Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into dev/2.7

Browse source 
* origin/master:
  Fix typo in Sessions.h
  Update baselines for SSH capabilities fix
  Fix SSH analyzer bug where is_server in capabilities is wrong.
  Revert DNS query 255 from ANY to *
  Missing commas...
  Fix typo in dce-rpc consts
  Refactor to use consistent numeric type in dce_rpc. Add missing DNS query type codes
  Add DCE_RPC exchange_mapi operations to relevant consts.bro file
  GH-186: fix JSON formatting of timestamps before Unix epoch
  Fix test baseline for plugin skeleton update
  Fix crash when modifying a table from within its &expire_func
  Convert site::local_nets, etc. into options.
  GH-184: add `bro-config --build_type`, outputs CMake build type
  Updating submodule(s).
  Add return value checks for some RPC parsing functions
  Add 'fallthrough' comment to a switch/case block
  Improve broker.remote_id unit test
  Increase broker unit test timeout intervals
This commit is contained in:
Jon Siwek 2018-10-16 16:50:27 -05:00
commit 45526e6063
44 changed files with 597 additions and 339 deletions
Download patch file Download diff file Expand all files Collapse all files

56
CHANGES
View file

@ -1,4 +1,60 @@
2.6-beta2-40 | 2018-10-16 15:37:49 -0500
* Change DNP3::function_codes name for request 0x21 (Dale Lakes)
* Fix resource record type names in DNS::query_types for 41 and 100 (Dale Lakes)
* Add missing DNS resource record types to DNS::query_types (Dale Lakes)
* Refactor DCE_RPC constants to be specified in hex instead of decimal (Dale Lakes)
2.6-beta2-35 | 2018-10-16 13:41:15 -0500
* Update baselines for SSH capabilities fix (Vlad Grigorescu)
* Fix SSH analyzer bug where is_server in capabilities is wrong. (Vlad Grigorescu)
2.6-beta2-32 | 2018-10-16 09:22:54 -0700
* Fix typo in Sessions.h (Eiji Yanagi (Cisco))
2.6-beta2-31 | 2018-10-15 16:42:36 -0500
* Add DCE_RPC exchange_mapi operations to relevant consts.bro file (Dale Lakes)
2.6-beta2-29 | 2018-10-12 21:30:19 +0000
* GH-186: fix JSON formatting of timestamps before Unix epoch (Jon Siwek, Corelight)
2.6-beta2-28 | 2018-10-12 12:48:33 -0400
* Fix test baseline for plugin skeleton update (Jon Siwek, Corelight)
2.6-beta2-27 | 2018-10-12 12:18:02 -0400
* Convert site::local_nets, etc. into options. (Johanna Amann)
2.6-beta2-25 | 2018-10-12 08:33:32 -0400
* Fix crash when modifying a table from within its &expire_func (Jon Siwek, Corelight)
2.6-beta2-24 | 2018-10-05 14:24:34 -0500
* GH-184: add `bro-config --build_type`, outputs CMake build type (Jon Siwek, Corelight)
2.6-beta2-22 | 2018-10-04 11:31:48 -0500
* Add return value checks for some RPC parsing functions (Jon Siwek, Corelight)
* Add 'fallthrough' comment to a switch/case block (Jon Siwek, Corelight)
2.6-beta2-20 | 2018-10-03 15:47:26 -0500
* Improve broker.remote_id unit test (Jon Siwek, Corelight)
* Increase broker unit test timeout intervals (Jon Siwek, Corelight)
2.6-beta2-18 | 2018-10-03 11:09:04 -0500
* Fix memory leak in broker type checking (Jon Siwek, Corelight)

1
CMakeLists.txt
View file

@ -230,6 +230,7 @@ if ( NOT BINARY_PACKAGING_MODE )
set(BRO_DIST ${CMAKE_SOURCE_DIR})
endif ()
string(TOLOWER ${CMAKE_BUILD_TYPE} CMAKE_BUILD_TYPE_LOWER)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bro-config.h.in
${CMAKE_CURRENT_BINARY_DIR}/bro-config.h)
include_directories(${CMAKE_CURRENT_BINARY_DIR})

6
NEWS
View file

@ -577,6 +577,12 @@ Changed Functionality
indicated whether each Bro process was the "parent" or "child", but this
is no longer relevant because each Bro node now runs as a single process.
- The ``DNP3::function_codes`` name for request 0x21 has been corrected from
"AUTHENTICATE_ERR" to "AUTHENTICATE_REQ_NR".
- The ``DNS::query_types`` names for resource records 41 and 100 have been
corrected from "EDNS" to "OPT" and "DINFO" to "UINFO", respectively.
Removed Functionality
---------------------

2
VERSION
View file

@ -1 +1 @@
2.6-beta2-18
2.6-beta2-40

2
aux/bro-aux

@ -1 +1 @@
Subproject commit db3c064f084090cda60d0511c74908b6cec092f8
Subproject commit 6fefde7e3e3a675f2359084f0dfa938a62da398c

2
aux/broker

@ -1 +1 @@
Subproject commit 5bc2184081c3edc44398b15f92d67d4a85d0b44b
Subproject commit a843bfab047999386c6268a47bb2f6969b7bbaf7

6
bro-config.in
View file

@ -1,6 +1,7 @@
#!/bin/sh
version=@VERSION@
build_type=@CMAKE_BUILD_TYPE_LOWER@
prefix=@CMAKE_INSTALL_PREFIX@
script_dir=@BRO_SCRIPT_INSTALL_PATH@
site_dir=@BRO_SCRIPT_INSTALL_PATH@/site
@ -16,7 +17,7 @@ caf_root=@BRO_CONFIG_CAF_ROOT_DIR@
broker_root=@BRO_CONFIG_BROKER_ROOT_DIR@
usage="\
Usage: bro-config [--version] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]"
Usage: bro-config [--version] [--build_type] [--prefix] [--script_dir] [--site_dir] [--plugin_dir] [--config_dir] [--python_dir] [--include_dir] [--cmake_dir] [--bropath] [--bro_dist] [--binpac_root] [--caf_root] [--broker_root]"
if [ $# -eq 0 ] ; then
echo "${usage}" 1>&2
@ -36,6 +37,9 @@ while [ $# -ne 0 ]; do
--prefix)
echo $prefix
;;
--build_type)
echo $build_type
;;
--script_dir)
echo $script_dir
;;

