diff-remove-abspath: Add separate handling of Windows paths (Tim Wojtulewicz)

9
NEWS
View file

@ -30,6 +30,15 @@ Breaking Changes
New Functionality
-----------------
* IP-based connections that were previously not logged due to using an unknown
IP protocol (e.g. not TCP, UDP, or ICMP) now appear in conn.log. All conn.log
entries have a new ``ip_proto`` column that indicates the numeric IP protocol
identifier used by the connection. A new policy script at
``policy/protocols/conn/ip-proto-name-logging.zeek`` can be loaded to also add
an ``ip_proto_name`` column with a string version of the ``ip_proto`` value.
This entire feature can be disabled by loading the new
``policy/protocols/conn/disable-unknown-ip-proto-support.zeek`` policy script.
- Zeek now includes a PostgreSQL protocol analyzer. This analyzer is enabled
by default. The analyzer's events and its ``postgresql.log`` should be
considered preliminary and experimental until the arrival of Zeek's next

2
VERSION
View file

@ -1 +1 @@
7.1.0-dev.516
7.1.0-dev.529

180
scripts/base/init-bare.zeek
View file

@ -213,11 +213,12 @@ type transport_proto: enum {
## see :ref:`the manual's description of the connection record
## <writing-scripts-connection-record>`.
type conn_id: record {
orig_h: addr; ##< The originator's IP address.
orig_p: port; ##< The originator's port number.
resp_h: addr; ##< The responder's IP address.
resp_p: port; ##< The responder's port number.
} &log;
orig_h: addr &log; ##< The originator's IP address.
orig_p: port &log; ##< The originator's port number.
resp_h: addr &log; ##< The responder's IP address.
resp_p: port &log; ##< The responder's port number.
proto: count &default=65535; ##< The transport protocol ID. Defaults to 65535 as an "unknown" value.
};
## The identifying 4-tuple of a uni-directional flow.
##
@ -1300,21 +1301,27 @@ const non_analyzed_lifetime = 0 secs &redef;
## If a TCP connection is inactive, time it out after this interval. If 0 secs,
## then don't time it out.
##
## .. zeek:see:: udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout
## .. zeek:see:: udp_inactivity_timeout icmp_inactivity_timeout unknown_ip_inactivity_timeout set_inactivity_timeout
const tcp_inactivity_timeout = 5 min &redef;
## If a UDP flow is inactive, time it out after this interval. If 0 secs, then
## don't time it out.
##
## .. zeek:see:: tcp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout
## .. zeek:see:: tcp_inactivity_timeout icmp_inactivity_timeout unknown_ip_inactivity_timeout set_inactivity_timeout
const udp_inactivity_timeout = 1 min &redef;
## If an ICMP flow is inactive, time it out after this interval. If 0 secs, then
## don't time it out.
##
## .. zeek:see:: tcp_inactivity_timeout udp_inactivity_timeout set_inactivity_timeout
## .. zeek:see:: tcp_inactivity_timeout udp_inactivity_timeout unknown_ip_inactivity_timeout set_inactivity_timeout
const icmp_inactivity_timeout = 1 min &redef;
## If a flow with an unknown IP-based protocol is inactive, time it out after
## this interval. If 0 secs, then don't time it out.
##
## .. zeek:see:: tcp_inactivity_timeout udp_inactivity_timeout icmp_inactivity_timeout set_inactivity_timeout
const unknown_ip_inactivity_timeout = 1 min &redef;
## Number of FINs/RSTs in a row that constitute a "storm". Storms are reported
## as ``weird`` via the notice framework, and they must also come within
## intervals of at most :zeek:see:`tcp_storm_interarrival_thresh`.
@ -5955,6 +5962,163 @@ export {
const civetweb_threads: count = 2 &redef;
}
module IP;
export {
## Mapping from IP protocol identifier values to string names.
const protocol_names: table[count] of string = {
[0] = "hopopt",
[1] = "icmp",
[2] = "igmp",
[3] = "ggp",
[4] = "ip-in-ip",
[5] = "st",
[6] = "tcp",
[7] = "cbt",
[8] = "egp",
[9] = "igp",
[10] = "bbc-rcc-mon",
[11] = "nvp-ii",
[12] = "pup",
[13] = "argus",
[14] = "emcon",
[15] = "xnet",
[16] = "chaos",
[17] = "udp",
[18] = "mux",
[19] = "dcn-meas",
[20] = "hmp",
[21] = "prm",
[22] = "xns-idp",
[23] = "trunk-1",
[24] = "trunk-2",
[25] = "leaf-1",
[26] = "leaf-2",
[27] = "rdp",
[28] = "irtp",
[29] = "iso-tp4",
[30] = "netblt",
[31] = "mfe-nsp",
[32] = "merit-inp",
[33] = "dccp",
[34] = "3pc",
[35] = "idpr",
[36] = "xtp",
[37] = "ddp",
[38] = "idpr-cmtp",
[39] = "tp++",
[40] = "il",
[41] = "ipv6",
[42] = "sdrp",
[43] = "ipv6-route",
[44] = "ipv6-frag",
[45] = "idrp",
[46] = "rsvp",
[47] = "gre",
[48] = "dsr",
[49] = "bna",
[50] = "esp",
[51] = "ah",
[52] = "i-nlsp",
[53] = "swipe",
[54] = "narp",
[55] = "mobile",
[56] = "tlsp",
[57] = "skip",
[58] = "ipv6-icmp",
[59] = "ipv6-nonxt",
[60] = "ipv6-opts",
[61] = "host-protocol", # Any host internal protocol
[62] = "cftp",
[63] = "local-network", # Any local network
[64] = "sat-expak",
[65] = "kryptolan",
[66] = "rvd",
[67] = "ippc",
[68] = "distributed-files", # Any distributed file system
[69] = "sat-on",
[70] = "visa",
[71] = "ipcu",
[72] = "cpnx",
[73] = "cphb",
[74] = "wsn",
[75] = "pvp",
[76] = "br-sat-mon",
[77] = "sun-and",
[78] = "wb-mon",
[79] = "wb-expak",
[80] = "iso-ip",
[81] = "vmtp",
[82] = "secure-vmtp",
[83] = "vines",
[84] = "ttp or iptm", # TTP was obsoleted in 3/2023, replaced with IGTM
[85] = "nsfnet-igp",
[86] = "dgp",
[87] = "tcf",
[88] = "eigrp",
[89] = "ospf",
[90] = "sprite-rpc",
[91] = "larp",
[92] = "mtp",
[93] = "ax.25",
[94] = "os",
[95] = "micp",
[96] = "scc-sp",
[97] = "etherip",
[98] = "encap",
[99] = "private-encryption", # Any private encryption scheme
[100] = "gtmp",
[101] = "ifmp",
[102] = "pnni",
[103] = "pim",
[104] = "aris",
[105] = "scps",
[106] = "qnx",
[107] = "a/n",
[108] = "ipcomp",
[109] = "snp",
[110] = "compaq-peer",
[111] = "ipx-in-ip",
[112] = "vrrp",
[113] = "pgm",
[114] = "zero-hop", # Any 0-hop protocol
[115] = "l2tp",
[116] = "ddx",
[117] = "iatp",
[118] = "stp",
[119] = "srp",
[120] = "uti",
[121] = "smp",
[122] = "sm",
[123] = "ptp",
[124] = "is-is-over-ipv4",
[125] = "fire",
[126] = "crtp",
[127] = "crudp",
[128] = "sccopmce",
[129] = "iplt",
[130] = "sps",
[131] = "pipe",
[132] = "sctp",
[133] = "fc",
[134] = "rsvp-e2e-ignore",
[135] = "mobility-header",
[136] = "udplite",
[137] = "mpls-in-ip",
[138] = "manet",
[139] = "hip",
[140] = "shim6",
[141] = "wesp",
[142] = "rohc",
[143] = "ethernet",
[144] = "aggfrag",
[145] = "nsh",
[146] = "homa"
} &redef &default=function(c: count): string {
return fmt("unknown-ip-proto-%d", c);
};
}
module GLOBAL;
## Seed for hashes computed internally for probabilistic data structures. Using

5
scripts/base/packet-protocols/ip/main.zeek
View file

@ -1,5 +1,10 @@
module PacketAnalyzer::IP;
export {
## Default analyzer
const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_UNKNOWN_IP_TRANSPORT &redef;
}
const IPPROTO_TCP : count = 6;
const IPPROTO_UDP : count = 17;
const IPPROTO_ICMP : count = 1;

8
scripts/base/protocols/conn/main.zeek
View file

@ -158,6 +158,11 @@ export {
## *uid* values for any encapsulating parent connections
## used over the lifetime of this inner connection.
tunnel_parents: set[string] &log &optional;
## For IP-based connections, this contains the protocol
## identifier passed in the IP header. This is different
## from the *proto* field in that this value comes
## directly from the header.
ip_proto: count &log &optional;
};
## Event that can be handled to access the :zeek:type:`Conn::Info`
@ -281,6 +286,9 @@ function set_conn(c: connection, eoc: bool)
if ( c$history != "" )
c$conn$history=c$history;
}
if ( c$id$proto != 65535 )
c$conn$ip_proto = c$id$proto;
}
event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5

11
scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek Normal file
View file

@ -0,0 +1,11 @@
##! This script filters the ip_proto field out of the conn.log and disables
##! logging of connections with unknown IP protocols.
@load base/protocols/conn
@load base/frameworks/analyzer/main
redef record Conn::Info$ip_proto -= { &log };
event zeek_init() {
Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_UNKNOWN_IP_TRANSPORT);
}

19
scripts/policy/protocols/conn/ip-proto-name-logging.zeek Normal file
View file

@ -0,0 +1,19 @@
##! This script adds a string version of the ip_proto field. It's not recommended
##! to load this policy and the ip_proto removal policy at the same time, as
##! conn.log will end up with useless information in the log from this field.
@load base/protocols/conn
module Conn;
redef record Info += {
## A string version of the ip_proto field
ip_proto_name: string &log &optional;
};
event new_connection(c: connection) &priority=5 {
# In case we're the first access
Conn::set_conn(c, F);
if ( c$conn?$ip_proto && c$conn$ip_proto in IP::protocol_names )
c$conn$ip_proto_name = IP::protocol_names[c$conn$ip_proto];
}

3
scripts/policy/protocols/dhcp/software.zeek
View file

@ -45,7 +45,8 @@ event DHCP::log_dhcp(rec: DHCP::Info)
local id: conn_id = [$orig_h=rec$assigned_addr,
$orig_p=rec$client_port,
$resp_h=rec$server_addr,
$resp_p=rec$server_port];
$resp_p=rec$server_port,
$proto=17]; # DHCP is typically UDP
if ( rec?$client_software && rec$assigned_addr != 255.255.255.255 )
{

2
scripts/test-all-policy.zeek
View file

@ -92,6 +92,8 @@
@load misc/trim-trace-file.zeek
@load misc/unknown-protocols.zeek
@load protocols/conn/community-id-logging.zeek
@load protocols/conn/disable-unknown-ip-proto-support.zeek
@load protocols/conn/ip-proto-name-logging.zeek
@load protocols/conn/known-hosts.zeek
@load protocols/conn/known-services.zeek
@load protocols/conn/mac-logging.zeek

11
src/Conn.cc
View file

@ -33,7 +33,15 @@ Connection::Connection(const detail::ConnKey& k, double t, const ConnTuple* id,
resp_addr = id->dst_addr;
orig_port = id->src_port;
resp_port = id->dst_port;
proto = TRANSPORT_UNKNOWN;
switch ( id->proto ) {
case IPPROTO_TCP: proto = TRANSPORT_TCP; break;
case IPPROTO_UDP: proto = TRANSPORT_UDP; break;
case IPPROTO_ICMP:
case IPPROTO_ICMPV6: proto = TRANSPORT_ICMP; break;
default: proto = TRANSPORT_UNKNOWN; break;
}
orig_flow_label = flow;
resp_flow_label = 0;
saw_first_orig_packet = 1;
@ -187,6 +195,7 @@ const RecordValPtr& Connection::GetVal() {
id_val->Assign(1, val_mgr->Port(ntohs(orig_port), prot_type));
id_val->Assign(2, make_intrusive<AddrVal>(resp_addr));
id_val->Assign(3, val_mgr->Port(ntohs(resp_port), prot_type));
id_val->Assign(4, KeyProto());
auto orig_endp = make_intrusive<RecordVal>(id::endpoint);
orig_endp->Assign(0, 0);

4
src/Conn.h
View file

@ -60,7 +60,7 @@ struct ConnTuple {
uint32_t src_port = 0;
uint32_t dst_port = 0;
bool is_one_way = false; // if true, don't canonicalize order
TransportProto proto = TRANSPORT_UNKNOWN;
uint16_t proto = UNKNOWN_IP_PROTO;
};
static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) {
@ -135,6 +135,8 @@ public:
return "unknown";
}
uint8_t KeyProto() const { return key.transport; }
// Returns true if the packet reflects a reuse of this
// connection (i.e., not a continuation but the beginning of
// a new connection).

