mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge remote branch 'origin/topic/robin/conn-ids'
* origin/topic/robin/conn-ids: Moving uid from conn_id to connection, and making output determistic if a hash seed is given. Extending conn_id with a globally unique identifiers.
This commit is contained in:
Robin Sommer
commit
59d6202104
16 changed files with 271 additions and 6 deletions
24
CHANGES
24
CHANGES
|
|
@ -1,3 +1,27 @@
|
|||
1.6-dev.99 Fri Apr 22 22:10:03 PDT 2011
|
||||
|
||||
- Extending the connection record with a unique identifier. (Robin
|
||||
Sommer)
|
||||
|
||||
type connection: record {
|
||||
[...]
|
||||
id: string;
|
||||
};
|
||||
|
||||
These identifiers very likely unique even across independent Bro
|
||||
runs.
|
||||
|
||||
- Delete operator for record fields. (Robin Sommer)
|
||||
|
||||
"delete x$y" now resets record field "x" back to its original state
|
||||
if it is either &optional or has a &default. "delete" may not be
|
||||
used with non-optional/default fields.
|
||||
|
||||
- Fixing bug with nested record coercions. (Robin Sommer)
|
||||
|
||||
- Fixing a do_split() bug. (Seth Hall)
|
||||
|
||||
|
||||
1.6-dev.94 Thu Apr 21 19:51:38 PDT 2011
|
||||
|
||||
- Fixing generation of config.h. (Jon Siwek)
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
1.6-dev.94
|
||||
1.6-dev.99
|
||||
|
|
|
|||
|
|
@ -92,6 +92,7 @@ type connection: record {
|
|||
addl: string;
|
||||
hot: count; # how hot; 0 = don't know or not hot
|
||||
history: string;
|
||||
uid: string;
|
||||
};
|
||||
|
||||
type SYN_packet: record {
|
||||
|
|
|
|||
59
src/Conn.cc
59
src/Conn.cc
|
|
@ -182,6 +182,8 @@ Connection::Connection(NetSessions* s, HashKey* k, double t, const ConnID* id)
|
|||
TimerMgr::Tag* tag = current_iosrc->GetCurrentTag();
|
||||
conn_timer_mgr = tag ? new TimerMgr::Tag(*tag) : 0;
|
||||
|
||||
uid = 0; // Will set later.
|
||||
|
||||
if ( conn_timer_mgr )
|
||||
{
|
||||
++external_connections;
|
||||
|
|
@ -215,6 +217,56 @@ Connection::~Connection()
|
|||
--external_connections;
|
||||
}
|
||||
|
||||
uint64 Connection::uid_counter = 0;
|
||||
uint64 Connection::uid_instance = 0;
|
||||
|
||||
uint64 Connection::CalculateNextUID()
|
||||
{
|
||||
if ( uid_instance == 0 )
|
||||
{
|
||||
// This is the first time we need a UID.
|
||||
|
||||
if ( ! have_random_seed() )
|
||||
{
|
||||
// If we don't need deterministic output (as
|
||||
// indicated by a set seed), we calculate the
|
||||
// instance ID by hashing something likely to be
|
||||
// globally unique.
|
||||
struct {
|
||||
char hostname[128];
|
||||
struct timeval time;
|
||||
pid_t pid;
|
||||
int rnd;
|
||||
} unique;
|
||||
|
||||
gethostname(unique.hostname, 128);
|
||||
unique.hostname[sizeof(unique.hostname)-1] = '\0';
|
||||
gettimeofday(&unique.time, 0);
|
||||
unique.pid = getpid();
|
||||
unique.rnd = bro_random();
|
||||
|
||||
uid_instance = HashKey::HashBytes(&unique, sizeof(unique));
|
||||
++uid_instance; // Now it's larger than zero.
|
||||
}
|
||||
|
||||
else
|
||||
// Generate determistic UIDs.
|
||||
uid_instance = 1;
|
||||
}
|
||||
|
||||
// Now calculate the unique ID for this connection.