455
scripts/base/protocols/dce-rpc/consts.bro
View file

@ -101,259 +101,259 @@ export {
const operations: table[string,count] of string = {
# atsvc
["1ff70682-0a51-30e8-076d-740be8cee98b",0] = "NetrJobAdd",
["1ff70682-0a51-30e8-076d-740be8cee98b",1] = "NetrJobDel",
["1ff70682-0a51-30e8-076d-740be8cee98b",2] = "NetrJobEnum",
["1ff70682-0a51-30e8-076d-740be8cee98b",3] = "NetrJobGetInfo",
["1ff70682-0a51-30e8-076d-740be8cee98b",0x00] = "NetrJobAdd",
["1ff70682-0a51-30e8-076d-740be8cee98b",0x01] = "NetrJobDel",
["1ff70682-0a51-30e8-076d-740be8cee98b",0x02] = "NetrJobEnum",
["1ff70682-0a51-30e8-076d-740be8cee98b",0x03] = "NetrJobGetInfo",
# sasec
["378e52b0-c0a9-11cf-822d-00aa0051e40f",0] = "SASetAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",1] = "SASetNSAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",2] = "SAGetNSAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",3] = "SAGetAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x00] = "SASetAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x01] = "SASetNSAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x02] = "SAGetNSAccountInformation",
["378e52b0-c0a9-11cf-822d-00aa0051e40f",0x03] = "SAGetAccountInformation",
# idletask
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0] = "ItSrvRegisterIdleTask",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",1] = "ItSrvUnregisterIdleTask",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",2] = "ItSrvProcessIdleTasks",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",3] = "ItSrvSetDetectionParameters",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x00] = "ItSrvRegisterIdleTask",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x01] = "ItSrvUnregisterIdleTask",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x02] = "ItSrvProcessIdleTasks",
["0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53",0x03] = "ItSrvSetDetectionParameters",
# ITaskSchedulerService
["86d35949-83c9-4044-b424-db363231fd0c",0] = "SchRpcHighestVersion",
["86d35949-83c9-4044-b424-db363231fd0c",1] = "SchRpcRegisterTask",
["86d35949-83c9-4044-b424-db363231fd0c",2] = "SchRpcRetrieveTask",
["86d35949-83c9-4044-b424-db363231fd0c",3] = "SchRpcCreateFolder",
["86d35949-83c9-4044-b424-db363231fd0c",4] = "SchRpcSetSecurity",
["86d35949-83c9-4044-b424-db363231fd0c",5] = "SchRpcGetSecurity",
["86d35949-83c9-4044-b424-db363231fd0c",6] = "SchRpcEnumFolder",
["86d35949-83c9-4044-b424-db363231fd0c",7] = "SchRpcEnumTasks",
["86d35949-83c9-4044-b424-db363231fd0c",8] = "SchRpcEnumInstances",
["86d35949-83c9-4044-b424-db363231fd0c",9] = "SchRpcGetInstanceInfo",
["86d35949-83c9-4044-b424-db363231fd0c",10] = "SchRpcStopInstance",
["86d35949-83c9-4044-b424-db363231fd0c",11] = "SchRpcStop",
["86d35949-83c9-4044-b424-db363231fd0c",12] = "SchRpcRun",
["86d35949-83c9-4044-b424-db363231fd0c",13] = "SchRpcDelete",
["86d35949-83c9-4044-b424-db363231fd0c",14] = "SchRpcRename",
["86d35949-83c9-4044-b424-db363231fd0c",15] = "SchRpcScheduledRuntimes",
["86d35949-83c9-4044-b424-db363231fd0c",16] = "SchRpcGetLastRunInfo",
["86d35949-83c9-4044-b424-db363231fd0c",17] = "SchRpcGetTaskInfo",
["86d35949-83c9-4044-b424-db363231fd0c",0x00] = "SchRpcHighestVersion",
["86d35949-83c9-4044-b424-db363231fd0c",0x01] = "SchRpcRegisterTask",
["86d35949-83c9-4044-b424-db363231fd0c",0x02] = "SchRpcRetrieveTask",
["86d35949-83c9-4044-b424-db363231fd0c",0x03] = "SchRpcCreateFolder",
["86d35949-83c9-4044-b424-db363231fd0c",0x04] = "SchRpcSetSecurity",
["86d35949-83c9-4044-b424-db363231fd0c",0x05] = "SchRpcGetSecurity",
["86d35949-83c9-4044-b424-db363231fd0c",0x06] = "SchRpcEnumFolder",
["86d35949-83c9-4044-b424-db363231fd0c",0x07] = "SchRpcEnumTasks",
["86d35949-83c9-4044-b424-db363231fd0c",0x08] = "SchRpcEnumInstances",
["86d35949-83c9-4044-b424-db363231fd0c",0x09] = "SchRpcGetInstanceInfo",
["86d35949-83c9-4044-b424-db363231fd0c",0x0a] = "SchRpcStopInstance",
["86d35949-83c9-4044-b424-db363231fd0c",0x0b] = "SchRpcStop",
["86d35949-83c9-4044-b424-db363231fd0c",0x0c] = "SchRpcRun",
["86d35949-83c9-4044-b424-db363231fd0c",0x0d] = "SchRpcDelete",
["86d35949-83c9-4044-b424-db363231fd0c",0x0e] = "SchRpcRename",
["86d35949-83c9-4044-b424-db363231fd0c",0x0f] = "SchRpcScheduledRuntimes",
["86d35949-83c9-4044-b424-db363231fd0c",0x10] = "SchRpcGetLastRunInfo",
["86d35949-83c9-4044-b424-db363231fd0c",0x11] = "SchRpcGetTaskInfo",
# IObjectExporter
["99fcfec4-5260-101b-bbcb-00aa0021347a",0] = "ResolveOxid",
["99fcfec4-5260-101b-bbcb-00aa0021347a",1] = "SimplePing",
["99fcfec4-5260-101b-bbcb-00aa0021347a",2] = "ComplexPing",
["99fcfec4-5260-101b-bbcb-00aa0021347a",3] = "ServerAlive",
["99fcfec4-5260-101b-bbcb-00aa0021347a",4] = "ResolveOxid2",
["99fcfec4-5260-101b-bbcb-00aa0021347a",5] = "ServerAlive2",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x00] = "ResolveOxid",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x01] = "SimplePing",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x02] = "ComplexPing",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x03] = "ServerAlive",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x04] = "ResolveOxid2",
["99fcfec4-5260-101b-bbcb-00aa0021347a",0x05] = "ServerAlive2",
# IActivation
["4d9f4ab8-7d1c-11cf-861e-0020af6e7c57",0] = "RemoteActivation",
["4d9f4ab8-7d1c-11cf-861e-0020af6e7c57",0x00] = "RemoteActivation",
# nspi
["f5cc5a18-4264-101a-8c59-08002b2f8426",0] = "NspiBind",
["f5cc5a18-4264-101a-8c59-08002b2f8426",1] = "NspiUnbind",
["f5cc5a18-4264-101a-8c59-08002b2f8426",2] = "NspiUpdateStat",
["f5cc5a18-4264-101a-8c59-08002b2f8426",3] = "NspiQueryRows",
["f5cc5a18-4264-101a-8c59-08002b2f8426",4] = "NspiSeekEntries",
["f5cc5a18-4264-101a-8c59-08002b2f8426",5] = "NspiGetMatches",
["f5cc5a18-4264-101a-8c59-08002b2f8426",6] = "NspiResortRestriction",
["f5cc5a18-4264-101a-8c59-08002b2f8426",7] = "NspiDNToEph",
["f5cc5a18-4264-101a-8c59-08002b2f8426",8] = "NspiGetPropList",
["f5cc5a18-4264-101a-8c59-08002b2f8426",9] = "NspiGetProps",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x00] = "NspiBind",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x01] = "NspiUnbind",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x02] = "NspiUpdateStat",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x03] = "NspiQueryRows",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x04] = "NspiSeekEntries",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x05] = "NspiGetMatches",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x06] = "NspiResortRestriction",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x07] = "NspiDNToEph",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x08] = "NspiGetPropList",
["f5cc5a18-4264-101a-8c59-08002b2f8426",0x09] = "NspiGetProps",
# IWbemServices
["9556dc99-828c-11cf-a37e-00aa003240c7",3] = "OpenNamespace",
["9556dc99-828c-11cf-a37e-00aa003240c7",4] = "CancelAsyncCall",
["9556dc99-828c-11cf-a37e-00aa003240c7",5] = "QueryObjectSink",
["9556dc99-828c-11cf-a37e-00aa003240c7",6] = "GetObject",
["9556dc99-828c-11cf-a37e-00aa003240c7",7] = "GetObjectAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",8] = "PutClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",9] = "PutClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",10] = "DeleteClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",11] = "DeleteClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",12] = "CreateClassEnum",
["9556dc99-828c-11cf-a37e-00aa003240c7",13] = "CreateClassEnumAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",14] = "PutInstance",
["9556dc99-828c-11cf-a37e-00aa003240c7",15] = "PutInstanceAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",16] = "DeleteClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",17] = "DeleteClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",18] = "CreateInstanceEnum",
["9556dc99-828c-11cf-a37e-00aa003240c7",19] = "CreateInstanceEnumAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",20] = "ExecQuery",
["9556dc99-828c-11cf-a37e-00aa003240c7",21] = "ExecQueryAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",22] = "ExecNotificationQuery",
["9556dc99-828c-11cf-a37e-00aa003240c7",23] = "ExecNotificationQueryAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",24] = "ExecMethod",
["9556dc99-828c-11cf-a37e-00aa003240c7",25] = "ExecMethodAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x03] = "OpenNamespace",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x04] = "CancelAsyncCall",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x05] = "QueryObjectSink",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x06] = "GetObject",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x07] = "GetObjectAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x08] = "PutClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x09] = "PutClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0a] = "DeleteClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0b] = "DeleteClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0c] = "CreateClassEnum",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0d] = "CreateClassEnumAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0e] = "PutInstance",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x0f] = "PutInstanceAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x10] = "DeleteClass",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x11] = "DeleteClassAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x12] = "CreateInstanceEnum",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x13] = "CreateInstanceEnumAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x14] = "ExecQuery",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x15] = "ExecQueryAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x16] = "ExecNotificationQuery",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x17] = "ExecNotificationQueryAsync",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x18] = "ExecMethod",
["9556dc99-828c-11cf-a37e-00aa003240c7",0x19] = "ExecMethodAsync",
# IWbemLevel1Login
["f309ad18-d86a-11d0-a075-00c04fb68820",3] = "EstablishPosition",
["f309ad18-d86a-11d0-a075-00c04fb68820",4] = "RequestChallenge",
["f309ad18-d86a-11d0-a075-00c04fb68820",5] = "WBEMLogin",
["f309ad18-d86a-11d0-a075-00c04fb68820",6] = "NTLMLogin",
["f309ad18-d86a-11d0-a075-00c04fb68820",0x03] = "EstablishPosition",
["f309ad18-d86a-11d0-a075-00c04fb68820",0x04] = "RequestChallenge",
["f309ad18-d86a-11d0-a075-00c04fb68820",0x05] = "WBEMLogin",
["f309ad18-d86a-11d0-a075-00c04fb68820",0x06] = "NTLMLogin",
# FrsRpc
["f5cc59b4-4264-101a-8c59-08002b2f8426",0] = "FrsRpcSendCommPkt",
["f5cc59b4-4264-101a-8c59-08002b2f8426",1] = "FrsRpcVerifyPromotionParent",
["f5cc59b4-4264-101a-8c59-08002b2f8426",2] = "FrsRpcStartPromotionParent",
["f5cc59b4-4264-101a-8c59-08002b2f8426",3] = "FrsNOP",