2
src/IP.h
View file

@ -36,6 +36,8 @@ class FragReassembler;
#define IPPROTO_MOBILITY 135
#endif
constexpr uint16_t UNKNOWN_IP_PROTO = 65535;
struct ip6_mobility {
uint8_t ip6mob_payload;
uint8_t ip6mob_len;

19
src/IPAddr.cc
View file

@ -20,9 +20,9 @@ const IPAddr IPAddr::v6_unspecified = IPAddr();
namespace detail {
ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t,
ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto,
bool one_way) {
Init(src, dst, src_port, dst_port, t, one_way);
Init(src, dst, src_port, dst_port, proto, one_way);
}
ConnKey::ConnKey(const ConnTuple& id) {
@ -60,12 +60,14 @@ ConnKey::ConnKey(Val* v) {
int orig_h, orig_p; // indices into record's value list
int resp_h, resp_p;
int proto;
if ( vr == id::conn_id ) {
orig_h = 0;
orig_p = 1;
resp_h = 2;
resp_p = 3;
proto = 4;
}
else {
// While it's not a conn_id, it may have equivalent fields.
@ -73,13 +75,14 @@ ConnKey::ConnKey(Val* v) {
resp_h = vr->FieldOffset("resp_h");
orig_p = vr->FieldOffset("orig_p");
resp_p = vr->FieldOffset("resp_p");
proto = vr->FieldOffset("proto");
if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 ) {
if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 || proto < 0 ) {
valid = false;
return;
}
// ### we ought to check that the fields have the right
// TODO we ought to check that the fields have the right
// types, too.
}
@ -89,11 +92,13 @@ ConnKey::ConnKey(Val* v) {
auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
auto protov = vl->GetFieldAs<CountVal>(proto);
Init(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()), htons((unsigned short)resp_portv->Port()),
orig_portv->PortType(), false);
protov, false);
}
void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t,
void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto,
bool one_way) {
// Because of padding in the object, this needs to memset to clear out
// the extra memory used by padding. Otherwise, the session key stuff
@ -116,7 +121,7 @@ void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint
port2 = src_port;
}
transport = t;
transport = proto;
valid = true;
}

7
src/IPAddr.h
View file

@ -28,10 +28,10 @@ public:
in6_addr ip2;
uint16_t port1 = 0;
uint16_t port2 = 0;
TransportProto transport = TRANSPORT_UNKNOWN;
uint8_t transport;
bool valid = true;
ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t, bool one_way);
ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto, bool one_way);
ConnKey(const ConnTuple& conn);
ConnKey(const ConnKey& rhs) { *this = rhs; }
ConnKey(Val* v);
@ -46,8 +46,7 @@ public:
ConnKey& operator=(const ConnKey& rhs);
private:
void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, TransportProto t,
bool one_way);
void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto, bool one_way);
};
} // namespace detail

2
src/NetVar.cc
View file

@ -135,6 +135,7 @@ double non_analyzed_lifetime;
double tcp_inactivity_timeout;
double udp_inactivity_timeout;
double icmp_inactivity_timeout;
double unknown_ip_inactivity_timeout;
int tcp_storm_thresh;
double tcp_storm_interarrival_thresh;
@ -267,6 +268,7 @@ void init_net_var() {
tcp_inactivity_timeout = id::find_val("tcp_inactivity_timeout")->AsInterval();
udp_inactivity_timeout = id::find_val("udp_inactivity_timeout")->AsInterval();
icmp_inactivity_timeout = id::find_val("icmp_inactivity_timeout")->AsInterval();
unknown_ip_inactivity_timeout = id::find_val("unknown_ip_inactivity_timeout")->AsInterval();
tcp_storm_thresh = id::find_val("tcp_storm_thresh")->AsCount();
tcp_storm_interarrival_thresh = id::find_val("tcp_storm_interarrival_thresh")->AsInterval();

1
src/NetVar.h
View file

@ -36,6 +36,7 @@ extern double non_analyzed_lifetime;
extern double tcp_inactivity_timeout;
extern double udp_inactivity_timeout;
extern double icmp_inactivity_timeout;
extern double unknown_ip_inactivity_timeout;
extern int tcp_storm_thresh;
extern double tcp_storm_interarrival_thresh;

2
src/TunnelEncapsulation.cc
View file

@ -14,6 +14,7 @@ EncapsulatingConn::EncapsulatingConn(Connection* c, BifEnum::Tunnel::Type t)
src_port(c->OrigPort()),
dst_port(c->RespPort()),
proto(c->ConnTransport()),
ip_proto(c->KeyProto()),
type(t),
uid(c->GetUID()) {
if ( ! uid ) {
@ -30,6 +31,7 @@ RecordValPtr EncapsulatingConn::ToVal() const {
id_val->Assign(1, val_mgr->Port(ntohs(src_port), proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(ntohs(dst_port), proto));
id_val->Assign(4, ip_proto);
rv->Assign(0, std::move(id_val));
rv->Assign(1, BifType::Enum::Tunnel::Type->GetEnumVal(type));

10
src/TunnelEncapsulation.h
View file

@ -46,6 +46,7 @@ public:
src_port(0),
dst_port(0),
proto(TRANSPORT_UNKNOWN),
ip_proto(UNKNOWN_IP_PROTO),
type(t),
uid(UID(detail::bits_per_uid)) {}
@ -70,6 +71,7 @@ public:
src_port(other.src_port),
dst_port(other.dst_port),
proto(other.proto),
ip_proto(other.ip_proto),
type(other.type),
uid(other.uid) {}
@ -85,6 +87,7 @@ public:
src_port = other.src_port;
dst_port = other.dst_port;
proto = other.proto;
ip_proto = other.ip_proto;
type = other.type;
uid = other.uid;
ip_hdr = other.ip_hdr;
@ -106,7 +109,7 @@ public:
if ( ec1.type == BifEnum::Tunnel::IP || ec1.type == BifEnum::Tunnel::GRE )
// Reversing endpoints is still same tunnel.
return ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
return ec1.uid == ec2.uid && ec1.proto == ec2.proto && ec1.ip_proto == ec2.ip_proto &&
((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||
(ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr));
@ -114,11 +117,13 @@ public:
// Reversing endpoints is still same tunnel, destination port is
// always the same.
return ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
ec1.ip_proto == ec2.ip_proto &&
((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) ||
(ec1.src_addr == ec2.dst_addr && ec1.dst_addr == ec2.src_addr));
return ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr && ec1.src_port == ec2.src_port &&
ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto;
ec1.dst_port == ec2.dst_port && ec1.uid == ec2.uid && ec1.proto == ec2.proto &&
ec1.ip_proto == ec2.ip_proto;
}
friend bool operator!=(const EncapsulatingConn& ec1, const EncapsulatingConn& ec2) { return ! (ec1 == ec2); }
@ -132,6 +137,7 @@ protected:
uint16_t src_port;
uint16_t dst_port;
TransportProto proto;
uint16_t ip_proto;
BifEnum::Tunnel::Type type;
UID uid;
};

14
src/communityid.bif
View file

@ -1,4 +1,5 @@
%%{ // C segment
#include "zeek/IP.h"
#include "zeek/IPAddr.h"
#include "zeek/Val.h"
#include "zeek/digest.h"
@ -48,9 +49,16 @@ function community_id_v1%(cid: conn_id, seed: count &default=0, do_base64: bool
hash_proto = IPPROTO_ICMPV6;
break;
case TRANSPORT_UNKNOWN:
emit_builtin_error("CommunityID: unknown transport layer", cid);
return zeek::make_intrusive<zeek::StringVal>("");
case TRANSPORT_UNKNOWN: {
uint16_t cid_proto = static_cast<uint16_t>(cid_rec->GetFieldAs<zeek::CountVal>(4));
if ( cid_proto == zeek::UNKNOWN_IP_PROTO ) {
emit_builtin_error("CommunityID: unknown transport layer", cid);
return zeek::make_intrusive<zeek::StringVal>("");
}
hash_proto = static_cast<uint8_t>(cid_proto);
break;
}
default:
emit_builtin_error("CommunityID: unhandled transport layer", cid);
return zeek::make_intrusive<zeek::StringVal>("");

3
src/event.bif
View file

@ -163,7 +163,8 @@ event connection_timeout%(c: connection%);
## connection_pending connection_rejected connection_reset connection_reused
## connection_status_update connection_timeout scheduled_analyzer_applied
## new_connection new_connection_contents partial_connection udp_inactivity_timeout
## tcp_inactivity_timeout icmp_inactivity_timeout conn_stats
## tcp_inactivity_timeout icmp_inactivity_timeout unknown_ip_inactivity_timeout
## conn_stats
event connection_state_remove%(c: connection%);
## Generated when a connection 4-tuple is reused. This event is raised when Zeek

1
src/file_analysis/File.cc
View file

@ -33,6 +33,7 @@ static RecordValPtr get_conn_id_val(const Connection* conn) {
v->Assign(1, val_mgr->Port(ntohs(conn->OrigPort()), conn->ConnTransport()));
v->Assign(2, make_intrusive<AddrVal>(conn->RespAddr()));
v->Assign(3, val_mgr->Port(ntohs(conn->RespPort()), conn->ConnTransport()));
v->Assign(4, conn->KeyProto());
return v;
}

4
src/net_util.h
View file

@ -4,8 +4,10 @@
#include "zeek/zeek-config.h"
#include <cstdint>
// Define first.
enum TransportProto {
enum TransportProto : uint8_t {
TRANSPORT_UNKNOWN,
TRANSPORT_TCP,
TRANSPORT_UDP,

10
src/packet_analysis/Analyzer.h
View file

@ -252,6 +252,11 @@ protected:
*/
bool ForwardPacket(size_t len, const uint8_t* data, Packet* packet) const;
/**
* Flag for whether to report unknown protocols in ForwardPacket.
*/
bool report_unknown_protocols = true;
private:
// Internal helper to raise analyzer_confirmation events
void EnqueueAnalyzerConfirmationInfo(session::Session* session, const zeek::Tag& arg_tag);
@ -270,11 +275,6 @@ private:
AnalyzerPtr default_analyzer = nullptr;
bool enabled = true;
/**
* Flag for whether to report unknown protocols in ForwardPacket.
*/
bool report_unknown_protocols = true;
std::set<AnalyzerPtr> analyzers_to_detect;
void Init(const zeek::Tag& tag);

1
src/packet_analysis/protocol/CMakeLists.txt
View file

@ -25,6 +25,7 @@ add_subdirectory(udp)
add_subdirectory(tcp)
add_subdirectory(icmp)
add_subdirectory(vntag)
add_subdirectory(unknown_ip_transport)
add_subdirectory(gre)
add_subdirectory(iptunnel)

4
src/packet_analysis/protocol/icmp/ICMP.cc
View file

@ -40,7 +40,7 @@ bool ICMPAnalyzer::BuildConnTuple(size_t len, const uint8_t* data, Packet* packe
tuple.src_addr = packet->ip_hdr->SrcAddr();
tuple.dst_addr = packet->ip_hdr->DstAddr();
tuple.proto = TRANSPORT_ICMP;
tuple.proto = packet->proto;
const struct icmp* icmpp = (const struct icmp*)data;
tuple.src_port = htons(icmpp->icmp_type);
@ -312,6 +312,7 @@ zeek::RecordValPtr ICMPAnalyzer::ExtractICMP4Context(int len, const u_char*& dat
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
id_val->Assign(4, IPPROTO_ICMP);
iprec->Assign(0, std::move(id_val));
iprec->Assign(1, val_mgr->Count(ip_len));
@ -368,6 +369,7 @@ zeek::RecordValPtr ICMPAnalyzer::ExtractICMP6Context(int len, const u_char*& dat
id_val->Assign(1, val_mgr->Port(src_port, proto));
id_val->Assign(2, make_intrusive<AddrVal>(dst_addr));
id_val->Assign(3, val_mgr->Port(dst_port, proto));
id_val->Assign(4, IPPROTO_ICMPV6);
iprec->Assign(0, std::move(id_val));
iprec->Assign(1, val_mgr->Count(ip_len));