|
||||
struct {
|
||||
uint64 counter;
|
||||
hash_t instance;
|
||||
} key;
|
||||
|
||||
key.counter = ++uid_counter;
|
||||
key.instance = uid_instance;
|
||||
|
||||
uint64_t h = HashKey::HashBytes(&key, sizeof(key));
|
||||
return h;
|
||||
}
|
||||
|
||||
void Connection::Done()
|
||||
{
|
||||
finished = 1;
|
||||
|
|
@ -346,6 +398,7 @@ RecordVal* Connection::BuildConnVal()
|
|||
id_val->Assign(1, new PortVal(ntohs(orig_port), prot_type));
|
||||
id_val->Assign(2, new AddrVal(resp_addr));
|
||||
id_val->Assign(3, new PortVal(ntohs(resp_port), prot_type));
|
||||
|
||||
conn_val->Assign(0, id_val);
|
||||
|
||||
orig_endp = new RecordVal(endpoint);
|
||||
|
|
@ -363,6 +416,12 @@ RecordVal* Connection::BuildConnVal()
|
|||
conn_val->Assign(6, new StringVal("")); // addl
|
||||
conn_val->Assign(7, new Val(0, TYPE_COUNT)); // hot
|
||||
conn_val->Assign(8, new StringVal("")); // history
|
||||
|
||||
if ( ! uid )
|
||||
uid = CalculateNextUID();
|
||||
|
||||
char tmp[20];
|
||||
conn_val->Assign(9, new StringVal(uitoa_n(uid, tmp, sizeof(tmp), 62)));
|
||||
}
|
||||
|
||||
if ( root_analyzer )
|
||||
|
|
|
|||
10
src/Conn.h
10
src/Conn.h
|
|
@ -301,7 +301,12 @@ public:
|
|||
::operator delete(((char*) ptr) - 4);
|
||||
}
|
||||
|
||||
void SetUID(uint64 arg_uid) { uid = arg_uid; }
|
||||
|
||||
static uint64 CalculateNextUID();
|
||||
|
||||
protected:
|
||||
|
||||
Connection() { persistent = 0; }
|
||||
|
||||
// Add the given timer to expire at time t. If do_expire
|
||||
|
|
@ -358,6 +363,11 @@ protected:
|
|||
|
||||
TransportLayerAnalyzer* root_analyzer;
|
||||
PIA* primary_PIA;
|
||||
|
||||
uint64 uid; // Globally unique connection ID.
|
||||
|
||||
static uint64 uid_counter; // Counter for uids.
|
||||
static uint64 uid_instance; // Instance ID, computed once.
|
||||
};
|
||||
|
||||
class ConnectionTimer : public Timer {
|
||||
|
|
|
|||
|
|
@ -521,6 +521,8 @@ Connection* ConnCompressor::Instantiate(HashKey* key, PendingConn* pending)
|
|||
return 0;
|
||||
}
|
||||
|
||||
new_conn->SetUID(pending->uid);
|
||||
|
||||
DBG_LOG(DBG_COMPRESSOR, "%s instantiated", fmt_conn_id(pending));
|
||||
|
||||
++sizes.connections;
|
||||
|
|
@ -608,6 +610,7 @@ void ConnCompressor::PktHdrToPendingConn(double time, const HashKey* key,
|
|||
c->FIN = (tp->th_flags & TH_FIN) != 0;
|
||||
c->RST = (tp->th_flags & TH_RST) != 0;
|
||||
c->ACK = (tp->th_flags & TH_ACK) != 0;
|
||||
c->uid = Connection::CalculateNextUID();
|
||||
c->invalid = 0;
|
||||
|
||||
if ( TCP_Analyzer::ParseTCPOptions(tp, parse_tcp_options, 0, 0, c) < 0 )
|
||||
|
|
@ -877,6 +880,9 @@ void ConnCompressor::Event(const PendingConn* pending, double t,
|
|||
conn_val->Assign(7, new Val(0, TYPE_COUNT)); // hot
|
||||
conn_val->Assign(8, new StringVal("")); // history
|
||||
|
||||
char tmp[20]; // uid.