["f5cc59b4-4264-101a-8c59-08002b2f8426",4] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",5] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",6] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",7] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",8] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",9] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",10] = "FrsRpcVerifyPromotionParentEx",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x00] = "FrsRpcSendCommPkt",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x01] = "FrsRpcVerifyPromotionParent",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x02] = "FrsRpcStartPromotionParent",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x03] = "FrsNOP",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x04] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x05] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x06] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x07] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x08] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x09] = "FrsBackupComplete",
["f5cc59b4-4264-101a-8c59-08002b2f8426",0x0a] = "FrsRpcVerifyPromotionParentEx",
# IRemUnknown2
["00000143-0000-0000-c000-000000000046",0] = "QueryInterface",
["00000143-0000-0000-c000-000000000046",1] = "AddRef",
["00000143-0000-0000-c000-000000000046",2] = "Release",
["00000143-0000-0000-c000-000000000046",3] = "RemQueryInterface",
["00000143-0000-0000-c000-000000000046",4] = "RemAddRef",
["00000143-0000-0000-c000-000000000046",5] = "RemRelease",
["00000143-0000-0000-c000-000000000046",6] = "RemQueryInterface2",
["00000143-0000-0000-c000-000000000046",0x00] = "QueryInterface",
["00000143-0000-0000-c000-000000000046",0x01] = "AddRef",
["00000143-0000-0000-c000-000000000046",0x02] = "Release",
["00000143-0000-0000-c000-000000000046",0x03] = "RemQueryInterface",
["00000143-0000-0000-c000-000000000046",0x04] = "RemAddRef",
["00000143-0000-0000-c000-000000000046",0x05] = "RemRelease",
["00000143-0000-0000-c000-000000000046",0x06] = "RemQueryInterface2",
# IRemoteSCMActivator
["000001a0-0000-0000-c000-000000000046",0] = "QueryInterfaceIRemoteSCMActivator",
["000001a0-0000-0000-c000-000000000046",1] = "AddRefIRemoteISCMActivator",
["000001a0-0000-0000-c000-000000000046",2] = "ReleaseIRemoteISCMActivator",
["000001a0-0000-0000-c000-000000000046",3] = "RemoteGetClassObject",
["000001a0-0000-0000-c000-000000000046",4] = "RemoteCreateInstance",
["000001a0-0000-0000-c000-000000000046",0x00] = "QueryInterfaceIRemoteSCMActivator",
["000001a0-0000-0000-c000-000000000046",0x01] = "AddRefIRemoteISCMActivator",
["000001a0-0000-0000-c000-000000000046",0x02] = "ReleaseIRemoteISCMActivator",
["000001a0-0000-0000-c000-000000000046",0x03] = "RemoteGetClassObject",
["000001a0-0000-0000-c000-000000000046",0x04] = "RemoteCreateInstance",
# netlogon
["12345678-1234-abcd-ef00-01234567cffb",0] = "NetrLogonUasLogon",
["12345678-1234-abcd-ef00-01234567cffb",1] = "NetrLogonUasLogoff",
["12345678-1234-abcd-ef00-01234567cffb",2] = "NetrLogonSamLogon",
["12345678-1234-abcd-ef00-01234567cffb",3] = "NetrLogonSamLogoff",
["12345678-1234-abcd-ef00-01234567cffb",4] = "NetrServerReqChallenge",
["12345678-1234-abcd-ef00-01234567cffb",5] = "NetrServerAuthenticate",
["12345678-1234-abcd-ef00-01234567cffb",6] = "NetrServerPasswordSet",
["12345678-1234-abcd-ef00-01234567cffb",7] = "NetrDatabaseDeltas",
["12345678-1234-abcd-ef00-01234567cffb",8] = "NetrDatabaseSync",
["12345678-1234-abcd-ef00-01234567cffb",9] = "NetrAccountDeltas",
["12345678-1234-abcd-ef00-01234567cffb",10] = "NetrAccountSync",
["12345678-1234-abcd-ef00-01234567cffb",11] = "NetrGetDCName",
["12345678-1234-abcd-ef00-01234567cffb",12] = "NetrLogonControl",
["12345678-1234-abcd-ef00-01234567cffb",13] = "NetrGetAnyDCName",
["12345678-1234-abcd-ef00-01234567cffb",14] = "NetrLogonControl2",
["12345678-1234-abcd-ef00-01234567cffb",15] = "NetrServerAuthenticate2",
["12345678-1234-abcd-ef00-01234567cffb",16] = "NetrDatabaseSync2",
["12345678-1234-abcd-ef00-01234567cffb",17] = "NetrDatabaseRedo",
["12345678-1234-abcd-ef00-01234567cffb",18] = "NetrLogonControl2Ex",
["12345678-1234-abcd-ef00-01234567cffb",19] = "NetrEnumerateTrustedDomains",
["12345678-1234-abcd-ef00-01234567cffb",20] = "DsrGetDcName",
["12345678-1234-abcd-ef00-01234567cffb",21] = "NetrLogonGetCapabilities",
["12345678-1234-abcd-ef00-01234567cffb",22] = "NetrLogonSetServiceBits",
["12345678-1234-abcd-ef00-01234567cffb",23] = "NetrLogonGetTrustRid",
["12345678-1234-abcd-ef00-01234567cffb",24] = "NetrLogonComputeServerDigest",
["12345678-1234-abcd-ef00-01234567cffb",25] = "NetrLogonComputeClientDigest",
["12345678-1234-abcd-ef00-01234567cffb",26] = "NetrServerAuthenticate3",
["12345678-1234-abcd-ef00-01234567cffb",27] = "DsrGetDcNameEx",
["12345678-1234-abcd-ef00-01234567cffb",28] = "DsrGetSiteName",
["12345678-1234-abcd-ef00-01234567cffb",29] = "NetrLogonGetDomainInfo",
["12345678-1234-abcd-ef00-01234567cffb",30] = "NetrServerPasswordSet2",
["12345678-1234-abcd-ef00-01234567cffb",31] = "NetrServerPasswordGet",
["12345678-1234-abcd-ef00-01234567cffb",32] = "NetrLogonSendToSam",
["12345678-1234-abcd-ef00-01234567cffb",33] = "DsrAddressToSiteNamesW",
["12345678-1234-abcd-ef00-01234567cffb",34] = "DsrGetDcNameEx2",
["12345678-1234-abcd-ef00-01234567cffb",35] = "NetrLogonGetTimeServiceParentDomain",
["12345678-1234-abcd-ef00-01234567cffb",36] = "NetrEnumerateTrustedDomainsEx",
["12345678-1234-abcd-ef00-01234567cffb",37] = "DsrAddressToSiteNamesExW",
["12345678-1234-abcd-ef00-01234567cffb",38] = "DsrGetDcSiteCoverageW",
["12345678-1234-abcd-ef00-01234567cffb",39] = "NetrLogonSamLogonEx",
["12345678-1234-abcd-ef00-01234567cffb",40] = "DsrEnumerateDomainTrusts",
["12345678-1234-abcd-ef00-01234567cffb",41] = "DsrDeregisterDnsHostRecords",
["12345678-1234-abcd-ef00-01234567cffb",42] = "NetrServerTrustPasswordsGet",
["12345678-1234-abcd-ef00-01234567cffb",43] = "DsrGetForestTrustInformation",
["12345678-1234-abcd-ef00-01234567cffb",44] = "NetrGetForestTrustInformation",
["12345678-1234-abcd-ef00-01234567cffb",45] = "NetrLogonSameLogonWithFlags",
["12345678-1234-abcd-ef00-01234567cffb",46] = "NetrServerGetTrustInfo",
["12345678-1234-abcd-ef00-01234567cffb",47] = "unused",
["12345678-1234-abcd-ef00-01234567cffb",48] = "DsrUpdateReadOnlyServerDnsRecords",
["12345678-1234-abcd-ef00-01234567cffb",49] = "NetrChainSetClientAttributes",
["12345678-1234-abcd-ef00-01234567cffb",0x00] = "NetrLogonUasLogon",
["12345678-1234-abcd-ef00-01234567cffb",0x01] = "NetrLogonUasLogoff",
["12345678-1234-abcd-ef00-01234567cffb",0x02] = "NetrLogonSamLogon",
["12345678-1234-abcd-ef00-01234567cffb",0x03] = "NetrLogonSamLogoff",
["12345678-1234-abcd-ef00-01234567cffb",0x04] = "NetrServerReqChallenge",
["12345678-1234-abcd-ef00-01234567cffb",0x05] = "NetrServerAuthenticate",
["12345678-1234-abcd-ef00-01234567cffb",0x06] = "NetrServerPasswordSet",
["12345678-1234-abcd-ef00-01234567cffb",0x07] = "NetrDatabaseDeltas",
["12345678-1234-abcd-ef00-01234567cffb",0x08] = "NetrDatabaseSync",
["12345678-1234-abcd-ef00-01234567cffb",0x09] = "NetrAccountDeltas",
["12345678-1234-abcd-ef00-01234567cffb",0x0a] = "NetrAccountSync",
["12345678-1234-abcd-ef00-01234567cffb",0x0b] = "NetrGetDCName",
["12345678-1234-abcd-ef00-01234567cffb",0x0c] = "NetrLogonControl",
["12345678-1234-abcd-ef00-01234567cffb",0x0d] = "NetrGetAnyDCName",
["12345678-1234-abcd-ef00-01234567cffb",0x0e] = "NetrLogonControl2",
["12345678-1234-abcd-ef00-01234567cffb",0x0f] = "NetrServerAuthenticate2",
["12345678-1234-abcd-ef00-01234567cffb",0x10] = "NetrDatabaseSync2",
["12345678-1234-abcd-ef00-01234567cffb",0x11] = "NetrDatabaseRedo",
["12345678-1234-abcd-ef00-01234567cffb",0x12] = "NetrLogonControl2Ex",
["12345678-1234-abcd-ef00-01234567cffb",0x13] = "NetrEnumerateTrustedDomains",
["12345678-1234-abcd-ef00-01234567cffb",0x14] = "DsrGetDcName",
["12345678-1234-abcd-ef00-01234567cffb",0x15] = "NetrLogonGetCapabilities",
["12345678-1234-abcd-ef00-01234567cffb",0x16] = "NetrLogonSetServiceBits",
["12345678-1234-abcd-ef00-01234567cffb",0x17] = "NetrLogonGetTrustRid",
["12345678-1234-abcd-ef00-01234567cffb",0x18] = "NetrLogonComputeServerDigest",
["12345678-1234-abcd-ef00-01234567cffb",0x19] = "NetrLogonComputeClientDigest",
["12345678-1234-abcd-ef00-01234567cffb",0x1a] = "NetrServerAuthenticate3",
["12345678-1234-abcd-ef00-01234567cffb",0x1b] = "DsrGetDcNameEx",
["12345678-1234-abcd-ef00-01234567cffb",0x1c] = "DsrGetSiteName",
["12345678-1234-abcd-ef00-01234567cffb",0x1d] = "NetrLogonGetDomainInfo",
["12345678-1234-abcd-ef00-01234567cffb",0x1e] = "NetrServerPasswordSet2",
["12345678-1234-abcd-ef00-01234567cffb",0x1f] = "NetrServerPasswordGet",
["12345678-1234-abcd-ef00-01234567cffb",0x20] = "NetrLogonSendToSam",
["12345678-1234-abcd-ef00-01234567cffb",0x21] = "DsrAddressToSiteNamesW",
["12345678-1234-abcd-ef00-01234567cffb",0x22] = "DsrGetDcNameEx2",
["12345678-1234-abcd-ef00-01234567cffb",0x23] = "NetrLogonGetTimeServiceParentDomain",
["12345678-1234-abcd-ef00-01234567cffb",0x24] = "NetrEnumerateTrustedDomainsEx",
["12345678-1234-abcd-ef00-01234567cffb",0x25] = "DsrAddressToSiteNamesExW",
["12345678-1234-abcd-ef00-01234567cffb",0x26] = "DsrGetDcSiteCoverageW",
["12345678-1234-abcd-ef00-01234567cffb",0x27] = "NetrLogonSamLogonEx",
["12345678-1234-abcd-ef00-01234567cffb",0x28] = "DsrEnumerateDomainTrusts",
["12345678-1234-abcd-ef00-01234567cffb",0x29] = "DsrDeregisterDnsHostRecords",
["12345678-1234-abcd-ef00-01234567cffb",0x2a] = "NetrServerTrustPasswordsGet",
["12345678-1234-abcd-ef00-01234567cffb",0x2b] = "DsrGetForestTrustInformation",
["12345678-1234-abcd-ef00-01234567cffb",0x2c] = "NetrGetForestTrustInformation",
["12345678-1234-abcd-ef00-01234567cffb",0x2d] = "NetrLogonSameLogonWithFlags",
["12345678-1234-abcd-ef00-01234567cffb",0x2e] = "NetrServerGetTrustInfo",
["12345678-1234-abcd-ef00-01234567cffb",0x2f] = "unused",
["12345678-1234-abcd-ef00-01234567cffb",0x30] = "DsrUpdateReadOnlyServerDnsRecords",
["12345678-1234-abcd-ef00-01234567cffb",0x31] = "NetrChainSetClientAttributes",
# IRemoteWinspool
["76f03f96-cdfd-44fc-a22c-64950a001209",0] = "RpcAsyncOpenPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",1] = "RpcAsyncAddPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",2] = "RpcAsyncSetJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",3] = "RpcAsyncGetJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",4] = "RpcAsyncEnumJobs",
["76f03f96-cdfd-44fc-a22c-64950a001209",5] = "RpcAsyncAddJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",6] = "RpcAsyncScheduleJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",7] = "RpcAsyncDeletePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",8] = "RpcAsyncSetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",9] = "RpcAsyncGetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",10] = "RpcAsyncStartDocPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",11] = "RpcAsyncStartPagePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",12] = "RpcAsyncWritePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",13] = "RpcAsyncEndPagePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",14] = "RpcAsyncEndDocPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",15] = "RpcAsyncAbortPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",16] = "RpcAsyncGetPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",17] = "RpcAsyncGetPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",18] = "RpcAsyncSetPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",19] = "RpcAsyncSetPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",20] = "RpcAsyncClosePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",21] = "RpcAsyncAddForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",22] = "RpcAsyncDeleteForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",23] = "RpcAsyncGetForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",24] = "RpcAsyncSetForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",25] = "RpcAsyncEnumForms",