2
src/packet_analysis/protocol/tcp/TCP.cc
View file

@ -42,7 +42,7 @@ bool TCPAnalyzer::BuildConnTuple(size_t len, const uint8_t* data, Packet* packet
tuple.src_port = tp->th_sport;
tuple.dst_port = tp->th_dport;
tuple.is_one_way = false;
tuple.proto = TRANSPORT_TCP;
tuple.proto = packet->proto;
return true;
}

3
src/packet_analysis/protocol/udp/UDP.cc
View file

@ -5,7 +5,6 @@
#include "zeek/Conn.h"
#include "zeek/RunState.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
#include "zeek/analyzer/protocol/pia/PIA.h"
#include "zeek/packet_analysis/protocol/udp/UDPSessionAdapter.h"
#include "zeek/packet_analysis/protocol/udp/events.bif.h"
@ -66,7 +65,7 @@ bool UDPAnalyzer::BuildConnTuple(size_t len, const uint8_t* data, Packet* packet
tuple.src_port = up->uh_sport;
tuple.dst_port = up->uh_dport;
tuple.is_one_way = false;
tuple.proto = TRANSPORT_UDP;
tuple.proto = packet->proto;
return true;
}

1
src/packet_analysis/protocol/unknown_ip_transport/CMakeLists.txt Normal file
View file

@ -0,0 +1 @@
zeek_add_plugin(Zeek UnknownIP SOURCES UnknownIPTransport.cc UnknownIPSessionAdapter.cc Plugin.cc)

28
src/packet_analysis/protocol/unknown_ip_transport/Plugin.cc Normal file
View file

@ -0,0 +1,28 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/plugin/Plugin.h"
#include "zeek/analyzer/Component.h"
#include "zeek/packet_analysis/Component.h"
#include "packet_analysis/protocol/unknown_ip_transport/UnknownIPTransport.h"
namespace zeek::plugin::Zeek_Unknown_IP_Transport {
class Plugin final : public zeek::plugin::Plugin {
public:
zeek::plugin::Configuration Configure() override {
AddComponent(new zeek::packet_analysis::
Component("Unknown_IP_Transport",
zeek::packet_analysis::UnknownIPTransport::UnknownIPTransportAnalyzer::Instantiate));
AddComponent(new zeek::analyzer::Component("Unknown_IP_Transport", nullptr, 0, true, false, true));
zeek::plugin::Configuration config;
config.name = "Zeek::Unknown_IP_Transport";
config.description = "Packet analyzer for unknown IP protocols";
return config;
}
} plugin;
} // namespace zeek::plugin::Zeek_Unknown_IP_Transport

17
src/packet_analysis/protocol/unknown_ip_transport/UnknownIPSessionAdapter.cc Normal file
View file

@ -0,0 +1,17 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/packet_analysis/protocol/unknown_ip_transport/UnknownIPSessionAdapter.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/analyzer/protocol/conn-size/ConnSize.h"
using namespace zeek::packet_analysis::UnknownIPTransport;
using namespace zeek::packet_analysis::IP;
void UnknownIPSessionAdapter::AddExtraAnalyzers(Connection* conn) {
static zeek::Tag analyzer_connsize = analyzer_mgr->GetComponentTag("CONNSIZE");
if ( analyzer_mgr->IsEnabled(analyzer_connsize) )
// Add ConnSize analyzer. Needs to see packets, not stream.
AddChildAnalyzer(new analyzer::conn_size::ConnSize_Analyzer(conn));
}

16
src/packet_analysis/protocol/unknown_ip_transport/UnknownIPSessionAdapter.h Normal file
View file

@ -0,0 +1,16 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
namespace zeek::packet_analysis::UnknownIPTransport {
class UnknownIPSessionAdapter final : public IP::SessionAdapter {
public:
UnknownIPSessionAdapter(Connection* conn) : IP::SessionAdapter("Unknown_IP_Transport", conn) {}
void AddExtraAnalyzers(Connection* conn) override;
};
} // namespace zeek::packet_analysis::UnknownIPTransport

63
src/packet_analysis/protocol/unknown_ip_transport/UnknownIPTransport.cc Normal file
View file

@ -0,0 +1,63 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include "zeek/packet_analysis/protocol/unknown_ip_transport/UnknownIPTransport.h"
#include "zeek/Conn.h"
#include "zeek/RunState.h"
#include "zeek/packet_analysis/protocol/unknown_ip_transport/UnknownIPSessionAdapter.h"
#include "zeek/session/Manager.h"
using namespace zeek::packet_analysis::UnknownIPTransport;
using namespace zeek::packet_analysis::IP;
UnknownIPTransportAnalyzer::UnknownIPTransportAnalyzer()
: IPBasedAnalyzer("Unknown_IP_Transport", TRANSPORT_UNKNOWN, 0 /*mask*/, true) {}
bool UnknownIPTransportAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) {
IPBasedAnalyzer::AnalyzePacket(len, data, packet);
packet->processed = false;
if ( report_unknown_protocols )
packet_mgr->ReportUnknownProtocol(GetAnalyzerName(), htons(packet->ip_hdr->NextProto()), data, len);
return false;
}
SessionAdapter* UnknownIPTransportAnalyzer::MakeSessionAdapter(Connection* conn) {
auto* root = new UnknownIPSessionAdapter(conn);
root->SetParent(this);
conn->SetInactivityTimeout(zeek::detail::unknown_ip_inactivity_timeout);
return root;
}
bool UnknownIPTransportAnalyzer::BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) {
tuple.src_addr = packet->ip_hdr->SrcAddr();
tuple.dst_addr = packet->ip_hdr->DstAddr();
tuple.proto = packet->proto;
return true;
}
void UnknownIPTransportAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remaining, Packet* pkt) {
auto* adapter = static_cast<UnknownIPSessionAdapter*>(c->GetSessionAdapter());
const u_char* data = pkt->ip_hdr->Payload();
int len = pkt->ip_hdr->PayloadLen();
// If segment offloading or similar is enabled, the payload len will return 0.
// Thus, let's ignore that case.
if ( len == 0 )
len = remaining;
if ( packet_contents && len > 0 )
adapter->PacketContents(data + 8, std::min(len, remaining) - 8);
c->SetLastTime(run_state::current_timestamp);
ForwardPacket(std::min(len, remaining), data, pkt);
const std::shared_ptr<IP_Hdr>& ip = pkt->ip_hdr;
adapter->ForwardPacket(std::min(len, remaining), data, is_orig, -1, ip.get(), pkt->cap_len);
}

34
src/packet_analysis/protocol/unknown_ip_transport/UnknownIPTransport.h Normal file
View file

@ -0,0 +1,34 @@
// See the file "COPYING" in the main distribution directory for copyright.
#pragma once
#include "zeek/packet_analysis/Analyzer.h"
#include "zeek/packet_analysis/Component.h"
#include "zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h"
#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
namespace zeek::packet_analysis::UnknownIPTransport {
class UnknownIPSessionAdapter;
class UnknownIPTransportAnalyzer final : public IP::IPBasedAnalyzer {
public:
UnknownIPTransportAnalyzer();
~UnknownIPTransportAnalyzer() override = default;
static zeek::packet_analysis::AnalyzerPtr Instantiate() { return std::make_shared<UnknownIPTransportAnalyzer>(); }
bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
packet_analysis::IP::SessionAdapter* MakeSessionAdapter(Connection* conn) override;
protected:
/**
* Parse the header from the packet into a ConnTuple object.
*/
bool BuildConnTuple(size_t len, const uint8_t* data, Packet* packet, ConnTuple& tuple) override;
void DeliverPacket(Connection* c, double t, bool is_orig, int remaining, Packet* pkt) override;
};
} // namespace zeek::packet_analysis::UnknownIPTransport

2
testing/btest/Baseline/bifs.community_id.run-pcaps/icmp.pcap.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=192.168.0.89, orig_p=8/icmp, resp_h=192.168.0.1, resp_p=0/icmp], 1:X0snYXpgwiv9TZtqg64sgzUn6Dk=
[orig_h=192.168.0.89, orig_p=8/icmp, resp_h=192.168.0.1, resp_p=0/icmp, proto=1], 1:X0snYXpgwiv9TZtqg64sgzUn6Dk=

28
testing/btest/Baseline/bifs.community_id.run-pcaps/icmp6.pcap.out
View file

@ -1,15 +1,15 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=3ffe:501:0:1802:260:97ff:feb6:7ff0, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp], 1:bnQKq8A2r//dWnkRW2EYcMhShjc=
[orig_h=3ffe:501:1800:2345::2, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp], 1:2ObVBgIn28oZvibYZhZMBgh7WdQ=
[orig_h=3ffe:501:410:0:2c0:dfff:fe47:33e, orig_p=1/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=4/icmp], 1:hLZd0XGWojozrvxqE0dWB1iM6R0=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=1/icmp, resp_h=3ffe:501:4819::42, resp_p=4/icmp], 1:jwuBy9UWZK1KUFqJV5cHdVpfrlY=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=128/icmp, resp_h=3ffe:501:0:1001::2, resp_p=129/icmp], 1:+TW+HtLHvV1xnGhV1lv7XoJrqQg=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=128/icmp, resp_h=3ffe:507:0:1:260:97ff:fe07:69ea, resp_p=129/icmp], 1:GpbEQrKqfWtsfsFiqg8fufoZe5Y=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=135/icmp, resp_h=3ffe:507:0:1:260:97ff:fe07:69ea, resp_p=136/icmp], 1:ORxAZfN3ld7Sv73/HQTNnvgxbpY=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=135/icmp, resp_h=ff02::1:ff07:69ea, resp_p=136/icmp], 1:MEixa66kuz0OMvlQqnAIzP3n2xg=
[orig_h=3ffe:507:0:1:260:97ff:fe07:69ea, orig_p=135/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=136/icmp], 1:BtEUCMYecYjJ7spEkVZDiCFaMTY=
[orig_h=3ffe:507:0:1:260:97ff:fe07:69ea, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp], 1:NdobDX8PQNJbAyfkWxhtL2Pqp5w=
[orig_h=fe80::200:86ff:fe05:80da, orig_p=133/icmp, resp_h=ff02::2, resp_p=134/icmp], 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=
[orig_h=fe80::200:86ff:fe05:80da, orig_p=135/icmp, resp_h=fe80::260:97ff:fe07:69ea, resp_p=136/icmp], 1:dGHyGvjMfljg6Bppwm3bg0LO8TY=
[orig_h=fe80::260:97ff:fe07:69ea, orig_p=134/icmp, resp_h=ff02::1, resp_p=133/icmp], 1:pkvHqCL88/tg1k4cPigmZXUtL00=
[orig_h=fe80::260:97ff:fe07:69ea, orig_p=135/icmp, resp_h=fe80::200:86ff:fe05:80da, resp_p=136/icmp], 1:zavyT/cezQr1fmImYCwYnMXbgck=
[orig_h=3ffe:501:0:1802:260:97ff:feb6:7ff0, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp, proto=58], 1:bnQKq8A2r//dWnkRW2EYcMhShjc=
[orig_h=3ffe:501:1800:2345::2, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp, proto=58], 1:2ObVBgIn28oZvibYZhZMBgh7WdQ=
[orig_h=3ffe:501:410:0:2c0:dfff:fe47:33e, orig_p=1/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=4/icmp, proto=58], 1:hLZd0XGWojozrvxqE0dWB1iM6R0=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=1/icmp, resp_h=3ffe:501:4819::42, resp_p=4/icmp, proto=58], 1:jwuBy9UWZK1KUFqJV5cHdVpfrlY=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=128/icmp, resp_h=3ffe:501:0:1001::2, resp_p=129/icmp, proto=58], 1:+TW+HtLHvV1xnGhV1lv7XoJrqQg=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=128/icmp, resp_h=3ffe:507:0:1:260:97ff:fe07:69ea, resp_p=129/icmp, proto=58], 1:GpbEQrKqfWtsfsFiqg8fufoZe5Y=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=135/icmp, resp_h=3ffe:507:0:1:260:97ff:fe07:69ea, resp_p=136/icmp, proto=58], 1:ORxAZfN3ld7Sv73/HQTNnvgxbpY=
[orig_h=3ffe:507:0:1:200:86ff:fe05:80da, orig_p=135/icmp, resp_h=ff02::1:ff07:69ea, resp_p=136/icmp, proto=58], 1:MEixa66kuz0OMvlQqnAIzP3n2xg=
[orig_h=3ffe:507:0:1:260:97ff:fe07:69ea, orig_p=135/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=136/icmp, proto=58], 1:BtEUCMYecYjJ7spEkVZDiCFaMTY=
[orig_h=3ffe:507:0:1:260:97ff:fe07:69ea, orig_p=3/icmp, resp_h=3ffe:507:0:1:200:86ff:fe05:80da, resp_p=0/icmp, proto=58], 1:NdobDX8PQNJbAyfkWxhtL2Pqp5w=
[orig_h=fe80::200:86ff:fe05:80da, orig_p=133/icmp, resp_h=ff02::2, resp_p=134/icmp, proto=58], 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=
[orig_h=fe80::200:86ff:fe05:80da, orig_p=135/icmp, resp_h=fe80::260:97ff:fe07:69ea, resp_p=136/icmp, proto=58], 1:dGHyGvjMfljg6Bppwm3bg0LO8TY=
[orig_h=fe80::260:97ff:fe07:69ea, orig_p=134/icmp, resp_h=ff02::1, resp_p=133/icmp, proto=58], 1:pkvHqCL88/tg1k4cPigmZXUtL00=
[orig_h=fe80::260:97ff:fe07:69ea, orig_p=135/icmp, resp_h=fe80::200:86ff:fe05:80da, resp_p=136/icmp, proto=58], 1:zavyT/cezQr1fmImYCwYnMXbgck=

