Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update docs and tests for bro_(init|done) -> zeek_(init|done)

Browse source
This commit is contained in:
Seth Hall 2019-04-14 08:19:08 -04:00
parent 8cefb9be42
commit 5db766bd88
508 changed files with 532 additions and 2016 deletions
Download patch file Download diff file Expand all files Collapse all files

1
doc

@ -1 +0,0 @@
Subproject commit e9f6728f13165148ca8ffe0b373148ff78b10c6a

11
testing/btest/Baseline/doc.broxygen.all_scripts/.stderr
View file

@ -1,11 +0,0 @@
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform)
warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead"
error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.bro, line 22: The '' control command is unknown.
<params>, line 1: received termination signal

1
testing/btest/Baseline/doc.broxygen.all_scripts/.stdout
View file

@ -1 +0,0 @@
WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks.

1
testing/btest/Baseline/doc.broxygen.command_line/output
View file

@ -1 +0,0 @@
10

70
testing/btest/Baseline/doc.broxygen.comment_retrieval_bifs/out
View file

@ -1,70 +0,0 @@
This is a test script.
With some summary comments.
myvar:
Hello world. This is an option.
With some more description here.
And here.
Maybe just one more.
print_lines:
This function prints a string line by line.
lines: A string to print line by line, w/ lines delimited by newline chars.
And some more comments on the function implementation.
mytype:
This is an alias for count.
myrecord:
My record type.
myrecord$aaa:
The first field.
Does something...
Done w/ aaa.
myrecord$bbb:
The second field.
Done w/ bbb.
No really, done w/ bbb.
myrecord$ccc:
Third field.
Done w/ ccc.
myrecord$ddd:
Fourth field.
Done w/ ddd.
myrecord$eee:
First redef'd field.
With two lines of comments.
And two post-notation comments.
Done w/ eee.
myrecord$fff:
Second redef'd field.
Done w/ fff.
myrecord$ggg:
Third redef'd field.
Done w/ ggg.
myenum:
My enum type;
FIRST:
First enum value.
I know, the name isn't clever.
Done w/ first.
SECOND:
Second enum value.
Done w/ second.
THIRD:
Third enum value.
Done w/ third.
Done w/ third again.
FORTH:
SIC.
It's a programming language.
Using Reverse Polish Notation.
Done w/ forth.
FIFTH:
First redef'd enum val.
Done w/ fifth.
SIXTH:
Second redef'd enum val.
Done w/ sixth.
SEVENTH:
Third redef'd enum val.
Lucky number seven.
Still works with comma.
Done w/ seventh.

60
testing/btest/Baseline/doc.broxygen.enums/autogen-reST-enums.rst
View file

@ -1,60 +0,0 @@
.. bro:type:: TestEnum1
:Type: :bro:type:`enum`
.. bro:enum:: ONE TestEnum1
like this
.. bro:enum:: TWO TestEnum1
or like this
.. bro:enum:: THREE TestEnum1
multiple
comments
and even
more comments
.. bro:enum:: FOUR TestEnum1
adding another
value
.. bro:enum:: FIVE TestEnum1
adding another
value
There's tons of ways an enum can look...
.. bro:type:: TestEnum2
:Type: :bro:type:`enum`
.. bro:enum:: A TestEnum2
like this
.. bro:enum:: B TestEnum2
or like this
.. bro:enum:: C TestEnum2
multiple
comments
and even
more comments
The final comma is optional
.. bro:id:: TestEnumVal
:Type: :bro:type:`TestEnum1`
:Attributes: :bro:attr:`&redef`
:Default: ``ONE``
this should reference the TestEnum1 type and not a generic "enum" type

