diff --git a/CHANGES b/CHANGES index aff232a9b7..449b5c9eb4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,27 @@ +1.6-dev.99 Fri Apr 22 22:10:03 PDT 2011 + +- Extending the connection record with a unique identifier. (Robin + Sommer) + + type connection: record { + [...] + id: string; + }; + + These identifiers very likely unique even across independent Bro + runs. + +- Delete operator for record fields. (Robin Sommer) + + "delete x$y" now resets record field "x" back to its original state + if it is either &optional or has a &default. "delete" may not be + used with non-optional/default fields. + +- Fixing bug with nested record coercions. (Robin Sommer) + +- Fixing a do_split() bug. (Seth Hall) + + 1.6-dev.94 Thu Apr 21 19:51:38 PDT 2011 - Fixing generation of config.h. (Jon Siwek) diff --git a/VERSION b/VERSION index 110b0b440a..359249d5d6 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev.94 +1.6-dev.99 diff --git a/policy/bro.init b/policy/bro.init index 43601fa8b3..95ead925d5 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -92,6 +92,7 @@ type connection: record { addl: string; hot: count; # how hot; 0 = don't know or not hot history: string; + uid: string; }; type SYN_packet: record { diff --git a/src/Conn.cc b/src/Conn.cc index 7758ac03f0..8ebef29468 100644 --- a/src/Conn.cc +++ b/src/Conn.cc @@ -182,6 +182,8 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id) TimerMgr::Tag* tag = current_iosrc->GetCurrentTag(); conn_timer_mgr = tag ? new TimerMgr::Tag(*tag) : 0; + uid = 0; // Will set later. + if ( conn_timer_mgr ) { ++external_connections; @@ -215,6 +217,56 @@ Connection::~Connection() --external_connections; } +uint64 Connection::uid_counter = 0; +uint64 Connection::uid_instance = 0; + +uint64 Connection::CalculateNextUID() + { + if ( uid_instance == 0 ) + { + // This is the first time we need a UID. + + if ( ! have_random_seed() ) + { + // If we don't need deterministic output (as + // indicated by a set seed), we calculate the + // instance ID by hashing something likely to be + // globally unique. + struct { + char hostname[128]; + struct timeval time; + pid_t pid; + int rnd; + } unique; + + gethostname(unique.hostname, 128); + unique.hostname[sizeof(unique.hostname)-1] = '\0'; + gettimeofday(&unique.time, 0); + unique.pid = getpid(); + unique.rnd = bro_random(); + + uid_instance = HashKey::HashBytes(&unique, sizeof(unique)); + ++uid_instance; // Now it's larger than zero. + } + + else + // Generate determistic UIDs. + uid_instance = 1; + } + + // Now calculate the unique ID for this connection. + struct { + uint64 counter; + hash_t instance; + } key; + + key.counter = ++uid_counter; + key.instance = uid_instance; + + uint64_t h = HashKey::HashBytes(&key, sizeof(key)); + return h; + } + void Connection::Done() { finished = 1; @@ -346,6 +398,7 @@ RecordVal* Connection::BuildConnVal() id_val->Assign(1, new PortVal(ntohs(orig_port), prot_type)); id_val->Assign(2, new AddrVal(resp_addr)); id_val->Assign(3, new PortVal(ntohs(resp_port), prot_type)); + conn_val->Assign(0, id_val); orig_endp = new RecordVal(endpoint); @@ -363,6 +416,12 @@ RecordVal* Connection::BuildConnVal() conn_val->Assign(6, new StringVal("")); // addl conn_val->Assign(7, new Val(0, TYPE_COUNT)); // hot conn_val->Assign(8, new StringVal("")); // history + + if ( ! uid ) + uid = CalculateNextUID(); + + char tmp[20]; + conn_val->Assign(9, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62))); } if ( root_analyzer ) diff --git a/src/Conn.h b/src/Conn.h index 473b8416ef..eafc6e9fd0 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -301,7 +301,12 @@ public: ::operator delete(((char*) ptr) - 4); } + void SetUID(uint64 arg_uid) { uid = arg_uid; } + + static uint64 CalculateNextUID(); + protected: + Connection() { persistent = 0; } // Add the given timer to expire at time t. If do_expire @@ -358,6 +363,11 @@ protected: TransportLayerAnalyzer* root_analyzer; PIA* primary_PIA; + + uint64 uid; // Globally unique connection ID. + + static uint64 uid_counter; // Counter for uids. + static uint64 uid_instance; // Instance ID, computed once. }; class ConnectionTimer : public Timer { diff --git a/src/ConnCompressor.cc b/src/ConnCompressor.cc index 9d847a504c..1d384f4ca4 100644 --- a/src/ConnCompressor.cc +++ b/src/ConnCompressor.cc @@ -521,6 +521,8 @@ Connection* ConnCompressor::Instantiate(HashKey* key, PendingConn* pending) return 0; } + new_conn->SetUID(pending->uid); + DBG_LOG(DBG_COMPRESSOR, "%s instantiated", fmt_conn_id(pending)); ++sizes.connections; @@ -608,6 +610,7 @@ void ConnCompressor::PktHdrToPendingConn(double time, const HashKey* key, c->FIN = (tp->th_flags & TH_FIN) != 0; c->RST = (tp->th_flags & TH_RST) != 0; c->ACK = (tp->th_flags & TH_ACK) != 0; + c->uid = Connection::CalculateNextUID(); c->invalid = 0; if ( TCP_Analyzer::ParseTCPOptions(tp, parse_tcp_options, 0, 0, c) < 0 ) @@ -877,6 +880,9 @@ void ConnCompressor::Event(const PendingConn* pending, double t, conn_val->Assign(7, new Val(0, TYPE_COUNT)); // hot conn_val->Assign(8, new StringVal("")); // history + char tmp[20]; // uid. + conn_val->Assign(9, new StringVal(uitoa_n(pending->uid, tmp, sizeof(tmp), 62))); + conn_val->SetOrigin(0); } diff --git