2
testing/btest/Baseline/bifs.community_id.run-pcaps/ipv6.pcap.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=2001:470:e5bf:dead:4957:2174:e82c:4887, orig_p=63943/tcp, resp_h=2607:f8b0:400c:c03::1a, resp_p=25/tcp], 1:/qFaeAR+gFe1KYjMzVDsMv+wgU4=
[orig_h=2001:470:e5bf:dead:4957:2174:e82c:4887, orig_p=63943/tcp, resp_h=2607:f8b0:400c:c03::1a, resp_p=25/tcp, proto=6], 1:/qFaeAR+gFe1KYjMzVDsMv+wgU4=

1
testing/btest/Baseline/bifs.community_id.run-pcaps/sctp.pcap.out
View file

@ -1 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=192.168.170.8, orig_p=0/unknown, resp_h=192.168.170.56, resp_p=0/unknown, proto=132], 1:U5cVwrVgLshgANPmc8hKzEcqp1M=

2
testing/btest/Baseline/bifs.community_id.run-pcaps/tcp.pcap.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=128.232.110.120, orig_p=34855/tcp, resp_h=66.35.250.204, resp_p=80/tcp], 1:LQU9qZlK+B5F3KDmev6m5PMibrg=
[orig_h=128.232.110.120, orig_p=34855/tcp, resp_h=66.35.250.204, resp_p=80/tcp, proto=6], 1:LQU9qZlK+B5F3KDmev6m5PMibrg=

2
testing/btest/Baseline/bifs.community_id.run-pcaps/udp.pcap.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=192.168.1.52, orig_p=54585/udp, resp_h=8.8.8.8, resp_p=53/udp], 1:d/FP5EW3wiY1vCndhwleRRKHowQ=
[orig_h=192.168.1.52, orig_p=54585/udp, resp_h=8.8.8.8, resp_p=53/udp, proto=17], 1:d/FP5EW3wiY1vCndhwleRRKHowQ=

1
testing/btest/Baseline/bifs.community_id.v1/.stdout Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

22
testing/btest/Baseline/bifs.community_id.v1/out
View file

@ -1,11 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
PASS: expected '1:wCb3OG7yAFWelaUydu0D+125CLM=', got '1:wCb3OG7yAFWelaUydu0D+125CLM=' ([orig_h=1.2.3.4, orig_p=1122/tcp, resp_h=5.6.7.8, resp_p=3344/tcp], seed=0)
PASS: expected '1:0Mu9InQx6z4ZiCZM/7HXi2WMhOg=', got '1:0Mu9InQx6z4ZiCZM/7HXi2WMhOg=' ([orig_h=1.2.3.4, orig_p=1122/udp, resp_h=5.6.7.8, resp_p=3344/udp], seed=0)
PASS: expected '1:crodRHL2FEsHjbv3UkRrfbs4bZ0=', got '1:crodRHL2FEsHjbv3UkRrfbs4bZ0=' ([orig_h=1.2.3.4, orig_p=8/icmp, resp_h=5.6.7.8, resp_p=0/icmp], seed=0)
PASS: expected '1:0bf7hyMJUwt3fMED7z8LIfRpBeo=', got '1:0bf7hyMJUwt3fMED7z8LIfRpBeo=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=128/icmp, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=129/icmp], seed=0)
PASS: expected '1:HhA1B+6CoLbiKPEs5nhNYN4XWfk=', got '1:HhA1B+6CoLbiKPEs5nhNYN4XWfk=' ([orig_h=1.2.3.4, orig_p=1122/tcp, resp_h=5.6.7.8, resp_p=3344/tcp], seed=1)
PASS: expected '1:OShq+iKDAMVouh/4bMxB9Sz4amw=', got '1:OShq+iKDAMVouh/4bMxB9Sz4amw=' ([orig_h=1.2.3.4, orig_p=1122/udp, resp_h=5.6.7.8, resp_p=3344/udp], seed=1)
PASS: expected '1:9pr4ZGTICiuZoIh90RRYE2RyXpU=', got '1:9pr4ZGTICiuZoIh90RRYE2RyXpU=' ([orig_h=1.2.3.4, orig_p=8/icmp, resp_h=5.6.7.8, resp_p=0/icmp], seed=1)
PASS: expected '1:IO27GQzPuCtNnwFvjWALMHu5tJE=', got '1:IO27GQzPuCtNnwFvjWALMHu5tJE=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=128/icmp, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=129/icmp], seed=1)
PASS: expected '', got '' ([orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], seed=0)
PASS: expected '', got '' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=0/unknown, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=0/unknown], seed=1)
PASS: expected '1:wCb3OG7yAFWelaUydu0D+125CLM=', got '1:wCb3OG7yAFWelaUydu0D+125CLM=' ([orig_h=1.2.3.4, orig_p=1122/tcp, resp_h=5.6.7.8, resp_p=3344/tcp, proto=6], seed=0)
PASS: expected '1:0Mu9InQx6z4ZiCZM/7HXi2WMhOg=', got '1:0Mu9InQx6z4ZiCZM/7HXi2WMhOg=' ([orig_h=1.2.3.4, orig_p=1122/udp, resp_h=5.6.7.8, resp_p=3344/udp, proto=17], seed=0)
PASS: expected '1:crodRHL2FEsHjbv3UkRrfbs4bZ0=', got '1:crodRHL2FEsHjbv3UkRrfbs4bZ0=' ([orig_h=1.2.3.4, orig_p=8/icmp, resp_h=5.6.7.8, resp_p=0/icmp, proto=1], seed=0)
PASS: expected '1:0bf7hyMJUwt3fMED7z8LIfRpBeo=', got '1:0bf7hyMJUwt3fMED7z8LIfRpBeo=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=128/icmp, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=129/icmp, proto=1], seed=0)
PASS: expected '1:HhA1B+6CoLbiKPEs5nhNYN4XWfk=', got '1:HhA1B+6CoLbiKPEs5nhNYN4XWfk=' ([orig_h=1.2.3.4, orig_p=1122/tcp, resp_h=5.6.7.8, resp_p=3344/tcp, proto=6], seed=1)
PASS: expected '1:OShq+iKDAMVouh/4bMxB9Sz4amw=', got '1:OShq+iKDAMVouh/4bMxB9Sz4amw=' ([orig_h=1.2.3.4, orig_p=1122/udp, resp_h=5.6.7.8, resp_p=3344/udp, proto=17], seed=1)
PASS: expected '1:9pr4ZGTICiuZoIh90RRYE2RyXpU=', got '1:9pr4ZGTICiuZoIh90RRYE2RyXpU=' ([orig_h=1.2.3.4, orig_p=8/icmp, resp_h=5.6.7.8, resp_p=0/icmp, proto=1], seed=1)
PASS: expected '1:IO27GQzPuCtNnwFvjWALMHu5tJE=', got '1:IO27GQzPuCtNnwFvjWALMHu5tJE=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=128/icmp, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=129/icmp, proto=1], seed=1)
PASS: expected '', got '' ([orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown, proto=65535], seed=0)
PASS: expected '', got '' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=0/unknown, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=0/unknown, proto=65535], seed=1)
PASS: expected '1:yXTIO8p5F2ZhuXBcNBN8CsgCUTE=', got '1:yXTIO8p5F2ZhuXBcNBN8CsgCUTE=' ([orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown, proto=10], seed=0)
PASS: expected '1:OrvlNyNZWyubXHIUHR/w18b5im8=', got '1:OrvlNyNZWyubXHIUHR/w18b5im8=' ([orig_h=fe80:1:203:405:607:809:a0b:c0d, orig_p=0/unknown, resp_h=fe80:1011:1213:1415:1617:1819:1a1b:1c1d, resp_p=0/unknown, proto=10], seed=1)

2
testing/btest/Baseline/bifs.disable_analyzer-early/out
View file

@ -3,5 +3,5 @@ proto confirm, Analyzer::ANALYZER_HTTP
T
http_request, GET, /style/enhanced.css
total http messages, {
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 1
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6]] = 1
}

8
testing/btest/Baseline/bifs.disable_analyzer-hook/out
View file

@ -1,16 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
proto confirm, Analyzer::ANALYZER_HTTP
http_request, GET, /style/enhanced.css
preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 1
preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6], Analyzer::ANALYZER_HTTP, 3, 1
F
http_reply, 200
http_request, GET, /script/urchin.js
preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 3
preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6], Analyzer::ANALYZER_HTTP, 3, 3
F
http_reply, 200
http_request, GET, /images/template/screen/bullet_utility.png
allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 5
allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6], Analyzer::ANALYZER_HTTP, 3, 5
T
total http messages, {
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 5
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6]] = 5
}

2
testing/btest/Baseline/bifs.disable_analyzer-tcp-packet-children/out
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
triggered packets, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], 1, T
triggered packets, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6], 1, T
T

2
testing/btest/Baseline/bifs.disable_analyzer/out
View file

@ -3,5 +3,5 @@ proto confirm, Analyzer::ANALYZER_HTTP
http_request, GET, /style/enhanced.css
T
total http messages, {
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 1
[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp, proto=6]] = 1
}

16
testing/btest/Baseline/bifs.install_src_addr_filter/output
View file

@ -1,9 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]

40
testing/btest/Baseline/broker.python-bindings/recv..stdout
View file

@ -1,23 +1,23 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 35634/tcp, IPv4Address('208.80.152.2'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 48649/tcp, IPv4Address('208.80.152.118'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49996/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49997/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49998/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49999/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 50000/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 50001/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 35642/tcp, IPv4Address('208.80.152.2'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('173.192.163.128'), 80/tcp, IPv4Address('141.142.220.235'), 6705/tcp)
Received /btest/connections conn_removed (IPv4Address('173.192.163.128'), 80/tcp, IPv4Address('141.142.220.235'), 6705/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 35634/tcp, IPv4Address('208.80.152.2'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 48649/tcp, IPv4Address('208.80.152.118'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49997/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49996/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49998/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 50000/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49999/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 50001/tcp, IPv4Address('208.80.152.3'), 80/tcp)
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 35642/tcp, IPv4Address('208.80.152.2'), 80/tcp)
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 35634/tcp, IPv4Address('208.80.152.2'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 48649/tcp, IPv4Address('208.80.152.118'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49996/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49997/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49998/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 49999/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 50000/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 50001/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('141.142.220.118'), 35642/tcp, IPv4Address('208.80.152.2'), 80/tcp, Count(6))
Received /btest/connections new_conn_added (IPv4Address('173.192.163.128'), 80/tcp, IPv4Address('141.142.220.235'), 6705/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('173.192.163.128'), 80/tcp, IPv4Address('141.142.220.235'), 6705/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 35634/tcp, IPv4Address('208.80.152.2'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 48649/tcp, IPv4Address('208.80.152.118'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49997/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49996/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49998/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 50000/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 49999/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 50001/tcp, IPv4Address('208.80.152.3'), 80/tcp, Count(6))
Received /btest/connections conn_removed (IPv4Address('141.142.220.118'), 35642/tcp, IPv4Address('208.80.152.2'), 80/tcp, Count(6))
Received /btest/connections Pcap::file_done /
Received Pcap::file_done