248
testing/btest/Baseline/doc.broxygen.example/example.rst
View file

@ -1,248 +0,0 @@
:tocdepth: 3
broxygen/example.bro
====================
.. bro:namespace:: BroxygenExample
This is an example script that demonstrates Broxygen-style
documentation. It generally will make most sense when viewing
the script's raw source code and comparing to the HTML-rendered
version.
Comments in the from ``##!`` are meant to summarize the script's
purpose. They are transferred directly in to the generated
`reStructuredText <http://docutils.sourceforge.net/rst.html>`_
(reST) document associated with the script.
.. tip:: You can embed directives and roles within ``##``-stylized comments.
There's also a custom role to reference any identifier node in
the Bro Sphinx domain that's good for "see alsos", e.g.
See also: :bro:see:`BroxygenExample::a_var`,
:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info`
And a custom directive does the equivalent references:
.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info
:Namespace: BroxygenExample
:Imports: :doc:`base/frameworks/notice </scripts/base/frameworks/notice/index>`, :doc:`base/protocols/http </scripts/base/protocols/http/index>`, :doc:`policy/frameworks/software/vulnerable.bro </scripts/policy/frameworks/software/vulnerable.bro>`
Summary
~~~~~~~
Redefinable Options
###################
==================================================================================== =======================================================
:bro:id:`BroxygenExample::an_option`: :bro:type:`set` :bro:attr:`&redef` Add documentation for "an_option" here.
:bro:id:`BroxygenExample::option_with_init`: :bro:type:`interval` :bro:attr:`&redef` Default initialization will be generated automatically.
==================================================================================== =======================================================
State Variables
###############
======================================================================== ========================================================================
:bro:id:`BroxygenExample::a_var`: :bro:type:`bool` Put some documentation for "a_var" here.
:bro:id:`BroxygenExample::summary_test`: :bro:type:`string` The first sentence for a particular identifier's summary text ends here.
:bro:id:`BroxygenExample::var_without_explicit_type`: :bro:type:`string` Types are inferred, that information is self-documenting.
======================================================================== ========================================================================
Types
#####
================================================================================= ===========================================================
:bro:type:`BroxygenExample::ComplexRecord`: :bro:type:`record` :bro:attr:`&redef` General documentation for a type "ComplexRecord" goes here.
:bro:type:`BroxygenExample::Info`: :bro:type:`record` An example record to be used with a logging stream.
:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Documentation for the "SimpleEnum" type goes here.
:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` General documentation for a type "SimpleRecord" goes here.
================================================================================= ===========================================================
Redefinitions
#############
============================================================= ====================================================================
:bro:type:`BroxygenExample::SimpleEnum`: :bro:type:`enum` Document the "SimpleEnum" redef here with any special info regarding
the *redef* itself.
:bro:type:`BroxygenExample::SimpleRecord`: :bro:type:`record` Document the record extension *redef* itself here.
:bro:type:`Log::ID`: :bro:type:`enum`
:bro:type:`Notice::Type`: :bro:type:`enum`
============================================================= ====================================================================
Events
######
====================================================== ==========================
:bro:id:`BroxygenExample::an_event`: :bro:type:`event` Summarize "an_event" here.
====================================================== ==========================
Functions
#########
=========================================================== =======================================
:bro:id:`BroxygenExample::a_function`: :bro:type:`function` Summarize purpose of "a_function" here.
=========================================================== =======================================
Detailed Interface
~~~~~~~~~~~~~~~~~~
Redefinable Options
###################
.. bro:id:: BroxygenExample::an_option
:Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`]
:Attributes: :bro:attr:`&redef`
:Default: ``{}``
Add documentation for "an_option" here.
The type/attribute information is all generated automatically.
.. bro:id:: BroxygenExample::option_with_init
:Type: :bro:type:`interval`
:Attributes: :bro:attr:`&redef`
:Default: ``10.0 msecs``
Default initialization will be generated automatically.
More docs can be added here.
State Variables
###############
.. bro:id:: BroxygenExample::a_var
:Type: :bro:type:`bool`
Put some documentation for "a_var" here. Any global/non-const that
isn't a function/event/hook is classified as a "state variable"
in the generated docs.
.. bro:id:: BroxygenExample::summary_test
:Type: :bro:type:`string`
The first sentence for a particular identifier's summary text ends here.
And this second sentence doesn't show in the short description provided
by the table of all identifiers declared by this script.
.. bro:id:: BroxygenExample::var_without_explicit_type
:Type: :bro:type:`string`
:Default: ``"this works"``
Types are inferred, that information is self-documenting.
Types
#####
.. bro:type:: BroxygenExample::ComplexRecord
:Type: :bro:type:`record`
field1: :bro:type:`count`
Counts something.
field2: :bro:type:`bool`
Toggles something.
field3: :bro:type:`BroxygenExample::SimpleRecord`
Broxygen automatically tracks types
and cross-references are automatically
inserted in to generated docs.
msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional`
Attributes are self-documenting.
:Attributes: :bro:attr:`&redef`
General documentation for a type "ComplexRecord" goes here.
.. bro:type:: BroxygenExample::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
uid: :bro:type:`string` :bro:attr:`&log`
status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional`
An example record to be used with a logging stream.
Nothing special about it. If another script redefs this type
to add fields, the generated documentation will show all original
fields plus the extensions and the scripts which contributed to it
(provided they are also @load'ed).
.. bro:type:: BroxygenExample::SimpleEnum
:Type: :bro:type:`enum`
.. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum
Documentation for particular enum values is added like this.
And can also span multiple lines.
.. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum
Or this style is valid to document the preceding enum value.
.. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum
.. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum
And some documentation for "FOUR".
.. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum
Also "FIVE".
Documentation for the "SimpleEnum" type goes here.
It can span multiple lines.
.. bro:type:: BroxygenExample::SimpleRecord
:Type: :bro:type:`record`
field1: :bro:type:`count`
Counts something.
field2: :bro:type:`bool`
Toggles something.
field_ext: :bro:type:`string` :bro:attr:`&optional`
Document the extending field like this.
Or here, like this.
General documentation for a type "SimpleRecord" goes here.
The way fields can be documented is similar to what's already seen
for enums.
Events
######
.. bro:id:: BroxygenExample::an_event
:Type: :bro:type:`event` (name: :bro:type:`string`)
Summarize "an_event" here.
Give more details about "an_event" here.
BroxygenExample::a_function should not be confused as a parameter
in the generated docs, but it also doesn't generate a cross-reference
link. Use the see role instead: :bro:see:`BroxygenExample::a_function`.
:name: Describe the argument here.
Functions
#########
.. bro:id:: BroxygenExample::a_function
:Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string`
Summarize purpose of "a_function" here.
Give more details about "a_function" here.
Separating the documentation of the params/return values with
empty comments is optional, but improves readability of script.
:tag: Function arguments can be described
like this.
:msg: Another param.
:returns: Describe the return type here.

30
testing/btest/Baseline/doc.broxygen.func-params/autogen-reST-func-params.rst
View file

@ -1,30 +0,0 @@
.. bro:id:: test_func_params_func
:Type: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string`
This is a global function declaration.
:i: First param.
:j: Second param.
:returns: A string.
.. bro:type:: test_func_params_rec
:Type: :bro:type:`record`
field_func: :bro:type:`function` (i: :bro:type:`int`, j: :bro:type:`int`) : :bro:type:`string`
This is a record field function.
:i: First param.
:j: Second param.
:returns: A string.

