Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/master' into topic/johanna/dpd-changes

Browse source 
This also includes some test baseline updates, due to recent QUIC
changes.

* origin/master: (39 commits)
  Update doc submodule [nomail] [skip ci]
  Bump cluster testsuite to pull in resilience to agent connection timing [skip ci]
  IPv6 support for detect-external-names and testcase
  Add  `skip_resp_host_port_pairs` option.
  util/init_random_seed: write_file implies deterministic
  external/subdir-btest.cfg: Set OPENSSL_ENABLE_SHA1_SIGNATURES=1
  btest/x509_verify: Drop OpenSSL 1.0 hack
  testing/btest: Use OPENSSL_ENABLE_SHA1_SIGNATURES
  Add ZAM baseline for new scripts.base.protocols.quic.analyzer-confirmations btest
  QUIC/decrypt_crypto: Rename all_data to data
  QUIC: Confirm before forwarding data to SSL
  QUIC: Parse all QUIC packets in a UDP datagram
  QUIC: Only slurp till packet end, not till &eod
  Remove unused SupervisedNode::InitCluster declaration
  Update doc submodule [nomail] [skip ci]
  Bump cluster testsuite to pull in updated Prometheus tests
  Make enc_part value from kerberos response available to scripts
  Management framework: move up addition of agent IPs into deployable cluster configs
  Support multiple instances per host addr in auto metrics generation
  When auto-generating metrics ports for worker nodes, get them more uniform across instances.
  ...
This commit is contained in:
Johanna Amann 2025-02-05 09:30:48 +00:00
commit 6324445d62
96 changed files with 1882 additions and 1265 deletions
Download patch file Download diff file Expand all files Collapse all files

177
CHANGES
View file

@ -1,3 +1,180 @@
7.2.0-dev.156 | 2025-02-05 09:05:00 +0000
* IPv6 support for detect-external-names and testcase (Johanna Amann, Corelight)
* Add `skip_resp_host_port_pairs` option to policy/protocols/dns/detect-external-names.zeek.
This option allows to skip the detection of external names for certain addresses.
By default this is set so that mDNS broadcasts no longer are logged as extenal. (jbaggs)
7.2.0-dev.152 | 2025-02-04 14:50:36 -0800
* Bump cluster testsuite to pull in resilience to agent connection timing [skip ci] (Christian Kreibich, Corelight)
7.2.0-dev.150 | 2025-02-04 16:50:44 +0100
* GH-4209: util/init_random_seed: write_file implies deterministic (Johanna Amann, Corelight)
This makes Zeek run in deterministic mode with --save-seeds usage
and reworks all the extra indirections used in init_random_seed()
to make it easier to follow the control flow.
7.2.0-dev.148 | 2025-02-04 09:52:29 +0100
* external/subdir-btest.cfg: Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 (Arne Welzel, Corelight)
We already do something similar for OPENSSL_ENABLE_MD5_VERIFY=1
* btest/x509_verify: Drop OpenSSL 1.0 hack (Arne Welzel, Corelight)
We do not have a distro in CI anymore that ships OpenSSL 1.0,
drop the hack.
* GH-4035: testing/btest: Use OPENSSL_ENABLE_SHA1_SIGNATURES (Arne Welzel, Corelight)
This reverts the call to update-crypto-policies in the Fedora 41 image
and instead sets OPENSSL_ENABLE_SHA1_SIGNATURES in the individual tests.
This allows RHEL 10 or Fedora 41 users to run the tests in question
without needing to fiddle with system settings.
Fixes #4035
7.2.0-dev.144 | 2025-02-04 09:18:25 +0100
* Add ZAM baseline for new scripts.base.protocols.quic.analyzer-confirmations btest (Tim Wojtulewicz, Corelight)
7.2.0-dev.142 | 2025-02-03 18:41:40 -0700
* Make enc_part value from kerberos response available to scripts (Philipp Tekeser-Glasz)
7.2.0-dev.140 | 2025-02-03 18:34:00 -0700
* Add note to Traces/README about possible malware in pe/pe.trace (Tim Wojtulewicz, Corelight)
* Fix formatting of Traces/README entry for modbus-eit.trace (Tim Wojtulewicz, Corelight)
7.2.0-dev.137 | 2025-02-03 16:53:04 -0800
* Remove unused SupervisedNode::InitCluster declaration (Christian Kreibich, Corelight)
7.2.0-dev.135 | 2025-02-03 17:50:31 +0100
* QUIC/decrypt_crypto: Rename all_data to data (Arne Welzel, Corelight)
...for consistency.
* GH-4201: QUIC: Confirm before forwarding data to SSL (Arne Welzel, Corelight)
Fixes #4201
* GH-4198: QUIC: Parse all QUIC packets in a UDP datagram (Arne Welzel, Corelight)
A UDP datagram may contain multiple QUIC packets, but the parser so far
handled only the very first packet, ignoring any subsequent packets.
Fixes #4198
* QUIC: Only slurp till packet end, not till &eod (Arne Welzel, Corelight)
This doesn't change behavior, but avoids slurping in more data than
needed. A UDP packet an contain multiple QUIC packets and we'd read
all following ones instead just the one we're interested in.
7.2.0-dev.129 | 2025-01-31 15:58:37 -0800
* Management framework:
- Bump cluster testsuite to pull in updated Prometheus tests (Christian Kreibich, Corelight)
- move up addition of agent IPs into deployable cluster configs (Christian Kreibich, Corelight)
- Support multiple instances per host addr in auto metrics generation (Michael Dopheide)
- When auto-generating metrics ports for worker nodes, get them more uniform across instances. (Michael Dopheide)
7.2.0-dev.124 | 2025-01-30 10:51:14 -0700
* Pack some classes for better memory usages (Tim Wojtulewicz, Corelight)
- Analyzer: Reduce from 208 bytes to 192 bytes, remove one cache line
- EventGroup: Reduce from 104 bytes to 96 bytes
- Packet: Reduce from 200 bytes to 184 bytes, remove one cache line
- threading::Value: Reduce from 48 bytes to 40 bytes
- ConnTuple: push hole to the end of struct
- TCP_Reassembler: Reduce from 240 bytes to 232 bytes
7.2.0-dev.122 | 2025-01-24 15:47:15 -0700
* Make types into constants (Evan Typanski, Corelight)
This allows types to be used in expressions, but they can't be
reassigned. Note that this was meant to be a special "type expression" -
but that is unnecessary complexity.
Type expressions would allow access to the type without going through
its constant value, but the constant value is never changed, so it's
simply a few more checks if necessary when functionality gets expanded.
This way, ZAM and other code will not need updates, so the potential for
increased work in the future is probably not worth caring about.
7.2.0-dev.116 | 2025-01-24 11:42:14 -0700
* Fix errors from rst linting on the generated docs (Tim Wojtulewicz, Corelight)
7.2.0-dev.113 | 2025-01-23 11:49:23 -0700
* Fix options parsing segfault (Evan Typanski, Corelight)
A command like this would segfault:
zeek -b test.zeek --debug
The issue was that `getopt_long` was using a null element to determine
what the end of the options array is. If it saw a non-null element after
`--debug` it would say it's the argument for optarg, even if it's beyond
`zeek_args.size()`. Instead, just make sure the array is
null-terminated.
7.2.0-dev.111 | 2025-01-23 11:21:21 -0700
* Minor whitespace cleanup in init-bare.zeek (Tim Wojtulewicz, Corelight)
* Add missing export blocks to init-bare.zeek (Tim Wojtulewicz, Corelight)
* Merge some GLOBAL module sections in init-bare (Tim Wojtulewicz, Corelight)
* Merge Tunnel module sections in init-bare (Tim Wojtulewicz, Corelight)
7.2.0-dev.106 | 2025-01-23 16:46:33 +0100
* script_opt: Use emit_builtin_error() for Lookup-Conn (Arne Welzel, Corelight)
Still create a separate baseline file because ZAM doesn't provide
detailed location information.
Patch for ZBI.op provided by @vpax
7.2.0-dev.104 | 2025-01-21 16:48:56 -0700
* session/Manager: Emit explicit errors for FindConnection() with proto=65535 (Arne Welzel, Corelight)
We silently broke users constructing conn_id records manually and
subsequently using them with lookup_connection() or connection_exists().
This is an attempt to at least report a runtime error about the situation
so it doesn't go completely unnoticed.
* IPAddr/ConnKey: Protect from uninitialized conn_id (Arne Welzel, Corelight)
Check if the non-default fields exist using HasField()
and use GetField() for proto such that it'll initialize
the default value which GetFieldAs<> doesn't do.
default
* IPAddr/ConnKey: Promote transport to uint16_t (Arne Welzel, Corelight)
Instead of a separate bool field which is also stored in the session
table, promote the transport field to uint16_t and encode an invalid
ConnKey as transport 2**16-2
* session/Manager: Header cleanup (Arne Welzel, Corelight)
7.2.0-dev.99 | 2025-01-20 10:27:32 +0100
* fixes for -O gen-standalone-C++ generation of lambdas (Vern Paxson, Corelight)

13
NEWS
View file

@ -16,6 +16,9 @@ New Functionality
Zeek now raises a warning when a script declares these events while this
option is set to true.
- Types can now be used as constants in Zeek script. This allows types to be
directly passed into BIFs without aliasing.
Changed Functionality
---------------------
@ -24,6 +27,16 @@ Changed Functionality
then prompt to use --help. The --help usage will now print to standard output
rather than standard error.
- Saving seeds with ``--save-seeds`` will now put Zeek into deterministic mode.
A subsequent ``--load-seeds`` run with the same scripts and traces will produce
identical UID values as the original ``--save-seeds` run.
- The `policy/protocols/dns/detect-external-names.zeek` script now no longer logs
names that were found in mDNS broadcasts by default. This is configurable with
the new `DNS::skip_resp_host_port_pairs` option.
Furthermore, the script now supports and logs IPv6 results.
Removed Functionality
---------------------

2
VERSION
View file

@ -1 +1 @@
7.2.0-dev.99
7.2.0-dev.156

6
ci/fedora-41/Dockerfile
View file

@ -2,7 +2,7 @@ FROM fedora:41
# A version field to invalidate Cirrus's build cache when needed, as suggested in
# https://github.com/cirruslabs/cirrus-ci-docs/issues/544#issuecomment-566066822
ENV DOCKERFILE_VERSION 20241115
ENV DOCKERFILE_VERSION 20250203
RUN dnf -y install \
bison \
@ -33,7 +33,3 @@ RUN dnf -y install \
&& dnf clean all && rm -rf /var/cache/dnf
RUN pip3 install websockets junit2html
# Required to allow validation of certificates with SHA1 signatures
# See: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
RUN update-crypto-policies --set FEDORA40

2
doc

@ -1 +1 @@
Subproject commit c3ce915021ec818c786410d4500fa6de428d590a
Subproject commit 565cb03005d09370e1e4864fb00fad64aa71aa95

8
scripts/base/frameworks/broker/main.zeek
View file

@ -83,12 +83,12 @@ export {
const log_batch_interval = 1sec &redef;
## Max number of threads to use for Broker/CAF functionality. The
## ZEEK_BROKER_MAX_THREADS environment variable overrides this setting.
## ``ZEEK_BROKER_MAX_THREADS`` environment variable overrides this setting.
const max_threads = 1 &redef;
## Max number of items we buffer at most per peer. What action to take when
## the buffer reaches its maximum size is determined by
## `peer_overflow_policy`.
## :zeek:see:`Broker::peer_overflow_policy`.
const peer_buffer_size = 2048 &redef;
## Configures how Broker responds to peers that cannot keep up with the
@ -98,10 +98,10 @@ export {
## - drop_oldest: removed the olsted message from the buffer, then append
const peer_overflow_policy = "disconnect" &redef;
## Same as `peer_buffer_size` but for WebSocket clients.
## Same as :zeek:see:`Broker::peer_buffer_size` but for WebSocket clients.
const web_socket_buffer_size = 512 &redef;
## Same as `peer_overflow_policy` but for WebSocket clients.
## Same as :zeek:see:`Broker::peer_overflow_policy` but for WebSocket clients.
const web_socket_overflow_policy = "disconnect" &redef;
## The CAF scheduling policy to use. Available options are "sharing" and

27
scripts/base/frameworks/input/main.zeek
View file

@ -24,10 +24,10 @@ export {
STREAM = 2
};
## The default input reader used. Defaults to `READER_ASCII`.
## The default input reader used. Defaults to :zeek:see:`Input::READER_ASCII`.
option default_reader = READER_ASCII;
## The default reader mode used. Defaults to `MANUAL`.
## The default reader mode used. Defaults to :zeek:see:`Input::MANUAL`.
option default_mode = MANUAL;
## Separator between fields.
@ -60,7 +60,7 @@ export {
# Common definitions for tables and events
## String that allows the reader to find the source of the data.
## For `READER_ASCII`, this is the filename.
## For :zeek:see:`Input::READER_ASCII`, this is the filename.
source: string;
## Reader to use for this stream.
@ -112,7 +112,7 @@ export {
##
## The event is raised like if it had been declared as follows:
## error_ev: function(desc: TableDescription, message: string, level: Reporter::Level) &optional;
## The actual declaration uses the ``any`` type because of deficiencies of the Zeek type system.
## The actual declaration uses the :zeek:type:`any` type because of deficiencies of the Zeek type system.
error_ev: any &optional;
## A key/value table that will be passed to the reader.
@ -126,7 +126,7 @@ export {
# Common definitions for tables and events
## String that allows the reader to find the source.
## For `READER_ASCII`, this is the filename.
## For :zeek:see:`Input::READER_ASCII`, this is the filename.
source: string;
## Reader to use for this stream.
@ -151,8 +151,8 @@ export {
want_record: bool &default=T;
## The event that is raised each time a new line is received from the
## reader. The event will receive an Input::EventDescription record
## as the first argument, an Input::Event enum as the second
## reader. The event will receive an :zeek:see:`Input::EventDescription` record
## as the first argument, an :zeek:see:`Input::Event` enum as the second
## argument, and the fields (as specified in *fields*) as the following
## arguments (this will either be a single record value containing
## all fields, or each field value as a separate argument).
@ -161,12 +161,12 @@ export {
## Error event that is raised when an information, warning or error
## is raised by the input stream. If the level is error, the stream will automatically
## be closed.
## The event receives the Input::EventDescription as the first argument, the
## message as the second argument and the Reporter::Level as the third argument.
## The event receives the :zeek:see:`Input::EventDescription` as the first argument, the
## message as the second argument and the :zeek:see:`Reporter::Level` as the third argument.
##
## The event is raised like it had been declared as follows:
## error_ev: function(desc: EventDescription, message: string, level: Reporter::Level) &optional;
## The actual declaration uses the ``any`` type because of deficiencies of the Zeek type system.
## The actual declaration uses the :zeek:type:`any` type because of deficiencies of the Zeek type system.
error_ev: any &optional;
## A key/value table that will be passed to the reader.
@ -179,7 +179,7 @@ export {
## file analysis framework.
type AnalysisDescription: record {
## String that allows the reader to find the source.
## For `READER_ASCII`, this is the filename.
## For :zeek:see:`Input::READER_ASCII`, this is the filename.
source: string;
## Reader to use for this stream. Compatible readers must be
@ -205,14 +205,14 @@ export {
## Create a new table input stream from a given source.
##
## description: `TableDescription` record describing the source.
## description: :zeek:see:`Input::TableDescription` record describing the source.
##
## Returns: true on success.
global add_table: function(description: Input::TableDescription) : bool;
## Create a new event input stream from a given source.
##
## description: `EventDescription` record describing the source.
## description: :zeek:see:`Input::EventDescription` record describing the source.
##
## Returns: true on success.
global add_event: function(description: Input::EventDescription) : bool;
@ -278,4 +278,3 @@ function force_update(id: string) : bool
{
return __force_update(id);
}

6
scripts/base/frameworks/logging/main.zeek
View file

@ -198,12 +198,12 @@ export {
## Default separator for log field scopes when logs are unrolled and
## flattened. This will be the string between field name components.
## For example, setting this to "_" will cause the typical field
## "id.orig_h" to turn into "id_orig_h".
## For example, setting this to ``_`` will cause the typical field
## ``id.orig_h`` to turn into ``id_orig_h``.
const default_scope_sep = "." &redef;
## A prefix for extension fields which can be optionally prefixed
## on all log lines by setting the `ext_func` field in the
## on all log lines by setting the ``ext_func`` field in the
## log filter.
const Log::default_ext_prefix: string = "_" &redef;

2
scripts/base/frameworks/notice/main.zeek
View file

@ -203,7 +203,7 @@ export {
## on rotation with :zeek:enum:`Notice::ACTION_ALARM`.
##
## Note that this is overridden by the ZeekControl MailTo option or by
## the `email_dest` field in the :zeek:see:`Notice::Info` record.
## the ``email_dest`` field in the :zeek:see:`Notice::Info` record.
const mail_dest = "" &redef;
## Address that emails will be from.

2
scripts/base/frameworks/spicy/init-bare.zeek
View file

@ -23,7 +23,7 @@ export {
# doc-options-end
# doc-types-start
## Result type for `Spicy::resource_usage()`. The values reflect resource
## Result type for :zeek:see:`Spicy::resource_usage`. The values reflect resource
## usage as reported by the Spicy runtime system.
type ResourceUsage: record {
user_time : interval; ##< user CPU time of the Zeek process

4
scripts/base/frameworks/supervisor/api.zeek
View file

@ -135,7 +135,7 @@ export {
global node: function(): NodeConfig;
## Hooks into the stdout stream for all supervisor's child processes.
## If a hook terminates with `break`, that will suppress output to the
## If a hook terminates with ``break``, that will suppress output to the
## associated stream.
##
## node: the name of a previously created node via
@ -149,7 +149,7 @@ export {
global stdout_hook: hook(node: string, msg: string);
## Hooks into the stderr stream for all supervisor's child processes.
## If a hook terminates with `break`, that will suppress output to the
## If a hook terminates with ``break``, that will suppress output to the
## associated stream.
##
## node: the name of a previously created node via

18
scripts/base/frameworks/telemetry/main.zeek
View file

@ -42,8 +42,8 @@ export {
global counter_with: function(cf: CounterFamily,
label_values: labels_vector &default=vector()): Counter;
## Increment a :zeek:see:`Telemetry::Counter` by `amount`.
## Using a negative `amount` is an error.
## Increment a :zeek:see:`Telemetry::Counter` by ``amount``.
## Using a negative ``amount`` is an error.
##
## c: The counter instance.
##
@ -52,7 +52,7 @@ export {
## Returns: True if the counter was incremented successfully.
global counter_inc: function(c: Counter, amount: double &default=1.0): bool;
## Helper to set a :zeek:see:`Telemetry::Counter` to the given `value`.
## Helper to set a :zeek:see:`Telemetry::Counter` to the given ``value``.
## This can be useful for mirroring counter metrics in an
## :zeek:see:`Telemetry::sync` hook implementation.
## Setting a value that is less than the current value of the
@ -126,7 +126,7 @@ export {
global gauge_with: function(gf: GaugeFamily,
label_values: labels_vector &default=vector()): Gauge;
## Increment a :zeek:see:`Telemetry::Gauge` by `amount`.
## Increment a :zeek:see:`Telemetry::Gauge` by ``amount``.
##
## g: The gauge instance.
##
@ -135,7 +135,7 @@ export {
## Returns: True if the gauge was incremented successfully.
global gauge_inc: function(g: Gauge, amount: double &default=1.0): bool;
## Decrement a :zeek:see:`Telemetry::Gauge` by `amount`.
## Decrement a :zeek:see:`Telemetry::Gauge` by ``amount``.
##
## g: The gauge instance.
##
@ -144,7 +144,7 @@ export {
## Returns: True if the gauge was incremented successfully.
global gauge_dec: function(g: Gauge, amount: double &default=1.0): bool;
## Helper to set a :zeek:see:`Telemetry::Gauge` to the given `value`.
## Helper to set a :zeek:see:`Telemetry::Gauge` to the given ``value``.
##
## g: The gauge instance.
##
@ -153,7 +153,7 @@ export {
## Returns: True if the gauge value was set successfully.
global gauge_set: function(g: Gauge, value: double): bool;
## Increment a :zeek:see:`Telemetry::Gauge` by the given `amount` through
## Increment a :zeek:see:`Telemetry::Gauge` by the given ``amount`` through
## the :zeek:see:`Telemetry::GaugeFamily`.
## This is a short-cut for :zeek:see:`Telemetry::gauge_inc`.
## Using a negative amount is an error.
@ -169,7 +169,7 @@ export {
label_values: labels_vector &default=vector(),
amount: double &default=1.0): bool;
## Decrement a :zeek:see:`Telemetry::Gauge` by the given `amount` through
## Decrement a :zeek:see:`Telemetry::Gauge` by the given ``amount`` through
## the :zeek:see:`Telemetry::GaugeFamily`.
## This is a short-cut for :zeek:see:`Telemetry::gauge_dec`.
##
@ -184,7 +184,7 @@ export {
label_values: labels_vector &default=vector(),
amount: double &default=1.0): bool;
## Set a :zeek:see:`Telemetry::Gauge` to the given `value` through
## Set a :zeek:see:`Telemetry::Gauge` to the given ``value`` through
## the :zeek:see:`Telemetry::GaugeFamily`.
## This is a short-cut for :zeek:see:`Telemetry::gauge_set`.
##