40
testing/btest/Baseline/broker.python-bindings/send..stdout
View file

@ -22,24 +22,24 @@
1300561569.780331, connection_state_remove, 19, C37jN32gN3y3AZzyf6
1300561569.780331, connection_state_remove, 20, C3eiCBGOLw3VtHfOj
1300561569.780331, send_pcap_file_done
1300561569.780331, from_python, 1, new_conn_added, CHhAvVGS1DHFjwGM9, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
1300561569.780331, from_python, 2, new_conn_added, ClEkJM2Vm5giqnMf4h, [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
1300561569.780331, from_python, 3, new_conn_added, C4J4Th3PJpwUYZZ6gc, [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 4, new_conn_added, CtPZjS20MLrsMUOJi2, [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 5, new_conn_added, CUM0KZ3MLUfNB0cl11, [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 6, new_conn_added, CmES5u32sYpV7JYN, [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 7, new_conn_added, CP5puj4I8PtEU4qzYg, [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 8, new_conn_added, C37jN32gN3y3AZzyf6, [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 9, new_conn_added, C3eiCBGOLw3VtHfOj, [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
1300561569.780331, from_python, 10, new_conn_added, CwjjYJ2WqgTbAqiHl6, [orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp]
1300561569.780331, from_python, 11, conn_removed, CwjjYJ2WqgTbAqiHl6, [orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp]
1300561569.780331, from_python, 12, conn_removed, CHhAvVGS1DHFjwGM9, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
1300561569.780331, from_python, 13, conn_removed, ClEkJM2Vm5giqnMf4h, [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
1300561569.780331, from_python, 14, conn_removed, CtPZjS20MLrsMUOJi2, [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 15, conn_removed, C4J4Th3PJpwUYZZ6gc, [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 16, conn_removed, CUM0KZ3MLUfNB0cl11, [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 17, conn_removed, CP5puj4I8PtEU4qzYg, [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 18, conn_removed, CmES5u32sYpV7JYN, [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 19, conn_removed, C37jN32gN3y3AZzyf6, [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
1300561569.780331, from_python, 20, conn_removed, C3eiCBGOLw3VtHfOj, [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
1300561569.780331, from_python, 1, new_conn_added, CHhAvVGS1DHFjwGM9, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 2, new_conn_added, ClEkJM2Vm5giqnMf4h, [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 3, new_conn_added, C4J4Th3PJpwUYZZ6gc, [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 4, new_conn_added, CtPZjS20MLrsMUOJi2, [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 5, new_conn_added, CUM0KZ3MLUfNB0cl11, [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 6, new_conn_added, CmES5u32sYpV7JYN, [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 7, new_conn_added, CP5puj4I8PtEU4qzYg, [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 8, new_conn_added, C37jN32gN3y3AZzyf6, [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 9, new_conn_added, C3eiCBGOLw3VtHfOj, [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 10, new_conn_added, CwjjYJ2WqgTbAqiHl6, [orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp, proto=6]
1300561569.780331, from_python, 11, conn_removed, CwjjYJ2WqgTbAqiHl6, [orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp, proto=6]
1300561569.780331, from_python, 12, conn_removed, CHhAvVGS1DHFjwGM9, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 13, conn_removed, ClEkJM2Vm5giqnMf4h, [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 14, conn_removed, CtPZjS20MLrsMUOJi2, [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 15, conn_removed, C4J4Th3PJpwUYZZ6gc, [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 16, conn_removed, CUM0KZ3MLUfNB0cl11, [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 17, conn_removed, CP5puj4I8PtEU4qzYg, [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 18, conn_removed, CmES5u32sYpV7JYN, [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 19, conn_removed, C37jN32gN3y3AZzyf6, [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
1300561569.780331, from_python, 20, conn_removed, C3eiCBGOLw3VtHfOj, [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
1300561569.780331, peer lost

4
testing/btest/Baseline/core.analyzer-confirmation-violation-info-ftp/.stdout
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation_info, Analyzer::ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
analyzer_violation_info, Analyzer::ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7
analyzer_confirmation_info, Analyzer::ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp, proto=6], 3
analyzer_violation_info, Analyzer::ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp, proto=6], 3, SSH-2.0-mod_sftp/0.9.7

4
testing/btest/Baseline/core.analyzer-confirmation-violation-info/.stdout
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation_info, Analyzer::ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
analyzer_violation_info, Analyzer::ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
analyzer_confirmation_info, Analyzer::ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp, proto=6], 3
analyzer_violation_info, Analyzer::ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp, proto=6], 3

8
testing/btest/Baseline/core.bits_per_uid/128
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
C2NNAAAHZBl4GS1DHFjwGM9
CecCbjYTWM3dVm5giqnMf4h
Fa4OcwWOGcul4a90dKFRzf3
FYlsjBISPCV2GvSJS34ZSq2
C6CWH0ZufRpfPJpwUYZZ6gc
FYj5A4z884n1qUoaPxGYCAj
FgpR680HFYI9KU9xPMWff9k
CIdXDQc8a0ud0MLrsMUOJi2
FnAwazCvojp6QaCQXKASXLl
FMWIrHcLhVGdvlR8gBZwM9h
Cae9B2GP1sJiMLUfNB0cl11
FB9OdiKgOCJ9rXgY0sM33Ue
Fgp7fU86mnW8UHoNbiwzP22

8
testing/btest/Baseline/core.bits_per_uid/256
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
C2NNAAAHZBl4GS1DHFjwGM9
CecCbjYTWM3dVm5giqnMf4h
Fa4OcwWOGcul4a90dKFRzf3
FYlsjBISPCV2GvSJS34ZSq2
C6CWH0ZufRpfPJpwUYZZ6gc
FYj5A4z884n1qUoaPxGYCAj
FgpR680HFYI9KU9xPMWff9k
CIdXDQc8a0ud0MLrsMUOJi2
FnAwazCvojp6QaCQXKASXLl
FMWIrHcLhVGdvlR8gBZwM9h
Cae9B2GP1sJiMLUfNB0cl11
FB9OdiKgOCJ9rXgY0sM33Ue
Fgp7fU86mnW8UHoNbiwzP22

8
testing/btest/Baseline/core.bits_per_uid/32
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
CHhAvV0
CRQjp520
FEDbaA40
FeIYJC0
ClEkJM20
F6wZ8i0
FH8iC420
CHZeJD30
F7BoKm10
F9yS4V20
C4J4Th30
FIXQK420
FXwxfU10

8
testing/btest/Baseline/core.bits_per_uid/64
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
C2NNAAAHZBl40
CGS1DHFjwGM90
Fa4OcwWOGcul0
FYlsjBISPCV20
CecCbjYTWM3d0
FYj5A4z884n10
FgpR680HFYI90
CVm5giqnMf4h0
FnAwazCvojp60
FMWIrHcLhVGd0
C6CWH0ZufRpf0
FB9OdiKgOCJ90
Fgp7fU86mnW80

8
testing/btest/Baseline/core.bits_per_uid/96
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
CHhAvVGS1DHFjwGM9
ClEkJM2Vm5giqnMf4h
FEDbaA44a90dKFRzf3
FeIYJCGvSJS34ZSq2
C4J4Th3PJpwUYZZ6gc
F6wZ8iqUoaPxGYCAj
FH8iC42KU9xPMWff9k
CtPZjS20MLrsMUOJi2
F7BoKm1QaCQXKASXLl
F9yS4V2vlR8gBZwM9h
CUM0KZ3MLUfNB0cl11
FIXQK42rXgY0sM33Ue
FXwxfU1UHoNbiwzP22

8
testing/btest/Baseline/core.checksums_ignore_nets/conn-failed.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - - - - OTH T F 0 C 0 0 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.221.46.9 80 192.168.1.28 53246 tcp - 0.063810 432 0 SH F T 0 HcADF 4 604 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - - - - OTH T F 0 C 0 0 0 0 - 6
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 35.221.46.9 80 192.168.1.28 53246 tcp - 0.063810 432 0 SH F T 0 HcADF 4 604 0 0 - 6
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.checksums_ignore_nets/conn-worked-multi-subnets.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 - 6
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.checksums_ignore_nets/conn-worked.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.1.28 53246 35.221.46.9 80 tcp - 0.091969 74 432 SF T F 0 ShADadFf 6 338 4 604 - 6
#close XXXX-XX-XX-XX-XX-XX