230
testing/btest/Baseline/doc.broxygen.identifier/test.rst
View file

@ -1,230 +0,0 @@
.. bro:id:: BroxygenExample::Broxygen_One
:Type: :bro:type:`Notice::Type`
Any number of this type of comment
will document "Broxygen_One".
.. bro:id:: BroxygenExample::Broxygen_Two
:Type: :bro:type:`Notice::Type`
Any number of this type of comment
will document "BROXYGEN_TWO".
.. bro:id:: BroxygenExample::Broxygen_Three
:Type: :bro:type:`Notice::Type`
.. bro:id:: BroxygenExample::Broxygen_Four
:Type: :bro:type:`Notice::Type`
Omitting comments is fine, and so is mixing ``##`` and ``##<``, but
it's probably best to use only one style consistently.
.. bro:id:: BroxygenExample::LOG
:Type: :bro:type:`Log::ID`
.. bro:type:: BroxygenExample::SimpleEnum
:Type: :bro:type:`enum`
.. bro:enum:: BroxygenExample::ONE BroxygenExample::SimpleEnum
Documentation for particular enum values is added like this.
And can also span multiple lines.
.. bro:enum:: BroxygenExample::TWO BroxygenExample::SimpleEnum
Or this style is valid to document the preceding enum value.
.. bro:enum:: BroxygenExample::THREE BroxygenExample::SimpleEnum
.. bro:enum:: BroxygenExample::FOUR BroxygenExample::SimpleEnum
And some documentation for "FOUR".
.. bro:enum:: BroxygenExample::FIVE BroxygenExample::SimpleEnum
Also "FIVE".
Documentation for the "SimpleEnum" type goes here.
It can span multiple lines.
.. bro:id:: BroxygenExample::ONE
:Type: :bro:type:`BroxygenExample::SimpleEnum`
Documentation for particular enum values is added like this.
And can also span multiple lines.
.. bro:id:: BroxygenExample::TWO
:Type: :bro:type:`BroxygenExample::SimpleEnum`
Or this style is valid to document the preceding enum value.
.. bro:id:: BroxygenExample::THREE
:Type: :bro:type:`BroxygenExample::SimpleEnum`
.. bro:id:: BroxygenExample::FOUR
:Type: :bro:type:`BroxygenExample::SimpleEnum`
And some documentation for "FOUR".
.. bro:id:: BroxygenExample::FIVE
:Type: :bro:type:`BroxygenExample::SimpleEnum`
Also "FIVE".
.. bro:type:: BroxygenExample::SimpleRecord
:Type: :bro:type:`record`
field1: :bro:type:`count`
Counts something.
field2: :bro:type:`bool`
Toggles something.
field_ext: :bro:type:`string` :bro:attr:`&optional`
Document the extending field like this.
Or here, like this.
General documentation for a type "SimpleRecord" goes here.
The way fields can be documented is similar to what's already seen
for enums.
.. bro:type:: BroxygenExample::ComplexRecord
:Type: :bro:type:`record`
field1: :bro:type:`count`
Counts something.
field2: :bro:type:`bool`
Toggles something.
field3: :bro:type:`BroxygenExample::SimpleRecord`
Broxygen automatically tracks types
and cross-references are automatically
inserted in to generated docs.
msg: :bro:type:`string` :bro:attr:`&default` = ``"blah"`` :bro:attr:`&optional`
Attributes are self-documenting.
:Attributes: :bro:attr:`&redef`
General documentation for a type "ComplexRecord" goes here.
.. bro:type:: BroxygenExample::Info
:Type: :bro:type:`record`
ts: :bro:type:`time` :bro:attr:`&log`
uid: :bro:type:`string` :bro:attr:`&log`
status: :bro:type:`count` :bro:attr:`&log` :bro:attr:`&optional`
An example record to be used with a logging stream.
Nothing special about it. If another script redefs this type
to add fields, the generated documentation will show all original
fields plus the extensions and the scripts which contributed to it
(provided they are also @load'ed).
.. bro:id:: BroxygenExample::an_option
:Type: :bro:type:`set` [:bro:type:`addr`, :bro:type:`addr`, :bro:type:`string`]
:Attributes: :bro:attr:`&redef`
:Default: ``{}``
Add documentation for "an_option" here.
The type/attribute information is all generated automatically.
.. bro:id:: BroxygenExample::option_with_init
:Type: :bro:type:`interval`
:Attributes: :bro:attr:`&redef`
:Default: ``10.0 msecs``
Default initialization will be generated automatically.
More docs can be added here.
.. bro:id:: BroxygenExample::a_var
:Type: :bro:type:`bool`
Put some documentation for "a_var" here. Any global/non-const that
isn't a function/event/hook is classified as a "state variable"
in the generated docs.
.. bro:id:: BroxygenExample::var_without_explicit_type
:Type: :bro:type:`string`
:Default: ``"this works"``
Types are inferred, that information is self-documenting.
.. bro:id:: BroxygenExample::summary_test
:Type: :bro:type:`string`
The first sentence for a particular identifier's summary text ends here.
And this second sentence doesn't show in the short description provided
by the table of all identifiers declared by this script.
.. bro:id:: BroxygenExample::a_function
:Type: :bro:type:`function` (tag: :bro:type:`string`, msg: :bro:type:`string`) : :bro:type:`string`
Summarize purpose of "a_function" here.
Give more details about "a_function" here.
Separating the documentation of the params/return values with
empty comments is optional, but improves readability of script.
:tag: Function arguments can be described
like this.
:msg: Another param.
:returns: Describe the return type here.
.. bro:id:: BroxygenExample::an_event
:Type: :bro:type:`event` (name: :bro:type:`string`)
Summarize "an_event" here.
Give more details about "an_event" here.
BroxygenExample::a_function should not be confused as a parameter
in the generated docs, but it also doesn't generate a cross-reference
link. Use the see role instead: :bro:see:`BroxygenExample::a_function`.
:name: Describe the argument here.
.. bro:id:: BroxygenExample::function_without_proto
:Type: :bro:type:`function` (tag: :bro:type:`string`) : :bro:type:`string`
.. bro:type:: BroxygenExample::PrivateRecord
:Type: :bro:type:`record`
field1: :bro:type:`bool`
field2: :bro:type:`count`

37
testing/btest/Baseline/doc.broxygen.package/test.rst
View file

@ -1,37 +0,0 @@
:orphan:
Package: broxygen
=================
This package is loaded during the process which automatically generates
reference documentation for all Bro scripts (i.e. "Broxygen"). Its only
purpose is to provide an easy way to load all known Bro scripts plus any
extra scripts needed or used by the documentation process.
:doc:`/scripts/broxygen/__load__.bro`
:doc:`/scripts/broxygen/example.bro`
This is an example script that demonstrates Broxygen-style
documentation. It generally will make most sense when viewing
the script's raw source code and comparing to the HTML-rendered
version.
Comments in the from ``##!`` are meant to summarize the script's
purpose. They are transferred directly in to the generated
`reStructuredText <http://docutils.sourceforge.net/rst.html>`_
(reST) document associated with the script.
.. tip:: You can embed directives and roles within ``##``-stylized comments.
There's also a custom role to reference any identifier node in
the Bro Sphinx domain that's good for "see alsos", e.g.
See also: :bro:see:`BroxygenExample::a_var`,
:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info`
And a custom directive does the equivalent references:
.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info

7
testing/btest/Baseline/doc.broxygen.package_index/test.rst
View file

@ -1,7 +0,0 @@
:doc:`broxygen </scripts/broxygen/index>`
This package is loaded during the process which automatically generates
reference documentation for all Bro scripts (i.e. "Broxygen"). Its only
purpose is to provide an easy way to load all known Bro scripts plus any
extra scripts needed or used by the documentation process.

28
testing/btest/Baseline/doc.broxygen.records/autogen-reST-records.rst
View file

@ -1,28 +0,0 @@
.. bro:type:: TestRecord1
:Type: :bro:type:`record`
field1: :bro:type:`bool`
field2: :bro:type:`count`
.. bro:type:: TestRecord2
:Type: :bro:type:`record`
A: :bro:type:`count`
document ``A``
B: :bro:type:`bool`
document ``B``
C: :bro:type:`TestRecord1`
and now ``C``
is a declared type
D: :bro:type:`set` [:bro:type:`count`, :bro:type:`bool`]
sets/tables should show the index types
Here's the ways records and record fields can be documented.