|
||||
conn_val->Assign(9, new StringVal(uitoa_n(pending->uid, tmp, sizeof(tmp), 62)));
|
||||
|
||||
conn_val->SetOrigin(0);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -97,6 +97,7 @@ public:
|
|||
uint32 ack;
|
||||
hash_t hash;
|
||||
uint16 window;
|
||||
uint64 uid;
|
||||
};
|
||||
|
||||
private:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
#define UHASH_KEY_SIZE 32
|
||||
|
||||
typedef unsigned int hash_t;
|
||||
typedef uint64 hash_t;
|
||||
|
||||
typedef enum {
|
||||
HASH_KEY_INT,
|
||||
|
|
|
|||
26
src/util.cc
26
src/util.cc
|
|
@ -340,6 +340,27 @@ int atoi_n(int len, const char* s, const char** end, int base, int& result)
|
|||
return 1;
|
||||
}
|
||||
|
||||
char* uitoa_n(uint64 value, char* str, int n, int base)
|
||||
{
|
||||
static char dig[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
|
||||
int i = 0;
|
||||
uint64 v;
|
||||
char* p, *q;
|
||||
char c;
|
||||
|
||||
v = value;
|
||||
|
||||
do {
|
||||
str[i++] = dig[v % base];
|
||||
v /= base;
|
||||
} while ( v && i < n - 1 );
|
||||
|
||||
str[i] = '\0';
|
||||
|
||||
return str;
|
||||
}
|
||||
|
||||
int strstr_n(const int big_len, const u_char* big,
|
||||
const int little_len, const u_char* little)
|
||||
{
|
||||
|
|
@ -661,6 +682,11 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
|
|||
write_file);
|
||||
}
|
||||
|
||||
bool have_random_seed()
|
||||
{
|
||||
return bro_rand_determistic;
|
||||
}
|
||||
|
||||
long int bro_random()
|
||||
{
|
||||
if ( ! bro_rand_determistic )
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ extern char* strcasestr(const char* s, const char* find);
|
|||
extern const char* strpbrk_n(size_t len, const char* s, const char* charset);
|
||||
extern int atoi_n(int len, const char* s, const char** end,
|
||||
int base, int& result);
|
||||
extern char* uitoa_n(uint64 value, char* str, int n, int base);
|
||||
int strstr_n(const int big_len, const unsigned char* big,
|
||||
const int little_len, const unsigned char* little);
|
||||
extern int fputs(int len, const char* s, FILE* fp);
|
||||
|
|
@ -149,6 +150,9 @@ extern const char* md5_digest_print(const unsigned char digest[16]);
|
|||
extern void init_random_seed(uint32 seed, const char* load_file,
|
||||
const char* write_file);
|
||||
|
||||
// Returns true if the user explicitly set a seed via init_random_seed();
|
||||
extern bool have_random_seed();
|
||||
|
||||
// Replacement for the system random(), to which is normally falls back
|
||||
// except when a seed has been given. In that case, we use our own
|
||||
// predictable PRNG.
|
||||
|
|
@ -156,9 +160,6 @@ long int bro_random();
|
|||
|
||||
extern uint64 rand64bit();
|
||||
|
||||
#define UHASH_KEY_SIZE 32
|
||||
extern uint8 uhash_key[UHASH_KEY_SIZE];
|
||||
|
||||
// Each event source that may generate events gets an internally unique ID.
|
||||
// This is always LOCAL for a local Bro. For remote event sources, it gets
|
||||
// assigned by the RemoteSerializer.
|
||||
|
|
|
|||
1
testing/btest/Baseline/core.conn-id/counts
Normal file
1
testing/btest/Baseline/core.conn-id/counts
Normal file
|
|
@ -0,0 +1 @@
|
|||
18
|
||||
34
testing/btest/Baseline/core.conn-id/output
Normal file
34
testing/btest/Baseline/core.conn-id/output
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
36
testing/btest/Baseline/core.conn-id/output.cc
Normal file
36
testing/btest/Baseline/core.conn-id/output.cc
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
34
testing/btest/Baseline/core.conn-id/output.cc2
Normal file
34
testing/btest/Baseline/core.conn-id/output.cc2
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], UZkBBvjF0r8
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
[btest]
|
||||
TestDirs = doc bifs logging language
|
||||
TestDirs = doc bifs logging language core
|
||||
TmpDir = %(testbase)s/.tmp
|
||||
BaselineDir = %(testbase)s/Baseline
|
||||
IgnoreDirs = .svn CVS .tmp
|
||||
|
|
|
|||
32
testing/btest/core/conn-id.bro
Normal file
32
testing/btest/core/conn-id.bro
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
#
|
||||
# In "normal" test mode, connection uids should be determistic.
|
||||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
#
|
||||
# Without a seed, they should differ each time:
|
||||
#
|
||||
# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output2
|
||||
# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l >counts
|
||||
# @TEST-EXEC: btest-diff counts
|
||||
#
|
||||
# Make sure it works without the connection compressor as well.
|
||||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp use_connection_compressor=F >output.cc
|
||||
# @TEST-EXEC: btest-diff output.cc
|
||||
#
|
||||
# Make sure it works with the full connection compressor as well.
|
||||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp cc_handle_only_syns=F >output.cc2
|
||||
# @TEST-EXEC: btest-diff output.cc2
|
||||
|
||||
|
||||
event new_connection(c: connection)
|
||||
{
|
||||
print c$id, c$uid;
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
print c$id, c$uid;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue