First attempt to adapt istate.events unit test to new policy scripts.

The http.log that both sides produce is the same, but the http-related events that each serializes into events.bst don't look equivalent when read back and cause the test to fail.
2025-10-12 03:28:19 +00:00 · 2011-06-23 11:00:03 -05:00 · 2011-06-23 11:00:03 -05:00 · 555e42fdd2
commit 555e42fdd2
parent dc4dc7c56a
3 changed files with 20 additions and 58 deletions
--- a/testing/btest/Baseline/istate.events/receiver.http.log
+++ b/testing/btest/Baseline/istate.events/receiver.http.log
@ -1,18 +1,2 @@
-1301459542.533110 %events-rcv-1 start 141.42.64.125:56730 > 125.190.109.199:80
-1301459542.533110 %events-rcv-1 > USER-AGENT: Wget/1.10
-1301459542.533110 %events-rcv-1 > ACCEPT: */*
-1301459542.533110 %events-rcv-1 > HOST: www.icir.org
-1301459542.533110 %events-rcv-1 > CONNECTION: Keep-Alive
-1301459542.717115 %events-rcv-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT
-1301459542.717115 %events-rcv-1 < SERVER: Apache/1.3.33 (Unix)
-1301459542.717115 %events-rcv-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT
-1301459542.717115 %events-rcv-1 < ETAG: "2c96c-23aa-4346a0e5"
-1301459542.717115 %events-rcv-1 < ACCEPT-RANGES: bytes
-1301459542.717115 %events-rcv-1 < CONTENT-LENGTH: 9130
-1301459542.717115 %events-rcv-1 < KEEP-ALIVE: timeout=15, max=100
-1301459542.717115 %events-rcv-1 < CONNECTION: Keep-Alive
-1301459542.717115 %events-rcv-1 < CONTENT-TYPE: text/html
-1301459542.901119 %events-rcv-1 <= 4096 bytes: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML ..."
-1301459542.941139 %events-rcv-1 <= 4096 bytes: "gn=top>^J^J<h2>^JPublications^J</h2>^J<ul>^J<l..."
-1301459543.085124 %events-rcv-1 <= 938 bytes: "ational Internet Measurement Infrastruct..."
-1301459543.085124 %events-rcv-1 GET / (200 "OK" [9130] www.icir.org)
+# ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_content_length	response_content_length	status_code	status_msg	filename	tags	username	password	proxied
+1308842601.71319	56gKBmhBBB6	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	-	9130	200	OK	-	-	-	-	-
--- a/testing/btest/Baseline/istate.events/sender.http.log
+++ b/testing/btest/Baseline/istate.events/sender.http.log
@ -1,18 +1,2 @@
-1301459542.463895 %events-send-1 start 141.42.64.125:56730 > 125.190.109.199:80
-1301459542.463895 %events-send-1 > USER-AGENT: Wget/1.10
-1301459542.463895 %events-send-1 > ACCEPT: */*
-1301459542.463895 %events-send-1 > HOST: www.icir.org
-1301459542.463895 %events-send-1 > CONNECTION: Keep-Alive
-1301459542.647935 %events-send-1 < DATE: Fri, 07 Oct 2005 23:23:55 GMT
-1301459542.647935 %events-send-1 < SERVER: Apache/1.3.33 (Unix)
-1301459542.647935 %events-send-1 < LAST-MODIFIED: Fri, 07 Oct 2005 16:23:01 GMT
-1301459542.647935 %events-send-1 < ETAG: "2c96c-23aa-4346a0e5"
-1301459542.647935 %events-send-1 < ACCEPT-RANGES: bytes
-1301459542.647935 %events-send-1 < CONTENT-LENGTH: 9130
-1301459542.647935 %events-send-1 < KEEP-ALIVE: timeout=15, max=100
-1301459542.647935 %events-send-1 < CONNECTION: Keep-Alive
-1301459542.647935 %events-send-1 < CONTENT-TYPE: text/html
-1301459542.832424 %events-send-1 <= 4096 bytes: "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML ..."
-1301459542.832718 %events-send-1 <= 4096 bytes: "gn=top>^J^J<h2>^JPublications^J</h2>^J<ul>^J<l..."
-1301459543.016242 %events-send-1 <= 938 bytes: "ational Internet Measurement Infrastruct..."
-1301459543.016242 %events-send-1 GET / (200 "OK" [9130] www.icir.org)
+# ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_content_length	response_content_length	status_code	status_msg	filename	tags	username	password	proxied
+1308842601.71319	56gKBmhBBB6	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	-	9130	200	OK	-	-	-	-	-
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@ -5,25 +5,21 @@
 #
 # @TEST-EXEC: btest-diff sender/http.log
 # @TEST-EXEC: btest-diff receiver/http.log
-# @TEST-EXEC: cat receiver/http.log | sed 's/^\([^ ]* \)\{2\}//' >http.rec.log
-# @TEST-EXEC: cat sender/http.log | sed 's/^\([^ ]* \)\{2\}//' >http.snd.log
-# @TEST-EXEC: cmp http.rec.log http.snd.log
+# @TEST-EXEC: cmp sender/http.log receiver/http.log
 #
-# @TEST-EXEC: bro -x sender/events.bst   | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.snd.log
-# @TEST-EXEC: bro -x receiver/events.bst | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.rec.log
+# @TEST-EXEC: bro -x sender/events.bst http/base   | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.snd.log
+# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | sed 's/%events-[^ ]* *//g' | grep '^http_' | grep -v http_stats >events.rec.log
 # @TEST-EXEC: cmp events.rec.log events.snd.log

@TEST-START-FILE sender.bro

-@load tcp
-@load http-request
-@load http-reply
-@load http-header
-@load http-body
-@load http-abstract
-@load listen-clear
+@load http/base
+@load communication/listen-clear

-@load capture-events
+event bro_init()
+    {
+    capture_events("events.bst");
+    }

 redef peer_description = "events-send";

@ -38,19 +34,17 @@ redef tcp_close_delay = 0secs;

@TEST-START-FILE receiver.bro

-@load tcp
-@load http-request
-@load http-reply
-@load http-header
-@load http-body
-@load http-abstract
+@load http/base
+@load communication

-@load capture-events
-@load remote
+event bro_init()
+    {
+    capture_events("events.bst");
+    }

 redef peer_description = "events-rcv";

-redef Remote::destinations += {
+redef Communication::nodes += {
    ["foo"] = [$host = 127.0.0.1, $events = /http_.*/, $connect=T]
 };