100
testing/btest/Baseline/core.cisco-fabric-path/conn.log
View file

@ -5,38 +5,70 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 1.1.1.6 57005 2.2.2.2 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 1.1.1.4 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 1.1.1.14 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 1.1.1.12 57005 2.2.2.2 48879 tcp - 0.000926 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 1.1.1.0 57005 2.2.2.2 48879 tcp - 0.001042 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 1.1.1.2 57005 2.2.2.2 48879 tcp - 0.000920 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 1.1.1.8 57005 2.2.2.2 48879 tcp - 0.000930 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 1.1.1.10 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 -
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 1234::e 57005 5678:: 48879 tcp - 0.001139 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 1234::c 57005 5678:: 48879 tcp - 0.001027 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 1234::6 57005 5678:: 48879 tcp - 0.001055 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 1234::4 57005 5678:: 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 1234::8 57005 5678:: 48879 tcp - 0.001029 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 1234::a 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 1234:: 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 1234::2 57005 5678:: 48879 tcp - 0.001120 0 0 S0 F F 0 S 2 120 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 1.1.1.0 57005 2.2.2.2 48879 udp - 0.000926 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 1.1.1.4 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.6 57005 2.2.2.2 48879 udp - 0.001243 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 F F 0 D 2 56 0 0 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 F F 0 D 2 96 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX C7fIlMZDuRiqjpYbb 1.1.1.6 57005 2.2.2.2 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CykQaM33ztNt0csB9a 1.1.1.4 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CtxTCR2Yer0FR1tIBg 1.1.1.14 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CpmdRlaUoJLN3uIRa 1.1.1.12 57005 2.2.2.2 48879 tcp - 0.000926 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX C1Xkzz2MaGtLrc1Tla 1.1.1.0 57005 2.2.2.2 48879 tcp - 0.001042 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CqlVyW1YwZ15RhTBc4 1.1.1.2 57005 2.2.2.2 48879 tcp - 0.000920 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CLNN1k2QMum1aexUK7 1.1.1.8 57005 2.2.2.2 48879 tcp - 0.000930 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CBA8792iHmnhPLksKa 1.1.1.10 57005 2.2.2.2 48879 tcp - 0.000928 0 0 S0 F F 0 S 2 80 0 0 - 6
XXXXXXXXXX.XXXXXX CGLPPc35OzDQij1XX8 1234::e 57005 5678:: 48879 tcp - 0.001139 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CiyBAq1bBLNaTiTAc 1234::c 57005 5678:: 48879 tcp - 0.001027 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CFSwNi4CNGxcuffo49 1234::6 57005 5678:: 48879 tcp - 0.001055 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX Cipfzj1BEnhejw8cGf 1234::4 57005 5678:: 48879 tcp - 0.001018 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CV5WJ42jPYbNW9JNWf 1234::8 57005 5678:: 48879 tcp - 0.001029 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CPhDKt12KQPUVbQz06 1234::a 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CAnFrb2Cvxr5T7quOc 1234:: 57005 5678:: 48879 tcp - 0.001005 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX C8rquZ3DjgNW06JGLl 1234::2 57005 5678:: 48879 tcp - 0.001120 0 0 S0 F F 0 S 2 120 0 0 - 6
XXXXXXXXXX.XXXXXX CeP1sc28dOzbbYkbA 1.1.1.0 0 2.2.2.2 0 unknown_transport - 0.000839 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX CTrywc2ra7tcWn2af 1.1.1.0 0 2.2.2.2 0 unknown_transport - 0.000855 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 1.1.1.0 57005 2.2.2.2 48879 udp - 0.000926 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX Ck78JG32Y4I7AGp7Vb 1.1.1.1 0 2.2.2.2 0 unknown_transport - 0.000739 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX CzmEfj4RValNyLfT58 1.1.1.2 0 2.2.2.2 0 unknown_transport - 0.000854 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 1.1.1.2 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CaGCc13FffXe6RkQl9 1.1.1.4 0 2.2.2.2 0 unknown_transport - 0.000872 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 1.1.1.4 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CzrZOtXqhwwndQva3 1.1.1.6 0 2.2.2.2 0 unknown_transport - 0.000857 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.6 57005 2.2.2.2 48879 udp - 0.001243 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CCk2V03QgWwIurU3f 1.1.1.8 0 2.2.2.2 0 unknown_transport - 0.001019 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 1.1.1.8 57005 2.2.2.2 48879 udp - 0.000830 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX Cgc67J2CpHIVN7HAw4 1.1.1.10 0 2.2.2.2 0 unknown_transport - 0.001383 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 1.1.1.10 57005 2.2.2.2 48879 udp - 0.000843 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CeGt004UBsXLoZSeCg 1.1.1.12 0 2.2.2.2 0 unknown_transport - 0.000963 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 1.1.1.12 57005 2.2.2.2 48879 udp - 0.000847 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CNdne23ox8SQTgPoy3 1.1.1.14 0 2.2.2.2 0 unknown_transport - 0.000854 0 0 OTH F F 0 - 2 64 0 0 - 132
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 1.1.1.14 57005 2.2.2.2 48879 udp - 0.000880 0 0 S0 F F 0 D 2 56 0 0 - 17
XXXXXXXXXX.XXXXXX CAvUKGaEgLlR4i6t2 1.1.1.16 0 2.2.2.2 0 unknown_transport - 0.000754 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX COOKv01AQPAqfGMN9k 1.1.1.17 0 2.2.2.2 0 unknown_transport - 0.000730 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX C0JEpR1Ij6308CwEhh 1.1.1.64 0 2.2.2.2 0 unknown_transport - 0.000728 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX CDNchHwRoXhVzzHB2 1.1.1.65 0 2.2.2.2 0 unknown_transport - 0.000729 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX Cgwg7Z1MHA1YkiZmm3 1.1.1.80 0 2.2.2.2 0 unknown_transport - 0.000730 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX CQcXCjONUKqMfnhXb 1.1.1.81 0 2.2.2.2 0 unknown_transport - 0.000730 0 0 OTH F F 0 - 2 40 0 0 - 99
XXXXXXXXXX.XXXXXX CdY2UF17xGQ6lUx7e8 1234:: 0 5678:: 0 unknown_transport - 0.000766 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX CudMuD3jKHCaCU5CE 1234:: 0 5678:: 0 unknown_transport - 0.000789 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 1234:: 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CM4z3Z2rdNfyHYQ0Df 1234::1 0 5678:: 0 unknown_transport - 0.000663 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX CRJ9x54IaE7bkVEpad 1234::2 0 5678:: 0 unknown_transport - 0.000887 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 1234::2 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CD7vfu1qu4YJKe1nGi 1234::4 0 5678:: 0 unknown_transport - 0.000887 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 1234::4 57005 5678:: 48879 udp - 0.000905 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CKJVAj1rNx0nolFFc4 1234::6 0 5678:: 0 unknown_transport - 0.000785 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 1234::6 57005 5678:: 48879 udp - 0.000898 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CWhRtK3eXodviHmbo7 1234::8 0 5678:: 0 unknown_transport - 0.000785 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 1234::8 57005 5678:: 48879 udp - 0.001010 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CqVUM4vyqCacqFiud 1234::a 0 5678:: 0 unknown_transport - 0.000790 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 1234::a 57005 5678:: 48879 udp - 0.000894 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CImWJ03GsvPvA0P67i 1234::c 0 5678:: 0 unknown_transport - 0.000825 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 1234::c 57005 5678:: 48879 udp - 0.000902 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CgwPkWkJfuBIJsNi4 1234::e 0 5678:: 0 unknown_transport - 0.001182 0 0 OTH F F 0 - 2 104 0 0 - 132
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 1234::e 57005 5678:: 48879 udp - 0.001014 0 0 S0 F F 0 D 2 96 0 0 - 17
XXXXXXXXXX.XXXXXX CB0Ovs3cNZgLQ93FSh 1234::10 0 5678:: 0 unknown_transport - 0.000680 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX CkD1144ZtRYffh5zjg 1234::11 0 5678:: 0 unknown_transport - 0.000664 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX C1dGa34JRiYAKbMI0c 1234::40 0 5678:: 0 unknown_transport - 0.000665 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX C5pL731XEkARXOq253 1234::41 0 5678:: 0 unknown_transport - 0.000776 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX CVcd914ZFpaUisaVf2 1234::50 0 5678:: 0 unknown_transport - 0.000668 0 0 OTH F F 0 - 2 80 0 0 - 99
XXXXXXXXXX.XXXXXX CtEfXf4f39NRDu1Dr4 1234::51 0 5678:: 0 unknown_transport - 0.000665 0 0 OTH F F 0 - 2 80 0 0 - 99
#close XXXX-XX-XX-XX-XX-XX

18
testing/btest/Baseline/core.conn-size-threshold/.stdout
View file

@ -4,27 +4,27 @@
0
0
0 secs
Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp]
Threshold set for [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6]
3000
2000
63
50
100.0 msecs, 53.0 msecs 50.994873 usecs
triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 100.0 msecs, F, 105.0 msecs 79.889297 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 2000, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 3000, T
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 50, F
triggered duration, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6], 100.0 msecs, F, 105.0 msecs 79.889297 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6], 2000, F
triggered bytes, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6], 3000, T
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6], 50, F
0
0
0
0
0 secs
Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp]
Threshold set for [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp, proto=6]
3000
2000
63
50
0 secs, 176.0 msecs 573.038101 usecs
triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 100.0 msecs, T, 176.0 msecs 573.038101 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp], 2000, F
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp], 63, T
triggered duration, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp, proto=6], 100.0 msecs, T, 176.0 msecs 573.038101 usecs
triggered bytes, [orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp, proto=6], 2000, F
triggered packets, [orig_h=192.168.1.77, orig_p=57640/tcp, resp_h=66.198.80.67, resp_p=6667/tcp, proto=6], 63, T

86
testing/btest/Baseline/core.conn-uid/output
View file

@ -1,44 +1,44 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CHhAvVGS1DHFjwGM9
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], ClEkJM2Vm5giqnMf4h
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], C4J4Th3PJpwUYZZ6gc
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CtPZjS20MLrsMUOJi2
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], CmES5u32sYpV7JYN
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], CP5puj4I8PtEU4qzYg
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], C37jN32gN3y3AZzyf6
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], C0LAHyvtKSQHyJxIl
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], CFLRIC3zaTU1loLGxh
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], C9rXSW3KSpTYvPrlI1
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], C9mvWx3ezztgzcexV7
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], CNnMIj2QSd84NKf7U3
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], C7fIlMZDuRiqjpYbb
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], CpmdRlaUoJLN3uIRa
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], C1Xkzz2MaGtLrc1Tla
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], CqlVyW1YwZ15RhTBc4
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], CBA8792iHmnhPLksKa
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], CGLPPc35OzDQij1XX8
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], Cipfzj1BEnhejw8cGf
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], CV5WJ42jPYbNW9JNWf
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], CPhDKt12KQPUVbQz06
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], CAnFrb2Cvxr5T7quOc
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], C8rquZ3DjgNW06JGLl
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], CzrZOtXqhwwndQva3
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], CaGCc13FffXe6RkQl9
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp, proto=17], CHhAvVGS1DHFjwGM9
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp, proto=17], ClEkJM2Vm5giqnMf4h
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp, proto=17], C4J4Th3PJpwUYZZ6gc
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6], CtPZjS20MLrsMUOJi2
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6], CUM0KZ3MLUfNB0cl11
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6], CUM0KZ3MLUfNB0cl11
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CmES5u32sYpV7JYN
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CP5puj4I8PtEU4qzYg
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C37jN32gN3y3AZzyf6
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], C3eiCBGOLw3VtHfOj
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CwjjYJ2WqgTbAqiHl6
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C0LAHyvtKSQHyJxIl
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CFLRIC3zaTU1loLGxh
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C9rXSW3KSpTYvPrlI1
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], Ck51lg1bScffFj34Ri
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C9mvWx3ezztgzcexV7
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CNnMIj2QSd84NKf7U3
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C7fIlMZDuRiqjpYbb
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CykQaM33ztNt0csB9a
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CtxTCR2Yer0FR1tIBg
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CpmdRlaUoJLN3uIRa
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], C1Xkzz2MaGtLrc1Tla
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CqlVyW1YwZ15RhTBc4
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CLNN1k2QMum1aexUK7
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CBA8792iHmnhPLksKa
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17], CGLPPc35OzDQij1XX8
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6], CiyBAq1bBLNaTiTAc
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CwjjYJ2WqgTbAqiHl6
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], C3eiCBGOLw3VtHfOj
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], Ck51lg1bScffFj34Ri
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CtxTCR2Yer0FR1tIBg
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CykQaM33ztNt0csB9a
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6], CLNN1k2QMum1aexUK7
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6], CiyBAq1bBLNaTiTAc
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp, proto=6], CFSwNi4CNGxcuffo49
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp, proto=6], CFSwNi4CNGxcuffo49
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp, proto=17], Cipfzj1BEnhejw8cGf
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp, proto=17], CV5WJ42jPYbNW9JNWf
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17], CPhDKt12KQPUVbQz06
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp, proto=17], CAnFrb2Cvxr5T7quOc
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17], C8rquZ3DjgNW06JGLl
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp, proto=17], CzrZOtXqhwwndQva3
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp, proto=17], CaGCc13FffXe6RkQl9

4
testing/btest/Baseline/core.connection_flip_roles/out
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
schedule_analyzer, current conn_id, [orig_h=192.150.187.43, orig_p=80/tcp, resp_h=141.142.228.5, resp_p=59856/tcp]
schedule_analyzer, current conn_id, [orig_h=192.150.187.43, orig_p=80/tcp, resp_h=141.142.228.5, resp_p=59856/tcp, proto=6]
http_request, 1.1, GET, /download/CHANGES.bro-aux.txt
http_reply, 1.1, 200, OK
connection_state_remove, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
connection_state_remove, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6]

6
testing/btest/Baseline/core.connection_flipped/out
View file

@ -1,4 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1362692526.939084, new_connection, [orig_h=192.150.187.43, orig_p=80/tcp, resp_h=141.142.228.5, resp_p=59856/tcp, extra_id=42], H, 1362692526.939084
1362692526.939344, connection_flipped, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, extra_id=42], Hs^, 1362692526.939084
1362692527.080972, connection_state_remove, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, extra_id=42], Hs^ADadFf, 1362692526.939084
1362692526.939084, new_connection, [orig_h=192.150.187.43, orig_p=80/tcp, resp_h=141.142.228.5, resp_p=59856/tcp, proto=6, extra_id=42], H, 1362692526.939084
1362692526.939344, connection_flipped, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, extra_id=42], Hs^, 1362692526.939084
1362692527.080972, connection_state_remove, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=6, extra_id=42], Hs^ADadFf, 1362692526.939084

10
testing/btest/Baseline/core.connection_status_update/out
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
new_connection, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 1, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 2, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 3, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
connection_status_update, 4, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp]
new_connection, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp, proto=1]
connection_status_update, 1, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp, proto=1]
connection_status_update, 2, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp, proto=1]
connection_status_update, 3, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp, proto=1]
connection_status_update, 4, [orig_h=172.16.133.2, orig_p=8/icmp, resp_h=172.217.11.78, resp_p=0/icmp, proto=1]

38
testing/btest/Baseline/core.discarder/output
View file

@ -1,25 +1,25 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
################ IP Discarder ################
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
################ TCP Discarder ################
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
################ UDP Discarder ################
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp]
[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp, proto=17]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17]
[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp, proto=17]
################ ICMP Discarder ################
Discard icmp packet: [icmp_type=3]