1946
scripts/base/init-bare.zeek
View file

File diff suppressed because it is too large Load diff

24
scripts/base/misc/version.zeek
View file

@ -1,6 +1,6 @@
##! Provide information about the currently running Zeek version.
##! The most convenient way to access this are the Version::number
##! and Version::info constants.
##! Provide information about the currently running Zeek version. The most
##! convenient way to access this are the :zeek:see:`Version::number` and
##! :zeek:see:`Version::info` constants.
module Version;
@ -41,11 +41,11 @@ export {
##
## version_string: Zeek version string.
##
## Returns: `VersionDescription` record.
## Returns: :zeek:see:`Version::VersionDescription` record.
global parse: function(version_string: string): VersionDescription;
## Test if the current running version of Zeek is greater or equal to the given version
## string.
## Test if the current running version of Zeek is greater or equal to
## the given version string.
##
## version_string: Version to check against the current running version.
##
@ -118,13 +118,15 @@ function parse(version_string: string): VersionDescription
}
export {
## `VersionDescription` record pertaining to the currently running version of Zeek.
## :zeek:see:`Version::VersionDescription` record pertaining to the currently
## running version of Zeek.
const info = Version::parse(zeek_version());
## version number of the currently running version of Zeek as a numeric representation.
## The format of the number is ABBCC with A being the major version,
## bb being the minor version (2 digits) and CC being the patchlevel (2 digits).
## As an example, Zeek 2.4.1 results in the number 20401
## version number of the currently running version of Zeek as a numeric
## representation. The format of the number is ABBCC with A being the
## major version, bb being the minor version (2 digits) and CC being the
## patchlevel (2 digits). As an example, Zeek 2.4.1 results in the
## number 20401
const number = info$version_number;
}

8
scripts/base/utils/exec.zeek
View file

@ -6,7 +6,7 @@ module Exec;
export {
type Command: record {
## The command line to execute. Use care to avoid injection
## The command line to execute. Use care to avoid injection
## attacks (i.e., if the command uses untrusted/variable data,
## sanitize it with :zeek:see:`safe_shell_quote`).
cmd: string;
@ -34,10 +34,10 @@ export {
};
## Function for running command line programs and getting
## output. This is an asynchronous function which is meant
## to be run with the `when` statement.
## output. This is an asynchronous function which is meant
## to be run with the ``when`` statement.
##
## cmd: The command to run. Use care to avoid injection attacks!
## cmd: The command to run. Use care to avoid injection attacks!
##
## Returns: A record representing the full results from the
## external program execution.

4
scripts/base/utils/numbers.zeek
View file

@ -2,9 +2,9 @@
##
## s: The string to search for a number.
##
## get_first: Provide `F` if you would like the last number found.
## get_first: Provide ``F`` if you would like the last number found.
##
## Returns: The request integer from the given string or 0 if
## Returns: The request integer from the given string or ``0`` if
## no integer was found.
function extract_count(s: string, get_first: bool &default=T): count
{

69
scripts/policy/frameworks/management/controller/main.zeek
View file

@ -186,24 +186,6 @@ global g_configs: table[ConfigState] of Management::Configuration
function config_deploy_to_agents(config: Management::Configuration, req: Management::Request::Request)
{
# Make any final changes to the configuration we send off.
# If needed, fill in agent IP address info as learned from their peerings.
# XXX this will need revisiting when we support host names.
local instances: set[Management::Instance];
for ( inst in config$instances )
{
if ( inst$name in g_instances_known
&& inst$host == 0.0.0.0
&& g_instances_known[inst$name]$host != 0.0.0.0 )
inst$host = g_instances_known[inst$name]$host;
add instances[inst];
}
config$instances = instances;
for ( name in g_instances )
{
if ( name !in g_instances_ready )
@ -414,27 +396,34 @@ function config_assign_metrics_ports(config: Management::Configuration)
[Supervisor::WORKER] = 3,
};
local p = port_to_count(Management::Controller::auto_assign_metrics_start_port);
local ports_set: set[count];
local instance_metrics_start_port: table[addr] of count;
local instance_ports_set: table[addr] of set[count];
local instance_addr_lookup: table[string] of addr;
local node: Management::Node;
local node_addr: addr;
# Pre-populate agents ports, if we have them:
for ( inst in config$instances )
{
# build instance name -> addr lookup table
instance_addr_lookup[inst$name] = inst$host;
instance_metrics_start_port[inst$host] = port_to_count(Management::Controller::auto_assign_metrics_start_port);
instance_ports_set[inst$host] = {};
if ( inst?$listen_port )
add ports_set[port_to_count(inst$listen_port)];
add instance_ports_set[inst$host][port_to_count(inst$listen_port)];
}
# Pre-populate nodes with pre-defined metrics ports, as well
# as their Broker ports:
for ( node in config$nodes )
node_addr = instance_addr_lookup[node$instance];
{
if ( node?$p )
add ports_set[port_to_count(node$p)];
add instance_ports_set[node_addr][port_to_count(node$p)];
if ( node?$metrics_port )
{
add ports_set[port_to_count(node$metrics_port)];
add instance_ports_set[node_addr][port_to_count(node$metrics_port)];
add new_nodes[node];
}
}
@ -466,17 +455,18 @@ function config_assign_metrics_ports(config: Management::Configuration)
for ( i in nodes )
{
node = nodes[i];
node_addr = instance_addr_lookup[node$instance];
# Find next available port ...
while ( p in ports_set )
++p;
while ( instance_metrics_start_port[node_addr] in instance_ports_set[node_addr] )
++instance_metrics_start_port[node_addr];
node$metrics_port = count_to_port(p, tcp);
node$metrics_port = count_to_port(instance_metrics_start_port[node_addr], tcp);
add new_nodes[node];
add ports_set[p];
add instance_ports_set[node_addr][instance_metrics_start_port[node_addr]];
# ... and consume it.
++p;
++instance_metrics_start_port[node_addr];
}
config$nodes = new_nodes;
@ -1029,6 +1019,27 @@ event Management::Controller::API::stage_configuration_request(reqid: string, co
g_configs[STAGED] = config;
config_copy = copy(config);
# The staged config is preserved as the client sent it to us. For the
# ready-to-deploy version we fill in additional details here.
#
# One such bit of information is that we know the IP addresses of
# instances that connected to the controller from their Broker peering.
#
# XXX this will need revisiting when we support host names.
local instances: set[Management::Instance];
for ( inst in config_copy$instances )
{
if ( inst$name in g_instances_known
&& inst$host == 0.0.0.0
&& g_instances_known[inst$name]$host != 0.0.0.0 )
inst$host = g_instances_known[inst$name]$host;
add instances[inst];
}
config_copy$instances = instances;
if ( Management::Controller::auto_assign_broker_ports )
config_assign_broker_ports(config_copy);
if ( Management::Controller::auto_assign_metrics_ports )

10
scripts/policy/frameworks/packet-filter/shunt.zeek
View file

@ -8,19 +8,19 @@ export {
const max_bpf_shunts = 100 &redef;
## Call this function to use BPF to shunt a connection (to prevent the
## data packets from reaching Zeek). For TCP connections, control
## data packets from reaching Zeek). For TCP connections, control
## packets are still allowed through so that Zeek can continue logging
## the connection and it can stop shunting once the connection ends.
global shunt_conn: function(id: conn_id): bool;
## This function will use a BPF expression to shunt traffic between
## the two hosts given in the `conn_id` so that the traffic is never
## the two hosts given in the ``conn_id`` so that the traffic is never
## exposed to Zeek's traffic processing.
global shunt_host_pair: function(id: conn_id): bool;
## Remove shunting for a host pair given as a `conn_id`. The filter
## Remove shunting for a host pair given as a ``conn_id``. The filter
## is not immediately removed. It waits for the occasional filter
## update done by the `PacketFilter` framework.
## update done by the ``PacketFilter`` framework.
global unshunt_host_pair: function(id: conn_id): bool;
## Performs the same function as the :zeek:id:`PacketFilter::unshunt_host_pair`
@ -40,7 +40,7 @@ export {
No_More_Conn_Shunts_Available,
## Limitations in BPF make shunting some connections with BPF
## impossible. This notice encompasses those various cases.
## impossible. This notice encompasses those various cases.
Cannot_BPF_Shunt_Conn,
};
}

9
scripts/policy/frameworks/telemetry/log.zeek
View file

@ -1,5 +1,5 @@
##! Implementation of a telemetry.log and telemetry_histogram.log file
##! using metrics accessible via the Telemetry module.
##! Implementation of a :file:`telemetry.log` and :file:`telemetry_histogram.log`
##! file using metrics accessible via the Telemetry module.
@load base/frameworks/telemetry
@ -12,8 +12,9 @@ export {
option log_interval = 60sec;
## Only metrics with prefixes in this set will be included in the
## `telemetry.log` and `telemetry_histogram.log` files by default.
## Setting this option to an empty set includes all prefixes.
## :file:`telemetry.log` and :file:`telemetry_histogram.log` files
## by default. Setting this option to an empty set includes all
## prefixes.
##
## For more fine-grained customization, setting this option to an
## empty set and implementing the :zeek:see:`Telemetry::log_policy`

18
scripts/policy/protocols/dns/detect-external-names.zeek
View file

@ -15,13 +15,19 @@ export {
## **must** be set appropriately for this detection.
External_Name,
};
## Default is to ignore mDNS broadcasts.
option skip_resp_host_port_pairs: set[addr, port] = { [[224.0.0.251, [ff02::fb]], 5353/udp] };
}
event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=-3
function detect_external_names(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
{
if ( |Site::local_zones| == 0 )
return;
if ( [c$id$resp_h, c$id$resp_p] in skip_resp_host_port_pairs )
return;
# Check for responses from remote hosts that point at local hosts
# but the name is not considered to be within a "local" zone.
if ( Site::is_local_addr(a) && # referring to a local host
@ -33,3 +39,13 @@ event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priori
$identifier=cat(a,ans$query)]);
}
}
event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
{
detect_external_names(c, msg, ans, a);
}
event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
{
detect_external_names(c, msg, ans, a);
}

2
src/Conn.h
View file

@ -59,8 +59,8 @@ struct ConnTuple {
IPAddr dst_addr;
uint32_t src_port = 0;
uint32_t dst_port = 0;
bool is_one_way = false; // if true, don't canonicalize order
uint16_t proto = UNKNOWN_IP_PROTO;
bool is_one_way = false; // if true, don't canonicalize order
};
static inline int addr_port_canon_lt(const IPAddr& addr1, uint32_t p1, const IPAddr& addr2, uint32_t p2) {

2
src/EventRegistry.h
View file

@ -164,8 +164,8 @@ private:
void UpdateFuncBodies();
EventGroupKind kind;
std::string name;
bool enabled = true;
std::string name;
std::unordered_set<detail::ScriptFuncPtr> funcs;
};

25
src/IPAddr.cc
View file

@ -4,14 +4,12 @@
#include <cstdlib>
#include <string>
#include <vector>
#include "zeek/3rdparty/zeek_inet_ntop.h"
#include "zeek/Conn.h"
#include "zeek/Hash.h"
#include "zeek/Reporter.h"
#include "zeek/ZeekString.h"
#include "zeek/analyzer/Manager.h"
namespace zeek {
@ -20,7 +18,7 @@ const IPAddr IPAddr::v6_unspecified = IPAddr();
namespace detail {
ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto,
ConnKey::ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto,
bool one_way) {
Init(src, dst, src_port, dst_port, proto, one_way);
}
@ -43,7 +41,6 @@ ConnKey& ConnKey::operator=(const ConnKey& rhs) {
port1 = rhs.port1;
port2 = rhs.port2;
transport = rhs.transport;
valid = rhs.valid;
return *this;
}
@ -51,7 +48,7 @@ ConnKey& ConnKey::operator=(const ConnKey& rhs) {
ConnKey::ConnKey(Val* v) {
const auto& vt = v->GetType();
if ( ! IsRecord(vt->Tag()) ) {
valid = false;
transport = INVALID_CONN_KEY_IP_PROTO;
return;
}
@ -78,7 +75,7 @@ ConnKey::ConnKey(Val* v) {
proto = vr->FieldOffset("proto");
if ( orig_h < 0 || resp_h < 0 || orig_p < 0 || resp_p < 0 || proto < 0 ) {
valid = false;
transport = INVALID_CONN_KEY_IP_PROTO;
return;
}
@ -86,19 +83,24 @@ ConnKey::ConnKey(Val* v) {
// types, too.
}
if ( ! vl->HasField(orig_h) || ! vl->HasField(resp_h) || ! vl->HasField(orig_p) || ! vl->HasField(resp_p) ) {
transport = INVALID_CONN_KEY_IP_PROTO;
return;
}
const IPAddr& orig_addr = vl->GetFieldAs<AddrVal>(orig_h);
const IPAddr& resp_addr = vl->GetFieldAs<AddrVal>(resp_h);
auto orig_portv = vl->GetFieldAs<PortVal>(orig_p);
auto resp_portv = vl->GetFieldAs<PortVal>(resp_p);
const auto& orig_portv = vl->GetFieldAs<PortVal>(orig_p);
const auto& resp_portv = vl->GetFieldAs<PortVal>(resp_p);
auto protov = vl->GetFieldAs<CountVal>(proto);
const auto& protov = vl->GetField<CountVal>(proto);
Init(orig_addr, resp_addr, htons((unsigned short)orig_portv->Port()), htons((unsigned short)resp_portv->Port()),
protov, false);
protov->AsCount(), false);
}
void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto,
void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto,
bool one_way) {
// Because of padding in the object, this needs to memset to clear out
// the extra memory used by padding. Otherwise, the session key stuff
@ -122,7 +124,6 @@ void ConnKey::Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint
}
transport = proto;
valid = true;
}
} // namespace detail

12
src/IPAddr.h
View file

@ -20,6 +20,9 @@ class Val;
namespace detail {
// UNKNOWN_IP_PROTO is 65535
constexpr uint16_t INVALID_CONN_KEY_IP_PROTO = 65534;
class HashKey;
class ConnKey {
@ -28,10 +31,9 @@ public:
in6_addr ip2;
uint16_t port1 = 0;
uint16_t port2 = 0;
uint8_t transport;
bool valid = true;
uint16_t transport = INVALID_CONN_KEY_IP_PROTO;
ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto, bool one_way);
ConnKey(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, bool one_way);
ConnKey(const ConnTuple& conn);
ConnKey(const ConnKey& rhs) { *this = rhs; }
ConnKey(Val* v);
@ -45,8 +47,10 @@ public:
ConnKey& operator=(const ConnKey& rhs);
bool Valid() const { return transport <= 0xFF; };
private:
void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint8_t proto, bool one_way);
void Init(const IPAddr& src, const IPAddr& dst, uint16_t src_port, uint16_t dst_port, uint16_t proto, bool one_way);
};
} // namespace detail

8
src/Options.cc
View file

@ -424,11 +424,17 @@ Options parse_cmdline(int argc, char** argv) {
opterr = 0;
// getopt may permute the array, so need yet another array
auto zargs = std::make_unique<char*[]>(zeek_args.size());
//
// Make sure this array is one greater than zeek_args and ends in nullptr, otherwise
// getopt may go beyond the end of the array
auto zargs = std::make_unique<char*[]>(zeek_args.size() + 1);
for ( size_t i = 0; i < zeek_args.size(); ++i )
zargs[i] = zeek_args[i].data();
// Make sure getopt doesn't go past the end
zargs[zeek_args.size()] = nullptr;
while ( (op = getopt_long(zeek_args.size(), zargs.get(), opts, long_opts, &long_optsind)) != EOF )
switch ( op ) {
case 'a': rval.parse_only = true; break;

12
src/analyzer/Analyzer.h
View file

@ -747,6 +747,12 @@ private:
zeek::Tag tag;
ID id;
bool skip;
bool finished;
bool removing;
bool timers_canceled;
TimerPList timers;
Connection* conn;
Analyzer* parent;
const zeek::detail::Rule* signature;
@ -762,12 +768,6 @@ private:
bool protocol_confirmed;
bool analyzer_confirmed;
TimerPList timers;
bool timers_canceled;
bool skip;
bool finished;
bool removing;
uint64_t analyzer_violations = 0;
static ID id_counter;

1
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -215,6 +215,7 @@ refine connection KRB_Conn += {
rv->Assign(4, GetStringFromPrincipalName(${msg.client_name}));
rv->Assign(5, proc_ticket(${msg.ticket}));
rv->Assign(6, proc_encrypted_data(${msg.enc_part.data}));
return rv;
};

15
src/analyzer/protocol/krb/krb-types.pac
View file

@ -10,6 +10,8 @@ zeek::RecordValPtr proc_host_address(const ZeekAnalyzer a, const KRB_Host_Addres
zeek::VectorValPtr proc_tickets(const KRB_Ticket_Sequence* list);
zeek::RecordValPtr proc_ticket(const KRB_Ticket* ticket);
zeek::RecordValPtr proc_encrypted_data(const KRB_Encrypted_Data* encrypted_data);
%}
%code{
@ -115,6 +117,19 @@ zeek::RecordValPtr proc_ticket(const KRB_Ticket* ticket)
rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), zeek::TYPE_COUNT));
rv->Assign(4, to_stringval(ticket->enc_part()->data()->ciphertext()->encoding()->content()));
return rv;
}
zeek::RecordValPtr proc_encrypted_data(const KRB_Encrypted_Data* encrypted_data)
{
auto rv = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::KRB::Encrypted_Data);
if ( encrypted_data->have_kvno() )
{
rv->Assign(0, asn1_integer_to_val(encrypted_data->kvno(), zeek::TYPE_COUNT));
}
rv->Assign(1, asn1_integer_to_val(encrypted_data->etype()->data(), zeek::TYPE_COUNT));
rv->Assign(2, to_stringval(encrypted_data->ciphertext()->encoding()->content()));
return rv;
}
%}

1
src/analyzer/protocol/krb/types.bif
View file

@ -8,6 +8,7 @@ type SAFE_Msg: record;
type KDC_Options: record;
type AP_Options: record;
type Type_Value: record;
type Encrypted_Data: record;
type Ticket: record;
type Ticket_Vector: vector;
type Host_Address: record;