5
testing/btest/Baseline/doc.broxygen.script_index/test.rst
View file

@ -1,5 +0,0 @@
.. toctree::
:maxdepth: 1
broxygen/__load__.bro </scripts/broxygen/__load__.bro>
broxygen/example.bro </scripts/broxygen/example.bro>

23
testing/btest/Baseline/doc.broxygen.script_summary/test.rst
View file

@ -1,23 +0,0 @@
:doc:`/scripts/broxygen/example.bro`
This is an example script that demonstrates Broxygen-style
documentation. It generally will make most sense when viewing
the script's raw source code and comparing to the HTML-rendered
version.
Comments in the from ``##!`` are meant to summarize the script's
purpose. They are transferred directly in to the generated
`reStructuredText <http://docutils.sourceforge.net/rst.html>`_
(reST) document associated with the script.
.. tip:: You can embed directives and roles within ``##``-stylized comments.
There's also a custom role to reference any identifier node in
the Bro Sphinx domain that's good for "see alsos", e.g.
See also: :bro:see:`BroxygenExample::a_var`,
:bro:see:`BroxygenExample::ONE`, :bro:see:`SSH::Info`
And a custom directive does the equivalent references:
.. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info

44
testing/btest/Baseline/doc.broxygen.type-aliases/autogen-reST-type-aliases.rst
View file

@ -1,44 +0,0 @@
.. bro:type:: BroxygenTest::TypeAlias
:Type: :bro:type:`bool`
This is just an alias for a builtin type ``bool``.
.. bro:type:: BroxygenTest::NotTypeAlias
:Type: :bro:type:`bool`
This type should get its own comments, not associated w/ TypeAlias.
.. bro:type:: BroxygenTest::OtherTypeAlias
:Type: :bro:type:`bool`
This cross references ``bool`` in the description of its type
instead of ``TypeAlias`` just because it seems more useful --
one doesn't have to click through the full type alias chain to
find out what the actual type is...
.. bro:id:: BroxygenTest::a
:Type: :bro:type:`BroxygenTest::TypeAlias`
But this should reference a type of ``TypeAlias``.
.. bro:id:: BroxygenTest::b
:Type: :bro:type:`BroxygenTest::OtherTypeAlias`
And this should reference a type of ``OtherTypeAlias``.
.. bro:type:: BroxygenTest::MyRecord
:Type: :bro:type:`record`
f1: :bro:type:`BroxygenTest::TypeAlias`
f2: :bro:type:`BroxygenTest::OtherTypeAlias`
f3: :bro:type:`bool`

33
testing/btest/Baseline/doc.broxygen.vectors/autogen-reST-vectors.rst
View file

@ -1,33 +0,0 @@
.. bro:id:: test_vector0
:Type: :bro:type:`vector` of :bro:type:`string`
:Default:
::
[]
Yield type is documented/cross-referenced for primitize types.
.. bro:id:: test_vector1
:Type: :bro:type:`vector` of :bro:type:`TestRecord`
:Default:
::
[]
Yield type is documented/cross-referenced for composite types.
.. bro:id:: test_vector2
:Type: :bro:type:`vector` of :bro:type:`vector` of :bro:type:`TestRecord`
:Default:
::
[]
Just showing an even fancier yield type.

5
testing/btest/Baseline/doc.manual.connection_record_01/.stdout
View file

@ -1,5 +0,0 @@
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
}], extract_orig=F, extract_resp=F]

9
testing/btest/Baseline/doc.manual.connection_record_02/.stdout
View file

@ -1,9 +0,0 @@
[id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], orig=[size=29, state=5, num_pkts=6, num_bytes_ip=273, flow_label=0], resp=[size=44, state=5, num_pkts=5, num_bytes_ip=248, flow_label=0], start_time=930613226.067666, duration=0.709643, service={
}, addl=, hot=0, history=ShADadFf, uid=UWkUyAuUGXf, tunnel=<uninitialized>, conn=[ts=930613226.067666, uid=UWkUyAuUGXf, id=[orig_h=212.180.42.100, orig_p=25000/tcp, resp_h=131.243.64.3, resp_p=53/tcp], proto=tcp, service=<uninitialized>, duration=0.709643, orig_bytes=29, resp_bytes=44, conn_state=SF, local_orig=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=6, orig_ip_bytes=273, resp_pkts=5, resp_ip_bytes=248, tunnel_parents={
}], extract_orig=F, extract_resp=F, dns=<uninitialized>, dns_state=[pending={
}, finished_answers={
34798
}]]

6
testing/btest/Baseline/doc.manual.data_struct_record_01/.stdout
View file

@ -1,6 +0,0 @@
Service: dns(RFC1035)
port: 53/tcp
port: 53/udp
Service: http(RFC2616)
port: 80/tcp
port: 8080/tcp

7
testing/btest/Baseline/doc.manual.data_struct_record_02/.stdout
View file

@ -1,7 +0,0 @@
System: morlock
Service: dns(RFC1035)
port: 53/tcp
port: 53/udp
Service: http(RFC2616)
port: 80/tcp
port: 8080/tcp

8
testing/btest/Baseline/doc.manual.data_struct_set_declaration/.stdout
View file

@ -1,8 +0,0 @@
SSL Port: 993/tcp
SSL Port: 22/tcp
SSL Port: 587/tcp
SSL Port: 443/tcp
Non-SSL Port: 143/tcp
Non-SSL Port: 25/tcp
Non-SSL Port: 80/tcp
Non-SSL Port: 23/tcp

4
testing/btest/Baseline/doc.manual.data_struct_table_complex/.stdout
View file

@ -1,4 +0,0 @@
Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada

4
testing/btest/Baseline/doc.manual.data_struct_table_declaration/.stdout
View file

@ -1,4 +0,0 @@
Service Name: IMAPS - Common Port: 993/tcp
Service Name: HTTPS - Common Port: 443/tcp
Service Name: SSH - Common Port: 22/tcp
Service Name: SMTPS - Common Port: 587/tcp

2
testing/btest/Baseline/doc.manual.data_struct_vector/.stdout
View file

@ -1,2 +0,0 @@
[1, 2, 3, 4]
[1, 2, 3, 4]

4
testing/btest/Baseline/doc.manual.data_struct_vector_declaration/.stdout
View file

@ -1,4 +0,0 @@
contents of v1: [1, 2, 3, 4]
length of v1: 4
contents of v1: [1, 2, 3, 4]
length of v2: 4

3
testing/btest/Baseline/doc.manual.data_struct_vector_iter/.stdout
View file

@ -1,3 +0,0 @@
1.2.0.0/18
2.3.0.0/18
3.4.0.0/18

4
testing/btest/Baseline/doc.manual.data_type_const/.stdout
View file

@ -1,4 +0,0 @@
{
[6666/tcp] = IRC,
[80/tcp] = WWW
}

0
testing/btest/Baseline/doc.manual.data_type_const_simple/.stdout
View file

1
testing/btest/Baseline/doc.manual.data_type_declaration/.stdout
View file

@ -1 +0,0 @@
A: 10, B: 10

15
testing/btest/Baseline/doc.manual.data_type_interval/.stdout
View file

@ -1,15 +0,0 @@
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 132.0 msecs 97.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 177.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 2.0 msecs 177.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 33.0 msecs 898.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 35.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3
Time since last connection: 2.0 msecs 532.0 usecs
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2
Time since last connection: 7.0 msecs 866.0 usecs

1
testing/btest/Baseline/doc.manual.data_type_local/.stdout
View file

@ -1 +0,0 @@
i + 2 = 12

3
testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout
View file

@ -1,3 +0,0 @@
The
brown fox jumped over the
dog.

2
testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout
View file

@ -1,2 +0,0 @@
equality and /^?(equal)$?/ are not equal
equality and /^?(equality)$?/ are equal

4
testing/btest/Baseline/doc.manual.data_type_subnets/.stdout
View file

@ -1,4 +0,0 @@
172.16.4.56 belongs to subnet 172.16.0.0/20
172.16.47.254 belongs to subnet 172.16.32.0/20
172.16.22.45 belongs to subnet 172.16.16.0/20
172.16.1.1 belongs to subnet 172.16.0.0/20

8
testing/btest/Baseline/doc.manual.data_type_time/.stdout
View file

@ -1,8 +0,0 @@
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.118^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.3^J
2011/06/18 19:03:08: New connection established from 141.142.220.118 to 208.80.152.2^J

10
testing/btest/Baseline/doc.manual.framework_logging_factorial_01/.stdout
View file

@ -1,10 +0,0 @@
1
2
6
24
120
720
5040
40320
362880
3628800

19
testing/btest/Baseline/doc.manual.framework_logging_factorial_02/factor.log
View file

@ -1,19 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path factor
#open 2013-03-19-03-25-33
#fields num factorial_num
#types count count
1 1
2 2
3 6
4 24
5 120
6 720
7 5040
8 40320
9 362880
10 3628800
#close 2013-03-19-03-25-33

15
testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-mod5.log
View file

@ -1,15 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path factor-mod5
#open 2013-03-20-03-22-52
#fields num factorial_num
#types count count
5 120
6 720
7 5040
8 40320
9 362880
10 3628800
#close 2013-03-20-03-22-52

13
testing/btest/Baseline/doc.manual.framework_logging_factorial_03/factor-non5.log
View file

@ -1,13 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path factor-non5
#open 2013-03-20-03-22-52
#fields num factorial_num
#types count count
1 1
2 2
3 6
4 24
#close 2013-03-20-03-22-52

15
testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-mod5.log
View file

@ -1,15 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path factor-mod5
#open 2013-03-25-02-00-12
#fields num factorial_num
#types count count
5 120
6 720
7 5040
8 40320
9 362880
10 3628800
#close 2013-03-25-02-00-12

13
testing/btest/Baseline/doc.manual.framework_logging_factorial_04/factor-non5.log
View file

@ -1,13 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path factor-non5
#open 2013-03-25-02-00-12
#fields num factorial_num
#types count count
1 1
2 2
3 6
4 24
#close 2013-03-25-02-00-12

0
testing/btest/Baseline/doc.manual.framework_notice_hook_01/.stdout
View file

0
testing/btest/Baseline/doc.manual.framework_notice_hook_suppression_01/.stdout
View file

0
testing/btest/Baseline/doc.manual.framework_notice_shortcuts_01/.stdout
View file

0
testing/btest/Baseline/doc.manual.framework_notice_shortcuts_02/.stdout
View file

0
testing/btest/Baseline/doc.manual.using_bro_sandbox_01/.stdout
View file

43
testing/btest/Baseline/doc.manual.using_bro_sandbox_01/conn.log
View file

@ -1,43 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2013-05-05-20-51-24
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 -
1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp - - - - S0 - 0 D 1 199 0 0 -
1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp - - - - S0 - 0 D 1 179 0 0 -
1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 38 89 SF - 0 Dd 1 66 1 117 -
1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 52 99 SF - 0 Dd 1 80 1 127 -
1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 38 183 SF - 0 Dd 1 66 1 211 -
1300475168.857956 fRFu0wcOle6 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 38 89 SF - 0 Dd 1 66 1 117 -
1300475168.858306 qSsw6ESzHV4 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 52 99 SF - 0 Dd 1 80 1 127 -
1300475168.858713 iE6yhOq3SF 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 38 183 SF - 0 Dd 1 66 1 211 -
1300475168.891644 qCaWGmzFtM5 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 38 89 SF - 0 Dd 1 66 1 117 -
1300475168.892037 70MGiRM1Qf4 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 52 99 SF - 0 Dd 1 80 1 127 -
1300475168.892414 h5DsfNtYzi1 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 38 183 SF - 0 Dd 1 66 1 211 -
1300475168.893988 c4Zw9TmAE05 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 38 89 SF - 0 Dd 1 66 1 117 -
1300475168.894422 EAr0uf4mhq 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 52 99 SF - 0 Dd 1 80 1 127 -
1300475168.894787 GvmoxJFXdTa 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 38 183 SF - 0 Dd 1 66 1 211 -
1300475168.901749 slFea8xwSmb 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 36 131 SF - 0 Dd 1 64 1 159 -
1300475168.902195 UfGkYA2HI2g 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 36 198 SF - 0 Dd 1 64 1 226 -
1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 85 0 0 -
1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 - 0 D 7 546 0 0 -
1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 - 0 D 2 162 0 0 -
1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 - 0 D 2 122 0 0 -
1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 - 0 D 2 162 0 0 -
1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 - 0 D 2 122 0 0 -
1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns - - - S0 - 0 D 1 78 0 0 -
1300475168.859163 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 tcp http 0.215893 1130 734 S1 - 0 ShADad 6 1450 4 950 -
1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp - 0.061329 463 350 OTH - 0 DdA 2 567 1 402 -
1300475168.895267 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 tcp http 0.227284 1178 734 S1 - 0 ShADad 6 1498 4 950 -
1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp http 0.120041 534 412 S1 - 0 ShADad 4 750 3 576 -
1300475168.892936 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 tcp http 0.229603 1148 734 S1 - 0 ShADad 6 1468 4 950 -
1300475168.855305 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 tcp http 0.218501 1171 733 S1 - 0 ShADad 6 1491 4 949 -
1300475168.892913 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 tcp http 0.220961 1137 733 S1 - 0 ShADad 6 1457 4 949 -
1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp - - - - OTH - 0 h 0 0 1 48 -
1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp http 0.119905 525 232 S1 - 0 ShADad 4 741 3 396 -
1300475168.855330 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 tcp http 0.219720 1125 734 S1 - 0 ShADad 6 1445 4 950 -
#close 2013-05-05-20-51-24

23
testing/btest/Baseline/doc.manual.using_bro_sandbox_01/http.log
View file

@ -1,23 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open 2013-05-05-21-12-40
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1300475168.784020 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.916018 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.916183 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.918358 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.952307 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.952296 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.954820 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.962687 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.975934 VW0XPVINV8a 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.976436 3PKsZ2Uye21 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475168.979264 GSxOnSLghOa 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475169.014619 Tw8jXtpTGu6 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475169.014593 P654jzLoe3a 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
1300475169.014927 0Q4FH8sESw5 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - -
#close 2013-05-05-21-12-40

15
testing/btest/Baseline/doc.manual.using_bro_sandbox_02/conn.log
View file

@ -1,15 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2013-05-07-14-38-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1320329757.771503 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 tcp http 15.161537 2899 1127 S2 - 0 ShADadF 20 3719 19 1891 -
1320329757.771262 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 tcp http 15.161772 889 377 S2 - 0 ShADadF 8 1229 8 701 -
1320329757.761327 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 tcp http 15.168898 459 189 S2 - 0 ShADadF 5 679 4 353 -
1320329757.458867 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 tcp http 15.471378 1824 751 S2 - 0 ShADadF 12 2324 13 1275 -
1320329757.761638 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 tcp http 15.168613 898 376 S2 - 0 ShADadF 8 1238 8 700 -
1320329757.771755 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 tcp http 15.161267 900 376 S2 - 0 ShADadF 8 1240 8 700 -
#close 2013-05-07-14-38-27

26
testing/btest/Baseline/doc.manual.using_bro_sandbox_02/http.log
View file

@ -1,26 +0,0 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open 2013-05-07-14-38-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file
1320329757.460004 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 1 GET bro-ids.org / - Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.772457 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 2 GET bro-ids.org /css/pygments.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.874406 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 3 GET bro-ids.org /js/jquery.zrssfeed.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.775110 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 1 GET bro-ids.org /css/960.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.776072 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 1 GET bro-ids.org /js/jquery.cycle.all.min.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.776421 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 1 GET bro-ids.org /js/jquery.tweet.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.776240 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 1 GET bro-ids.org /js/jquery.fancybox-1.3.4.pack.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.775251 arKYeMETxOg 10.0.2.15 49283 192.150.187.43 80 1 GET bro-ids.org /css/bro-ids.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.975651 UWkUyAuUGXf 10.0.2.15 49282 192.150.187.43 80 4 GET bro-ids.org /js/jquery.tableofcontents.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.979943 k6kgXLOoSKl 10.0.2.15 49284 192.150.187.43 80 2 GET bro-ids.org /js/superfish.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.985656 TEfuqmmG4bh 10.0.2.15 49287 192.150.187.43 80 2 GET bro-ids.org /js/hoverIntent.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.989904 nQcgTWjvg4c 10.0.2.15 49285 192.150.187.43 80 2 GET bro-ids.org /js/general.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329757.991315 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 2 GET bro-ids.org /js/jquery.collapse.js http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329758.172397 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 3 GET bro-ids.org /css/print.css http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329759.998388 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 4 GET bro-ids.org /documentation/index.html http://bro-ids.org/ Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329760.146412 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 5 GET bro-ids.org /js/breadcrumbs.js http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
1320329762.971726 j4u32Pc5bif 10.0.2.15 49286 192.150.187.43 80 6 GET bro-ids.org /documentation/reporting-problems.html http://bro-ids.org/documentation/index.html Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.106 Safari/535.2 0 0 304 Not Modified - - - (empty) - - - - - -
#close 2013-05-07-14-38-27

12
testing/btest/Baseline/language.zeek_init/out
View file

@ -1,4 +1,8 @@
zeek init at priority 10! zeek_init at priority 10!
bro init at priority 5! bro_init at priority 5!
zeek init at priority 0! zeek_init at priority 0!
bro init at priority -10! bro_init at priority -10!
zeek_done at priority 10!
bro_done at priority 5!
zeek_done at priority 0!
bro_done at priority -10!

14
testing/btest/Baseline/plugins.hooks/output
View file

@ -562,7 +562,7 @@
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Unified2::mappings_initialized, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(Unified2::mappings_initialized, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Unified2::start_watching, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(Unified2::start_watching, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(bro_init, <null>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(zeek_init, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(current_time, <frame>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(current_time, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result> 0.000000 MetaHookPost CallFunction(filter_change_tracking, <null>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS)) -> <no result> 0.000000 MetaHookPost CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS)) -> <no result>
@ -899,7 +899,7 @@
0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> <void> 0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> <void>
0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) -> true 0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) -> true
0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false 0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false
0.000000 MetaHookPost QueueEvent(bro_init()) -> false 0.000000 MetaHookPost QueueEvent(zeek_init()) -> false
0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false
0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR)) 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR))
0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN)) 0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_INTERCONN))
@ -1465,7 +1465,7 @@
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, <frame>, ()) 0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(Unified2::mappings_initialized, <frame>, ()) 0.000000 MetaHookPre CallFunction(Unified2::mappings_initialized, <frame>, ())
0.000000 MetaHookPre CallFunction(Unified2::start_watching, <frame>, ()) 0.000000 MetaHookPre CallFunction(Unified2::start_watching, <frame>, ())
0.000000 MetaHookPre CallFunction(bro_init, <null>, ()) 0.000000 MetaHookPre CallFunction(zeek_init, <null>, ())
0.000000 MetaHookPre CallFunction(current_time, <frame>, ()) 0.000000 MetaHookPre CallFunction(current_time, <frame>, ())
0.000000 MetaHookPre CallFunction(filter_change_tracking, <null>, ()) 0.000000 MetaHookPre CallFunction(filter_change_tracking, <null>, ())
0.000000 MetaHookPre CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS)) 0.000000 MetaHookPre CallFunction(getenv, <null>, (BRO_DEFAULT_LISTEN_ADDRESS))
@ -1802,7 +1802,7 @@
0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) 0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)})
0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) 0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>)
0.000000 MetaHookPre QueueEvent(NetControl::init()) 0.000000 MetaHookPre QueueEvent(NetControl::init())
0.000000 MetaHookPre QueueEvent(bro_init()) 0.000000 MetaHookPre QueueEvent(zeek_init())
0.000000 MetaHookPre QueueEvent(filter_change_tracking()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking())
0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR)
0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_INTERCONN) 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_INTERCONN)
@ -2367,7 +2367,7 @@
0.000000 | HookCallFunction SumStats::register_observe_plugins() 0.000000 | HookCallFunction SumStats::register_observe_plugins()
0.000000 | HookCallFunction Unified2::mappings_initialized() 0.000000 | HookCallFunction Unified2::mappings_initialized()
0.000000 | HookCallFunction Unified2::start_watching() 0.000000 | HookCallFunction Unified2::start_watching()
0.000000 | HookCallFunction bro_init() 0.000000 | HookCallFunction zeek_init()
0.000000 | HookCallFunction current_time() 0.000000 | HookCallFunction current_time()
0.000000 | HookCallFunction filter_change_tracking() 0.000000 | HookCallFunction filter_change_tracking()
0.000000 | HookCallFunction getenv(BRO_DEFAULT_LISTEN_ADDRESS) 0.000000 | HookCallFunction getenv(BRO_DEFAULT_LISTEN_ADDRESS)
@ -2704,7 +2704,7 @@
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} 0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T] 0.000000 | HookLogWrite packet_filter [ts=1554405757.770254, node=bro, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent bro_init() 0.000000 | HookQueueEvent zeek_init()
0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent filter_change_tracking()
1362692526.869344 MetaHookPost BroObjDtor(<void ptr>) -> <void> 1362692526.869344 MetaHookPost BroObjDtor(<void ptr>) -> <void>
1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result> 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
@ -3240,7 +3240,7 @@
1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])} 1362692527.080972 | HookLogInit conn 1/1 {ts (time), uid (string), id.orig_h (addr), id.orig_p (port), id.resp_h (addr), id.resp_p (port), proto (enum), service (string), duration (interval), orig_bytes (count), resp_bytes (count), conn_state (string), local_orig (bool), local_resp (bool), missed_bytes (count), history (string), orig_pkts (count), orig_ip_bytes (count), resp_pkts (count), resp_ip_bytes (count), tunnel_parents (set[string])}
1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>] 1362692527.080972 | HookLogWrite conn [ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id.orig_h=141.142.228.5, id.orig_p=59856, id.resp_h=192.150.187.43, id.resp_p=80, proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents=<uninitialized>]
1362692527.080972 | HookQueueEvent ChecksumOffloading::check() 1362692527.080972 | HookQueueEvent ChecksumOffloading::check()
1362692527.080972 | HookQueueEvent bro_done() 1362692527.080972 | HookQueueEvent zeek_done()
1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]) 1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
1362692527.080972 | HookQueueEvent filter_change_tracking() 1362692527.080972 | HookQueueEvent filter_change_tracking()
1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T) 1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1, trans_depth=1], irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, ntlm=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, rfb=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smb_state=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>], T)

4
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
View file

@ -1,4 +1,4 @@
0.000000 bro_init 0.000000 zeek_init
0.000000 NetControl::init 0.000000 NetControl::init
0.000000 filter_change_tracking 0.000000 filter_change_tracking
1254722767.492060 ChecksumOffloading::check 1254722767.492060 ChecksumOffloading::check
@ -226,5 +226,5 @@
1437831800.217854 connection_state_remove 1437831800.217854 connection_state_remove
1437831800.217854 connection_pending 1437831800.217854 connection_pending
1437831800.217854 connection_state_remove 1437831800.217854 connection_state_remove
1437831800.217854 bro_done 1437831800.217854 zeek_done
1437831800.217854 ChecksumOffloading::check 1437831800.217854 ChecksumOffloading::check

4
testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
View file

File diff suppressed because one or more lines are too long

2
testing/btest/bifs/all_set.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = vector( T, F, T ); local a = vector( T, F, T );
print all_set(a); print all_set(a);

2
testing/btest/bifs/analyzer_name.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = Analyzer::ANALYZER_PIA_TCP; local a = Analyzer::ANALYZER_PIA_TCP;
print Analyzer::name(a); print Analyzer::name(a);

2
testing/btest/bifs/any_set.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = vector( F, T, F ); local a = vector( F, T, F );
print any_set(a); print any_set(a);

2
testing/btest/bifs/bloomfilter-seed.bro
View file

@ -34,7 +34,7 @@ function test_bloom_filter()
} }
event bro_init() event zeek_init()
{ {
test_bloom_filter(); test_bloom_filter();
} }

2
testing/btest/bifs/bloomfilter.bro
View file

@ -88,7 +88,7 @@ function test_counting_bloom_filter()
print bloomfilter_lookup(bf_merged, "baz"); print bloomfilter_lookup(bf_merged, "baz");
} }
event bro_init() event zeek_init()
{ {
test_basic_bloom_filter(); test_basic_bloom_filter();
test_counting_bloom_filter(); test_counting_bloom_filter();

2
testing/btest/bifs/bro_version.bro
View file

@ -1,7 +1,7 @@
# #
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
event bro_init() event zeek_init()
{ {
local a = bro_version(); local a = bro_version();
if ( |a| == 0 ) if ( |a| == 0 )

2
testing/btest/bifs/bytestring_to_count.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
# unsupported byte lengths # unsupported byte lengths

2
testing/btest/bifs/bytestring_to_double.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local s1 = "\x43\x26\x4f\xa0\x71\x30\x80\x00"; # 3.14e15 local s1 = "\x43\x26\x4f\xa0\x71\x30\x80\x00"; # 3.14e15
local s2 = "\xc3\x26\x4f\xa0\x71\x30\x80\x00"; #-3.14e15 local s2 = "\xc3\x26\x4f\xa0\x71\x30\x80\x00"; #-3.14e15

2
testing/btest/bifs/bytestring_to_hexstr.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
print bytestring_to_hexstr("04"); print bytestring_to_hexstr("04");
print bytestring_to_hexstr(""); print bytestring_to_hexstr("");

2
testing/btest/bifs/capture_state_updates.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# @TEST-EXEC: test -f testfile # @TEST-EXEC: test -f testfile
event bro_init() event zeek_init()
{ {
print capture_state_updates("testfile"); print capture_state_updates("testfile");
} }

2
testing/btest/bifs/cat.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "foo"; local a = "foo";
local b = 3; local b = 3;

2
testing/btest/bifs/cat_string_array.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a: string_array = { local a: string_array = {
[0] = "this", [1] = "is", [2] = "a", [3] = "test" [0] = "this", [1] = "is", [2] = "a", [3] = "test"

2
testing/btest/bifs/check_subnet.bro
View file

@ -30,7 +30,7 @@ function check_member(s: subnet)
} }
event bro_init() event zeek_init()
{ {
check_member(10.2.0.2/32); check_member(10.2.0.2/32);
check_member(10.2.0.2/31); check_member(10.2.0.2/31);

2
testing/btest/bifs/checkpoint_state.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
# @TEST-EXEC: test -f .state/state.bst # @TEST-EXEC: test -f .state/state.bst
event bro_init() event zeek_init()
{ {
local a = checkpoint_state(); local a = checkpoint_state();
if ( a != T ) if ( a != T )

2
testing/btest/bifs/clear_table.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT > out # @TEST-EXEC: bro -b %INPUT > out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local mytable: table[string] of string = { ["key1"] = "val1" }; local mytable: table[string] of string = { ["key1"] = "val1" };

2
testing/btest/bifs/convert_for_pattern.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
print convert_for_pattern("foo"); print convert_for_pattern("foo");
print convert_for_pattern(""); print convert_for_pattern("");

2
testing/btest/bifs/count_to_addr.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "1"; local a = "1";
print count_to_v4_addr(to_count(a)); print count_to_v4_addr(to_count(a));

2
testing/btest/bifs/create_file.bro
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: btest-diff testfile2 # @TEST-EXEC: btest-diff testfile2
# @TEST-EXEC: test -f testdir/testfile4 # @TEST-EXEC: test -f testdir/testfile4
event bro_init() event zeek_init()
{ {
# Test that creating a file works as expected # Test that creating a file works as expected
local a = open("testfile"); local a = open("testfile");