6
testing/btest/Baseline/core.erspanI/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.133.2 8 172.217.11.78 0 icmp - 0.014360 280 280 OTH T F 0 - 5 420 5 420 CHhAvVGS1DHFjwGM9
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 172.16.133.2 8 172.217.11.78 0 icmp - 0.014360 280 280 OTH T F 0 - 5 420 5 420 CHhAvVGS1DHFjwGM9 1
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.erspanII/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 23.0.0.2 8 23.0.0.3 0 icmp - 0.001727 144 144 OTH F F 0 - 2 200 2 200 CHhAvVGS1DHFjwGM9
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 23.0.0.2 8 23.0.0.3 0 icmp - 0.001727 144 144 OTH F F 0 - 2 200 2 200 CHhAvVGS1DHFjwGM9 1
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.erspanIII/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.15.47 8 1.1.1.1 0 icmp - 0.004305 56 56 OTH T F 0 - 1 84 1 84 CHhAvVGS1DHFjwGM9
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.168.15.47 8 1.1.1.1 0 icmp - 0.004305 56 56 OTH T F 0 - 1 84 1 84 CHhAvVGS1DHFjwGM9 1
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.expire-all-timers/conn-all.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 0.000010 18 0 OTH T T 0 Da 1 58 1 40 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.1 51889 192.168.0.1 80 tcp - - - - OTH T T 0 D 1 58 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 0.000010 18 0 OTH T T 0 Da 1 58 1 40 - 6
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.0.1 51889 192.168.0.1 80 tcp - - - - OTH T T 0 D 1 58 0 0 - 6
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.expire-all-timers/conn-limited.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 300.000010 18 0 OTH T T 0 DaT 2 116 1 40 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.1 51889 192.168.0.1 80 tcp - 300.000010 18 0 OTH T T 0 DaT 2 116 1 40 - 6
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/core.expired-conn-weird/out
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
expired_conn_weird, test!, [orig_h=192.168.1.200, orig_p=49206/tcp, resp_h=192.168.1.150, resp_p=3389/tcp], CHhAvVGS1DHFjwGM9, test2
expired_conn_weird, test!, [orig_h=192.168.1.200, orig_p=49206/tcp, resp_h=192.168.1.150, resp_p=3389/tcp], CHhAvVGS1DHFjwGM9, test2
expired_conn_weird, test!, [orig_h=192.168.1.200, orig_p=49206/tcp, resp_h=192.168.1.150, resp_p=3389/tcp, proto=6], CHhAvVGS1DHFjwGM9, test2
expired_conn_weird, test!, [orig_h=192.168.1.200, orig_p=49206/tcp, resp_h=192.168.1.150, resp_p=3389/tcp, proto=6], CHhAvVGS1DHFjwGM9, test2

18
testing/btest/Baseline/core.expr-exception/output
View file

@ -1,19 +1,19 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ftp field missing
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
ftp field missing
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp]
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp, proto=6]

6
testing/btest/Baseline/core.history-flip/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_l2_addr resp_l2_addr
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF F F 0 ^hADdFaf 11 670 10 9945 - 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto orig_l2_addr resp_l2_addr
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.42.64.125 56730 125.190.109.199 80 tcp http 1.550793 98 9417 SF F F 0 ^hADdFaf 11 670 10 9945 - 6 00:d0:03:3b:f4:00 00:b0:c2:86:ec:00
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/core.icmp.icmp-context/output
View file

@ -1,13 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_unreachable (code=0)
conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=3, icode=0, len=0, ttl=64]
icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown, proto=1], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_unreachable (code=0)
conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=3, icode=0, len=20, ttl=64]
icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown, proto=1], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_unreachable (code=3)
conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp]
conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp, proto=1]
icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128]
icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp, proto=1], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]

16
testing/btest/Baseline/core.icmp.icmp-events/output
View file

@ -1,21 +1,21 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_unreachable (code=3)
conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp]
conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp, proto=1]
icmp_info: [v6=F, itype=3, icode=3, len=148, ttl=128]
icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp, proto=1], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_time_exceeded (code=0)
conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=11, icode=0, len=32, ttl=64]
icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp, proto=1], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64]
icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\x00\x0e\xeb\xff\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56]
icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=8, icode=0, len=56, ttl=64]
icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\x00\x0e\xf0}\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp, proto=1]
icmp_info: [v6=F, itype=0, icode=0, len=56, ttl=56]

16
testing/btest/Baseline/core.icmp.icmp6-context/output
View file

@ -1,17 +1,17 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_unreachable (code=0)
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=1, icode=0, len=0, ttl=64]
icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown, proto=58], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_unreachable (code=0)
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=1, icode=0, len=40, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown, proto=58], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_unreachable (code=0)
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp, proto=58], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_unreachable (code=0)
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=1, icode=0, len=48, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown, proto=58], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]

42
testing/btest/Baseline/core.icmp.icmp6-events/output
View file

@ -1,46 +1,46 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_unreachable (code=0)
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=1, icode=0, len=60, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp, proto=58], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_packet_too_big (code=0)
conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=2, icode=0, len=52, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp, proto=58], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_time_exceeded (code=0)
conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=3, icode=0, len=52, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp, proto=58], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_parameter_problem (code=0)
conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=4, icode=0, len=52, ttl=64]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp, proto=58], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128]
icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47]
icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128]
icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47]
icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128]
icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47]
icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=128, icode=0, len=32, ttl=128]
icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi)
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp, proto=58]
icmp_info: [v6=T, itype=129, icode=0, len=32, ttl=47]
icmp_redirect (tgt=fe80::cafe, dest=fe80::babe)
conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp]
conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp, proto=58]
icmp_info: [v6=T, itype=137, icode=0, len=32, ttl=255]
options: []
icmp_router_advertisement
@ -54,21 +54,21 @@ icmp_router_advertisement
router_lifetime=30.0 mins
reachable_time=3.0 secs 700.0 msecs
retrans_timer=1.0 sec 300.0 msecs
conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp]
conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp, proto=58]
icmp_info: [v6=T, itype=134, icode=0, len=8, ttl=255]
options: []
icmp_neighbor_advertisement (tgt=fe80::babe)
router=T
solicited=F
override=T
conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp]
conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp, proto=58]
icmp_info: [v6=T, itype=136, icode=0, len=16, ttl=255]
options: []
icmp_router_solicitation
conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp]
conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp, proto=58]
icmp_info: [v6=T, itype=133, icode=0, len=0, ttl=255]
options: []
icmp_neighbor_solicitation (tgt=fe80::babe)
conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp]
conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp, proto=58]
icmp_info: [v6=T, itype=135, icode=0, len=16, ttl=255]
options: []

2
testing/btest/Baseline/core.icmp.icmp6-nd-options/output
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_redirect options
[otype=4, len=8, link_address=<uninitialized>, prefix=<uninitialized>, redirect=[id=[orig_h=fe80::aaaa, orig_p=30000/udp, resp_h=fe80::bbbb, resp_p=13000/udp], len=56, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F], mtu=<uninitialized>, payload=<uninitialized>]
[otype=4, len=8, link_address=<uninitialized>, prefix=<uninitialized>, redirect=[id=[orig_h=fe80::aaaa, orig_p=30000/udp, resp_h=fe80::bbbb, resp_p=13000/udp, proto=58], len=56, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F], mtu=<uninitialized>, payload=<uninitialized>]
icmp_neighbor_advertisement options
[otype=2, len=1, link_address=\xc2\x00T\xf5\x00\x00, prefix=<uninitialized>, redirect=<uninitialized>, mtu=<uninitialized>, payload=<uninitialized>]
MAC: c20054f50000

4
testing/btest/Baseline/core.icmp.icmp_sent/out
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1]
icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [v6=T, itype=143, icode=0, len=20, ttl=1], 20
icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp, proto=58], [v6=T, itype=143, icode=0, len=20, ttl=1]
icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp, proto=58], [v6=T, itype=143, icode=0, len=20, ttl=1], 20

8
testing/btest/Baseline/core.ipv6-atomic-frag/output
View file

@ -1,5 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=2001:db8:1::2, orig_p=36951/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp]
[orig_h=2001:db8:1::2, orig_p=59694/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp]
[orig_h=2001:db8:1::2, orig_p=27393/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp]
[orig_h=2001:db8:1::2, orig_p=45805/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp]
[orig_h=2001:db8:1::2, orig_p=36951/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp, proto=6]
[orig_h=2001:db8:1::2, orig_p=59694/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp, proto=6]
[orig_h=2001:db8:1::2, orig_p=27393/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp, proto=6]
[orig_h=2001:db8:1::2, orig_p=45805/tcp, resp_h=2001:db8:1::1, resp_p=80/tcp, proto=6]

44
testing/btest/Baseline/core.ipv6-flow-labels/output
View file

@ -1,75 +1,75 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp]
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp]
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp]
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp, proto=6]
orig_flow 0
resp_flow 7407
old_label 0
new_label 7407
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp]
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp]
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp]
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp, proto=6]
orig_flow 0
resp_flow 176012
old_label 0
new_label 176012
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp]
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp]
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp]
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp, proto=6]
orig_flow 0
resp_flow 390927
old_label 0
new_label 390927
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp]
new_connection: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp]
connection_established: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp, proto=6]
orig_flow 0
resp_flow 0
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp]
connection_flow_label_changed(resp): [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp, proto=6]
orig_flow 0
resp_flow 364705
old_label 0
new_label 364705
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp]
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49186/tcp, resp_h=2001:470:4867:99::21, resp_p=57086/tcp, proto=6]
orig_flow 0
resp_flow 176012
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp]
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49187/tcp, resp_h=2001:470:4867:99::21, resp_p=57087/tcp, proto=6]
orig_flow 0
resp_flow 390927
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp]
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49188/tcp, resp_h=2001:470:4867:99::21, resp_p=57088/tcp, proto=6]
orig_flow 0
resp_flow 364705
new_connection: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp]
new_connection: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp, proto=6]
orig_flow 267377
resp_flow 0
connection_established: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp]
connection_established: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp, proto=6]
orig_flow 267377
resp_flow 126027
new_connection: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp]
new_connection: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp, proto=6]
orig_flow 355265
resp_flow 0
connection_established: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp]
connection_established: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp, proto=6]
orig_flow 355265
resp_flow 126028
connection_state_remove: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp]
connection_state_remove: [orig_h=2001:470:4867:99::21, orig_p=55785/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49189/tcp, proto=6]
orig_flow 267377
resp_flow 126027
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp]
connection_state_remove: [orig_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, orig_p=49185/tcp, resp_h=2001:470:4867:99::21, resp_p=21/tcp, proto=6]
orig_flow 0
resp_flow 7407
connection_state_remove: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp]
connection_state_remove: [orig_h=2001:470:4867:99::21, orig_p=55647/tcp, resp_h=2001:470:1f11:81f:c999:d94:aa7c:2e3e, resp_p=49190/tcp, proto=6]
orig_flow 355265
resp_flow 126028

2
testing/btest/Baseline/core.ipv6_ext_headers/output
View file

@ -1,4 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2
[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp]
[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp, proto=17]
[ip=<uninitialized>, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\x00\x00\x00\x00]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\x00\x00\x00\x00 \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x01 \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x02], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=<uninitialized>]

2
testing/btest/Baseline/core.ipv6_zero_len_ah/output
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=2000:1300::1, orig_p=128/icmp, resp_h=2000:1300::2, resp_p=129/icmp]
[orig_h=2000:1300::1, orig_p=128/icmp, resp_h=2000:1300::2, resp_p=129/icmp, proto=58]
[ip=<uninitialized>, ip6=[class=0, flow=0, len=166, nxt=51, hlim=255, src=2000:1300::1, dst=2000:1300::2, exts=[[id=51, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=[nxt=58, len=0, rsv=0, spi=0, seq=<uninitialized>, data=<uninitialized>], esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=<uninitialized>, icmp=[icmp_type=128]]

8
testing/btest/Baseline/core.linuxsll2/.stdout
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=192.0.2.1, orig_p=8/icmp, resp_h=192.0.2.1, resp_p=0/icmp], [v6=F, itype=8, icode=0, len=56, ttl=64], 8, 1
[orig_h=192.0.2.1, orig_p=8/icmp, resp_h=192.0.2.1, resp_p=0/icmp], [v6=F, itype=0, icode=0, len=56, ttl=64], 8, 1
[orig_h=fe80::8c36:6ff:fe44:acaf, orig_p=128/icmp, resp_h=fe80::8c36:6ff:fe44:acaf, resp_p=129/icmp], [v6=T, itype=128, icode=0, len=56, ttl=64], 9, 1
[orig_h=fe80::8c36:6ff:fe44:acaf, orig_p=128/icmp, resp_h=fe80::8c36:6ff:fe44:acaf, resp_p=129/icmp], [v6=T, itype=129, icode=0, len=56, ttl=64], 9, 1
[orig_h=192.0.2.1, orig_p=8/icmp, resp_h=192.0.2.1, resp_p=0/icmp, proto=1], [v6=F, itype=8, icode=0, len=56, ttl=64], 8, 1
[orig_h=192.0.2.1, orig_p=8/icmp, resp_h=192.0.2.1, resp_p=0/icmp, proto=1], [v6=F, itype=0, icode=0, len=56, ttl=64], 8, 1
[orig_h=fe80::8c36:6ff:fe44:acaf, orig_p=128/icmp, resp_h=fe80::8c36:6ff:fe44:acaf, resp_p=129/icmp, proto=58], [v6=T, itype=128, icode=0, len=56, ttl=64], 9, 1
[orig_h=fe80::8c36:6ff:fe44:acaf, orig_p=128/icmp, resp_h=fe80::8c36:6ff:fe44:acaf, resp_p=129/icmp, proto=58], [v6=T, itype=129, icode=0, len=56, ttl=64], 9, 1
8e:36:06:44:ac:af, 00:00:00:00:00:00, 192.0.2.1, 8e:36:06:44:ac:af, 192.0.2.2, 00:00:00:00:00:00