["76f03f96-cdfd-44fc-a22c-64950a001209",26] = "RpcAsyncGetPrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",27] = "RpcAsyncEnumPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",28] = "RpcAsyncEnumPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",29] = "RpcAsyncEnumPrinterKey",
["76f03f96-cdfd-44fc-a22c-64950a001209",30] = "RpcAsyncDeletePrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",31] = "RpcAsyncDeletePrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",32] = "RpcAsyncDeletePrinterKey",
["76f03f96-cdfd-44fc-a22c-64950a001209",33] = "RpcAsyncXcvData",
["76f03f96-cdfd-44fc-a22c-64950a001209",34] = "RpcAsyncSendRecvBidiData",
["76f03f96-cdfd-44fc-a22c-64950a001209",35] = "RpcAsyncCreatePrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",36] = "RpcAsyncPlayGdiScriptOnPrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",37] = "RpcAsyncDeletePrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",38] = "RpcAsyncEnumPrinters",
["76f03f96-cdfd-44fc-a22c-64950a001209",39] = "RpcAsyncAddPrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",40] = "RpcAsyncEnumPrinterDrivers",
["76f03f96-cdfd-44fc-a22c-64950a001209",41] = "RpcAsyncGetPrinterDriverDirectory",
["76f03f96-cdfd-44fc-a22c-64950a001209",42] = "RpcAsyncDeletePrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",43] = "RpcAsyncDeletePrinterDriverEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",44] = "RpcAsyncAddPrintProcessor",
["76f03f96-cdfd-44fc-a22c-64950a001209",45] = "RpcAsyncEnumPrintProcessors",
["76f03f96-cdfd-44fc-a22c-64950a001209",46] = "RpcAsyncGetPrintProcessorDirectory",
["76f03f96-cdfd-44fc-a22c-64950a001209",47] = "RpcAsyncEnumPorts",
["76f03f96-cdfd-44fc-a22c-64950a001209",48] = "RpcAsyncEnumMonitors",
["76f03f96-cdfd-44fc-a22c-64950a001209",49] = "RpcAsyncAddPort",
["76f03f96-cdfd-44fc-a22c-64950a001209",50] = "RpcAsyncSetPort",
["76f03f96-cdfd-44fc-a22c-64950a001209",51] = "RpcAsyncAddMonitor",
["76f03f96-cdfd-44fc-a22c-64950a001209",52] = "RpcAsyncDeleteMonitor",
["76f03f96-cdfd-44fc-a22c-64950a001209",53] = "RpcAsyncDeletePrintProcessor",
["76f03f96-cdfd-44fc-a22c-64950a001209",54] = "RpcAsyncEnumPrintProcessorDatatypes",
["76f03f96-cdfd-44fc-a22c-64950a001209",55] = "RpcAsyncAddPerMachineConnection",
["76f03f96-cdfd-44fc-a22c-64950a001209",56] = "RpcAsyncDeletePerMachineConnection",
["76f03f96-cdfd-44fc-a22c-64950a001209",57] = "RpcAsyncEnumPerMachineConnections",
["76f03f96-cdfd-44fc-a22c-64950a001209",58] = "RpcSyncRegisterForRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",59] = "RpcSyncUnRegisterForRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",60] = "RpcSyncRefreshRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",61] = "RpcAsyncGetRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",62] = "RpcAsyncInstallPrinterDriverFromPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",63] = "RpcAsyncUploadPrinterDriverPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",64] = "RpcAsyncGetCorePrinterDrivers",
["76f03f96-cdfd-44fc-a22c-64950a001209",65] = "RpcAsyncCorePrinterDriverInstalled",
["76f03f96-cdfd-44fc-a22c-64950a001209",66] = "RpcAsyncGetPrinterDriverPackagePath",
["76f03f96-cdfd-44fc-a22c-64950a001209",67] = "RpcAsyncDeletePrinterDriverPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",68] = "RpcAsyncReadPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",69] = "RpcAsyncResetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",70] = "RpcAsyncGetJobNamedPropertyValue",
["76f03f96-cdfd-44fc-a22c-64950a001209",71] = "RpcAsyncSetJobNamedProperty",
["76f03f96-cdfd-44fc-a22c-64950a001209",72] = "RpcAsyncDeleteJobNamedProperty",
["76f03f96-cdfd-44fc-a22c-64950a001209",73] = "RpcAsyncEnumJobNamedProperties",
["76f03f96-cdfd-44fc-a22c-64950a001209",74] = "RpcAsyncLogJobInfoForBranchOffice",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x00] = "RpcAsyncOpenPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x01] = "RpcAsyncAddPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x02] = "RpcAsyncSetJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x03] = "RpcAsyncGetJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x04] = "RpcAsyncEnumJobs",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x05] = "RpcAsyncAddJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x06] = "RpcAsyncScheduleJob",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x07] = "RpcAsyncDeletePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x08] = "RpcAsyncSetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x09] = "RpcAsyncGetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0a] = "RpcAsyncStartDocPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0b] = "RpcAsyncStartPagePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0c] = "RpcAsyncWritePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0d] = "RpcAsyncEndPagePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0e] = "RpcAsyncEndDocPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x0f] = "RpcAsyncAbortPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x10] = "RpcAsyncGetPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x11] = "RpcAsyncGetPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x12] = "RpcAsyncSetPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x13] = "RpcAsyncSetPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x14] = "RpcAsyncClosePrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x15] = "RpcAsyncAddForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x16] = "RpcAsyncDeleteForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x17] = "RpcAsyncGetForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x18] = "RpcAsyncSetForm",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x19] = "RpcAsyncEnumForms",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1a] = "RpcAsyncGetPrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1b] = "RpcAsyncEnumPrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1c] = "RpcAsyncEnumPrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1d] = "RpcAsyncEnumPrinterKey",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1e] = "RpcAsyncDeletePrinterData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x1f] = "RpcAsyncDeletePrinterDataEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x20] = "RpcAsyncDeletePrinterKey",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x21] = "RpcAsyncXcvData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x22] = "RpcAsyncSendRecvBidiData",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x23] = "RpcAsyncCreatePrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x24] = "RpcAsyncPlayGdiScriptOnPrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x25] = "RpcAsyncDeletePrinterIC",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x26] = "RpcAsyncEnumPrinters",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x27] = "RpcAsyncAddPrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x28] = "RpcAsyncEnumPrinterDrivers",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x29] = "RpcAsyncGetPrinterDriverDirectory",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2a] = "RpcAsyncDeletePrinterDriver",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2b] = "RpcAsyncDeletePrinterDriverEx",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2c] = "RpcAsyncAddPrintProcessor",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2d] = "RpcAsyncEnumPrintProcessors",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2e] = "RpcAsyncGetPrintProcessorDirectory",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x2f] = "RpcAsyncEnumPorts",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x30] = "RpcAsyncEnumMonitors",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x31] = "RpcAsyncAddPort",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x32] = "RpcAsyncSetPort",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x33] = "RpcAsyncAddMonitor",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x34] = "RpcAsyncDeleteMonitor",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x35] = "RpcAsyncDeletePrintProcessor",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x36] = "RpcAsyncEnumPrintProcessorDatatypes",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x37] = "RpcAsyncAddPerMachineConnection",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x38] = "RpcAsyncDeletePerMachineConnection",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x39] = "RpcAsyncEnumPerMachineConnections",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3a] = "RpcSyncRegisterForRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3b] = "RpcSyncUnRegisterForRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3c] = "RpcSyncRefreshRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3d] = "RpcAsyncGetRemoteNotifications",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3e] = "RpcAsyncInstallPrinterDriverFromPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x3f] = "RpcAsyncUploadPrinterDriverPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x40] = "RpcAsyncGetCorePrinterDrivers",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x41] = "RpcAsyncCorePrinterDriverInstalled",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x42] = "RpcAsyncGetPrinterDriverPackagePath",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x43] = "RpcAsyncDeletePrinterDriverPackage",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x44] = "RpcAsyncReadPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x45] = "RpcAsyncResetPrinter",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x46] = "RpcAsyncGetJobNamedPropertyValue",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x47] = "RpcAsyncSetJobNamedProperty",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x48] = "RpcAsyncDeleteJobNamedProperty",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x49] = "RpcAsyncEnumJobNamedProperties",
["76f03f96-cdfd-44fc-a22c-64950a001209",0x4a] = "RpcAsyncLogJobInfoForBranchOffice",
# InitShutdown
["894de0c0-0d55-11d3-a322-00c04fa321a1",0] = "BaseInitiateShutdown",
["894de0c0-0d55-11d3-a322-00c04fa321a1",1] = "BaseAbortShutdown",
["894de0c0-0d55-11d3-a322-00c04fa321a1",2] = "BaseInitiateShutdownEx",
["894de0c0-0d55-11d3-a322-00c04fa321a1",0x00] = "BaseInitiateShutdown",
["894de0c0-0d55-11d3-a322-00c04fa321a1",0x01] = "BaseAbortShutdown",
["894de0c0-0d55-11d3-a322-00c04fa321a1",0x02] = "BaseInitiateShutdownEx",
# WindowsShutdown
["d95afe70-a6d5-4259-822e-2c84da1ddb0d",0x00] = "WsdrInitiateShutdown",
@ -1431,6 +1431,11 @@ export {
["a4f1db00-ca47-1067-b31f-00dd010662da",0x07] = "EcRGetDCName",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x08] = "EcRNetGetDCName",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x09] = "EcDoRpcExt",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x0a] = "EcDoConnectEx",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x0b] = "EcDoRpcExt2",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x0c] = "EcUnknown0xC",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x0d] = "EcUnknown0xD",
["a4f1db00-ca47-1067-b31f-00dd010662da",0x0e] = "EcDoAsyncConnectEx",
# drsuapi
["e3514235-4b06-11d1-ab04-00c04fc2dcd2",0x00] = "DRSBind",