29
src/analyzer/protocol/quic/QUIC.spicy
View file

@ -9,7 +9,7 @@ import zeek;
# The interface to the C++ code that handles the decryption of the INITIAL packet payload using well-known keys
public function decrypt_crypto_payload(
version: uint32,
all_data: bytes,
data: bytes,
connection_id: bytes,
encrypted_offset: uint64,
payload_offset: uint64,
@ -417,7 +417,7 @@ type CryptoBuffer = unit() {
##############
type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
var decrypted_data: bytes;
var full_packet: bytes;
var packet_size: uint64 = 0;
var start: iterator<stream>;
sink crypto_sink;
@ -464,8 +464,15 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
}
};
# Slurp in the whole packet if we determined we have a chance to decrypt.
all_data: bytes &parse-at=self.start &eod if ( self?.long_header && can_decrypt(self.long_header, context, from_client) ) {
: void {
if (self?.long_header && can_decrypt(self.long_header, context, from_client))
# If we have parsed an initial packet that we can decrypt the payload,
# determine the size to store into a buffer.
self.packet_size = self.offset();
}
# Buffer the whole packet if we determined we have a chance to decrypt.
packet_data: bytes &parse-at=self.start &size=self.packet_size if ( self.packet_size > 0 ) {
self.crypto_buffer = new CryptoBuffer();
self.crypto_sink.connect(self.crypto_buffer);
@ -477,7 +484,7 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
# All data is accessible via the `long_header` unit
self.decrypted_data = decrypt_crypto_payload(
self.long_header.version,
self.all_data,
self.packet_data,
self.long_header.dest_conn_id,
self.long_header.encrypted_offset,
self.long_header.payload_length,
@ -496,7 +503,7 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
self.decrypted_data = decrypt_crypto_payload(
self.long_header.version,
self.all_data,
self.packet_data,
context.initial_destination_conn_id,
self.long_header.encrypted_offset,
self.long_header.payload_length,
@ -509,6 +516,9 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
# connection.
if ( |self.decrypted_data| == 0 )
throw "decryption failed";
# We were able to decrypt the INITIAL packet. Confirm QUIC!
spicy::accept_input();
}
# Depending on the type of header and whether we were able to decrypt
@ -543,9 +553,6 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
context.client_initial_processed = True;
else
context.server_initial_processed = True;
# Take buffered crypto data as confirmation signal.
spicy::accept_input();
}
}
};
@ -555,10 +562,10 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
##############
public type RequestFrame = unit {
%context = ConnectionIDInfo;
: Packet(True, self.context());
: Packet(True, self.context())[];
};
public type ResponseFrame = unit {
%context = ConnectionIDInfo;
: Packet(False, self.context());
: Packet(False, self.context())[];
};

34
src/analyzer/protocol/quic/decrypt_crypto.cc
View file

@ -86,7 +86,7 @@ Removes the header protection from the INITIAL packet and returns a DecryptionIn
that is partially filled
*/
DecryptionInformation remove_header_protection(const std::vector<uint8_t>& client_hp, uint64_t encrypted_offset,
const hilti::rt::Bytes& all_data) {
const hilti::rt::Bytes& data) {
DecryptionInformation decryptInfo;
int outlen;
auto* ctx = get_aes_128_ecb();
@ -95,16 +95,16 @@ DecryptionInformation remove_header_protection(const std::vector<uint8_t>& clien
EVP_CipherInit_ex(ctx, NULL, NULL, client_hp.data(), NULL, 1);
static_assert(AEAD_SAMPLE_LENGTH > 0);
assert(all_data.size() >= encrypted_offset + MAXIMUM_PACKET_NUMBER_LENGTH + AEAD_SAMPLE_LENGTH);
assert(data.size() >= encrypted_offset + MAXIMUM_PACKET_NUMBER_LENGTH + AEAD_SAMPLE_LENGTH);
const uint8_t* sample = data_as_uint8(all_data) + encrypted_offset + MAXIMUM_PACKET_NUMBER_LENGTH;
const uint8_t* sample = data_as_uint8(data) + encrypted_offset + MAXIMUM_PACKET_NUMBER_LENGTH;
std::array<uint8_t, AEAD_SAMPLE_LENGTH> mask;
EVP_CipherUpdate(ctx, mask.data(), &outlen, sample, AEAD_SAMPLE_LENGTH);
// To determine the actual packet number length,
// we have to remove the mask from the first byte
uint8_t first_byte = data_as_uint8(all_data)[0];
uint8_t first_byte = data_as_uint8(data)[0];
if ( first_byte & 0x80 ) {
first_byte ^= mask[0] & 0x0F;
@ -117,8 +117,8 @@ DecryptionInformation remove_header_protection(const std::vector<uint8_t>& clien
int recovered_packet_number_length = (first_byte & 0x03) + 1;
// .. and use this to reconstruct the (partially) unprotected header
std::vector<uint8_t> unprotected_header(data_as_uint8(all_data), data_as_uint8(all_data) + encrypted_offset +
recovered_packet_number_length);
std::vector<uint8_t> unprotected_header(data_as_uint8(data),
data_as_uint8(data) + encrypted_offset + recovered_packet_number_length);
uint32_t decoded_packet_number = 0;
@ -149,8 +149,8 @@ std::vector<uint8_t> calculate_nonce(std::vector<uint8_t> client_iv, uint64_t pa
/*
Function that calls the AEAD decryption routine, and returns the decrypted data.
*/
hilti::rt::Bytes decrypt(const std::vector<uint8_t>& client_key, const hilti::rt::Bytes& all_data,
uint64_t payload_length, const DecryptionInformation& decryptInfo) {
hilti::rt::Bytes decrypt(const std::vector<uint8_t>& client_key, const hilti::rt::Bytes& data, uint64_t payload_length,
const DecryptionInformation& decryptInfo) {
int out, out2;
if ( payload_length < decryptInfo.packet_number_length + AEAD_TAG_LENGTH )
@ -162,18 +162,18 @@ hilti::rt::Bytes decrypt(const std::vector<uint8_t>& client_key, const hilti::rt
if ( payload_length > 10000 )
throw hilti::rt::RuntimeError(hilti::rt::fmt("payload_length too large %ld", payload_length));
const uint8_t* encrypted_payload = data_as_uint8(all_data) + decryptInfo.unprotected_header.size();
const uint8_t* encrypted_payload = data_as_uint8(data) + decryptInfo.unprotected_header.size();
int encrypted_payload_size = payload_length - decryptInfo.packet_number_length - AEAD_TAG_LENGTH;
if ( encrypted_payload_size < 0 )
throw hilti::rt::RuntimeError(hilti::rt::fmt("encrypted_payload_size underflow %ld", encrypted_payload_size));
if ( all_data.size() < decryptInfo.unprotected_header.size() + encrypted_payload_size + AEAD_TAG_LENGTH )
throw hilti::rt::RuntimeError(hilti::rt::fmt("all_data too short %ld < %ld", all_data.size(),
if ( data.size() < decryptInfo.unprotected_header.size() + encrypted_payload_size + AEAD_TAG_LENGTH )
throw hilti::rt::RuntimeError(hilti::rt::fmt("data too short %ld < %ld", data.size(),
decryptInfo.unprotected_header.size() + encrypted_payload_size));
const void* tag_to_check = all_data.data() + decryptInfo.unprotected_header.size() + encrypted_payload_size;
const void* tag_to_check = data.data() + decryptInfo.unprotected_header.size() + encrypted_payload_size;
int tag_to_check_length = AEAD_TAG_LENGTH;
// Allocate memory for decryption.
@ -443,7 +443,7 @@ Function that is called from Spicy, decrypting an INITIAL packet and returning
the decrypted payload back to the analyzer.
*/
hilti::rt::Bytes QUIC_decrypt_crypto_payload(const hilti::rt::integer::safe<uint32_t>& version,
const hilti::rt::Bytes& all_data, const hilti::rt::Bytes& connection_id,
const hilti::rt::Bytes& data, const hilti::rt::Bytes& connection_id,
const hilti::rt::integer::safe<uint64_t>& encrypted_offset,
const hilti::rt::integer::safe<uint64_t>& payload_length,
const hilti::rt::Bool& from_client) {
@ -457,9 +457,9 @@ hilti::rt::Bytes QUIC_decrypt_crypto_payload(const hilti::rt::integer::safe<uint
if ( payload_length < 20 )
throw hilti::rt::RuntimeError(hilti::rt::fmt("payload too small %ld < 20", payload_length));
if ( (all_data.size() < encrypted_offset + payload_length) )
if ( (data.size() < encrypted_offset + payload_length) )
throw hilti::rt::RuntimeError(
hilti::rt::fmt("packet too small %ld %ld", all_data.size(), encrypted_offset + payload_length));
hilti::rt::fmt("packet too small %ld %ld", data.size(), encrypted_offset + payload_length));
uint32_t v = version;
QuicPacketProtection* qpp = nullptr;
@ -479,10 +479,10 @@ hilti::rt::Bytes QUIC_decrypt_crypto_payload(const hilti::rt::integer::safe<uint
std::vector<uint8_t> iv = qpp->GetIv(secret);
std::vector<uint8_t> hp = qpp->GetHp(secret);
DecryptionInformation decryptInfo = remove_header_protection(hp, encrypted_offset, all_data);
DecryptionInformation decryptInfo = remove_header_protection(hp, encrypted_offset, data);
// Calculate the correct nonce for the decryption
decryptInfo.nonce = calculate_nonce(std::move(iv), decryptInfo.packet_number);
return decrypt(key, all_data, payload_length, decryptInfo);
return decrypt(key, data, payload_length, decryptInfo);
}

6
src/analyzer/protocol/tcp/TCP_Reassembler.h
View file

@ -105,10 +105,10 @@ private:
bool did_EOF;
bool skip_deliveries;
uint64_t seq_to_skip;
bool in_delivery;
analyzer::tcp::TCP_Flags flags;
bool in_delivery;
uint64_t seq_to_skip;
FilePtr record_contents_file; // file on which to reassemble contents

4
src/event.bif
View file

@ -724,8 +724,8 @@ event file_over_new_connection%(f: fa_file, c: connection, is_orig: bool%);
## of the file. The analysis can be augmented at this time via
## :zeek:see:`Files::add_analyzer`. The amount of data fed into the file
## sniffing can be increased or decreased by changing either
## :zeek:see:`default_file_bof_buffer_size` or the `bof_buffer_size` field
## in an `fa_file` record. The event will be raised even if content inspection
## :zeek:see:`default_file_bof_buffer_size` or the ``bof_buffer_size`` field
## in an :zeek:type:`fa_file` record. The event will be raised even if content inspection
## has been unable to infer any metadata, in which case the fields in *meta*
## will be left all unset.
##

38
src/iosource/Packet.h
View file

@ -160,16 +160,6 @@ public:
*/
uint32_t eth_type;
/**
* Layer 2 source address.
*/
const u_char* l2_src = nullptr;
/**
* Layer 2 destination address.
*/
const u_char* l2_dst = nullptr;
/**
* (Outermost) VLAN tag if any, else 0.
*/
@ -208,6 +198,24 @@ public:
*/
bool l4_checksummed = false;
/**
* Layer 2 source address.
*/
const u_char* l2_src = nullptr;
/**
* Layer 2 destination address.
*/
const u_char* l2_dst = nullptr;
/**
* This flag indicates whether a packet has been processed. This can
* mean different things depending on the traffic, but generally it
* means that a packet has been logged in some way. We default to
* false, and this can be set to true for any number of reasons.
*/
bool processed = false;
/**
* Indicates whether this packet should be recorded.
*/
@ -264,14 +272,6 @@ public:
*/
int gre_link_type = DLT_RAW;
/**
* This flag indicates whether a packet has been processed. This can
* mean different things depending on the traffic, but generally it
* means that a packet has been logged in some way. We default to
* false, and this can be set to true for any number of reasons.
*/
bool processed = false;
/**
* The session related to this packet, if one exists.
*/
@ -283,7 +283,7 @@ private:
// True if we need to delete associated packet memory upon
// destruction.
bool copy;
bool copy = false;
};
} // namespace zeek

4
src/packet_analysis/packet_analysis.bif
View file

@ -28,7 +28,7 @@ function register_packet_analyzer%(parent: PacketAnalyzer::Tag, identifier: coun
return zeek::val_mgr->True();
%}
## Attempts to add an entry to `parent`'s dispatcher that maps a protocol/index to a next-stage `child`
## Attempts to add an entry to ``parent``'s dispatcher that maps a protocol/index to a next-stage ``child``
## analyzer. This may fail if either of the two names does not respond to a known analyzer.
##
## parent: The parent analyzer being modified
@ -49,7 +49,7 @@ function try_register_packet_analyzer_by_name%(parent: string, identifier: count
return zeek::val_mgr->True();
%}
## Internal function that is used to update the core-mirror of the script-level `ignore_checksums_nets` variable.
## Internal function that is used to update the core-mirror of the script-level ``ignore_checksums_nets`` variable.
function PacketAnalyzer::__set_ignore_checksums_nets%(v: subnet_set%) : bool
%{
if ( v->GetType()->Tag() != zeek::TYPE_TABLE )

85
src/parse.y
View file

@ -64,7 +64,7 @@
%type <expr> expr opt_expr rhs opt_init anonymous_function lambda_body index_slice opt_deprecated when_condition
%type <event_expr> event
%type <stmt> stmt stmt_list func_body for_head
%type <type> type opt_type enum_body
%type <type> simple_type type opt_type enum_body
%type <func_type> func_hdr func_params
%type <type_l> type_list
%type <type_decl> type_decl formal_args_decl
@ -1026,6 +1026,13 @@ expr:
$$ = new ConstExpr({AdoptRef{}, $1});
}
| simple_type
{
set_location(@1);
TypePtr ty{AdoptRef(), $1};
$$ = new ConstExpr(make_intrusive<TypeVal>(ty, true));
}
| '/' { begin_RE(); } TOK_PATTERN_TEXT TOK_PATTERN_END
{
set_location(@3);
@ -1153,63 +1160,75 @@ enum_body_elem:
}
;
type:
TOK_BOOL {
simple_type:
TOK_BOOL
{
set_location(@1);
$$ = base_type(TYPE_BOOL)->Ref();
}
| TOK_INT {
| TOK_INT
{
set_location(@1);
$$ = base_type(TYPE_INT)->Ref();
}
| TOK_COUNT {
| TOK_COUNT
{
set_location(@1);
$$ = base_type(TYPE_COUNT)->Ref();
}
| TOK_DOUBLE {
| TOK_DOUBLE
{
set_location(@1);
$$ = base_type(TYPE_DOUBLE)->Ref();
}
| TOK_TIME {
| TOK_TIME
{
set_location(@1);
$$ = base_type(TYPE_TIME)->Ref();
}
| TOK_INTERVAL {
| TOK_INTERVAL
{
set_location(@1);
$$ = base_type(TYPE_INTERVAL)->Ref();
}
| TOK_STRING {
| TOK_STRING
{
set_location(@1);
$$ = base_type(TYPE_STRING)->Ref();
}
| TOK_PATTERN {
| TOK_PATTERN
{
set_location(@1);
$$ = base_type(TYPE_PATTERN)->Ref();
}
| TOK_PORT {
| TOK_PORT
{
set_location(@1);
$$ = base_type(TYPE_PORT)->Ref();
}
| TOK_ADDR {
| TOK_ADDR
{
set_location(@1);
$$ = base_type(TYPE_ADDR)->Ref();
}
| TOK_SUBNET {
| TOK_SUBNET
{
set_location(@1);
$$ = base_type(TYPE_SUBNET)->Ref();
}
| TOK_ANY {
| TOK_ANY
{
set_location(@1);
$$ = base_type(TYPE_ANY)->Ref();
}
@ -1265,24 +1284,6 @@ type:
$$ = new VectorType({AdoptRef{}, $3});
}
| TOK_FUNCTION func_params
{
set_location(@1, @2);
$$ = $2;
}
| TOK_EVENT '(' formal_args ')'
{
set_location(@1, @3);
$$ = new FuncType({AdoptRef{}, $3}, nullptr, FUNC_FLAVOR_EVENT);
}
| TOK_HOOK '(' formal_args ')'
{
set_location(@1, @3);
$$ = new FuncType({AdoptRef{}, $3}, base_type(TYPE_BOOL), FUNC_FLAVOR_HOOK);
}
| TOK_FILE TOK_OF type
{
set_location(@1, @3);
@ -1301,6 +1302,26 @@ type:
$$ = new OpaqueType($3);
}
type:
simple_type
| TOK_FUNCTION func_params
{
set_location(@1, @2);
$$ = $2;
}
| TOK_HOOK '(' formal_args ')'
{
set_location(@1, @3);
$$ = new FuncType({AdoptRef{}, $3}, base_type(TYPE_BOOL), FUNC_FLAVOR_HOOK);
}
| TOK_EVENT '(' formal_args ')'
{
set_location(@1, @3);
$$ = new FuncType({AdoptRef{}, $3}, nullptr, FUNC_FLAVOR_EVENT);
}
| resolve_id
{
if ( ! $1 || ! ($$ = $1->IsType() ? $1->GetType().get() : nullptr) )

2
src/script_opt/ZAM/OPs/ZBI.op
View file

@ -130,7 +130,7 @@ eval auto cid = $1;
res = conn->GetVal();
else
{
ERROR2("connection ID not a known connection", cid);
emit_builtin_error("connection ID not a known connection", cid);
res = build_dummy_conn_record();
}
AssignTarget($$, ZVal(res, res->GetType()));

19
src/session/Manager.cc
View file

@ -2,27 +2,25 @@
#include "zeek/session/Manager.h"
#include "zeek/zeek-config.h"
#include <arpa/inet.h>
#include <netinet/in.h>
#include <pcap.h>
#include <unistd.h>
#include <cstdlib>
#include "zeek/Desc.h"
#include "zeek/Event.h"
#include "zeek/Conn.h"
#include "zeek/Func.h"
#include "zeek/IP.h"
#include "zeek/NetVar.h"
#include "zeek/Reporter.h"
#include "zeek/RuleMatcher.h"
#include "zeek/RunState.h"
#include "zeek/Timer.h"
#include "zeek/TunnelEncapsulation.h"
#include "zeek/analyzer/Manager.h"
#include "zeek/iosource/IOSource.h"
#include "zeek/packet_analysis/Manager.h"
#include "zeek/session/Session.h"
#include "zeek/telemetry/Manager.h"
#include "zeek/util.h"
zeek::session::Manager* zeek::session_mgr = nullptr;
@ -94,8 +92,15 @@ void Manager::Done() {}
Connection* Manager::FindConnection(Val* v) {
zeek::detail::ConnKey conn_key(v);
if ( ! conn_key.valid )
if ( ! conn_key.Valid() ) {
// Produce a loud error for invalid script-layer conn_id records.
const char* extra = "";
if ( conn_key.transport == UNKNOWN_IP_PROTO )
extra = ": the proto field has the \"unknown\" 65535 value. Did you forget to set it?";
zeek::emit_builtin_error(zeek::util::fmt("invalid connection ID record encountered%s", extra));
return nullptr;
}
return FindConnection(conn_key);
}

11
src/supervisor/Supervisor.h
View file

@ -367,17 +367,6 @@ struct SupervisorStemHandle {
* State which defines a Supervised Zeek node's understanding of itself.
*/
struct SupervisedNode {
/**
* Initialize the Supervised node within the Zeek Cluster Framework.
* This function populates the "Cluster::nodes" script-layer variable
* that otherwise is expected to be populated by a
* "cluster-layout.zeek" script in other context (e.g. ZeekCtl
* generates that cluster layout).
* @return true if the supervised node is using the Cluster Framework
* else false.
*/
bool InitCluster() const;
/**
* Initialize the Supervised node.
* @param options the Zeek options to extend/modify as appropriate

7
src/threading/SerialTypes.h
View file

@ -126,9 +126,8 @@ struct Field {
* those Vals supported).
*/
struct Value {
TypeTag type; //! The type of the value.
TypeTag subtype; //! Inner type for sets and vectors.
bool present = false; //! False for optional record fields that are not set.
TypeTag type; //! The type of the value.
TypeTag subtype; //! Inner type for sets and vectors.
struct set_t {
zeek_int_t size;
@ -183,6 +182,8 @@ struct Value {
_val() { memset(this, 0, sizeof(_val)); }
} val;
bool present = false; //! False for optional record fields that are not set.
/**
* Constructor.
*