2
testing/btest/Baseline/core.mobile-ipv6-home-addr/output
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=2001:78:1:32::1, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp]
[orig_h=2001:78:1:32::1, orig_p=30000/udp, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=13000/udp, proto=17]
[ip=<uninitialized>, ip6=[class=0, flow=0, len=36, nxt=60, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=60, hopopts=<uninitialized>, dstopts=[nxt=17, len=2, options=[[otype=1, len=2, data=\x00\x00], [otype=201, len=16, data= \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x01]]], routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=<uninitialized>]

2
testing/btest/Baseline/core.mobile-ipv6-routing/output
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:78:1:32::1, resp_p=13000/udp]
[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=30000/udp, resp_h=2001:78:1:32::1, resp_p=13000/udp, proto=17]
[ip=<uninitialized>, ip6=[class=0, flow=0, len=36, nxt=43, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=17, len=2, rtype=2, segleft=1, data=\x00\x00\x00\x00 \x01\x00x\x00\x01\x002\x00\x00\x00\x00\x00\x00\x00\x01], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=30000/udp, dport=13000/udp, ulen=12], icmp=<uninitialized>]

10
testing/btest/Baseline/core.mpls-in-vlan/conn.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 257 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH F F 0 ^d 0 0 1 1500 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 710 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 65.65.65.65 19244 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 257 0 0 - 6
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 65.65.65.65 32828 65.65.65.65 80 tcp - - - - OTH F F 0 ^d 0 0 1 1500 - 6
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 65.65.65.65 61193 65.65.65.65 80 tcp - - - - OTH F F 0 D 1 710 0 0 - 6
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.pbb/conn.log
View file

@ -5,7 +5,9 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.199.249.11 49601 10.199.249.12 49416 tcp - 0.002215 209 0 SF T T 0 ShADFaf 5 421 3 132 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.199.242.132 0 224.0.0.5 0 unknown_transport - - - - OTH T F 0 - 1 76 0 0 - 89
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 10.199.245.2 0 224.0.0.18 0 unknown_transport - - - - OTH T F 0 - 1 40 0 0 - 112
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.199.249.11 49601 10.199.249.12 49416 tcp - 0.002215 209 0 SF T T 0 ShADFaf 5 421 3 132 - 6
#close XXXX-XX-XX-XX-XX-XX

36
testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
View file

@ -5,22 +5,22 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 73 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF F F 0 Dd 1 66 1 117 -
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF F F 0 Dd 1 80 1 127 -
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF F F 0 Dd 1 66 1 211 -
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF F F 0 Dd 1 64 1 159 -
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF F F 0 Dd 1 64 1 226 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH F F 0 D 1 515 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 F F 0 D 1 73 0 0 - 17
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF F F 0 Dd 1 66 1 117 - 17
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF F F 0 Dd 1 80 1 127 - 17
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF F F 0 Dd 1 66 1 211 - 17
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF F F 0 Dd 1 66 1 117 - 17
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF F F 0 Dd 1 80 1 127 - 17
XXXXXXXXXX.XXXXXX C37jN32gN3y3AZzyf6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF F F 0 Dd 1 66 1 211 - 17
XXXXXXXXXX.XXXXXX C3eiCBGOLw3VtHfOj 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF F F 0 Dd 1 66 1 117 - 17
XXXXXXXXXX.XXXXXX CwjjYJ2WqgTbAqiHl6 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF F F 0 Dd 1 80 1 127 - 17
XXXXXXXXXX.XXXXXX C0LAHyvtKSQHyJxIl 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF F F 0 Dd 1 66 1 211 - 17
XXXXXXXXXX.XXXXXX CFLRIC3zaTU1loLGxh 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF F F 0 Dd 1 66 1 117 - 17
XXXXXXXXXX.XXXXXX C9rXSW3KSpTYvPrlI1 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF F F 0 Dd 1 80 1 127 - 17
XXXXXXXXXX.XXXXXX Ck51lg1bScffFj34Ri 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF F F 0 Dd 1 66 1 211 - 17
XXXXXXXXXX.XXXXXX C9mvWx3ezztgzcexV7 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF F F 0 Dd 1 64 1 159 - 17
XXXXXXXXXX.XXXXXX CNnMIj2QSd84NKf7U3 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF F F 0 Dd 1 64 1 226 - 17
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 141.142.220.118 35634 208.80.152.2 80 tcp - - - - OTH F F 0 D 1 515 0 0 - 6
#close XXXX-XX-XX-XX-XX-XX

60
testing/btest/Baseline/core.pcap.dynamic-filter/output
View file

@ -1,31 +1,31 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1, [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
2, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp]
3, [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp]
4, [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp]
5, [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp]
6, [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp]
7, [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp]
8, [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp]
9, [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp]
10, [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp]
11, [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp]
12, [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp]
13, [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp]
14, [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp]
15, [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp]
16, [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp]
17, [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp]
18, [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp]
19, [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp]
20, [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp]
21, [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp]
22, [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp]
23, [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp]
24, [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp]
25, [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp]
26, [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp]
27, [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp]
28, [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp]
29, [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp]
30, [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp]
1, [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp, proto=17]
2, [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp, proto=6]
3, [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
4, [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
5, [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
6, [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
7, [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
8, [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
9, [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
10, [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
11, [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
12, [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
13, [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
14, [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
15, [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
16, [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
17, [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
18, [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
19, [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
20, [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
21, [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
22, [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
23, [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
24, [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
25, [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
26, [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
27, [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
28, [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
29, [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]
30, [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp, proto=17]

6
testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 F F 0 ShADad 6 1468 4 950 - 6
#close XXXX-XX-XX-XX-XX-XX

10
testing/btest/Baseline/core.ppp/conn.log
View file

@ -5,9 +5,9 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
0.000000 CHhAvVGS1DHFjwGM9 :: 135 ff02::1:ff00:3 136 icmp - 0.008000 48 0 OTH T F 0 - 2 144 0 0 -
0.016059 ClEkJM2Vm5giqnMf4h :: 135 ff02::1:ff00:4 136 icmp - 0.002000 48 0 OTH T F 0 - 2 144 0 0 -
0.669020 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 udp - 0.112400 4039 11996 SF F F 0 Dd 10 4319 12 12332 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
0.000000 CHhAvVGS1DHFjwGM9 :: 135 ff02::1:ff00:3 136 icmp - 0.008000 48 0 OTH T F 0 - 2 144 0 0 - 58
0.016059 ClEkJM2Vm5giqnMf4h :: 135 ff02::1:ff00:4 136 icmp - 0.002000 48 0 OTH T F 0 - 2 144 0 0 - 58
0.669020 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 udp - 0.112400 4039 11996 SF F F 0 Dd 10 4319 12 12332 - 17
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.pppoe-over-qinq/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.1 20394 2.2.2.2 443 tcp - 273.626833 11352 4984 SF F F 0 ShADdtaTTtFf 44 25283 42 13001 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 1.1.1.1 20394 2.2.2.2 443 tcp - 273.626833 11352 4984 SF F F 0 ShADdtaTTtFf 44 25283 42 13001 - 6
#close XXXX-XX-XX-XX-XX-XX

18
testing/btest/Baseline/core.pppoe/conn.log
View file

@ -5,13 +5,13 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH T T 0 - 5 500 5 500 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH T T 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 T T 0 D 2 288 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH T F 0 - 1 64 0 0 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH T F 0 - 8 608 0 0 -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 48 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 T F 0 D 2 210 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg fc00:0:2:100::1:1 128 fc00::1 129 icmp - 0.156000 260 260 OTH T T 0 - 5 500 5 500 - 58
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 fe80::c801:eff:fe88:8 134 fe80::ce05:eff:fe88:0 133 icmp - - - - OTH T T 0 - 1 64 0 0 - 58
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN fe80::c801:eff:fe88:8 547 fe80::ce05:eff:fe88:0 546 udp - 0.096000 192 0 S0 T T 0 D 2 288 0 0 - 17
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::c801:eff:fe88:8 136 ff02::1 135 icmp - - - - OTH T F 0 - 1 64 0 0 - 58
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fe80::c801:eff:fe88:8 143 ff02::16 0 icmp - 0.835000 160 0 OTH T F 0 - 8 608 0 0 - 58
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc fe80::ce05:eff:fe88:0 133 ff02::2 134 icmp - - - - OTH T F 0 - 1 48 0 0 - 58
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 fe80::ce05:eff:fe88:0 546 ff02::1:2 547 udp - 0.078000 114 0 S0 T F 0 D 2 210 0 0 - 17
#close XXXX-XX-XX-XX-XX-XX

6
testing/btest/Baseline/core.print-bpf-filters/conn.log
View file

@ -5,7 +5,7 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF T T 0 ShADadfF 7 381 7 3801 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.20.80.1 50343 10.0.0.15 80 tcp http 0.004152 9 3429 SF T T 0 ShADadfF 7 381 7 3801 - 6
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.q-in-q/conn.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 T T 0 D 2 92 0 0 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 F F 0 D 2 608 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.19.51.37 47808 172.19.51.63 47808 udp - 0.000100 36 0 S0 T T 0 D 2 92 0 0 - 17
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 193.1.186.60 9875 224.2.127.254 9875 udp - 0.000139 552 0 S0 F F 0 D 2 608 0 0 - 17
#close XXXX-XX-XX-XX-XX-XX

8
testing/btest/Baseline/core.radiotap/conn.log
View file

@ -5,8 +5,8 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF T F 0 Dd 1 63 1 156 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 T F 0 D 1 328 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.041654 35 128 SF T F 0 Dd 1 63 1 156 - 17
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 T F 0 D 1 328 0 0 - 17
#close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/core.reassembly/output
View file

@ -23,10 +23,10 @@ net_weird, truncated_IP_len
net_weird, truncated_IP_len
net_weird, truncated_IP_len
net_weird, truncated_IP_len
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], dgphrodofqhq, orgmmpelofil, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], lenhfdqhqfgs, dfpqssidkpdg, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr, A
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml, A
net_weird, truncated_IP_len
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?>\x0d\x0a<g:searchrequest xmlns:g=, OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?igplqgeqsonkllfshdjplhjspmde, AP
rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp, proto=6], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?>\x0d\x0a<g:searchrequest xmlns:g=, OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?igplqgeqsonkllfshdjplhjspmde, AP

18
testing/btest/Baseline/core.skip_analyzer/conn.log
View file

@ -5,13 +5,13 @@
#unset_field -
#path conn
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 40264 172.28.2.3 22 tcp - 3.157831 952 1671 SF F T 0 ShAdDaFf 12 1584 10 2199 -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF F F 0 Dd 1 76 1 76 -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH F T 0 - 4 336 4 336 -
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 F T 0 D 2 122 0 0 -
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH T F 0 - 2 178 0 0 -
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents ip_proto
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] count
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 66.59.111.190 40264 172.28.2.3 22 tcp - 3.157831 952 1671 SF F T 0 ShAdDaFf 12 1584 10 2199 - 6
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 66.59.111.190 123 18.26.4.105 123 udp - 0.074086 48 48 SF F F 0 Dd 1 76 1 76 - 17
XXXXXXXXXX.XXXXXX CmES5u32sYpV7JYN 66.59.111.190 123 66.59.111.182 123 udp - 0.056629 48 48 SF F F 0 Dd 1 76 1 76 - 17
XXXXXXXXXX.XXXXXX CP5puj4I8PtEU4qzYg 66.59.111.190 123 129.170.17.4 123 udp - 0.072374 48 48 SF F F 0 Dd 1 76 1 76 - 17
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 66.59.111.190 8 172.28.2.3 0 icmp - 3.061298 224 224 OTH F T 0 - 4 336 4 336 - 1
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 66.59.111.190 37675 172.28.2.3 53 udp - 5.001141 66 0 S0 F T 0 D 2 122 0 0 - 17
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 172.28.2.3 3 66.59.111.190 3 icmp - 4.994662 122 0 OTH T F 0 - 2 178 0 0 - 1
#close XXXX-XX-XX-XX-XX-XX

Some files were not shown because too many files have changed in this diff Show more