2
scripts/base/protocols/dnp3/consts.bro
View file

@ -38,7 +38,7 @@ export {
[0x1e] = "ABORT_FILE",
[0x1f] = "ACTIVATE_CONFIG",
[0x20] = "AUTHENTICATE_REQ",
[0x21] = "AUTHENTICATE_ERR",
[0x21] = "AUTHENTICATE_REQ_NR",
# Responses.
[0x81] = "RESPONSE",

88
scripts/base/protocols/dns/consts.bro
View file

@ -11,24 +11,78 @@ export {
## Mapping of DNS query type codes to human readable string
## representation.
const query_types = {
[1] = "A", [2] = "NS", [3] = "MD", [4] = "MF",
[5] = "CNAME", [6] = "SOA", [7] = "MB", [8] = "MG",
[9] = "MR", [10] = "NULL", [11] = "WKS", [PTR] = "PTR",
[13] = "HINFO", [14] = "MINFO", [15] = "MX", [16] = "TXT",
[17] = "RP", [18] = "AFSDB", [19] = "X25", [20] = "ISDN",
[21] = "RT", [22] = "NSAP", [23] = "NSAP-PTR", [24] = "SIG",
[25] = "KEY", [26] = "PX" , [27] = "GPOS", [28] = "AAAA",
[29] = "LOC", [30] = "EID", [31] = "NIMLOC", [32] = "NB",
[33] = "SRV", [34] = "ATMA", [35] = "NAPTR", [36] = "KX",
[37] = "CERT", [38] = "A6", [39] = "DNAME", [40] = "SINK",
[EDNS] = "EDNS", [42] = "APL", [43] = "DS", [44] = "SSHFP",
[45] = "IPSECKEY", [46] = "RRSIG", [47] = "NSEC", [48] = "DNSKEY",
[49] = "DHCID", [99] = "SPF", [100] = "DINFO", [101] = "UID",
[102] = "GID", [103] = "UNSPEC", [249] = "TKEY", [250] = "TSIG",
[251] = "IXFR", [252] = "AXFR", [253] = "MAILB", [254] = "MAILA",
[1] = "A",
[2] = "NS",
[3] = "MD",
[4] = "MF",
[5] = "CNAME",
[6] = "SOA",
[7] = "MB",
[8] = "MG",
[9] = "MR",
[10] = "NULL",
[11] = "WKS",
[12] = "PTR",
[13] = "HINFO",
[14] = "MINFO",
[15] = "MX",
[16] = "TXT",
[17] = "RP",
[18] = "AFSDB",
[19] = "X25",
[20] = "ISDN",
[21] = "RT",
[22] = "NSAP",
[23] = "NSAP-PTR",
[24] = "SIG",
[25] = "KEY",
[26] = "PX" ,
[27] = "GPOS",
[28] = "AAAA",
[29] = "LOC",
[30] = "EID",
[31] = "NIMLOC",
[32] = "NB",
[33] = "SRV",
[34] = "ATMA",
[35] = "NAPTR",
[36] = "KX",
[37] = "CERT",
[38] = "A6",
[39] = "DNAME",
[40] = "SINK",
[41] = "OPT",
[42] = "APL",
[43] = "DS",
[44] = "SSHFP",
[45] = "IPSECKEY",
[46] = "RRSIG",
[47] = "NSEC",
[48] = "DNSKEY",
[49] = "DHCID",
[50] = "NSEC3",
[51] = "NSEC3PARAM",
[52] = "TLSA",
[55] = "HIP",
[59] = "CDS",
[60] = "CDNSKEY",
[61] = "OPENPGPKEY",
[99] = "SPF",
[100] = "UINFO",
[101] = "UID",
[102] = "GID",
[103] = "UNSPEC",
[249] = "TKEY",
[250] = "TSIG",
[251] = "IXFR",
[252] = "AXFR",
[253] = "MAILB",
[254] = "MAILA",
[255] = "*",
[256] = "URI",
[257] = "CAA",
[32768] = "TA", [32769] = "DLV",
[ANY] = "*",
[32768] = "TA",
[32769] = "DLV",
} &default = function(n: count): string { return fmt("query-%d", n); };
## Errors used for non-TSIG/EDNS types.

14
scripts/base/utils/site.bro
View file

@ -7,7 +7,7 @@ module Site;
export {
## Address space that is considered private and unrouted.
## By default it has RFC defined non-routable IPv4 address space.
const private_address_space: set[subnet] = {
option private_address_space: set[subnet] = {
10.0.0.0/8,
192.168.0.0/16,
172.16.0.0/12,
@ -15,11 +15,11 @@ export {
127.0.0.0/8,
[fe80::]/10,
[::1]/128,
} &redef;
};
## Networks that are considered "local". Note that BroControl sets
## this automatically.
const local_nets: set[subnet] &redef;
option local_nets: set[subnet] = {};
## This is used for retrieving the subnet when using multiple entries in
## :bro:id:`Site::local_nets`. It's populated automatically from there.
@ -29,19 +29,19 @@ export {
global local_nets_table: table[subnet] of subnet = {};
## Networks that are considered "neighbors".
const neighbor_nets: set[subnet] &redef;
option neighbor_nets: set[subnet] = {};
## If local network administrators are known and they have responsibility
## for defined address space, then a mapping can be defined here between
## networks for which they have responsibility and a set of email
## addresses.
const local_admins: table[subnet] of set[string] = {} &redef;
option local_admins: table[subnet] of set[string] = {};
## DNS zones that are considered "local".
const local_zones: set[string] &redef;
option local_zones: set[string] = {};
## DNS zones that are considered "neighbors".
const neighbor_zones: set[string] &redef;
option neighbor_zones: set[string] = {};
## Function that returns true if an address corresponds to one of
## the local networks, false if not.

2
src/Sessions.h
View file

@ -186,7 +186,7 @@ protected:
friend class IPTunnelTimer;
Connection* NewConn(HashKey* k, double t, const ConnID* id,
const u_char* data, int proto, uint32 flow_lable,
const u_char* data, int proto, uint32 flow_label,
const Packet* pkt, const EncapsulationStack* encapsulation);
// Check whether the tag of the current packet is consistent with

4
src/Val.cc
View file

@ -2361,8 +2361,6 @@ void TableVal::DoExpire(double t)
else if ( v->ExpireAccessTime() + timeout < t )
{
Val* val = v->Value();
if ( expire_func )
{
Val* idx = RecoverIndex(k);
@ -2403,8 +2401,8 @@ void TableVal::DoExpire(double t)
new StateAccess(OP_EXPIRE, this, k));
tbl->RemoveEntry(k);
Unref(v->Value());
delete v;
Unref(val);
Modified();
}

2
src/analyzer/protocol/rpc/NFS.cc
View file

@ -311,7 +311,7 @@ StringVal* NFS_Interp::nfs3_file_data(const u_char*& buf, int& n, uint64_t offse
data_n = min(data_n, size);
data_n = min(data_n, int(BifConst::NFS3::return_data_max));
if ( data_n > 0 )
if ( data && data_n > 0 )
return new StringVal(new BroString(data, data_n, 0));
return 0;

25
src/analyzer/protocol/rpc/RPC.cc
View file

@ -27,6 +27,7 @@ namespace { // local namespace
RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double arg_start_time, double arg_last_time, int arg_rpc_len)
{
v = nullptr;
xid = arg_xid;
start_time = arg_start_time;
@ -43,13 +44,35 @@ RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double ar
cred_flavor = extract_XDR_uint32(buf, n);
int cred_opaque_n, machinename_n;
const u_char* cred_opaque = extract_XDR_opaque(buf, n, cred_opaque_n);
if ( ! cred_opaque )
{
buf = nullptr;
return;
}
stamp = extract_XDR_uint32(cred_opaque, cred_opaque_n);
const u_char* tmp = extract_XDR_opaque(cred_opaque, cred_opaque_n, machinename_n);
if ( ! tmp )
{
buf = nullptr;
return;
}
machinename = std::string(reinterpret_cast<const char*>(tmp), machinename_n);
uid = extract_XDR_uint32(cred_opaque, cred_opaque_n);
gid = extract_XDR_uint32(cred_opaque, cred_opaque_n);
size_t number_of_gids = extract_XDR_uint32(cred_opaque, cred_opaque_n);
if ( number_of_gids > 64 )
{
buf = nullptr;
return;
}
for ( auto i = 0u; i < number_of_gids; ++i )
auxgids.push_back(extract_XDR_uint32(cred_opaque, cred_opaque_n));
@ -58,8 +81,6 @@ RPC_CallInfo::RPC_CallInfo(uint32 arg_xid, const u_char*& buf, int& n, double ar
header_len = call_n - n;
valid_call = false;
v = 0;
}
RPC_CallInfo::~RPC_CallInfo()