51
src/util.cc
View file

@ -363,9 +363,8 @@ static long int zeek_rand_state = 0;
static bool first_seed_saved = false;
static unsigned int first_seed = 0;
static void zeek_srandom(unsigned int seed, bool deterministic) {
static void zeek_srandom(unsigned int seed) {
zeek_rand_state = seed == 0 ? 1 : seed;
zeek_rand_deterministic = deterministic;
srandom(seed);
}
@ -380,26 +379,28 @@ void seed_random(unsigned int seed) {
void init_random_seed(const char* read_file, const char* write_file, bool use_empty_seeds,
const std::string& seed_string) {
std::array<uint32_t, zeek::detail::KeyedHash::SEED_INIT_SIZE> buf = {};
size_t pos = 0; // accumulates entropy
bool seeds_done = false;
uint32_t seed = 0;
if ( read_file ) {
if ( ! read_random_seeds(read_file, &seed, buf) )
reporter->FatalError("Could not load seeds from file '%s'.", read_file);
else
seeds_done = true;
}
else if ( ! seed_string.empty() ) {
if ( ! fill_random_seeds(seed_string, &seed, buf) )
reporter->FatalError("Could not load seeds from string");
else
seeds_done = true;
}
else if ( use_empty_seeds )
seeds_done = true;
if ( write_file )
// run in deterministic mode when we write a file
zeek_rand_deterministic = true;
if ( read_file || use_empty_seeds || ! seed_string.empty() ) {
// if a seed is provided - run Zeek in deterministic mode
zeek_rand_deterministic = true;
if ( read_file ) {
if ( ! read_random_seeds(read_file, &seed, buf) )
reporter->FatalError("Could not load seeds from file '%s'.", read_file);
}
else if ( ! seed_string.empty() ) {
if ( ! fill_random_seeds(seed_string, &seed, buf) )
reporter->FatalError("Could not load seeds from string");
}
}
else { // no seed provided
size_t pos = 0; // accumulates entropy
if ( ! seeds_done ) {
#ifdef HAVE_GETRANDOM
// getrandom() guarantees reads up to 256 bytes are always successful,
assert(sizeof(buf) < 256);
@ -437,17 +438,13 @@ void init_random_seed(const char* read_file, const char* write_file, bool use_em
reporter->FatalError("Could not read enough random data. Wanted %d, got %zu",
zeek::detail::KeyedHash::SEED_INIT_SIZE, pos);
if ( ! seed ) {
for ( size_t i = 0; i < pos; ++i ) {
seed ^= buf[i];
seed = (seed << 1) | (seed >> 31);
}
for ( size_t i = 0; i < pos; ++i ) {
seed ^= buf[i];
seed = (seed << 1) | (seed >> 31);
}
else
seeds_done = true;
}
zeek_srandom(seed, seeds_done);
zeek_srandom(seed);
if ( ! first_seed_saved ) {
first_seed = seed;

7
testing/btest/Baseline.zam/bifs.lookup_connection/.stderr Normal file
View file

@ -0,0 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1362692526.869344 error: invalid connection ID record encountered: the proto field has the "unknown" 65535 value. Did you forget to set it?
1362692526.869344 error in <no location>: connection ID not a known connection ([orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=65535])
1362692526.869344 error: invalid connection ID record encountered: the proto field has the "unknown" 65535 value. Did you forget to set it?
1362692526.869344 error: invalid connection ID record encountered
1362692526.869344 error in <no location>: connection ID not a known connection ([orig_h=<uninitialized>, orig_p=<uninitialized>, resp_h=<uninitialized>, resp_p=<uninitialized>, proto=65535])
1362692526.869344 error: invalid connection ID record encountered

3
testing/btest/Baseline.zam/scripts.base.protocols.quic.analyzer-confirmations/conn.log.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic

3
testing/btest/Baseline.zam/scripts.base.protocols.quic.analyzer-confirmations/out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, AllAnalyzers::ANALYZER_ANALYZER_QUIC
analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, AllAnalyzers::ANALYZER_ANALYZER_SSL

7
testing/btest/Baseline/bifs.lookup_connection/.stderr Normal file
View file

@ -0,0 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
1362692526.869344 error in <...>/lookup_connection.zeek, line 19: invalid connection ID record encountered: the proto field has the "unknown" 65535 value. Did you forget to set it? (lookup_connection(cid))
1362692526.869344 error in <...>/lookup_connection.zeek, line 19: connection ID not a known connection (lookup_connection(cid) and [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp, proto=65535])
1362692526.869344 error in <...>/lookup_connection.zeek, line 41: invalid connection ID record encountered: the proto field has the "unknown" 65535 value. Did you forget to set it? (connection_exists(my_id))
1362692526.869344 error in <...>/lookup_connection.zeek, line 51: invalid connection ID record encountered (lookup_connection(my_id))
1362692526.869344 error in <...>/lookup_connection.zeek, line 51: connection ID not a known connection (lookup_connection(my_id) and [orig_h=<uninitialized>, orig_p=<uninitialized>, resp_h=<uninitialized>, resp_p=<uninitialized>, proto=65535])
1362692526.869344 error in <...>/lookup_connection.zeek, line 57: invalid connection ID record encountered (connection_exists(my_id))

0
testing/btest/Baseline/bifs.x509_verify/stdout-openssl-1.0 → testing/btest/Baseline/bifs.x509_verify/out
View file

8
testing/btest/Baseline/bifs.x509_verify/stdout-openssl-1.1
View file

@ -1,8 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Validation result: certificate has expired
Validation result: ok
Resulting chain:
Fingerprint: 70829f77ff4b6e908324a3f4e1940fce6c489098, Subject: CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP
Fingerprint: 5deb8f339e264c19f6686f5f8f32b54a4c46b476, Subject: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Fingerprint: 32f30882622b87cf8856c63db873df0853b4dd27, Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US
Fingerprint: 742c3192e607e424eb4549542be1bbc53e6174e2, Subject: OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

3
testing/btest/Baseline/core.save-load-seeds/load.conn.log.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
uid history service
CHhAvVGS1DHFjwGM9 ShADadFf http

3
testing/btest/Baseline/core.save-load-seeds/save.conn.log.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
uid history service
CHhAvVGS1DHFjwGM9 ShADadFf http

2
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -23,9 +23,9 @@ scripts/base/init-bare.zeek
build/scripts/base/bif/mmdb.bif.zeek
build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek
build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
build/scripts/base/bif/event.bif.zeek
build/scripts/base/bif/telemetry_functions.bif.zeek
build/scripts/base/bif/telemetry_types.bif.zeek
build/scripts/base/bif/event.bif.zeek
scripts/base/packet-protocols/__load__.zeek
scripts/base/packet-protocols/main.zeek
scripts/base/frameworks/analyzer/main.zeek

2
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -23,9 +23,9 @@ scripts/base/init-bare.zeek
build/scripts/base/bif/mmdb.bif.zeek
build/scripts/base/bif/plugins/Zeek_SNMP.types.bif.zeek
build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
build/scripts/base/bif/event.bif.zeek
build/scripts/base/bif/telemetry_functions.bif.zeek
build/scripts/base/bif/telemetry_types.bif.zeek
build/scripts/base/bif/event.bif.zeek
scripts/base/packet-protocols/__load__.zeek
scripts/base/packet-protocols/main.zeek
scripts/base/frameworks/analyzer/main.zeek

3
testing/btest/Baseline/language.type-expr/.stdout Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[v=aoeu, valid=T]
type

102
testing/btest/Baseline/scripts.base.protocols.krb.enc_part/output Normal file
View file

@ -0,0 +1,102 @@
as_response, CHhAvVGS1DHFjwGM9
[kvno=<uninitialized>, cipher=18, ciphertext=\xc0\xe9\xbc\x01\x95\x9d\x9e\x9f\x9f\xeeY\x93O\xb4\xf1-W\xfb\x18\x90\xbb\x0d\x86\xa8\xd3\xc3\xc8\x8f\xfa\x8a\x95:\xbd\x0a\x0a\x0c\x1e<\xf3gb\xe8\xaf\x14\xc6O\xca\x04%L\x93+\xa0C&\xcb\xc9\xe7\xe0\x13c\xb6\xee\xa0\xbf\xc1\x14]\x03+\x04\xdc\x13"\x99O\xbb\xce\xf4`\x18oS\x96\x08\x19\xa0\xd3\x7f\x05\x07\xe4\x9a6\xa4K\x8ae]\xc7\x02,k\xabv\x07A$v\x81\xba\x83?\x07\xaa\x0a\x85\x89a[\x89+\xbe\xf7\xe5d&Z\x9c\x87\xee=a\xef\xe4\x18\x1fp\x95\x0f=K\xa2&\xb3s5\xc1\xefTx\x9b\xc8\xf3\x82G\x92\xa6\xa9\x8a\xb6\xc2E\xaf\xe8\xad\xec\x16\x10,\xd5\xb6\xf5\xc4\x84\xfc\xf5\xb21\x13\xb3\x06\xf8/\xf7sY\xf5T.Ou\xcf\xf2*2\xb6<\x1d`Y\xe3\xd8\x88iLA\x07!(@.}}\xe9 ;\x90\xd3\xe0\xd2\xeb&\x02\xaa\xc9\xd3\xcd\xe6ba\x0d|-\xdf\x88\xf3\xd3\xb9\xe4S\xd4\xd7\x04\xbc\x96p\x17YS\x15-\xf9\xc8\x9b\xfd\x00<\xc1C]
as_response, ClEkJM2Vm5giqnMf4h
[kvno=<uninitialized>, cipher=18, ciphertext=~\xcd4\xbf\xed\xa8\xff\xc4X\x04\x8b\x0e\x7f\xe4I0O\x93\xc3\x95\xc3rN`\xb2\xfb(\xaa\xbda\xc7\xef!\xcf]y\x8a\xcd\xa9k[#\xe8\xec=W&\xe6V+\xea\xbb\xa5=\xaa\xd6\xc6\xe5\x9e\xeb;\x04_\x81\xbeE=P\x1fs\xee4\xe8,\xa0\xda<\xc9\x84K\x0c\xb0sl\xbdw@\x83\x0cL^]%\xc71\xc6\xf8\xe3\x043i\xf1W9\xcb\xd8\x03\x8a\xc9\xd8 \xb0\x1b\xb4\xac\xe9RB\x83\\xc7\xe7r]\xd4\x90\xe3\xf0\xcf}\xae*\xa1\xaa1\xc9i\xf5L\xe7\xc9\xdbR\x00\xa3Y\xc0\x84\x83\x93r\xa6>\x09\xd88\xbc\x98\xbb\xe6\x07\xfb\xcb\xf0\xc7\x9f\xf5\x89\x04\x8c5(\x0ej\xd9\xbf\xdb\xee\x07:yi\xfcm\x1a\x19\xba$\xf3\xd4\x99\x9d\xcb\x95`|\xb8\xf2l\xa0ma\xab\x83\xd9W\xbf\xe1\xa9u\xdd\xd0#\xf4\xb9\x94w<R\x1a\xd3\x16\x92\xd3;u\xb8\xcc3U\x97;r\x1a\xf7\x02\x82M\xa2\x16\x8c\xa6\xd1\xce\xcb\xfc\x11\x94\xb0-\x8e\xf8\x9e:\x0f/\x07\xde\xa7*]
as_response, C4J4Th3PJpwUYZZ6gc
[kvno=<uninitialized>, cipher=18, ciphertext=\x96\x8b\x97q\x0a\xb4\x0ct\xe7t\xad~\xcc\x86/\xd2g\x83\xbc[\x1ft\xf2|\xd1[=\x1f\\xaf\xe2\xea\xb0\x07\x82\xe7&\xd8%X\x9a\x9a\xa7\x86\xe9\xc1GF\xe1\x9a\x09e\x0b\xfeg\x8eR*\x8e\xf2\x8d\xfcr\x17\xf0\x9bq\xf4\xd9\xd1\xd4\xaf\x93}\xbbM\x8bA&+'\xab%C\x96UJS\xc3d\xc6{r\xcf\xa6\x9a\xee?J\xcc'\xacm]\xa0\xc4^R\x0a\xff\xea"1FV\xfd\xd4\x06\xf5\xd0v\xd4b\xd5M\xa7A\x88\x06;\xc5\xd5g\x8c\xe1WL\xfb\xa3\x8c\x0a\xef\xd0i\xea@\xb2R\xb2,\x1d\xee\xa3\xfb\x89\x8dR\x8f\xa5\xbd*\x07N\x93K \H\xfe\xbb\xf6\x09\xb0\xe5\x9b\xb8\x17\x88\xda\x8d\xa7\xce=\xc4\xa0\xc6t5\xe4W5\x07D\xdf\x92-\xefmD\xcc_L7\xbe Wh\x92\x09\x8f\xfb;\xeb\x98\x17\xcf>e\x16\x8er\xf5[\x88\xee;Z)\x03\xbcP\xbe\x96&:"E\xd0^\x16\x00dqA\xc6\xaf\xbd\xbb5\x14\x85QXf\xc3\x16~\xa7\xae\xf3]
as_response, CtPZjS20MLrsMUOJi2
[kvno=<uninitialized>, cipher=18, ciphertext=\xf5\xd6\xd2\x9f\x82\xdd\x17\xceve) 5@k\x8eE\x91\xad\xf2m\xc7\xea\xc2\xf3\x0f]\xcf\x9c\xbc\\x1flwp=\xe8\xa4\xc5\xb8<v\x1d\xe9\xab0\x86\$+-\x18a.\xdf\xc7\xa7\x10*\xeb\x94\x95\xb5ZA\xe2\xba\x97\x87\xc7\xfe\x18S\x9dF`\x18\x98I\x00\xc0\x9b\xfd\x1f\xde5\x1c\xf2w\xe0\xe3\x84\xf7+\x12\xa7\xa8Q\x90\x80Q\xf7\xa0\xfd\x0e_\xb3\xa6\xad\x17\xfeU\xcb\xb3oL\xeb@\x812\xba\x82\xbd\x85\x06\xc4+\xe8\xed\xc5\xba\x02\xc0\xdb\x00\xb6t\xb80\x8c>\xad\xb9\xf8\x9b\x04\xa3\x15\x82\xd1\x9b\xc1\xa8!\x1c5\xb2\x06zX\x05\xfa\xfe,\x0a\x07\xa5vx\x15\x0f\x10\x80\x01\xee\xb8$\xd5\xc9/~\xae\xbd\xc5\x89\xc2\x86\x9e\x056\xc4\x13+W\xb0i\x14\xde\xba\x07\x1c\xea\xc9\xa7\xc6[}>\xdcSt\xbf\xc0s\x81a\x1d\xa1\x1b'\x18)\xdeb\x11A<\x90\x15\x00fX\x0c(J\x00W\xc8\xc3?\x86\xc7\x99\x98\xb8j\xbe\xe9K\xc6k_G\xc7\x1e\xe8Y\xceX"]
as_response, CUM0KZ3MLUfNB0cl11
[kvno=<uninitialized>, cipher=18, ciphertext=C\x9fo\x95\xcb\x86`v\xc2\x83RVF4{\x9fb\xc1O\xe4\xdc%\xac\xef(Q9%\xa6\x01\x1e9I\x90U\x02\xc2\x90!6\xeb(c\xef\x02b\xe2\xb1\xac\x97\xb8n#R\xdd~\xbe\x1d\xb7\x95\xf3\xe6)\x9d\xc0]m\xc4]\xc3\xa3\x8f\xd2\x16/;\xaf\x16\x80\xf3\x16\x0c^\xb1\xa4\xf8\x1a\xc2\xc3\x0f\xad\xc7\x08><5SL\xf1+q\xa2\x1f<rvu\xe8\x02\x02\xe3i#\xe3M\x8a/\x90q\xf6\x0b\x13\xde\x0a\x15\x0b\xfc"\x11\x11\x920&\xads\x88\x09a8\x07V{\xd9\x11f\x1e\xea\xcc\xde\xd4r|\xb4QOCpA\x04\x88[p\x15\xff\xee\xfa\xc8\x12|p\xd5\xcc\x85C\x892\xf4\x8f!r\xcb\xca\xc7Q\x01\x10j\xc2T\xba\x8fae!\x02t\x9e\xb4\xee\xd1n,\x1b\x8e\xca*\x85\x951\xc1\x94\x95\xe3\x98\x9e\x16vq\xcc\x95\xff1~8=G\x02|\xdf\x84\xa24\x94\x9d6\x1caU\x85\x07\xd6\x95p\xab\x10WE\x9f\xb8K\x00\x1b2\x96\x00\x02\xc3\x0coY]
as_response, CmES5u32sYpV7JYN
[kvno=<uninitialized>, cipher=18, ciphertext=\xdekoJ\x96\xfb\x83\xac\x11\xbd\x0bn\xdb'\xc6\x11N,\xbcp\xac\x00=\xc1\xa0\xfb\xa4`\xf7uY>w\xac\xa3\xfa\x0f\x1f\x99\x937z\xd5\x08\xa8\x0c\x8d\x08\x06\x88Gv\x97W66\x1e\x82Y\xea\x1a\x07\xa3\xae/i\x97L\xb37H\x9b\xcc\x88\xeag\xd5\x8cm+\x9b<F\x1e)+\xb1\xdb\x82\xf7~\xa7fVv\x97\x85*E\x96\xd3D>\xe0=R#\xc2\x955\x99\xbc\x01\xfd\x89\x09\x13\x110"]\x7f\x0dO\xe0\x7f\\x00\xb7\xb1\x0e\x0b\xb4\xb1\xfe\x08\xe0\xacQ\x8ch\xee\xbb\xba\xe6\xc2\x0c\xe4\x87F\x00\x88{\x1a}\x1cp#m\xfa\x07(\xa7\xd7\x9b\xeb\xb4M\x01\xb8K\?\xfe\x81\x10%\xdc%\x0b\xc8.~\x86xT\x9d\x14\xa5p\xa6m?\x1c\x85\xbfj;\x96\xddaN\x99\x13\xc1\xb2;\xb6\xb6\x87h\x89\x10\x0b\xfa8\xcf\x92\x88\x9e\x15_y\xc0\x82g\xe5e\xaa\xec|-a\x07l\xa7G\xe2k2\x80\xbc\xees\x10u\xe2\xc9\xa4\xc4\xc1D,\xa2\xa4\x9cD\x1d6\xf4]
as_response, CP5puj4I8PtEU4qzYg
[kvno=<uninitialized>, cipher=18, ciphertext=p\xb5\x91?~!\x80@\xe5\x8e\x00D$}\x90M\x17\xf0#A\xbfG\xad\xe0\xe9&xK5\xdf\xe1\xee\x08\xf7\xbb\x82\xa2\x0aw{\x15\xdd\x9d\x8dC\x7f\x8fvp %\xb2\x17"\x87\x1a\x89\x91j\xe9\x8a\x12\x1b\xf0\x8eM\xc8\x1a\xc1\x8c\xcb\xc5aC\x1d.\xae\x99\x8f\x9e\xe1\x8fN\\xac\x0f\x1atzU\x1f\x9a\x0f.\xd9\x18\x1f\x8d\x83PBJ}\xd6u\xe1\x13a\x89\x7f\xab\xa9\xdb\x0c\xd6%\x9e\x06\x90"\xd2R\xecLS\xda\x99g\x1c\x95t\xc7\xc8W\xa0\xd4\x8d;\x16X\x93\x1a;\xd3\x93\xbaGe\x99\x80\xca\xd6\x0d\x0d\xbd\xdc"\x0c\xf9[\x15\xf8\Q\xec*m\xf8]\xbdl\xc0\x9fQ\xa8\xf5z\x00\xe0l+\xe5\xa5\xb5xy\xf8+\xe0\xc3t\xda\xdc\xf1{\xd8\xd1T\xee\xbe\xe3\x07`\x84\xf8\xfcoxU=]\x1dXl<\xd0iAz\xb3iY\xbe\x97u\xef\xeb\x8d\x00\xd4\x9a\xf8<'\xec\x05P\xbd\x92P\xd3\xa4\xb4\x91\xdc\x0e\xc3\x82h\xe3(\xac\xa8\xddC2 @\xe2<\xaf\x05\xc5\x13\xfd>X\x99#\x00m\x9c% B<\x09(\xfd]
as_response, C37jN32gN3y3AZzyf6
[kvno=<uninitialized>, cipher=18, ciphertext=n\xa4\xfc\x84\x1aG=C\xd2\xef\xd6j\xc2\x05v.<Oe\xc1\x0b$\xfc\xab\x0bN\xc3\x1f\xd78`M\x19\xe0`A?\xaf\xdbl\xfcA\xbd\xeex\xc6M\x14\x1d\x06\xddx\x8c\x0d\xb5\xd0\\xfc2<b\xe3\x8c\xc5b\xcf?m9(\x95D\\x8aq\xf8X\x9a\xed\x05\xb3\x9c\x9f\x0a\xc9\xf0\x12\xfc\xaf\xe9\x14\x8c\xfa\xe0\x84Y\xaf\xf62\xbb\x128\x14\x95\xfc\xe0\x09-Xb\x83\xd3\xa2\xe3\x89~B\xc8\xf2\xb8|nYq\xf7c VG\xb7\xf1\xe7\x04\x82\xe6\xe3\xaaI09%\x06\xb2\xd7o\x96\xd0G{\xe7\xde\xcf$Ze:\xdfp4(\xb8h|\xb5\x06V\xf6\xd5Xyz'\xe6'\x11\xa0\xacE*\x93\xddI%\xa7\xbc\x80\x00\xd6\x86=r\xeb\xa8j\x80u\xe2\xa4\xa47\xcf\xf2\x98/\xc7Ui\x8f\xb2\xfc\x9eaW\xd7\x9c8\xb5l\xab\xbb\x10\x1f\{\xcd\x9c\xe4\xaf\x8f\x03r@\xfc\xc4Z\xdb\x8c\xee!\xc0\x91\xd8\x93\xc3q\x90[\x80\x11\x1eF\xd24\x14)\xeb\xfc\x87L\x94\x9f\x93\x08\x86\xc4\xe9S`B7H\x0f\xa1\xa3\x7f\x9d\x02\xb9\xe0]
as_response, C3eiCBGOLw3VtHfOj
[kvno=<uninitialized>, cipher=18, ciphertext=i0\xcb\xf6\xaf4\xc0\x95\xe7y\xf6Ry/\xff\xf1GLu%\xea\x17?\x06\xa8\xadU\xb0\xc5\x16\xee\x9b\xd7\xfd\xabRy=\xaf\xb2\x85\xcdLx\x8d\x0a\x01#T'\x1bF\xc0\x04\xae\xba\xcf[:lN\x0eII\xd3N\x18C\x1a\xd6\xb3[\xcc\xdeU\x8c\xae#\xa3J}\xe8\x0b>\x82O\xa9\x17\x8bE\xcb\x95\xbd\xe2\x8d\x91~\xf5\x06\xe8\xd6\xf2\x00v\xfb%P\xbb4\x0ao\x1a\x87\x86F\x9f\xb5\x8c\x9f=M\x04\x81>\xa7\x97\xe2\xe9\x85\x89\x13\xaeA\xf1Od\x9cT\xca\xe8'\xdd\xe0P\x8c\xcbaG\x00W%i\xa9\xb3\x06\xd9\xca4Bz#tN&\xf5\xb0\xa7\xdb3H\x0f\xa0\x9d\x15;\xc1\xe6\xe0\xaa\xeb1\xfdv?\x8c$\x97\xd0kC\x15\x83\xfc\xe9d\xcb\x1eK\xa1x\x17\xdb\x96\xccb\x93\x94T0\x09Y\x83p\xbe\xd9C\xa2\xe0\xc9\x94\xb7\xcbA\x87\xeb\x14\x04\xf9\xd8\x8cn=\xfd\x14E\x9b\x8d\xa7hy\xb4\xd5\x94\x89\x04\xcdaG\xa6\xe2\x9e\xa7MBSC\x88Ay\xd7>[L\x99~\xdc\x06\xbf\xbe@\x84\xd0WM\x19 \xfa\x9a)]
as_response, CwjjYJ2WqgTbAqiHl6
[kvno=<uninitialized>, cipher=18, ciphertext=\x9d\x8d\xa1\xbf\xda\xa6\xd7%\x9d\xfaVM=\x9b\x0c\xce\x14z\x90e\xdc\xfe\x8e\x1f\xab\xb0\x95<\x0a'\xac\xfd\xfa\x13\xcc7U&\xc3L\xdb\x1ez}\xec<\xc2_\xc9\xc5"\xda\xc8w<\xdf\xa2f1\xf7\x8a\xd4\x19\xd7\xee\x922\xfe\x89\x93\xc4\x80\x11\xe93\xb2\x1b\xf2 \xb8\xa5\x9db\xe9]\xc1X\xde>\x838\xfb,\x05T\xe4o\xa3\x9a\x85K\xf7\x93\x93\xaf\xd2\x7fc,\xe6\xa4x\x86X\xd8\x02\n\xc5\x81\x13i\x81{\x04\x84\x84\xbdR\x80\xea\x13.uw\xd2Ac\xbaL\xce*\x90\xfb\x7f\xae2\x8b\x0e\xfbU\xc6n]a\x9c\xea\x1f\xf8\xfb\x124f<Z\xc0\xc8\x8a\xc2\xaf\x0a\x81\xb2ZD!\x08\xfek[\xf8\xe1\xb2\xda\x83HP\x87b\xcc\xb5\xc1\x0dt\x9d\xf6\x98\xaa\mic\xfe\xc5\xe9\xe3\x98e-\x92\xb9\xab\xdbKW|\xa8\xcd\xb5\xfe\xa9o\x96\xd5O{NW\xf0\xae\x96\x00:\xb4\xb3Z\x99!\x08)\x0b\x84\x8f\x91\xe7qq\xc4\x98\x9d`\x9b\x83cZ\xcaa\xf9)u\x8d\xcfhfb\xc1wN\xd8+\xa0\x13\xbf\x9ei\xe8@\xc3\xa4]
as_response, C0LAHyvtKSQHyJxIl
[kvno=<uninitialized>, cipher=18, ciphertext=\x90\x89\x96\xb7\xd2\x92N\xc5\xa5y\x8a\x0bq\x0e\x80\xbe\xed\xdbv\xefG\x8bt5uCP\xa4\x1a\xa5\xc6\xe1R\xae\xd4\x94\xfcg0\x01K\xc6\xd5\xcbI\xe1\xda\xc3\xdcX,\xe7\xb7\x8e\xe16N\x9d\xbf\x89\x8258,\xd0\x94h4\xd6\xa6\x8c\xcc\xd5\x00F\x1a\xc1\x14e:\xd4c\x09-_\x92\x86\x01x\xc6y1\x81\xd3\xac\x14\xdc^\x7f\xe6,_a\xe0\xb9\xeaS\xd8\xa1\xe9\xf0>\x8b\xab\xbc\xbf\x9e\xc6\xfd\xc3\x80\xde\x82\xc5\x085nY\x15\xac"\x04\x8f\xf6\xc9\xe5\xceY\x15F[\xa6\x17m\xf9\xb2Ox\xb8\xd5%\x83.\x8c/(\xcb\xb92\x04Ek~\x0dq,\xb8+3X\x0a\x184\x16(r\xc6\xa2H\xc5K\xf4q\xb7\x9e2\xe6\xd9\xad\xcbFL\xab\xb2g\xd4*\xda\x86mz\xfc\xed\xa9\xde\xf5\x80\x91\x9a.\x17\x87\xab\xd2\x7fQ\xd2FJU7HN\xd27\xe9\xe7\x9d. \xc2\xda\xba\x82)\xdb\xbdGJ\xb8\xd8\xe8r\x01\x0d,5\xfb\xb8\x17\x996K\x95lU*\xab"J]
as_response, CFLRIC3zaTU1loLGxh
[kvno=<uninitialized>, cipher=18, ciphertext=4Q\xe2\x17\xae\x16\x94\xdd\xa4\xa6\xc226\xd1\x12\xe5\xe3\xca\xd3n\x9e\x0a\xb1B\xd6\x1e\x0b\x05\x95\xf4\x0a\x02(*L\xe2\x93\x09\xaa\xd8\x9e$\xa8\x14\x80\xdc\xaf\xe0,Um\x87\x97r\x92Iz\xfe\xc1\x84\x8b\x8bK\xb7\x0d\x9aRf\x89\xd6]V\x97\x04\xd8o\xcd\xd3\xb62\x08\x02\x15\xe7\xed\xc4\xdaZMRlS*m%\x1a\xbe\x1e\xc8\xdf\x0e\xa2\xdbX- \xcaW(\xe4\xcb\xe0\xaa\x8e\xa5c\xed\x92\xfa\xa6\x91s\x16\xbd\xec\xcfz\x8b\xbeJ|\xd7A\xcc\x84\xf1\x98J\xd20\xd2\x1f\xa3\x8d\xc1\xe8\x08\xaf\xde#\xaamH\xa2{\xd4\xd5\x92 J\x1b\xa5\x92\xd8w\x81y\x1b\xc2\xfc\xec*\x18\xfa\x15\xd1\xa9\xf8S\x19^\xf45#\xb1\x05\xb2\xb0\xd5\x86\xc2\xcbM\x8er{\xb4\x9a\xce\x04n\xf8\x8f\x8e\x17\xb1\x895\x81\xd1\x84\xf0j"\xff\x11\xadO{2G\x16G\x01m-\xf8\xdc\xd3x\xa9\xda\xaa92\xa8\xa2\xb3\xaf\x96\x80J\x82\xcc#a\x96\x17\x8emX\xa4X\x0aA\xadR\xd3S\xc3]
as_response, C9rXSW3KSpTYvPrlI1
[kvno=<uninitialized>, cipher=18, ciphertext=JC\x11\x04\x15\xdf\x1cKH\xb4\xf1B\x098G\x8c-\x0f\xc2\xca\x99\xfc\x916c\xc8\xd3\xf0\x0c\xe5\xc7\x8aV?\xcf\xdb\xf66^\x16>p\x81U\x84$)\x0f\xfc#\xcdP\x06\xe7\x16\xa1w;\x8bi\xd6\x09]\x99!\x01d\x81\xf3\xe5n\xf2\x02wAB\x1d\xfe~\xeeW]\x96F"\xbao+\x97U\xa2X\xca\xf5b\xc5\x92R\xd38\xceO\xe2S\xe9\xbc\x17\xa4H\xa4\xdc\xb1\xad%PM9\x8eH\x9c\xb8\xa7,\xfb\xf6JD\xa2`\x1acO\x0b\xb6\x8e\xd1\xb9%\xbf\x0d\xb1Vf\xb7@*p\x15\xa6\xecYO\xbdq\xd4\xc2\x0d3U*\xe40\x0c\xbd\x0d@|B\x0b\xa9\xe39\x8a`\x80\x14"x\xeaA-I\xa3=O\xb2\xa2\xe7\xd8m>\xff\x97\xf4\xbe\x06\xfb\xf1\xeb\\xc1]\xd0\xfe\x9a\x11\xd3V\xb3N\x00\xcfKZM'\xb1\x95\x88t5rb\xd5\x0a5W\xd7\x0b;\x0c\xe8Z\xaf\x93p\x8a\x8c\xa3\x0b9d\xda\xe1\xec\xcc\xa1\x12\xa1>\x0a?\xbc\xce\x94\xa7\x9d.Q\xd0]
as_response, Ck51lg1bScffFj34Ri
[kvno=<uninitialized>, cipher=18, ciphertext=\x1a\xcf\xc6\xcfD\xba\x88m,;\xef\x8f\xc7\xb5\xfb[\xc5S\x9c7\xf3.X\xc9nf\xbb\xdbF\xe2\x02p\xfeQ1\x0d\xa6\x9f\xc9,\x87\x1f\x9f\xb1\x04\xb6v\x00\xb9j\xdc\x8d\xf0c_\\x00\xd0\xd5\xd15\x9c\xd3\xe4\xe5\xcc\xcdJ\xdc\xa5\x07]j\x80\xf25T\xdf\x0f\x93\x95\xa5://\x9f\x0b\x0b\xe9Np4\xe9\xeb\xb6\x87\xf4\xa4bl\xb1\xee\xc2\xee\xcd\x09\xe3\xdaCSt\xe3[ VP\x07\xf4\x9b}\x890c\xd5o\x12\xa6 \xba\x84\xbd\xed\x13\x0f\xe0x\xdc5v*\x18\x06@Y\x09gs~\x0d\xc0\x80\x806a\xb7\xce\x96\xce`\x92\xb1\x0c/\xaa\x01\x91\xbc!h\xc2\x81\x8e\x89'DsMD\!\x08Z*\xb8\x023\x9a<\xf9\xfa\x94\x0e\xe6} \xc6\xae\xd6\x95\xe6II\x1c\xbf\xeb\x9fD-\x80A\xfd\xfb\xba\xd0N+\xccJ\xe5Q[\x0a\x9d\xa1g\x1cn\\x01\\xf7\x92\xd9\xcaB\xcdQ\xc9\xcd\x84|\x14\xd686g\xd6\x1fYm\x95\x09\xb0\xa8\x14\xc8\xf2;\xf5\xd3]
as_response, C9mvWx3ezztgzcexV7
[kvno=<uninitialized>, cipher=18, ciphertext=\xf0s{[\xee\xeb\xde\xa2i\xdf\xc1\xbc\x7f\xe8\xb6\x8c\x8c|\xf2\xad\xf2Z\xdfE\xb1\xb4\xdc\xf9gT\xb8\x02\x11\xd6\xcb\xedH\x91?=A\xc4\xc4\xfc[\xed<\xd6\x0a\xabrf\x19\x9e\x0c\x83\x91\xeb\xb4\xc78\x8e(\xdd\xdb*\xbb0\x00S\xdfS\xab\x0aJ\xfa\xf2\xd0\xa2\xa7\x8c\xb9\xbb\xf4\xe1\x1f\xe6\xedH\x1d\xc1\x0d\x0c!F\x97\xa5\xedWi\xfc\xb9eC\x84)V\x1a\xb3\xf9@&\x89\xe3\x95R{\xf3\xb7\x83\xba\xf4\xc8\xff[%\xb1\x8e\x03_\xb9d\xefxh5\x02tm`Z\xb2\xc6\x02^wptO\xebb\xfbV\x88\x98\x11o'\xce2\x8d\xa8\xdfK\xf2@w\xcb\xe4\xd3j|zf\xb6.\x92\xe3[\xed\xe5\xb8\xf79\xf2\x0a#P\xb9\xfd\xd098\x84_\xeaGA^\x87d\x0fL!\xf4\x12\x17:'\xce\xc6\xd5\xaciM\xe8\xd7\xf0\x1c\x18_\x8e\xa0t5\x98\x1f3\x83^1E\xda\x91\x0b\xb6\xfd]\x91aEP\xc4\xb2F\x18\x89O"_\xc7\xb0r\x16WY\x82<"lD\x83.\x01\xc9\xc3$c\x00\xbd\x11\x02r\xed;i\x11\x9b\xdb]
as_response, CNnMIj2QSd84NKf7U3
[kvno=<uninitialized>, cipher=18, ciphertext=\xad\xcdst\xea0\xf9\x97\x8c!\xcc\xd5R'q\xe7\xfb\xe3\x9b(\xb4Z\x1b'\xaf\xcc\xf6\xebf\x10\xc0\x1a\x1f\x17\x1b\xf0\x9ebp+\xb3\x16\x95e\x9c\xc6JM\xd5\x1d\xcc-ah\x92s\x9ea(9r\x91;\xe8\xa0\x7fQ\x16\xc4}=\xd1BA<\x8c/\xf6\xd5\x09nb\x8b\xd4.\x96:\x09\x10\x03\x83T\xe9E\x15\x82\xe9"\x9a\x9b\x10)\xd6 \x10\x92>>y\xcf@-\xf3\xce\xaa\xc9e\x89x\x9fTOc\x10\xcd\xd46\x12\xf2\xdf\xd2a\xd1\xd8\xfd\x09n\x8f\xe8\xbd\x18\\xad\x8b\xfe\x9a\xcb\xc5\xc0\x0e\x7f\xbb\xe8\x9a\x02\xdb\x0e\x0eB\x7ff\xa3\xa3w\xba\xe1\xf0\x87B\x9dq\x15\xc6\xbd\xd7\x8d\xa7\xab\xe6\x93\xdb?\xbb\xc6\x1d\x9dk\xdbZ\x18\x83e\xdf\xd3\xdb\xa6\x00\xfc\x81\xb8\x16*"[\xea\xb6x7\xb1\xe1T0]\xc7\xfd\x09\xf1c\x7f\x96Cd\x05\x8f\x833(',\xd6\x12\x0f\x00R\xea\xb5\xd1_\xd8\xb5\x9e\x1f\x14\x05\xdfv\xe7\xca\x07\xb8T\xbe\xcc3\xe1K\x92\x93p\xf3\xc2'qV2\xfc\xed1\xd8s[\xe7q6\x87b\x15\xea ]
as_response, C7fIlMZDuRiqjpYbb
[kvno=<uninitialized>, cipher=18, ciphertext=\x04\xcf\xe0\x0br_\x00\x14\xe7\x88\x9e\xa5\xc9\x0a\x96\xacA\xf3\xc1\xa9\x8eI\xc4\xb1I\xc2\x88\x1e\x06sF\xdd\xee\xe7\x04r\x97\x1dv\xb9\xac\xf254\xd2{s\x94No\x17m\x0db\xcd>\xc984`\xf0GG\x1d:\xb2Y\xda\xb7Q\xef,\x9f;g7\xbc\x8a\x13\x83\x98$\x02\xda\xe1t5\xb6\xc0u\xfd\x9a1\x15J\x1fL\xf5\xbe\xeci\xf2z\x17\xa9\xcd\x1c*V1\x1c\xbbF\x10\xdes\xc5j\x98\xd0\xe5v\x90W\xdd\x00\xba:m<q;@\x1f\x0e\xc5@\xf1U\xf0\xd9\xcc\xbd-\xdf\xd2\x18\x0e\x9c\xb4\xc9\xff\x97\xe0\x1boI\xd4"\xc7\x00\x16'c*(\x18\x06\x8e\x88\x17\xfe<Oq.\xc4d\x05\xedk\x1e\xce@\x10\xe3\xd5\x11>\xedM2]\xa1v\xa4\x95\xae0\xf2\xabG\xbbB\x90Kk\x02><\x09^l9Ppc\xe6+,\xaf0\x85\xee6Yk\xe4j\x88\x06\x16\xb2d\xe1-\xcb\x1d=\x93v\xa7\xa1\xfds\xe7\xce\xa9~P\xb5!I\x91\x0e\xf4A\xc0\x8el"v\x10\x1b\x9c\x00\x12\x0f\x8c\x04\x95\xe5\x0c\xf2\xe64\xd4\xa6\xcb]
as_response, CykQaM33ztNt0csB9a
[kvno=<uninitialized>, cipher=18, ciphertext=t\xcd\x0e)p@n%,\xc8\xf6\x9e\xa9\x1f\x83\xd6\xbc\xf6\xc73DM\xb3\xc0\xf7e\xe0\xea\x12\x87\xe7#\xc8\x8e\xd5T+=\x82\x12\x8b^\xb3\x83\x9e\x96\xf8u\x8d[\xf0\xe6\xc7\x80\xf8\x15\x96\x00q\xe4/\xeb\x9d\x84\xe7\xe8\x8b\x17\xd4\x8a\xf7g\xee\xbdz/\x0c2\xbe\xda&KF\x81-B|\xd0f\xce&\xecv\x16c\x9b3\xed\x84#\x01JrS\xf5\x1fD[g5\xee\xbd\x98\xc89\xdb\xd0\xf9\x98\xe2\xd9\xa2\x1d\xed\x10\x0dUX\xffk&\xbf\xb8{\x01\xac\x97\xd5\xab\x813oB\xedt?9|\x9d}%u\xb8y*\xaa2RF\x8c\xdc\x886\xb5\x9b'\x12;+\\x93\x92\xf1\xef\x1eT;\xf0\xee\x03\x04\xf9\xbc\xf8\xc7\x96#34+\xa4L\x16N\xab\x85H\x18\xd4\x01\xac\xc8i\x98\xc9\x1bB\x94\A\xcf\xb0\xcc\xb6\xb3\x10\xc8j?g\x19\xa3\xf0 \x9c\xab\xd0\xb1\xe7\xe6b\x0dh\x8d9\xa8U\xa3n\xfa\xef\x96\xa1\x87dm1\xf2a\xfcL(T\x0a\xba\xfd\xb3\xbfW\xce\x93k\x8a-:\x19)\x84\x06i\x10\x82\x8b8^%\x1c\xd2N]
as_response, CtxTCR2Yer0FR1tIBg
[kvno=<uninitialized>, cipher=18, ciphertext=\x1b\xe2\xe0/\xb2W\x96\xbeM\xec\xed*\x03\x04(H\xc2k\x95j\xa9\x98\xdf\xaa\xfe\xa3n\xf9\`2A\x12x\xf4\xaez\xb4K\xe7c;\xb7l\xc4\xe5\x1c\xafdo'\xd9\x16\x98\xdb*\x07M\xccw\xa3V*9\xfe\xf0\xfc\x8f\x91\xd7\x94l\xc6\xea\xc2\xfcX\xd4\xa5\xb9\xa5pY\xeb\x83\x9dk8\x02O\xb9ey\x9c0'.n\xb9\xb9c\x96\xf1\xe9&\xbdT`;@-]\x0e2\x80\xces\x09\xf9r1\x81\x0c\x93\x8bz\xb6\x96\x97\xd6\x01\xb3\xd2\xe1\xa08\x0d\xe2qH\xe6!\x11cCp\xc5\xac\x1bB\x1e\xa37\xc7\x08)0\xfa{\x80\xf0\xc5\x8fq\x94\x81\x8c\xd5\x87\x16\x14\x15\x96Z\xab\xe8R\x94T\xcc\xec\x86_\x88X[\x94\xb3\x1d\x1eS\xcaR\x06BI\xb4U\xcb\xef\xd7w\xb9\xcb0\xb8\xf1\t>\xae\xf1\x7f:\x9c\x08\x9e\xb1K\xa4\xb1,_k\x8e\x19\x9f\xb8\x90\x04\x07\x1eN\xb8\xa4\xb4\xe8\xd5\xf8Te\x94\xec\xfa\x9a\xd0\x17:{\x08\xc1\xfb\xd92\xffNX\xca\xb6l]
as_response, CpmdRlaUoJLN3uIRa
[kvno=<uninitialized>, cipher=18, ciphertext=\xa8V\x9c\xa8\xd7\xe2\x12W\xbf\x909\xa5\xc8\xa6\x93\x05\x19\xbe\x93\xc0\x90\x0cM\x81%\xaa-\x12\xd2y\xf7\xa77\x99\x05"\x84.\x95\xb8&i+uf\xad.*7b\xa7\xe3\xd5\xdf\xceV\x87w\x00I\xddH\x03\x86)\xb3\x9do\xd4\x05\xda%h\xddL\xac\x99\xa4\xea&\xc52\x15NxnT\xf2\xa5\xe6\xdf3:\x9c1\xba\xcf\x00\x0c\x89\x7f\xa1\xe4\xb7\x9e2I\xbc>\xf2b\xfc.\x9c\xa3\x98\xe5mX\x11S\xc8Na\x9e\xe2S|\x12eb\xd7D\x132\xee\x91W\xc6_\x88\xd4\x92\xe5\xab\xbb\xa2\xa4q!\x86!\x98\xb6\x16\xb7\xa1\x84;\x03n:\,\x93Z\xb9/\x02d^}\x99\x14\xe5\x92)\x89\xe4%\xbdn\x88\x1a\xffRi\xb7\xc3XB\xf8\x89/<\xa8\x9dz<C\xde\xf9\x86|\xf9\xa6*\xa4\x14\x1a\x10\x98\xd49\x12\xb4\xd85\xac\x91\xe0'a\x9dtozB{\xca\xb0\x97\xbc\x86\xe3j\x06\xadh\xe4V\x1d_\xd3(\x03Ji\xab>/V\xfdC>Y\x8dq\x19n]
as_response, C1Xkzz2MaGtLrc1Tla
[kvno=<uninitialized>, cipher=18, ciphertext=^y\x8a\x8e\xa2\xc4\x01\x7f\xeer\xe6T\xcc\x98\xf1\x11\xe7\xe9[\xccR\x93\xebB\xe7T\xfc~\xab\x194y\xae\xde\x0c\xf5\x18L^\xe4\xba"'K\x1a07y\xaf\x05\xd5\x96\xed\x10\xe6\xafs[\xeb\xe5Z\x18\xa7\x9e\xd8\x91\x8b\xd2\\xfe_\xee\xc6}#\x87\\x99\x84p\xe4.g\x99}\xc6PZ\xc0\xc3\xcfrZS\xa5\x97'Z\xff\xb8\x1f\xc0`\x0dzJ\x9b%\x09\x88\xca\xf3\xf0\x9967th:z\x82b\xb7Q\xa1\xc5d\x0b\x97|\xe3\xf05\xb8n1\x03\x9f"E\xab_\x94\xd1\x92\xc3\x98Bd]+I3\x051\x18G\xcbV\xbfS/D:\x87\xb1\xd1K\x15\xa67\xe3&O\xff\xc5\xe7\xad\xd5U\xd6A!\xe2<\xb0'\x09\x07\xb0\x1a&\x01\xea\xf6\xb7\xc5H\xbaU\x96Q\xdc\x92\xef\xc7\xa3\x99\xb7\x1a\x9a|\xa2&\xc0K3\xbd\xeca\x13\xe9\x98N\xa5\x18\xc9\xcc\xf0\xd1G\xdc$\x03\xa6\xec\xd7u"\xf4,\xeb\xb5\x03\xcaEj\xb9E\x88\xa4\xc4F\xb0\x04\x13,>\x82*]
as_response, CqlVyW1YwZ15RhTBc4
[kvno=<uninitialized>, cipher=18, ciphertext=\xban\xe1U?s\xdbb\xbb\xc4\xe0`\x18\x7fQ>\xd5.U\x85\x1cq\x16\x92\x8f-#J\x9b\xf4'\x01U7\x9f\x1d\x84\\xeb\xb7\x85\x0b\xb0m\x14\xbeje\xc5\xc7\xd3\xe8\xe8\xae\xa6\x04\x08\x87\x97A\x91\xc7\x85\x1d-\xaah4\x09Z%WW\S\xb8\xcd\x1c\xd2t`&\xd9j;SH\xcd\xe9\xd3\xa5\x81\xb2&\xfc\xda,\xa1\x0f%f\xfc\xc4h\x85\x94h\x86\xbc\xa0\x0dAu\x06I\xa8^\xc8\xdc.})\xb3Pf0\x9e\x8b\x86\x18/Um\x91\x06E\xe2\xe3\x98uTYvE\xb6Gf\xfb\xf3\xf5\xfb\xe4\x11A\xaf\x83e\x0f\xc0Y\xf1e\xe78\x1f\xefuM7~f*\xf83\xbeG\x9b2\xc5\xc72\xd3~\x9f\x96~\xc6H\x19M|m"\x0c\xad\x8b$)K9\xb4@\x9e\xa0\xb7\xabD\x0d\x7fs\xb8\xe5NJC\x07\xc7\xcd\xd8\xef\xa4\xb7\xedb\x99\xab@o|\x06\xa9oN57\xf71-\x1c"y\x8cC\xa7\xf6\x83\xbe\xbf\xb3\xea\x91\xce\xed\x16\xfc\xec6t\x18\xec]
as_response, CLNN1k2QMum1aexUK7
[kvno=<uninitialized>, cipher=18, ciphertext=\xd2\xaaJ\xbb\xb2\xce&1h0\xa4\xc3@\xb53\xb3\xba\x0b\xe4\xf4\xb3\xf3\x9a\x0a00\x81\x1b\xff\xcfs`\xb9\x0a\xe8\x1c\xa3\xfb=G\\x18\x07\x88T\xefL\C*\xf2\F\xf9\xef1\xa8@\x0chJ&{q\x92\xa8\xd5\xf7V\xf4=n\xea\x92\x9b\x80\xb9bt\x0d\xdf\xe4Af\xbf\xda\x08\x0b\xdb\x0d\xcdY\xe6\x9e\x09\x13C\xdd_$\xb2&\xcd\x11\xa722fi\xfe\x924\xe0\xe4LK\xab\xff]o\x917\x90H\xed\xca\xf7.r0\xcd\x17\x08\x1e\x1dxB|\x85\xc9\x81\x17\xb7\x05\xcf\xca7\xbd\xb5\xb9r\x95L\xfb\xc73E\x1a:"\x18\xca\xdf\xd3l\xba_\xc9\xeb\xfb\xbc\x7f\x18\xedh-%\xd1Z9\xfbcr\x89\xde\x99\xc8\xcb\xf0\x17\xb6\p\xb8FO\x18\xe7\x97\x19\xea]7\xf1\xd0\xa6Z\x0bk\x85:\xf0\x99m\xef$\xe3\xdb\x8c\xb4\xf3l\x99\xbf\xbb\x92\xaf\x0a7\xd9\x19X\x03+t\x9cD\xcc\x1c\xa5\xa1\x90$\xbaV\x15\x09\xa0\xbd\xe4\x13hZ\xb9&\xb4qh\x8e\xa7^\xdaP!\xfe\xc2\x87\xba\xef\xd9\xcf\xef\x18a\xdcH\xcb\xbd\x09]
as_response, CBA8792iHmnhPLksKa
[kvno=<uninitialized>, cipher=18, ciphertext=\xba\xcf\xb1\x14\x9e^#M\x09\xb5\xda\x8a\xd8\x07\xcd\xc4\xe5Kp\xd2!\x19\xc40\xfb\xcf\xbd6^\xc6]\x98\xa1}\xf6D\xa7\x0a\xcb\x07\xbe\xbf\xfe\xa6\xf3\xa3\xe1G\x99\xb9\xaf\xce\xda6)/\xff\xcd=\x99\x86\xb0v\xe0\x9c\xe8\x80\xc9\x1f\xa4\xe0?\xa9\xe3\xb7\xe98\xb8\xd0\x88~1\xe7i1)F}a^uMt\x86m\xa4\x95Ye\xdd\xc0r\x08r\x93\xb3\x0a\xc0\xc6\xd7,\xfct\x90\x8cU\x88W\xd8o\xbe\xe6F\xf0\x16\xff\x81B\x1a|\x8dj\xd1\x0e\x8d\xde,d\x86\xc6\xa7\x86\x9a\x0d-O\xa7H5\xc0\x96\xf5\xebX\x18B\x04\xd5'\xa2\x9b\xd8\xc9q\x1f\x11\xd3\x9dw\x08\xc8\xde\xc57\x0eJg\xac\xe6\xd0\xa0\xaf4s"\xf4\xfc\xc2\x18\x06i\xe3\xea\x91cF\xfe\xc3\xaa\x12\xe7\xf1$V\x1c\xf8\x91\x02\x0c\xbe\x12\x8c\x12\xe8\xd6\x096K\x86\xee\x8b5\xc2>EY\x9b\xec\xb6\xee\x91\xb8)VZ3N#K\xa7\x15\xb3Z.X\x87\xb1\xe4\xb3\x87\xed\x0c\xc8\x82g\xbc\x15\xc6\x94\x12\xa9A\xd4\xd4\xfd\xc6kB\x0f\xe1\xeaR\x9bN7\x07\x14\xbfR]
as_response, CGLPPc35OzDQij1XX8
[kvno=<uninitialized>, cipher=18, ciphertext=\xaf\xcd\xcb\xe7L\x0d\x02\xcf\xfc\x0f\xbeCz\xb5\xf1\xb4\x14\xb0m\x87\x82].\x04+\x03\xa1n\x0ap\xd4*\x01\x8bn!B\x98\x7f\xa2\xe8i\xcd\x15S\xa8\xa2\x80\xf8%j\xfeMs\x9agcG\xd4\xaf\x06h\x8d\xf5\x02\xff\xe0\x8aS\xd3\xbe\x9c5\xb5\x90\xc9\xbc=@\xce\xe3p\x13\xca:b\x0a+\x98\x0c<\xb1\x09O\x9cr\x8e\xb3\xff\x0c\x1d\xed\x86w$\xe7"\x9e\xb2\xd5N\x80i\xd8\x0b\xe0\xbb\\x92\x07\xf8\x84\xfb\xaf\xf1\xc3\xc1\x95\x18\x0f\x9d\xe7(\xae\x98$\xca\x03\xfao\x9b\xc133\x07\xb7\x8e#\xd7d\xc2\xfb\x86\x0d\x02\x1c\xe8\x0f\xd8/\xd6\xd6\x00P\x1c\x0c\xea\x82\xa0\xc8\xee\x0f\xca<\x18\xe9\xc5\x19\x80zGb\xc07\xe9\x86\xe6f\xde\x18\x94\xc5\xe4R\x16\xce\x10#\x87\x0c\xd3\xad\x8e\xfc^\x9d\xc1\xb72\xffKx\xbd\x1a\x15\xa0\xa7\xd7u\x85\xbc\x7f\xd9\xf8\xe3\xe7%\xc0)\xf53\x9eN\x1d\x06~\x18\x91\xf9\xb9\xd7\xd4\x85\x8b\x08\x03\x89j1\xc8\x82\x86\xbb\xda,\xd1\xd1\x86\xec\xec\xca\x80\x91\x14\x0a\x83\xe6\xf2\x9c\xba\x8f\x17\x1f;+\xf49\x01\xdf]
as_response, CiyBAq1bBLNaTiTAc
[kvno=<uninitialized>, cipher=18, ciphertext=\xe7\xba`\xfa\x0b\x1e\xc9\xfa\xf3~\xe4\xdf\xf9\x1fq\xdb\xd4\x06\xa1\xe7\xae\x15\x86\x05\x95\xef\x97\\xa9\xed`\xb4}\x0a\x05\xdf \x9c\xe2\x7f^\x09\xe4\x08J\x82\xa6\xfd\xc7\xdeS\xa9<kK\xebB\xb5\xfb\x85\x19J\xba+\xc8w\x91\xd8qP\x07\x1e\xffko\xa0vl\x80;\xeb\x0e;C\xe5\xf8\xc6yQ\x83M\x0e\xf5\xdc\x01~\xeb7.\xca\x98\x89\x94\xe1\xd9W\xcb\x9e\x05\xd7\xb6\xedm\x0b|b\x07\xf4f&\xb1YX\xbfg#\xfd\xe1\xca\xb4\x0c\x1d\xc5.\x19\x14\x9c>\x87\x02\xda\xd4GW5 0\x02\xc1\xe5\xf2-+2A\xa9\xb9\xb0\x08\xfc_ \x1e\xe7\xa2\x98\x18D\x05@i\xd3\x19\xa9\x83q^\xe8\xa4\xa5wq@38\x02\xa8\xcd\x8f\xfak\x0bs\xa4\x9e_\x08\xd0\xdf\x8c\xd1\x080\xa1\xe9\xcdIXQ\xf1\xa8=\x18<)\xe5\xc9\xb1hh\x905\xd0\x86\xbf\xd3o\xbe\xc1\xc9'F\xb7\x14\x90V\xf6\x15\xd4T\x07\x19\x97\x85v\xae|\x1b#\xfa\x09L-k\xcc\xd6\xda\xd0[\xd9x\xb0Ai\xa0\x90\xce\xafWB\x0f\xafO\x9b\xa3\x9d\xf7\xad\x02]
as_response, CFSwNi4CNGxcuffo49
[kvno=<uninitialized>, cipher=18, ciphertext=\xf1\xe7\xf5\x9c>\xdeQ%\xfb\x8b\xee +9\x81\xc0\x9d%:KUf\x02\x94\x04\xa9\xa3\x19\x89\x8f\xa0\xbb\x95\xaa\xd5\xef3\x19f\x9e\x1c8GI\xf6\xe6w\xe6\xcb\xf7\xcb\xc9\x97\xa1\xd7\{\x19\x1em\x91\2\xfcF\x85\x13\xbdB\xd3\xec\xff\xddf\xd8\xa7\xe1\xda\x98W\xe6Q\x9d\xdfU\xba\xad\xb4\xfan\xb50\xceYK\xd2q\xc2\xc8 \x15\xa6 \x8a\xfe\xc0~\xa40\xceM|\xf3\x1d9sVoj`\xfdXTrI\xf8G\x0a\xc5\x14\x0e\x04\x92\x07I.J\x1a\xaa\xbfx\xa1\xfb2\xc0\x9ftT\xaes\xc9q\xa2\x08y\xe3\x158\xc4\x07D\xd6\x986\x1b\xdaE\x88_\x95\x8b\x91\x0a\x15Y]\x803\xeaQ\xdcP\xde\xf5\x0c\xe2\xd5<c\xa4\x82\xa5?,\x00\xc40\x90_\x1b\x85\x84\x12\xe1\x12\xaa1\xf5\x1e\x96Xw1> \xf5\x83\x04\xebd\xd5\x94\xc2\xb4E\xa9Czf\xfa\xd1\xac\xfb\xdd\xf9\xfe\xad\xb0\x04g\x96R\xc7\xc8\xf0\x03N\xf6\xe7\x97Z\xcf\x8f\xf6\x11\xff-{\xf1N]
as_response, Cipfzj1BEnhejw8cGf
[kvno=<uninitialized>, cipher=18, ciphertext=\xa7\x18\xe0\xa5\x96\xce\xf7\xa2m!\x9cN5\xcf\xff\xd3\xbd'DT\x19\xa8\x91#}\xc1\x15\x09\x98\xe7\x92\i?\x85/\x05\xa7\x80\xa1|\x94w\xc2\xb36*\x04\xac\xd9#[\xdd\xb1\x1cqC=\xd5>Z\xb5\x93\xb8]z`\xd6\xd4 \x1bBz\x07o2,\x86\xfb\xd6\xa9\xc6whB\xed\"\xcf\xcd\x87\xc0\x15\x13\x81-L\xe3\xd4N\#\xa1\xee\xd58)\x1fN\xc6\x0b\x93\x07o\x8f\xd8\xb3\xe2\x08\xc6U}\xec\xc2\x1bG\xf7Z\xb9\x05\xf6\x07\\xd6\x0b[\xcf\xe9,I4\x95>4&`N%a\x97\x8b\xfc4\x906C?\xd69\xa4\xc7\xf7\xa6/\xd21t\xaek\xe5z\xa1c\xa8\x126\xc2\x09 \x0e\xebf\xb4$\x98Q\x13U\xeb1\x02e\x8e\x830\xc9s\xd3\x97\x9c\xde b\x06\x95v{\xe6{\xe6x\xbeL\xb6\x04Nk\x1cG\x85\xe3m\xb5\xcdh[#\x05\xf4\xd8\xdf\x0a\xb1\x06D\xf1\xfe\xd6\x9a\xcd\xab\xb1\xbbw\x9a\xf3$\xc9_\xc2\xee{\xc5,\xd7\xc3\x00\xd6\xcfU]
as_response, CV5WJ42jPYbNW9JNWf
[kvno=<uninitialized>, cipher=18, ciphertext=\xa2B\x840\xcc\x83\xc93RM|\xa4\x9f\xbe\xe2\xf1\x0a\x99\xd4k0\xbe\xcb\x09\x86lW\xf4\xfd\xf00"\xf5\xbf\x8bE\xf7\x9a6H\x10\x08\x93\xd5\x9f\xd3\xbf\x0b\xe1w\x047\xe0\xb2G<\x84\x0a\xca\xd0\xd9f\xfc\x8d:)\x8b\xd2R\xda\xbe\xbd\xd1\x95H\xa9\xfd\x96C\xbb\xa6\xe5I?\x8a\xc0\xbb\xcc=>\x1b\x16R\x85\x87R\xa3\xfbV\xb66\xda\x18\xc4\x85B\x06:hLA\xcdE\xb2\xbd\xa6\x99\xa8Dy\xfb\x0c&\x84\xca\xc4\\xa1\x03\xae\xce\xa20u\x95\xd10\xb8\x16\xcd\xa2c\xb3\xb8\xfb\xec\xa5\xfc\x938\xc4\x93\x9b\xe9\x86\xa1\xd5\xc0\x19`\x85\xe7\xb2v(\xffr\xea\xf4\xa1\x98\x08\xea\x95@\xbb\xf7\xe5\x94~\x0c\xc2t\x8a\x83\xbe\x80\xbe\xf9\x9a\xf7\xf8\xad\x13h\x8bhxs\xee\xaf\xb8S\xe0\xd4\xbcF!\x9co\x0eF32\x90\x91a.0d\xa8\x9dF\xe4\xdbTQ\xc6W\xad\xad\x98\x16\x87 B\xa4\x1ay\xfb\xb7o\xbfJ\x854\x12W\x03\x16\xad=`\x14\xe9\x92\x08U\xf88]
as_response, CPhDKt12KQPUVbQz06
[kvno=<uninitialized>, cipher=18, ciphertext=\xd3(RO-0@wH\xe8c\xd63\xc3\x92\xb5\xf6!\x04\xd3d\xca@\xc5e\xd8\xe4\xfb\xb2\xddo\x18\xb7\x89\x88+\x01\xb9\x8d>%q+2\x80\xd6O\xe8_\x9b\xf9X\xbb\xab\x16|\xbe\xbb\xd1\xa0\xeb\xc5\xdb\xcd\x97\xcb\xd9\x9d\xa6b\xa4\xeb\xe5\x04\xef\xa9\x1b\x9dIL\xa3\x04\xe5m\x1d\x00\xcd}i\x07\xf1\x9eI\x8ea\x1d\xad\xa2\xa7a\xfcA\xb8\xe9\xff\x95\xa1\xcdj\xc9\xcf\xff~\xf01Q\xdcFqJ\xdb\x05\x93"7\x99#\xe6\xaa\x81\xce\x0d\x1c7G{\xebq\xe5\x88\xf0\xeaU\xe65\x8d*\xf8h\xda\xc0\xc4\xf2\x0d2\xd0\xdbe\xae\xc3\xbd+\x9d\x08^Z\xba\x1f\xa2\xeao\xd0\xbbU\x85Bd\xf9v\x93^HGD[\x050?\xd2\xaa\xf0\x0a#}\xb0y\xb4\xcf\xe3l\xc9\x7f&\xe5\x8bS\xe1\xae\x1f><\xaa\xc0\xebV(V1\x1b\xf0\xac\xa3\xa1\xc9{\xd5\xeaqPBi_^\xaf\x96\xeefJ\xd7\x06Bx\xba\x01\xff@AGG\x9dA\x84o\xf0\x1f\x0d\x07\x0f\x93q]
as_response, CAnFrb2Cvxr5T7quOc
[kvno=<uninitialized>, cipher=18, ciphertext=\xd0\xb1\xde\xed\xdc-\xbf\x91\xa7E\xd9\x15S\xdd\x1e\x9d\xad#@q\xed\xf1\x93\xd6\xb8S1\xdc\xbb\xeb,\x93Y,P\xed\x93Z\xa8\x8e\xc9\x84mqu\xb5\xce\xcc1~\xc7\xd5\xc2u\x1co\x03b\xa5-\xac\xa4\xf8\x94M\xc3\xe2Hw\x91\xd1\x0e.\xf0\x94\xfc^N\xba/\xf1k\x16\x1e4\xd5\x1f@\xdd\x18\xceg\xcev\xa0o\x10\xbc\x1e82\xbf\xd1[\xcd\xaa\x14^z\xbd\xbbz\xa41\xf4\xfb\xb4m6\xbb\x17\xb1\xe1\xcf\xa2\xfe\x19Q?\x8e\xe0\xcb\x8b\x91Ks(\xba\x0e\x83\xf5\xaa\x9c\xa4\x8dv{\xc3G\x06f\xa40E\x1d\x0f\xac\x8a8\x17\xa5s\xddA\x9f\x03#\xdf\x92W\x1af\x91\xe6\xda\x1c\xb9\xbe\xb3\x12za\xbe\xcaf\x8ej\xb0\x97|\x8c~\x8b\xf6\xa70D\x9eU\xae\xf6\xf9$?\xfd\x89Wv\xfe!\xf1\x18\x97J\xa4\x84<\xb8\xf84\xdd=\xa4\xdd\x0a.\xab\xf6\xba\x1bF\xfb2\xfcN\xcf\xceu0&\xc7\xc9\xa7\x08\xa5\xf4E\xe4\x92\xc0&D=-\xc2-\xf1:\xa8\x0ae\x07\xae\xa4\xc3JF\xec\xb1>\x12\xcb\xde\xcd\x09\x15\xad\xffr]
as_response, C8rquZ3DjgNW06JGLl
[kvno=<uninitialized>, cipher=18, ciphertext=Zu\xc8\x949\xeb7<C\xfc\xb5\xdd\xad]~\x89\xbfA\xaai\x8e\xf1\xeb\xca\xc4\x8f/\x8e\xae\xde\x1f\xfd\x13\x1cF\xe6l\xfbk\xec\x9e)hB\x8ap\x8c\x153\x1f\xa5x\xc6\xedm\x88\xa8\xa8\xdbu\xef\xb7k9\xbf\xda\xe8K4\xbf\xf9B\xc3:\x19S\xd4\x83\xec\x1d\xa2^V3e\xf2\xe8\x0f\xe2\xe8\x19\xa9\x81\x0dW\xf7\xf0F`t\xd9\x87\x90E\xcdnV\x14yRk\xc9\xb2\xe2\x8bU3\x9159\x81.8\xeds\xceo\xef\x9d\xf7^\xdb\x90\x96T\x0d\x04\xd1\x09v\x15\xbc\xc5\xea\x10g\x80\x15\x1c^P8v\xbc=\x80\xce\x84,\xf1B\xff\xa0\xfeAR\xc3{\x88\x1a\x06Dcj\xb6a\x81\x8c|X#\x1fN\x0d\x93\xeb\x04\x94\xbfn\xb3\xd4\x93\x84UM\xe86\x04Y\x8aA\xb7\xba\x0e\x9f)\x7f\xf6\x8c_\xd8a\xdf<\x9be\xcd\xf2\x9f\xd5\xcc\xee\xf0]\x8b\xcd\x8ff\xa8\x08\xbf<\x85_\xe9u\x01\xdc\xae\xc3\xdf/\xf3\xfc\xc8\xad4\x02}\xcc\xf4\xaa1\xef\xbc\xd0\x10%\xaf\x8e_\x1c\x18\xd3\xbc\x19\x98\xc2-\x98\xe0}_\xee\xe9`\x1f\xac]
as_response, CzrZOtXqhwwndQva3
[kvno=<uninitialized>, cipher=18, ciphertext=,\x18:\x8cqA*\xfak\xdf\xf6\xa3\x09\xe2\x14hMU(]\xcc\xae\x13\xa5\xb7\xa1e,\x05c\xc9\xc1\x8d\xdeys\xae\xb0_\xa3\x1b9."\xb2f\xca>\x138\xe3\xe7RI\x86\xd8\xa6\xad\x8a\x12\xf7\xfa\xd4%^N\xa0\x1bB\xec[\x0fg\xdbP\xdd\xc4\x88\xf6zE -\xd4\xd9\xdeA\xack\xc0L\xa5+\xe7@f\xdfg\xa7\xa9o\x0a~&<\x94-V\xf5v\xf6W\x0dU\xf3\xfd\xd8R!\xcb\xad \\x00\xdc\xa8wI\x0c\x0aw\xa6\xf1\x11G.A\x16)\x80\xda~7\x09v,\xdb\xed\\x9c\xcb\x8fv\x0a\xf3Bi\x85\xb8\x80\xd9G\xb0"\x11\xd2\x97\x8eB\xbe\xa5"*c\xbe[6\xa2\xbc\xd0xL\x04'?\xf8\x83\xcd\xe7\xad\xff\x0d\x04\xe8"\xb9\xcfT\x0f\xd8\x15Kw\xddw\xc7h\xea\x14\x99\xdd\xa4\x9b\x7f\x1fM\xad\x92\xa2\x06\xe3\xcb\x98\xfe\x16~nb\xc1{\x1a\x852!\xb4^4\xc0\xd5\xa5(\x9b{\xfc\xdaa\xf0A\xb1\xde\xba\x08\xb8\xcb0\xa2\xb0\xec\x8f\xc0\xd4\xda\xdb\x0e\x04\xbfR\xccA\xf8\xf48\x1b\x04\x1f\xa8\x0a\xc1]]
as_response, CaGCc13FffXe6RkQl9
[kvno=<uninitialized>, cipher=18, ciphertext=\xbap\xd1\xa3P\xdc(\x9f6\xca_}\xd9\xf5\x02\x82O>F\xd2\xab\xf6\xa3S\x12\xe1}\x7f\xb6\xba\xd23grL/\xa5XQ\xbe\xe8eWb\xc0\xa4\xa4%X\xdb\xc1\x92\xa4\x07\xd9B\xc5V\xcdQ]N\xdb\x9b\xc1J\x9f\x14\xb1a\x1dKZ\xf3\xb0s\x9f\x0b\x0b\xf0\xcd\xe3.;GFBhX\xf4M\xd3\xe0>\xf5%\x876\x00E\xcaR\x96|\x9f<\xc9\x1b#\xa61\x7f\x8e\xb4\xdd\x17\xd4\xad\x061%\xa2\xb2\xd1\x85\xb7\xb5\xa5\xaf\xd4\xae\x1d\xcd-\xd8!i\x07\x8a`\xfe\x03\xdc3\xce\x07\x17\x0b\xa3fU\xb5\x84\x0c\xed\xf5,\x03\xa0\xac\xef\x97\xb1\x83r\xd1\x99\x07wb\x8aAo:\xc3\x08\xb3\xf9\x88\xe6\i\xd7t\xdc \x08\xfd\x01\xe8\xe3\xf16\xe2\xe4\xab\x1c4\x04\x0e'\x0a\x9b]\x04|h\x03/\xa2S\xb5\x0f\xac\x0d\x0b\xeb\x9f~A6n\xc4W\xae\xdeC\x1e\xd7\xe6\xce\\x0eTMH\x9e\x8f\x8e\x0f\x8bL~e\x99>\xbc\xdeJ\x06\xb6v\x09x\xf3\x11\xeeT\x17\xb6\x8f+\xf4\xd9\x01\x8c\xafP\xbb\xach\x10H}\xb3\xd3y\xe7\xac]
as_response, CNdne23ox8SQTgPoy3
[kvno=<uninitialized>, cipher=18, ciphertext=c\x03E\xa9c$\x0b\xd7\x93g\xcf"\xcaPP\x0fL}\x02k\xc7\x1c\xfblp\xe9D\xe7{ag\xbc\xee\xa8x@\xac;\x00\xa1"\x03\xb2\xa3nM\x18\xfc\xc3\xfe\xbd\x8e\xd5Ea\x85\x1c\x07P\xafV\xb8h\x06\x99\xd0\xd7\xd1\x0e\x1dY\x12x\xd7\xce\xc3I\x9f\x8f\xa8<\xdf\xf4\x14\xac\xecK@\xa7\xbb\xcf\xad\x0e\x02\xf7\x7f\xc0\xae\x90()8)\xd9\x00\xae\xa3:\x8f\x84q\x12O\xbdP\xc4v\x8d\xd0\xec\xe6\x0fx)\x86\xf9\xdb)4\xae\xe3\x02Nub\x8f\xa0\xd1\x98\xda\xf3\x90W\xe2\x03\xdb\xba5\x94V\xddY\xe1\xb3\xe8;\xe9\xe1\xe7#T\x8f\x09Od\x92\x97\x91\x1f\x00\xd7\xc32c\x92!1-\xb1 N\xa3"U\x99X\xe9\xe1\xdd.\xd4\xb2t\x93\xa8\xd2\x91\xab\xdc\xd5\xd0\xf6\xea\x91\xe7.\xe4K\xd0\x95\x97|\x82*\x86B;\xc9+M\x9e\x1dL-\x8d\xb8\x85\x97\xb2\xf3r\x10\x8c|b\xd4\x03\xd0\xaf\xbd4\xc0\xde\xc1\xd8+.\xf8\xf3[V~3j\x09\x08\xe0\xa1M\xc4]
as_response, CTrywc2ra7tcWn2af
[kvno=<uninitialized>, cipher=18, ciphertext=&Q\xcd\x9d\x90%h\x83\xac]\x1c\x82\x19\x88\xea\x08\xef\xd9I\xe4^&\x88J\x8c\x1e\xb7\x09\xaf\xde\x16\x0ak\xd59\x82\xd4w\x95/\xc3\xbe\xdb\x1f\xa5<\xdf\x1e\xe4x:P\xee\xe4\xb5\xab\x1dS[D\x9aI\x7f\xf8\xe3\\xf9\xde\xf3\x97\x15IE\x03,\xa2\xfa\x9c\x80Y|\x08\xa2\x15\xb3\xba\xfc\xeeo\x8d\xb9\xa6\x1c4_\xddI\x1f\xed\xe2OW\x96\xf4\xa0C\xeb\xf9;\x19B\xdaP+l?\xae\xf7\xe5'\x96$g\xf7\xd6\x02P@t\xf6u\x87\x82\xe2(\x1cK\xc1\xc8\xfc\xc8\xf9or{\x9c\xb9\xeb\xe7F+YZ\x9ba\xe5$\xc4\xb2\xeb\x07\x0aC\x1e\x7f\x9a\xd7U\xcew\x13\xb4\xd5\x01\xad\xd1\x98\xbdlyA#\xe5\x03;\x13\x16\x8b\xe4\xe8n\xe5\x87\xd2\x8f\xda\x80\xd8p \xf8\x07W1P\x90\xe8[5\xa6\xc9\xd8\xdb@\x13\xfdt/u\xd0"\xb5:\x15\x09M\xc1\xcb\x9fK\xbb-&\xa9\x0f\xf9\x9b0Bm\xd2\xa4?]\x0f\xde\x9f\x17\xe9"\x09\xbd\xf6\x0d\x07D?]+\xc9{\x87C\xa2m/\xa0-y\xd89\xea3\xbe\x9e\x06\xfd\xb4\x04]
as_response, CM4z3Z2rdNfyHYQ0Df
[kvno=<uninitialized>, cipher=18, ciphertext=O|'\xf1\x05\xc1\x86\xb2w\x03\x04\xfei\xe1\x14\xe9;V\xb8\xe4\x8cUSU\xf2\xfb\x9fR\xccC\xe8\xb9(\xc9 \x98\xe5qxtM\xee\xe9\xb3LF\xc3^\xea\x04\xe3\x85\xf1Up\x8c5\xde{\x06\xf4y\x16#\xd8\xf5\x18\xd6\xae\xd8\x8d:i=\xdcg,\xd1\x9c7\x0d\xc5\xb5)\x8el\x18\x9a\x08\xc5\xc6"\xae\xaa#\xb17B\x838\xaf\xd0R\x81K\xb7I.\x1d\xf0 \xc7\xd3\xee~\x0f\xe7\xb5g\xbc\x9b\xe6\x1f:(\x00\xb2\x95<\xdb\x8f\xd2\x15\\x1b\xcaw\xd3\xe2*X\xac\x9a\\xda\xbd\xb5\xf7"\xeb\xe7\xd4\xb6\x068\x88\x13\xa9n\x1fC.\x94\\x1c\x83\xdb\xaa\xba!!V\xef\x88\x1c\x85p\xe6\xc9\x859\x9f\xec\xc8(\xb1\xc3\x84\x15\x80Gk\x85\xe5<j4\xb0\xca]\xcc2\xbe\x92\xbd\xa3\x91\xa3\xe9\xf8wq\x02=\x8bOE\xb24\xd7\x87\xaf\xc8\xe2)C\x04\xcf\xf1OR\x11\x16e\xab\xd3\x8d|PO\x85\xd9\x95\x13\xdb\xf2\xa0Q\x1e\xa9\x1a\x85BG\x08!E\xb9y\x02C\xd7\xb9k\xc6\xc1\xd2\xacla*\x18\xec\x7f\xdf\x98S\xab]