a/src/ConnCompressor.h b/src/ConnCompressor.h index a76a35134a..84a1c1266f 100644 --- a/src/ConnCompressor.h +++ b/src/ConnCompressor.h @@ -97,6 +97,7 @@ public: uint32 ack; hash_t hash; uint16 window; + uint64 uid; }; private: diff --git a/src/Hash.h b/src/Hash.h index a097bb58ec..d9659b442a 100644 --- a/src/Hash.h +++ b/src/Hash.h @@ -11,7 +11,7 @@ #define UHASH_KEY_SIZE 32 -typedef unsigned int hash_t; +typedef uint64 hash_t; typedef enum { HASH_KEY_INT, diff --git a/src/util.cc b/src/util.cc index cd28a94b54..26657fe96b 100644 --- a/src/util.cc +++ b/src/util.cc @@ -340,6 +340,27 @@ int atoi_n(int len, const char* s, const char** end, int base, int& result) return 1; } +char* uitoa_n(uint64 value, char* str, int n, int base) + { + static char dig[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + + int i = 0; + uint64 v; + char* p, *q; + char c; + + v = value; + + do { + str[i++] = dig[v % base]; + v /= base; + } while ( v && i < n - 1 ); + + str[i] = '\0'; + + return str; + } + int strstr_n(const int big_len, const u_char* big, const int little_len, const u_char* little) { @@ -661,6 +682,11 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file write_file); } +bool have_random_seed() + { + return bro_rand_determistic; + } + long int bro_random() { if ( ! bro_rand_determistic ) diff --git a/src/util.h b/src/util.h index 276b6f320c..d39dcc38f5 100644 --- a/src/util.h +++ b/src/util.h @@ -112,6 +112,7 @@ extern char* strcasestr(const char* s, const char* find); extern const char* strpbrk_n(size_t len, const char* s, const char* charset); extern int atoi_n(int len, const char* s, const char** end, int base, int& result); +extern char* uitoa_n(uint64 value, char* str, int n, int base); int strstr_n(const int big_len, const unsigned char* big, const int little_len, const unsigned char* little); extern int fputs(int len, const char* s, FILE* fp); @@ -149,6 +150,9 @@ extern const char* md5_digest_print(const unsigned char digest[16]); extern void init_random_seed(uint32 seed, const char* load_file, const char* write_file); +// Returns true if the user explicitly set a seed via init_random_seed(); +extern bool have_random_seed(); + // Replacement for the system random(), to which is normally falls back // except when a seed has been given. In that case, we use our own // predictable PRNG. @@ -156,9 +160,6 @@ long int bro_random(); extern uint64 rand64bit(); -#define UHASH_KEY_SIZE 32 -extern uint8 uhash_key[UHASH_KEY_SIZE]; - // Each event source that may generate events gets an internally unique ID. // This is always LOCAL for a local Bro. For remote event sources, it gets // assigned by the RemoteSerializer. diff --git a/testing/btest/Baseline/core.conn-id/counts b/testing/btest/Baseline/core.conn-id/counts new file mode 100644 index 0000000000..3c032078a4 --- /dev/null +++ b/testing/btest/Baseline/core.conn-id/counts @@ -0,0 +1 @@ +18 diff --git a/testing/btest/Baseline/core.conn-id/output b/testing/btest/Baseline/core.conn-id/output new file mode 100644 index 0000000000..ceba6ae7ac --- /dev/null +++ b/testing/btest/Baseline/core.conn-id/output @@ -0,0 +1,34 @@ +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 diff --git a/testing/btest/Baseline/core.conn-id/output.cc b/testing/btest/Baseline/core.conn-id/output.cc new file mode 100644 index 0000000000..a980322f50 --- /dev/null +++ b/testing/btest/Baseline/core.conn-id/output.cc @@ -0,0 +1,36 @@ +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 diff --git a/testing/btest/Baseline/core.conn-id/output.cc2 b/testing/btest/Baseline/core.conn-id/output.cc2 new file mode 100644 index 0000000000..ceba6ae7ac --- /dev/null +++ b/testing/btest/Baseline/core.conn-id/output.cc2 @@ -0,0 +1,34 @@ +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8 diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index 43b53aca61..62e85ee3f5 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -1,5 +1,5 @@ [btest] -TestDirs = doc bifs logging language +TestDirs = doc bifs logging language core TmpDir = %(testbase)s/.tmp BaselineDir = %(testbase)s/Baseline IgnoreDirs = .svn CVS .tmp diff --git a/testing/btest/core/conn-id.bro b/testing/btest/core/conn-id.bro new file mode 100644 index 0000000000..97bb064c31 --- /dev/null +++ b/testing/btest/core/conn-id.bro @@ -0,0 +1,32 @@ +# +# In "normal" test mode, connection uids should be determistic. +# +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output +# @TEST-EXEC: btest-diff output +# +# Without a seed, they should differ each time: +# +# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output2 +# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l >counts +# @TEST-EXEC: btest-diff counts +# +# Make sure it works without the connection compressor as well. +# +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp use_connection_compressor=F >output.cc +# @TEST-EXEC: btest-diff output.cc +# +# Make sure it works with the full connection compressor as well. +# +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp cc_handle_only_syns=F >output.cc2 +# @TEST-EXEC: btest-diff output.cc2 + + +event new_connection(c: connection) + { + print c$id, c$uid; + } + +event connection_established(c: connection) + { + print c$id, c$uid; + }