2
src/analyzer/protocol/ssh/ssh-analyzer.pac
View file

@ -101,7 +101,7 @@ refine flow SSH_Flow += {
}
result->Assign(6, new Val(${msg.is_orig}, TYPE_BOOL));
result->Assign(6, new Val(!${msg.is_orig}, TYPE_BOOL));
BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}),

1
src/iosource/Packet.cc
View file

@ -284,6 +284,7 @@ void Packet::ProcessLayer2()
}
pdata += rtheader_len;
// fallthrough
}
case DLT_IEEE802_11:

8
src/threading/formatters/JSON.cc
View file

@ -116,7 +116,7 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
{
char buffer[40];
char buffer2[40];
time_t the_time = time_t(val->val.double_val);
time_t the_time = time_t(floor(val->val.double_val));
struct tm t;
desc->AddRaw("\"", 1);
@ -133,7 +133,11 @@ bool JSON::Describe(ODesc* desc, Value* val, const string& name) const
{
double integ;
double frac = modf(val->val.double_val, &integ);
snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, frac * 1000000);
if ( frac < 0 )
frac += 1;
snprintf(buffer2, sizeof(buffer2), "%s.%06.0fZ", buffer, fabs(frac) * 1000000);
desc->Add(buffer2);
}

1
testing/btest/Baseline/broker.remote_id/recv.recv.out
View file

@ -1,4 +1,3 @@
intial val, init
peer added
peer lost
updated val, newval

6
testing/btest/Baseline/core.tunnels.gre/ssh.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssh
#open 2017-08-01-16-46-22
#open 2018-10-16-14-52-51
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
#types time string addr port addr port count bool count enum string string string string string string string string
1055289978.855137 CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 2 - 0 - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
#close 2017-08-01-16-46-22
1055289978.855137 CtPZjS20MLrsMUOJi2 66.59.111.190 40264 172.28.2.3 22 2 - 0 - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 blowfish-cbc hmac-md5 zlib diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
#close 2018-10-16-14-52-51

10
testing/btest/Baseline/language.expire_func_mod/out Normal file
View file

@ -0,0 +1,10 @@
starting: ashish, 1
inside table_expire_func: ashish, 2
inside table_expire_func: ashish, 3
inside table_expire_func: ashish, 4
inside table_expire_func: ashish, 5
inside table_expire_func: ashish, 6
inside table_expire_func: ashish, 7
inside table_expire_func: ashish, 8
inside table_expire_func: ashish, 9
inside table_expire_func: ashish, 10

35
testing/btest/Baseline/plugins.hooks/output
View file

@ -274,7 +274,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
0.000000 MetaHookPost CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -459,7 +459,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(NetControl::init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -513,6 +513,12 @@
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)) -> <no result>
@ -715,7 +721,6 @@
0.000000 MetaHookPost LoadFile(0, .<...>/hooks.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/inactivity.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/info.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/init.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/input.bif.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/input.bro) -> -1
0.000000 MetaHookPost LoadFile(0, .<...>/last.bro) -> -1
@ -1160,7 +1165,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1345,7 +1350,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(NetControl::init, <null>, ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, <frame>, ())
@ -1399,6 +1404,12 @@
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100))
@ -1601,7 +1612,6 @@
0.000000 MetaHookPre LoadFile(0, .<...>/hooks.bif.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/inactivity.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/info.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/init.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/input.bif.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/input.bro)
0.000000 MetaHookPre LoadFile(0, .<...>/last.bro)
@ -2045,7 +2055,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2230,7 +2240,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1536179603.81225, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()
@ -2284,6 +2294,12 @@
0.000000 | HookCallFunction Option::set_change_handler(SSL::disable_analyzer_after_detection, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Signatures::ignored_ids, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Weird::ignore_hosts, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
0.000000 | HookCallFunction Option::set_change_handler(Weird::sampling_duration, Config::config_option_changed{ Config::log = (coerce [$ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value)] to Config::Info)if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, Config::log)return (Config::new_value)}, -100)
@ -2492,7 +2508,6 @@
0.000000 | HookLoadFile .<...>/image.sig
0.000000 | HookLoadFile .<...>/inactivity.bro
0.000000 | HookLoadFile .<...>/info.bro
0.000000 | HookLoadFile .<...>/init.bro
0.000000 | HookLoadFile .<...>/input.bif.bro
0.000000 | HookLoadFile .<...>/input.bro
0.000000 | HookLoadFile .<...>/last.bro
@ -2651,7 +2666,7 @@
0.000000 | HookLoadFile base<...>/x509
0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1536179603.812250, node=bro, filter=ip or not ip, init=T, success=T]
0.000000 | HookLogWrite packet_filter [ts=1539361390.052019, node=bro, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent bro_init()
0.000000 | HookQueueEvent filter_change_tracking()

8
testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-iso-timestamps/ssh.log
View file

@ -1,2 +1,10 @@
{"t":"2008-07-09T16:13:30.005432Z"}
{"t":"1986-12-01T01:01:01.900000Z"}
{"t":"1969-12-31T23:59:59.600000Z"}
{"t":"1969-12-31T23:59:59.500000Z"}
{"t":"1969-12-31T23:59:59.400000Z"}
{"t":"1969-12-31T23:59:59.000000Z"}
{"t":"1969-12-31T23:59:58.600000Z"}
{"t":"1969-12-31T23:59:58.500000Z"}
{"t":"1969-12-31T23:59:58.400000Z"}
{"t":"1969-12-31T23:58:21.000000Z"}

4
testing/btest/Baseline/scripts.base.protocols.mount.basic/.stdout
View file

@ -1,2 +1,2 @@
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a
mount_proc_mnt: [id=[orig_h=10.111.131.18, orig_p=765/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=144, state=1, num_pkts=2, num_bytes_ip=200, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=84, state=1, num_pkts=1, num_bytes_ip=52, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.621984, duration=0.000553, service={\x0a\x0a}, history=Dd, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.62212, req_dur=0.0, req_len=96, rep_start=1514568131.622537, rep_dur=0.0, rep_len=52, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09[dirname=/pddevbal801]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, auth_flavors=[MOUNT3::AUTH_UNIX]]\x0a
mount_proc_umnt: [id=[orig_h=10.111.131.18, orig_p=1016/udp, resp_h=10.111.131.132, resp_p=20048/udp], orig=[size=92, state=1, num_pkts=1, num_bytes_ip=120, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=24, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.665918, duration=0.000266, service={\x0a\x0a}, history=Dd, uid=CtPZjS20MLrsMUOJi2, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, mnt_stat=MOUNT3::MNT3_OK, req_start=1514568131.665918, req_dur=0.0, req_len=84, rep_start=1514568131.666184, rep_dur=0.0, rep_len=16, rpc_uid=0, rpc_gid=0, rpc_stamp=1514568131, rpc_machine_name=pddevbal802, rpc_auxgids=[0]]\x0a\x09[dirname=/pddevbal801]\x0a

56
testing/btest/Baseline/scripts.base.protocols.nfs.basic/.stdout
View file

@ -1,28 +1,28 @@
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000529, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0.0, req_len=104, rep_start=1514568131.623576, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000673, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0.0, req_len=104, rep_start=1514568131.62372, rep_dur=0.0, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.001007, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0.0, req_len=104, rep_start=1514568131.624054, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.00556, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0.0, req_len=108, rep_start=1514568131.628607, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.006413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0.0, req_len=144, rep_start=1514568131.62946, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007316, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0.0, req_len=120, rep_start=1514568131.630363, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007542, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0.0, req_len=128, rep_start=1514568131.630589, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008344, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0.0, req_len=160, rep_start=1514568131.631391, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008933, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0.0, req_len=144, rep_start=1514568131.63198, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.010357, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0.0, req_len=148, rep_start=1514568131.633404, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.011929, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0.0, req_len=148, rep_start=1514568131.634976, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.012799, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0.0, req_len=136, rep_start=1514568131.635846, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.013431, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0.0, req_len=204, rep_start=1514568131.636478, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.015041, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0.0, req_len=152, rep_start=1514568131.638088, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.016413, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0.0, req_len=152, rep_start=1514568131.63946, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.017567, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0.0, req_len=144, rep_start=1514568131.640614, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.018252, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0.0, req_len=200, rep_start=1514568131.641299, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.019333, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0.0, req_len=116, rep_start=1514568131.64238, rep_dur=0.0, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.020916, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0.0, req_len=144, rep_start=1514568131.643963, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.021753, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0.0, req_len=136, rep_start=1514568131.6448, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.022398, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0.0, req_len=172, rep_start=1514568131.645445, rep_dur=0.0, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.023841, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0.0, req_len=140, rep_start=1514568131.646888, rep_dur=0.0, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.025477, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0.0, req_len=136, rep_start=1514568131.648524, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.026817, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0.0, req_len=136, rep_start=1514568131.649864, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.027593, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0.0, req_len=184, rep_start=1514568131.65064, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.028734, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0.0, req_len=120, rep_start=1514568131.651781, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.029354, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0.0, req_len=136, rep_start=1514568131.652401, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.030704, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0.0, req_len=116, rep_start=1514568131.653751, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=160, state=4, num_pkts=5, num_bytes_ip=368, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=112, state=4, num_pkts=3, num_bytes_ip=156, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000529, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623455, req_dur=0.0, req_len=104, rep_start=1514568131.623576, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=276, state=4, num_pkts=6, num_bytes_ip=524, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=172, state=4, num_pkts=4, num_bytes_ip=280, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.000673, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.6236, req_dur=0.0, req_len=104, rep_start=1514568131.62372, rep_dur=0.0, rep_len=48, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_PATHCONF\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=508, state=4, num_pkts=8, num_bytes_ip=836, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=372, state=4, num_pkts=6, num_bytes_ip=536, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.001007, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.623937, req_dur=0.0, req_len=104, rep_start=1514568131.624054, rep_dur=0.0, rep_len=72, rpc_uid=0, rpc_gid=0, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 5, 10, 24]]\x0a\x09NFS3::PROC_FSINFO\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=744, state=4, num_pkts=10, num_bytes_ip=1152, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=612, state=4, num_pkts=8, num_bytes_ip=816, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.00556, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628447, req_dur=0.0, req_len=108, rep_start=1514568131.628607, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_mkdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=900, state=4, num_pkts=11, num_bytes_ip=1348, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=888, state=4, num_pkts=9, num_bytes_ip=980, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.006413, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.628646, req_dur=0.0, req_len=144, rep_start=1514568131.62946, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, obj_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=4096, atime=1514568092.592619, mtime=1514568092.592619], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1032, state=4, num_pkts=12, num_bytes_ip=1520, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1012, state=4, num_pkts=10, num_bytes_ip=1296, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007316, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.630213, req_dur=0.0, req_len=120, rep_start=1514568131.630363, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1172, state=4, num_pkts=13, num_bytes_ip=1700, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1132, state=4, num_pkts=11, num_bytes_ip=1460, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.007542, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.63039, req_dur=0.0, req_len=128, rep_start=1514568131.630589, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_create: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1344, state=4, num_pkts=14, num_bytes_ip=1912, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1408, state=4, num_pkts=12, num_bytes_ip=1620, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008344, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63061, req_dur=0.0, req_len=160, rep_start=1514568131.631391, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1500, state=4, num_pkts=15, num_bytes_ip=2108, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1556, state=4, num_pkts=13, num_bytes_ip=1936, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.008933, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.63142, req_dur=0.0, req_len=144, rep_start=1514568131.63198, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::SET_TO_SERVER_TIME, mtime=NFS3::SET_TO_SERVER_TIME]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33188, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1660, state=4, num_pkts=16, num_bytes_ip=2308, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1704, state=4, num_pkts=14, num_bytes_ip=2124, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.010357, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.632743, req_dur=0.0, req_len=148, rep_start=1514568131.633404, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=448, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33216, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1820, state=4, num_pkts=17, num_bytes_ip=2508, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1852, state=4, num_pkts=15, num_bytes_ip=2312, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.011929, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.634369, req_dur=0.0, req_len=148, rep_start=1514568131.634976, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.629387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=1968, state=4, num_pkts=18, num_bytes_ip=2696, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=1972, state=4, num_pkts=16, num_bytes_ip=2500, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.012799, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.635694, req_dur=0.0, req_len=136, rep_start=1514568131.635846, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.625387]]\x0a
nfs_proc_symlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2184, state=4, num_pkts=19, num_bytes_ip=2952, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2248, state=4, num_pkts=17, num_bytes_ip=2660, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.013431, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.635899, req_dur=0.0, req_len=204, rep_start=1514568131.636478, rep_dur=0.0, rep_len=264, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink], symlinkdata=[symlink_attributes=[mode=511, uid=<uninitialized>, gid=<uninitialized>, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE], nfspath=/nfs/pddevbal801/bro-nfs/testfile]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf, obj_attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.629387], dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2348, state=4, num_pkts=20, num_bytes_ip=3156, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2396, state=4, num_pkts=18, num_bytes_ip=2976, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.015041, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.637343, req_dur=0.0, req_len=152, rep_start=1514568131.638088, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=10, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.629387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=10, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_sattr: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2512, state=4, num_pkts=21, num_bytes_ip=3360, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2544, state=4, num_pkts=19, num_bytes_ip=3164, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.016413, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.638929, req_dur=0.0, req_len=152, rep_start=1514568131.63946, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, new_attributes=[mode=<uninitialized>, uid=3125, gid=200, size=<uninitialized>, atime=NFS3::DONT_CHANGE, mtime=NFS3::DONT_CHANGE]]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.625387, mtime=1514568131.633387], dir_post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=1, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.633387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2668, state=4, num_pkts=22, num_bytes_ip=3556, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2664, state=4, num_pkts=20, num_bytes_ip=3352, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.017567, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.640452, req_dur=0.0, req_len=144, rep_start=1514568131.640614, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=44, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.629387, ctime=1514568131.629387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=2880, state=4, num_pkts=23, num_bytes_ip=3808, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=2928, state=4, num_pkts=21, num_bytes_ip=3512, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.018252, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.640669, req_dur=0.0, req_len=200, rep_start=1514568131.641299, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile-symlink, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile-symlink.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387], dst_dir_pre_attr=[size=0, atime=1514568131.629387, mtime=1514568131.629387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=52, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_readlink: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3136, state=4, num_pkts=25, num_bytes_ip=4144, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3204, state=4, num_pkts=23, num_bytes_ip=3972, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.019333, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.64222, req_dur=0.0, req_len=116, rep_start=1514568131.64238, rep_dur=0.0, rep_len=148, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xfa\xdf\xa3@\x00\x00\x00\x00\x135nf\x0a\x09[attr=[ftype=NFS3::FTYPE_LNK, mode=41471, nlink=1, uid=3125, gid=200, size=33, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481530, atime=1514568131.629387, mtime=1514568131.629387, ctime=1514568131.637387], nfspath=/nfs/pddevbal801/bro-nfs/testfile]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3292, state=4, num_pkts=26, num_bytes_ip=4340, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3352, state=4, num_pkts=24, num_bytes_ip=4172, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.020916, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.643131, req_dur=0.0, req_len=144, rep_start=1514568131.643963, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-symlink.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3440, state=4, num_pkts=27, num_bytes_ip=4528, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3472, state=4, num_pkts=25, num_bytes_ip=4360, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.021753, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.644663, req_dur=0.0, req_len=136, rep_start=1514568131.6448, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.637387, ctime=1514568131.637387]]\x0a
nfs_proc_link: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3624, state=4, num_pkts=28, num_bytes_ip=4752, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=3708, state=4, num_pkts=26, num_bytes_ip=4520, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.022398, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.644833, req_dur=0.0, req_len=172, rep_start=1514568131.645445, rep_dur=0.0, rep_len=224, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf, link=[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]]\x0a\x09[post_attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], preattr=[size=0, atime=1514568131.637387, mtime=1514568131.637387], postattr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_readdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=3904, state=4, num_pkts=30, num_bytes_ip=5112, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4588, state=4, num_pkts=28, num_bytes_ip=4952, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.023841, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.646733, req_dur=0.0, req_len=140, rep_start=1514568131.646888, rep_dur=0.0, rep_len=752, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[isplus=T, dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, cookie=0, cookieverf=0, dircount=512, maxcount=4096]\x0a\x09[isplus=T, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], cookieverf=0, entries=[, [fileid=1084481527, fname=., cookie=4, attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=41, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf], [fileid=128, fname=.., cookie=6, attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=16, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.625387, ctime=1514568131.625387], fh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2], [fileid=1084481529, fname=testfile, cookie=9, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf], [fileid=1084481529, fname=testfile-link, cookie=512, attr=[ftype=NFS3::FTYPE_REG, mode=33279, nlink=2, uid=3125, gid=200, size=0, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481529, atime=1514568131.625387, mtime=1514568131.625387, ctime=1514568131.641387], fh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf9\xdf\xa3@\x00\x00\x00\x00\x135nf]], eof=T]\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4052, state=4, num_pkts=31, num_bytes_ip=5300, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4736, state=4, num_pkts=29, num_bytes_ip=5756, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.025477, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.647753, req_dur=0.0, req_len=136, rep_start=1514568131.648524, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile-link]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_lookup: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4200, state=4, num_pkts=32, num_bytes_ip=5488, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=4856, state=4, num_pkts=30, num_bytes_ip=5944, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.026817, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_NOENT, req_start=1514568131.649721, req_dur=0.0, req_len=136, rep_start=1514568131.649864, rep_dur=0.0, rep_len=108, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[fh=<uninitialized>, obj_attr=<uninitialized>, dir_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=21, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.641387, ctime=1514568131.641387]]\x0a
nfs_proc_rename: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4524, state=4, num_pkts=34, num_bytes_ip=5892, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5236, state=4, num_pkts=32, num_bytes_ip=6260, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.027593, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.65007, req_dur=0.0, req_len=184, rep_start=1514568131.65064, rep_dur=0.0, rep_len=252, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[src_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, src_fname=testfile, dst_dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, dst_fname=testfile.renamed]\x0a\x09[src_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], src_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387], dst_dir_pre_attr=[size=0, atime=1514568131.641387, mtime=1514568131.641387], dst_dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=29, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_not_implemented: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4784, state=4, num_pkts=36, num_bytes_ip=6232, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5476, state=4, num_pkts=34, num_bytes_ip=6720, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.028734, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651603, req_dur=0.0, req_len=120, rep_start=1514568131.651781, rep_dur=0.0, rep_len=112, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09NFS3::PROC_ACCESS\x0a
nfs_proc_remove: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=4932, state=4, num_pkts=37, num_bytes_ip=6420, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5624, state=4, num_pkts=35, num_bytes_ip=6884, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.029354, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.651806, req_dur=0.0, req_len=136, rep_start=1514568131.652401, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x81\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2\xf7\xdf\xa3@\x00\x00\x00\x00\x1a5nf, fname=testfile.renamed]\x0a\x09[dir_pre_attr=[size=0, atime=1514568131.645387, mtime=1514568131.645387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=16877, nlink=2, uid=3125, gid=200, size=6, used=0, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=1084481527, atime=1514568131.625387, mtime=1514568131.645387, ctime=1514568131.645387]]\x0a
nfs_proc_rmdir: [id=[orig_h=10.111.131.18, orig_p=720/tcp, resp_h=10.111.131.132, resp_p=2049/tcp], orig=[size=5060, state=4, num_pkts=38, num_bytes_ip=6588, flow_label=0, l2_addr=00:50:56:b2:4e:d3], resp=[size=5772, state=4, num_pkts=36, num_bytes_ip=7072, flow_label=0, l2_addr=00:50:56:b2:78:69], start_time=1514568131.623047, duration=0.030704, service={\x0a\x0a}, history=ShADad, uid=ClEkJM2Vm5giqnMf4h, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>]\x0a\x09[rpc_stat=RPC_SUCCESS, nfs_stat=NFS3::NFS3ERR_OK, req_start=1514568131.653118, req_dur=0.0, req_len=116, rep_start=1514568131.653751, rep_dur=0.0, rep_len=136, rpc_uid=3125, rpc_gid=200, rpc_stamp=19078341, rpc_machine_name=pddevbal802, rpc_auxgids=[0, 10, 24, 200]]\x0a\x09[dirfh=\x01\x00\x06\x00\xea,\xbbJ\x9e\xf7I\x95\xa56V(\xce\xda`\xa2, fname=bro-nfs]\x0a\x09[dir_pre_attr=[size=4096, atime=1514568131.625387, mtime=1514568131.625387], dir_post_attr=[ftype=NFS3::FTYPE_DIR, mode=17407, nlink=15, uid=0, gid=0, size=4096, used=4096, rdev1=0, rdev2=0, fsid=3974757969411512911, fileid=128, atime=0.0, mtime=1514568131.649387, ctime=1514568131.649387]]\x0a