2
testing/btest/bifs/current_analyzer.bro
View file

@ -1,7 +1,7 @@
# #
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
event bro_init() event zeek_init()
{ {
local a = current_analyzer(); local a = current_analyzer();
if ( a != 0 ) if ( a != 0 )

2
testing/btest/bifs/current_time.bro
View file

@ -1,7 +1,7 @@
# #
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
event bro_init() event zeek_init()
{ {
local a = current_time(); local a = current_time();
if ( a <= double_to_time(0) ) if ( a <= double_to_time(0) )

2
testing/btest/bifs/directory_operations.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
# Test succesful operations... # Test succesful operations...
print mkdir("testdir"); print mkdir("testdir");

2
testing/btest/bifs/edit.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "hello there"; local a = "hello there";

2
testing/btest/bifs/enable_raw_output.test
View file

@ -6,7 +6,7 @@
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# @TEST-EXEC: cmp myfile hookfile # @TEST-EXEC: cmp myfile hookfile
event bro_init() event zeek_init()
{ {
local myfile: file; local myfile: file;
myfile = open("myfile"); myfile = open("myfile");

2
testing/btest/bifs/entropy_test.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f";
local handle = entropy_test_init(); local handle = entropy_test_init();

2
testing/btest/bifs/enum_to_int.bro
View file

@ -16,7 +16,7 @@ export {
}; };
} }
event bro_init() event zeek_init()
{ {

2
testing/btest/bifs/escape_string.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "Test \0string"; local a = "Test \0string";

2
testing/btest/bifs/exit.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7 # @TEST-EXEC: bro -b %INPUT >out || test $? -eq 7
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
print "hello"; print "hello";
exit(7); exit(7);

2
testing/btest/bifs/file_mode.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = 420; # octal: 0644 local a = 420; # octal: 0644
print file_mode(a); print file_mode(a);

2
testing/btest/bifs/filter_subnet_table.bro
View file

@ -32,7 +32,7 @@ global testb: table[subnet] of string = {
}; };
event bro_init() event zeek_init()
{ {
local c = filter_subnet_table(10.2.0.2/32, testa); local c = filter_subnet_table(10.2.0.2/32, testa);
print c; print c;

2
testing/btest/bifs/find_all.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "this is a test"; local a = "this is a test";
local pat = /hi|es/; local pat = /hi|es/;

2
testing/btest/bifs/find_entropy.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f";
local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000"; local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000";

2
testing/btest/bifs/find_last.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "this is a test"; local a = "this is a test";
local pat = /hi|es/; local pat = /hi|es/;

2
testing/btest/bifs/fmt.bro
View file

@ -4,7 +4,7 @@
type color: enum { Red, Blue }; type color: enum { Red, Blue };
event bro_init() event zeek_init()
{ {
local a = Blue; local a = Blue;
local b = vector( 1, 2, 3); local b = vector( 1, 2, 3);

2
testing/btest/bifs/fmt_ftp_port.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = 192.168.0.2; local a = 192.168.0.2;
local b = 257/tcp; local b = 257/tcp;

2
testing/btest/bifs/get_matcher_stats.bro
View file

@ -10,7 +10,7 @@ signature my_ftp_client {
} }
@TEST-END-FILE @TEST-END-FILE
event bro_init() event zeek_init()
{ {
local a = get_matcher_stats(); local a = get_matcher_stats();
if ( a$matchers == 0 ) if ( a$matchers == 0 )

2
testing/btest/bifs/get_port_transport_proto.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = 123/tcp; local a = 123/tcp;
local b = 123/udp; local b = 123/udp;

2
testing/btest/bifs/gethostname.bro
View file

@ -1,7 +1,7 @@
# #
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
event bro_init() event zeek_init()
{ {
local a = gethostname(); local a = gethostname();
if ( |a| == 0 ) if ( |a| == 0 )

2
testing/btest/bifs/getpid.bro
View file

@ -1,7 +1,7 @@
# #
# @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: bro -b %INPUT
event bro_init() event zeek_init()
{ {
local a = getpid(); local a = getpid();
if ( a == 0 ) if ( a == 0 )

2
testing/btest/bifs/getsetenv.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out # @TEST-EXEC: TESTBRO=testvalue bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = getenv("NOTDEFINED"); local a = getenv("NOTDEFINED");
local b = getenv("TESTBRO"); local b = getenv("TESTBRO");

2
testing/btest/bifs/global_ids.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = global_ids(); local a = global_ids();
for ( i in a ) for ( i in a )

2
testing/btest/bifs/global_sizes.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = global_sizes(); local a = global_sizes();
for ( i in a ) for ( i in a )

2
testing/btest/bifs/haversine_distance.bro
View file

@ -7,7 +7,7 @@ function test(la1: double, lo1: double, la2: double, lo2: double)
print fmt("%.4e", haversine_distance(la1, lo1, la2, lo2)); print fmt("%.4e", haversine_distance(la1, lo1, la2, lo2));
} }
event bro_init() event zeek_init()
{ {
# Test two arbitrary locations. # Test two arbitrary locations.
test(37.866798, -122.253601, 48.25, 11.65); test(37.866798, -122.253601, 48.25, 11.65);

2
testing/btest/bifs/hexdump.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local a = "abc\xffdefghijklmnopqrstuvwxyz"; local a = "abc\xffdefghijklmnopqrstuvwxyz";

2
testing/btest/bifs/hexstr_to_bytestring.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff .stderr
event bro_init() event zeek_init()
{ {
print hexstr_to_bytestring("3034"); print hexstr_to_bytestring("3034");
print hexstr_to_bytestring(""); print hexstr_to_bytestring("");

2
testing/btest/bifs/hll_cardinality.bro
View file

@ -3,7 +3,7 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff .stderr # @TEST-EXEC: btest-diff .stderr
event bro_init() event zeek_init()
{ {
local c1 = hll_cardinality_init(0.01, 0.95); local c1 = hll_cardinality_init(0.01, 0.95);
local c2 = hll_cardinality_init(0.01, 0.95); local c2 = hll_cardinality_init(0.01, 0.95);

2
testing/btest/bifs/hll_large_estimate.bro
View file

@ -6,7 +6,7 @@
# @TEST-EXEC: head -n1 out2 >> out # @TEST-EXEC: head -n1 out2 >> out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
event bro_init() event zeek_init()
{ {
local cp: opaque of cardinality = hll_cardinality_init(0.1, 1.0); local cp: opaque of cardinality = hll_cardinality_init(0.1, 1.0);
local base: count = 2130706432; # 127.0.0.0 local base: count = 2130706432; # 127.0.0.0

Some files were not shown because too many files have changed in this diff Show more