1
testing/btest/Baseline/scripts.base.protocols.ssh.basic/.stdout
View file

@ -1,4 +1,3 @@
auth_result, CHhAvVGS1DHFjwGM9, F, 2
auth_result, ClEkJM2Vm5giqnMf4h, T, 1
auth_result, C4J4Th3PJpwUYZZ6gc, T, 3
auth_result, Ck51lg1bScffFj34Ri, T, 2

18
testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log
View file

@ -3,14 +3,14 @@
#empty_field (empty)
#unset_field -
#path ssh
#open 2017-08-01-16-26-21
#open 2018-10-16-15-00-07
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
#types time string addr port addr port count bool count enum string string string string string string string string
1324071333.792887 CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 2 F 2 - SSH-2.0-OpenSSH_5.9 SSH-2.0-OpenSSH_5.8 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
1324071333.792887 CHhAvVGS1DHFjwGM9 192.168.1.79 51880 131.159.21.1 22 2 - 0 - SSH-2.0-OpenSSH_5.9 SSH-2.0-OpenSSH_5.8 aes128-ctr hmac-md5 zlib@openssh.com ecdh-sha2-nistp256 ecdsa-sha2-nistp256 a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83
1409516196.413240 ClEkJM2Vm5giqnMf4h 10.0.0.18 40184 128.2.6.88 41644 2 T 1 - SSH-2.0-OpenSSH_6.6 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa 8a:8d:55:28:1e:71:04:99:94:43:22:89:e5:ff:e9:03
1419870189.489202 C4J4Th3PJpwUYZZ6gc 192.168.2.1 57189 192.168.2.158 22 2 T 3 - SSH-2.0-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 aes128-ctr hmac-md5-etm@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3
1419870206.111841 CtPZjS20MLrsMUOJi2 192.168.2.1 57191 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1419996264.344957 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 2 - 0 - SSH-2.0-OpenSSH_6.2 SSH-2.0-paramiko_1.15.2 aes128-ctr hmac-sha1 none diffie-hellman-group14-sha1 ssh-rsa 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
1419996264.344957 CUM0KZ3MLUfNB0cl11 192.168.2.1 55179 192.168.2.158 2200 2 - 0 - SSH-2.0-OpenSSH_6.2 SSH-2.0-paramiko_1.15.2 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5
1420588548.729561 CmES5u32sYpV7JYN 192.168.2.1 56594 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_5.3 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590124.885826 CP5puj4I8PtEU4qzYg 192.168.2.1 56821 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
1420590308.781231 C37jN32gN3y3AZzyf6 192.168.2.1 56837 192.168.2.158 22 1 - 0 - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98
@ -23,9 +23,9 @@
1420860283.057451 C9mvWx3ezztgzcexV7 192.168.1.32 41164 128.2.10.238 22 2 T 5 - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
1420860616.428738 CNnMIj2QSd84NKf7U3 192.168.1.32 33910 128.2.13.133 22 2 T 1 - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 93:d8:4c:0d:b2:c3:2e:da:b9:c0:67:db:e4:8f:95:04
1420868281.665872 C7fIlMZDuRiqjpYbb 192.168.1.32 41268 128.2.10.238 22 2 F 6 - SSH-2.0-OpenSSH_6.6 SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee
1420917487.227035 CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 2 T 2 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519 e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
1421006072.224828 C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 2 T 3 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519 e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
1421041177.031508 CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 2 F 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041299.777962 CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041526.353524 CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
#close 2017-08-01-16-26-21
1420917487.227035 CpmdRlaUoJLN3uIRa 192.168.1.31 52294 192.168.1.32 22 2 T 2 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519-cert-v01@openssh.com e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
1421006072.224828 C1Xkzz2MaGtLrc1Tla 192.168.1.31 51489 192.168.1.32 22 2 T 3 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519-cert-v01@openssh.com e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
1421041177.031508 CLNN1k2QMum1aexUK7 192.168.1.32 58641 131.103.20.168 22 2 F 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr umac-64@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041299.777962 CBA8792iHmnhPLksKa 192.168.1.32 58646 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr umac-64@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
1421041526.353524 CGLPPc35OzDQij1XX8 192.168.1.32 58649 131.103.20.168 22 2 T 1 - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr umac-64@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
#close 2018-10-16-15-00-07

6
testing/btest/Baseline/scripts.base.protocols.ssh.curve25519_kex/ssh.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssh
#open 2017-10-05-19-34-53
#open 2018-10-16-15-27-29
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success auth_attempts direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key
#types time string addr port addr port count bool count enum string string string string string string string string
1505524964.630115 CHhAvVGS1DHFjwGM9 192.168.1.100 60906 192.168.1.32 22 2 T 2 - SSH-2.0-OpenSSH_7.4 SSH-2.0-OpenSSH_7.5 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256 ssh-ed25519 e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
#close 2017-10-05-19-34-53
1505524964.630115 CHhAvVGS1DHFjwGM9 192.168.1.100 60906 192.168.1.32 22 2 T 2 - SSH-2.0-OpenSSH_7.4 SSH-2.0-OpenSSH_7.5 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256 ssh-ed25519-cert-v01@openssh.com e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1
#close 2018-10-16-15-27-29

2
testing/btest/broker/connect-on-retry.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

4
testing/btest/broker/disconnect.bro
View file

@ -3,10 +3,10 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
# @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 30 || (btest-bg-wait -k 1 && false)
# @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat recv/.pid) 45 || (btest-bg-wait -k 1 && false)
# @TEST-EXEC: btest-bg-run recv2 "bro -B broker -b ../recv.bro >recv2.out"
# @TEST-EXEC: btest-bg-wait 30
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff send/send.out
# @TEST-EXEC: btest-diff recv/recv.out

2
testing/btest/broker/remote_event.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_event_any.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_event_auto.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_event_ssl_auth.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_event_vector_any.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
@TEST-START-FILE send.bro

19
testing/btest/broker/remote_id.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro test_var=newval >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
@TEST-START-FILE send.bro
@ -15,8 +15,9 @@ event bro_init()
Broker::peer("127.0.0.1");
}
event die()
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer lost";
terminate();
}
@ -24,7 +25,6 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer added";
Broker::publish_id("bro/ids/test", "test_var");
schedule 1sec { die() };
}
@TEST-END-FILE
@ -33,6 +33,17 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
const test_var = "init" &redef;
event check_var()
{
if ( test_var == "init" )
schedule 0.1sec { check_var() };
else
{
print "updated val", test_var;
terminate();
}
}
event bro_init()
{
print "intial val", test_var;
@ -43,12 +54,12 @@ event bro_init()
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer added";
schedule 1sec { check_var() };
}
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer lost";
print "updated val", test_var;
terminate();
}

2
testing/btest/broker/remote_log.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff recv/test.log
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_log_late_join.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff recv/test.log
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/remote_log_types.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff recv/test.log
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/ssl_auth_failure.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -B broker -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -B broker -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 15
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out

2
testing/btest/broker/store/clone.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run clone "bro -B broker -b ../clone-main.bro >clone.out"
# @TEST-EXEC: btest-bg-run master "bro -B broker -b ../master-main.bro >master.out"
#
# @TEST-EXEC: btest-bg-wait 25
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff clone/clone.out
# @TEST-EXEC: btest-diff master/master.out

2
testing/btest/broker/unpeer.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
# @TEST-EXEC: btest-bg-run send "bro -b ../send.bro >send.out"
#
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out
#

41
testing/btest/language/expire_func_mod.bro Normal file
View file

@ -0,0 +1,41 @@
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
module Test;
redef exit_only_after_terminate = T;
redef table_expire_interval = .1 secs ;
export {
global table_expire_func: function(t: table[string] of count,
s: string): interval;
global t: table[string] of count
&write_expire=0 secs
&expire_func=table_expire_func;
}
event die()
{
terminate();
}
function table_expire_func(t: table[string] of count, s: string): interval
{
t[s] += 1 ;
print fmt("inside table_expire_func: %s, %s", s, t[s]);
if ( t[s] < 10 )
return .1 secs ;
schedule .1sec { die() };
return 0 secs;
}
event bro_init()
{
local s="ashish";
t[s] = 1 ;
print fmt("starting: %s, %s", s, t[s]);
}

25
testing/btest/scripts/base/frameworks/logging/ascii-json-iso-timestamps.bro
View file

@ -27,5 +27,30 @@ event bro_init()
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1986-12-01T01:01:01Z") + 0.90 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.4 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.5 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 0.6 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.0 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.4 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.5 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 1.6 secs)
]);
Log::write(SSH::LOG, [
$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "1970-01-01T00:00:00Z") - 99 secs)
]);
}