as_response, CtEfXf4f39NRDu1Dr4
[kvno=<uninitialized>, cipher=18, ciphertext=\x98\xfa[\x06\x0cc\xf1\xc4\xa9\xa9B\xb4\xd67\x89+\xa4\x06\x99\xfb\x9c\x08\x87r\xf41g\x13\xe6\xee\xe14\xe2sQ\xc4\x14\x07\xb4?\xb0\x84\xbdM\xdb\xe9\x8eA\xe6\xa2\x911\xe8\xd0\x18\xdf\xca\xbf,\xc736\xc2E\xd9\xd4\xca\xe0E}\xbcB\xd7\xe2\xb3\x891)\x06Op\xe0\xf2\xb9\xa6l\x0f\xabu\x80\xa8j\x00\x81_\xebz\xb6\xde\xe56\x1bGr\xe7\xc6\x9c\x9f\xf9\x9c\xb67>\x0c5\x1cj\xa5\xe0\xcf.-V\x17>\xc1Q\xc4\xffr\xe92\xe2\x039\xccQ\xfcA9\xd0{t\xb9\x14\xd9[\x9ft\xc8v\x96\xf4\xe1\xe2\x10g0v\x07'8^\xcf[\xd6$\xe2\xbd\xbf3\x94e\xfe4\xc4&\x1c\xfdV=#K6\xdd\xc7G\xff:T]\xe3\xe3]\x81\xaeYRl9\xeeA\xd6\xfbx5\xa6J#;\xfe\xb8\xcdF\x82\xf6lh2\x03E\x87\x1ag\x1a`v\x13wt\xdc\xf3X\xde\x14\xb8\xa1F\x95\x1bl\x98\xc0\xac\xd9\xe7\xcd\x88\xde\x82\xad3\xad_)I\x17\xcc\x16^x\xda\xef\x83\x19\x06\xd4\xea\x97\x08\x8b\x94T\xdd\xe3\xa2\xf6\xa9]
as_response, CjGaD11BLkmCG5cEVf
[kvno=<uninitialized>, cipher=18, ciphertext=\x1cM\x16}c~\xd0\xfc\xc3\x84\xbf\xc7{\xabM?\xab\xdd\xfa\x97\x99\xd48\xa6\xb4&\x1d)\xde\xb7\x8f\xad\xd9\xa5)\x86(\xb42-\x8dm\xb1Rw2\xb1\xb1\x92\xdf!\xc5q\x17\xaa\xabE\x04\x0aQ\x9d\x92\x0b\x8c*\xe2\x086"%U\x1dW\x14R\xe9\x1bz\x7f\xc8\xb1\x041;l\xb8@\xa2p?yv\x8eh\x8bR\xd1\x08\xb3\x9e\xe6\x88\xc3+l\xe5\xb1w\xe5A\xe0*l\xb7\xbb\x1ar.\x83@\xa3\xbbWxPG\xac\xec\x03n\xd6/\x90j\x09\x911n5Cy\xc3\xc3\xc8#\x8a\xdd\xfb\x9f\x12\xea\x83\xb9\x8e_\xc5\xce\x16<e\xc2\xf9\x08\xc9\x8a\xe2\x8c\xe1\xfa\xc2\xbf\x80\x92\x17<\x17\xf6S\xb8\x10CJ\xb5\x0f\x18\xc1-@d\x7f\x110}I\xa3nY\xaeh\x1b4\xbb\xc2\x9c\x1c,\xaaj,\xdc\xb2a\x84\xb6\xf8\xef\x94\xbc\xe5\x82\x10\x1fiQ\xcd\x88n\xaf\x0c\x14\x07i\xfb\xfc\x14\xa6vd\x97\x9eFb\x11`\xfa\x08\x0a\x03\xda\xec\x95@\xaa\xdb\xcb\x8blZ\x07\xa4]
as_response, CfQutTEgs3g8sUrsa
[kvno=<uninitialized>, cipher=18, ciphertext=\x0dW/\x18s\x19\xcf|\x89\xf9\xbb\xc4:'\xef\xf9z\xe4A\x8dC\x9c\xabj3\xf9J\xc6^k\xfc\xa0\xc7\xc0B\xd21S\x96_\x1c(h\xde\xc9\xfd*D\xa8/Z\xcc^\xe74\xef\xecA,\xa1\x90n]\xdb\xa5K\xa0hy\xf5}\xeak<\xd1+~\xc7\xe2\x0a\xd4Z\xed\xa2]ik\x8a\x1b\xc6\x0ev0- V\x9e\x8df\x14\xf15\xdb\xec\x81\x7f\x0a\xe7\x96\xe6\x01NB\xa8\x09;\x83\x9b\xe24\xff\x15m\x91\xdbl\x9d\xec}&p\x1c\x94\xcc\x9d5\xa9\x97\xee\x88d\x96V\x06\xf1\x99\x0a\x8c\x0aT\xed\xd3\x14\xbd\xa98$S\xdaiKx\xe4\xb0\xbc\xb8\x88\x14\xc2\xa9SV]\xd4\x19\xd2\xab\xa3X,\xb2\xb2\xa9xz\xc0o\x99\xd0\xb5\x9a\x82\x18\x82\xa8w\x93\x15\x95#D0\x8d\xab/\x8dZ\x0ca\x95A\xd7\x84\xf4)\x9c\x15\xcdc\x8ayvC\xa0\xda\x0a,D\x85S4Cw\x89>\xc3\x9dy\xc8\xb5)A^Y\xa8P\x9dA\x80B\xac\x18\xf7\xc8\xff_\xb5\xa3\xff\xed]
as_response, CKvlqe4bTVu5HNGrb1
[kvno=<uninitialized>, cipher=18, ciphertext=\x06\x1dA.\x8d\xba\xe1\xc54\xa4\x05\x96\x93\x93q\xe9\x16Wvf\xa8\x88\xc7\x97\x84\x0c%@\xd70\x1fAq\x8cZrX\x1bM\xe3\xf1'S\xe7\xceY\xf5\xdb\x88\xd6\xc8\xf9\x10n\x9e\x06\x1dD\xd4\x9ah\x03\x1e\xd7V8\xef\x13\xee+\xa8L\xf7q\xb1\xe9/\xac2U\xa1\x1fZs\x8432A\xfd],\xa1\xe9b.\xaf\xe1F\xd4\xc4\xdb\xce\xc0\x1eZ\xb1\xdfi\x06Q\xcaS\x98PQ\xa3\xf4]<\xe5\x8a\xf0\xc7\xa0^\xe9\x1dMN\xe9C\xfd\x7f\xb6?n\xfc= \x8e\xd5r*\xa7\x09\xc7\x0b\xf9\xe9\xbca\x1b\xe0M\xea\xff\x0a\xca\x94N\x0d\xd48\\x1aE\xc7\xfa\xc8\xccY\x04N\xf1\x16\xc3\xc7\xa7\xac\x83\x16l\xb0l\x9f\xf8?\x9c\x16\xbd\xe1\x82\x9c\xd5\xd58\xd3\x14\xb8\x93v|\x1e5\xe7f\xda\x81\x0e\xabO\x02\x15\xaa\xf78E\x192o\xf0\xd7\x9b\x80} \xeb\x0dk\xeeu(\xd22\xf0.\xae\x9b\x88\x14\xe91\xf5\x1f\xbb31\x0d\\xff6\xb3\x8d\xcbE\x09\xa9\xf5\xf2<]
as_response, C04EG53Yaw6dgjGT3k
[kvno=<uninitialized>, cipher=18, ciphertext=N\xfd\xa3\x0b\xa0#H\xaa\xf3K\xaaJ\xc6\x11]\x0f\xeb\xc9`\x92~\xd9\x0b~\x0b\xa0x\xaeV"\xd8ww\x04\x1b\x96\xbf\xee^\xbd4\xf6\xad\xfb\xc9V~4~\x80\xf3\xa8\xef\x8bB\xa9\xeb\xdd\x86\xb7\x0dO\x0c\xce\xfcq\x9d%\xce\x84\x9aJ\xc2\xc5\xa2\x85\x05\x1b\xc4\x1d\xaf\xe1e=\xb0y\xfby2\xb0$W\xe7\xb0\xd6x\xe2\x14\xd3\xfa\x9b\x03wV_0\xca8<Th4R\x05fr@Vw\x87\x04\xd7\xf1\xe9\xfc\x92M/\x05k\x13\x90\x19\xa7\x16\x8eU\xc7\xf8\xe1\xe8\x820K\xf7\xb3O\xea\x17\xea=\x10\x16\xac\xff\xa3\xf5\xa0P\x19s\x04fQ\x08\xe7\xecp\x0d\x9c\xbf\x0f\xa2H\x1c\xef\x1b\xeb\x86[-n\x1e\x86\xde\x11\xe3M\x81-c\x93\x19\xed\xb9g\xa6r\x85J\xf8h\xc1p\xabKs\xc9\xdb\xdd\x9d\xb9:\xfa\x1a0JN\x11h\x7f\xcc\xa9\xfe\x92\x97\x8d\x92P\x8d\x17T\xd2\x1f<\xae\xff\xb4w\xc8\xae\xcf\xd6i\x02>\xa5\x03\x98p\xe5\xe3\xcc\x09\xa3yQ\xbbS\x0cp\xc9\x7f\x1b\x0am(\x0a\x89\xbbA\x7f\x08\x9b\xbeS\x89\xca\xa0\xd1!\xca]
as_response, CdzNo91LLZlfe0pmT8
[kvno=<uninitialized>, cipher=18, ciphertext=/jq\xf7\xad\x92L\xe5:T\x7f\x9b\xe5\x17h=\x82 \x86\xb9\xeda\x17\xc6x\xd8F\x8f\x10\xc4\x11\x9e\x04\xc4o<\xebNR\xb3\xd4\xc1;9\xd3go\xe6\\xf9\xab\xe6HZ\xc5[\xa2$\x8ar\xdf\x9a\xb5\x19\xfa\xe6\x10\x97\x1d\xbe\x0f\xfe\xfc\xf8g\xae\xe7\xa1\xf5^\xa6[^Bed\xe4?\xaa\xf4\x9b\x95\xed\xe4\xec\xaf\x18\x05\x14O\xd1\xd4i[\xb3\xab\xf6)K\x8fx\xc2\xf8\x94\xb0\x856\xe7\x04\x87\x98a\xde\x97`"i\xb28\xe6\xf7m\xf9&E+\x17m$\xecA\xdc,,\xefC\x11\x84\x86\xf7\x06\xc7\x9f'\xd8\xd5Xc\x9f[\x92n\xb7\xb3)\xd8g\xee\xb8\xbe\xa26G\x0a\xf1e\xc7W\x0f\x1a\x83 >\x0cE\x8dy\x95u\xa6d\xe7\x7f\x9c\x05oS\x99\xb4[\xe4\x07\xb3=\xa3\xc4\xc6\xe2 \xd3\xb2\x90\xef\xc46\xadUx\x14\x98&JJZ\xfc\xf9\xff\x14\xee\xc7\x841o\xb0\xb6\xf7\xe2\xceZ\x14\xbe\xfcU\x11x\x18\x83\xe1\x15-\xe8\xe7|\x1a.\xc6\xa1\xb44\xae]
as_response, Cb2Rv3Wek35VDwxDk
[kvno=<uninitialized>, cipher=18, ciphertext==x\xdd\x86+G\xda,au()+zNX\xac*_3 \x02\x17r\x1e@R\x9bJ\x8e \x05\x14\xde\xfd\x18\x17\xeb\xa0\xf8\x13S\xf5b\x1e\xb3\xcda^\x94_\xb1'=Ryi\x06Jy)\x8a\xd3\x11ti\xfdv\x86\xed\xb5\xd8}?\xb7\x05\xec\K\xbal\x9e\xea\xaf\xc0\x16^\xedJ\xb4\x95\xfa\xf3\xb3G\x9f\x16\x03\x97B\xf6[y\xb9\xfd\xc4;\xbe\xa2\xc4E\x8b\x1eM\xaaHa\xae\x9f\x9d\xd0\xbe\xe1.}\xf5\x09\xccT\xefi\xe5\x1d?/\x8d\x05\xe8'\xf6\x8el\x04\x9a\xc6\x94\xb1k-q\xd7\xaa\xa9\xb4\xea\xc4\x82c\x09k\xd5\xc4\xb2xZ\xc7&\x1e\xc4\xaej\x83\xed\x14\xfd\x86\x05\xcf4\xe5r\x0b\xc1WS\x88\x1el\xca\x9e\x86^/\x9b\xaeO\x9f\xfd\x81Q\xa1\x8b\xc9Q\xb4\x98\xc1a\x97\x8c\x95\xfd\x87D~4w\xe75\xb5@\xd0\x10a\x972\xf8V\xca\xd3\xc1\xd1@\\x7f>\x99\xe4\xbc\x14f\x14\x8f"[P,|\x96\x9b\x82AVc\xfb\x89,P*\x05\xe8\xd1\xfa$P\xe6>,\xfdW\x7f}.\xad\x06\xc3\x02\xa5b\xd2A\xae]
as_response, CsLUyBLEs5x3GKtgk
[kvno=<uninitialized>, cipher=18, ciphertext=\xad#\x8a-h\xab\xc1\xd9\x105\xb1\x88\x11\xe4\xa3]c4Sa&\xe8t\xb6!\xe8h\xd8\xfa.\xd9\xea\x9e\xf9\\xbb\xf2\xbb\xb1\xfe\x91\x1340\x8e\x89\x0e\x1d\xd8\x1d\xd2\xf4a+C\xb7b\xaf\x91\x93\xdb\xf6\xae\xfc\x99\xd9\xbd4\xd7\xd4>\x8e:p\x80\xd4\x03\xdai\xa9\x08z\xc95\xe0\x0f,\xf6\xfe\x11TM\x80\x0aE"D\x81\x14\xc7\xbb\xed?\xb1\x9eR+\xdcj\xbep\x12\x147\xc7\x9e\x94\xd0\xb4\x05\x8d,\xd2]\x1d\xaf\x8e\x8a8\xa2\xfa\xf6\xd1\x0e\xb8,\xa2\xd9\xfd\x18!\xc7\xda\x11{\xadV[q1\xa2)\x1b\x00I\x8c\xbex\xd2\xd6\xd6\xda\x1953\xfb\x14\xf6\xa7L\xa9uLZ\xd8\xb6sEK\xa4\xdd\xdf\xbd\x82\x8ak\x1emx%&\x9e\xa8\x9ea\xb4\xed\x92*\xa8\x0cO\xb9\x05\x96\x8e\xf7\x92\xca\x89\xd4s\x97&0?\xff<=Re\\x1cD`\x06|\x17\x08\xad\xecL^&{B\x96N\xe1"y\xb3\x83\x8b\xddj\x15\xca\xe1\xb8\xadF\xd3\x82\x00\x93\x02Z\xf8=]
as_response, CkVqlMyWLZSpdNcPa
[kvno=<uninitialized>, cipher=18, ciphertext=mjK4\xa4+\x03XCf?\xdakS\xfccy\x97=\xba\x81*SG\x912\xe5 \x10\x9dV\x13\x8a\x18bF#TCe"D\xd5\xb5\xdf\x92\x9e\x88\xab\xf3\xc3\x97N\xb5?\xd5<\xa9\xdf\xe9,F \xb5\xfa\xa5\xa1#\x15\xec\xee\x918[\x1f\xe4\xc4\x8f\xb3\x0a\x1cd\xc3\x92\x1e\xea\xfc\x13\xdd2\xaf\xfe\xeaKA\x07\xd4I|R)\xac\xe5c8'S\xabn\x06\xb1\x06\x0a\xc0\xc7\xa0\x8dU\x99\xb4\xf0\x14\xb4gs\n0\xb4\xdf4\xec\x90\x01\xcd\xaa\xb0\x0d\x0b\xac\xf3t&\xb5\xacG9z\x96E\xfcK\xca\xd3]\x95\xb9\xfc`\x94|hazI\xa6\x04\x0cJa+&+{\xadB\xb6#\xc97K\xadD\x92l\x0e\xa1\xeb\x06\xbbab\x8eb\xcd\xeb\x14\xd8\xd0#\xb7\xa3\xd1\xfe\xbe/\x9a\x12\xd7\xd9\x8c\xac\xfb\x8c;'\xb8\x039a\xe5\xdc\x94\xa8\xe5\x1d\x08\xcf\xda\xcc\xf4E5\xf9r7\x04\xf5\x93cc\xc1\xc4\x83s\x1b*\x01Y\x9f9\xbdK\x00\x9c\xf4\xaa\xf0\x90\x11]
as_response, CQCAYJ2zCov16vZwf
[kvno=<uninitialized>, cipher=18, ciphertext=\xc5\xc2\xbfkP\xd3\xach\x03\x1e\x0b7\xef\xaf\x95L_-0Q\xf5\xbf\x0c\x86d5\xd3\x9fd\xf7\xda\xe1\x9f\x8e\xe0\x04\x85\xd0\xdbU\x84\xbc~\x8c\xa5\xe4\xee\xff\xdf\xe6lv\xb4\xea/\xa8\xf0\x96\x9fT\xa3\x9dL\x18\x17\x0d\xb9g\xda\xb7\xc5\xab\x0a7\x09\xe4\xb1\xe2\xb1#06\x90\xb7\x9c\xf5\xfc\xe2s3\xb7\x95\xf3\xcb\xc1\xa6;G\xbe\xce\xba\x02\xe8\xe09\x94\x0d\x88\x83\xf0\xc0.\x03z\x1e\x97\xc1X\x8a\xc3\x8f L\x82\xab\xec\xd21\xcb5\x99\xc8e\x8b\x06xB\x97\xf8\xcd\x17zwI\x14\xfc\xa3@t\x99\xee\xa4?\x81\xa3\x85l\x06\xb1r\xe4\xda\xbb\xaaf\x82G\x05\xb0\xc0\xbf\x19\x04\xb8;\x87\x1d\xd7e$\xd1\x85\xc4v\x9e.t\xc7\x19\x16\xe7dOiU\x1d\xc1\xe8\x0cKK\xc0?A\x85\xd6Besz\x03\x13\x89t7\xfbj\x8b\xb5\xf1\xfe\xe7"\xc4\x82\xa0\xce\x0e\xa3\xa4-,e\xf8\xab\xc7\xc0\xc2I\xd9\xf4a\xd5%\xa7t\x9a\xe7\x1a \xca\xb0\x0bZ\xfb\x17\x9e\xb8\xfb\x04]
as_response, Cil9Tc1rwfQS9uqdsb
[kvno=<uninitialized>, cipher=18, ciphertext=_g\xc5q\xef\x977>\xef\x97dl\xb0\xaeP\xc3N\xde\x00!\x84\xa4MG\xfc9\xe0\xc0\xee9K\xcb\x89\x0aZ2N1,\xd4\x8d\xcf\x0cW\xb7\xfa(~x\xb6\x08\xc9\xa8\xee\xc4G/\xea\xd3\x94\xca\xd0\xf7\xc0\x1c\x97\x90\xfe\xb3\xa6,\x14\x11\xef\x98=v\x8dO\xcd'>\x90\x85\xa9\xe5\x9e\xa5\x97[[G\x8e\x973\x1a(\xb7\x8a\xa9Nm\xbd\xcd0\xe8\x04\xa9\x85\x14\x91\x8b\x82\x8c\xc0\x10{\x1d\x98\xcb\x1aL\xf2\xbe\xc8;\xa1\xda\x05\xa3)\xda\x048\x88>\xdf\x12[\x07\x89\xea+[IjG\xe3\x10\xa3\x06\xa6\xbf\xf9"Ty\xe8\xdd$\x13\xf2w\xd5\xe5#\xf4:\xb0f\xd3\x0dQu\xb5\x1bl\x91\xc7A\xec,{\xfan\xff\xbb@\xdb0nJ>\xc20c\xd61D\xe7\xcb~\x88YbO\x99\xba|L\x81\xd7\x06!d\xea51\xaf\xd5-)\xab\x14\xa4 \xf31\x0b\x1a\x16\xb0\xb2\x07\x97&@\x82\x9e@\xd1\xd9H1W\xaa!\xc5\xedg\xb9B.\x7f\x1e\xa1\xf4W\xd9\xe7K\xd6k*\xd6\x00\xfa5\x19\xe4T\x7f\xe7\xe3D\xfd\xe5\x93\x9bi\x98\xd3]
as_response, CoVJDI3K3qTiTnPoV9
[kvno=<uninitialized>, cipher=18, ciphertext=\x9e\x7f\x11\x7f\x88RO\xc7\x01N8\x91\x0f\xf4\x1d\x91\xde\x06\\xd7JQ\xda\xe9\xfa\xab\x9a7T@z\xe0\x0c\x16\x81\xbe\xe5;A;\xa6\xb8T`\xeb\xd8R:\x16\x03\xc0A\xc6 :\xe7]\xd9>J\xc2\xb9\x89gv\xa5|\x94\x8bgo\x8c\x94d\xabu\xe0C\xa1\x16\xc3\x12\x02\x0el\x8a\xc8\xc3\x88I\xb9\x01\x96\xc1t\xc8p\xda\xa7\x0cK\xf6\x89=\xaa\xc57%\xf5\xc3U`(\xcc\xfb\x9c?N\x8b\x12\xf3\x01\x12\x1eI\x92\xd7\xb9*\xae\xbc\x14\xad\xf1\xae\xd7q\xf78\xe6\x91$aF\xe9\x8fb\xda\xeb\x06\xe8\x1f\x9a\x8e_\xc4\xaf=\x03\xe0\x80\x0b\xf2\x0f\x91\xd7n\xa6\xdb\x1b\xeb?gZ:\xc7\x82\x80\xa4\xba\xa7\xa0\xf8\xc3\xc7\x05</\xde\xd5\xd1\xe2 "m\x87.\x0b\x06Y\x0cA\xe7-\x80\xcb)\xb6+YD\x9c\x8d\x11b\xdbD\xe0\x8f"\x13\xc6S\xec\x96\x9b\x9c:\x91\x8bc;\xd2\xfe\xa4\xeaR\xbc\xd2\xb8\x15\xec @\x10 \x9d\x03F\xd8\x91JpC\xe8N\xf3\x88\x18T]
as_response, ChHNpz2Xf9xMo2lnC4
[kvno=<uninitialized>, cipher=18, ciphertext=\x9e\x7f\x11\x7f\x88RO\xc7\x01N8\x91\x0f\xf4\x1d\x91\xde\x06\\xd7JQ\xda\xe9\xfa\xab\x9a7T@z\xe0\x0c\x16\x81\xbe\xe5;A;\xa6\xb8T`\xeb\xd8R:\x16\x03\xc0A\xc6 :\xe7]\xd9>J\xc2\xb9\x89gv\xa5|\x94\x8bgo\x8c\x94d\xabu\xe0C\xa1\x16\xc3\x12\x02\x0el\x8a\xc8\xc3\x88I\xb9\x01\x96\xc1t\xc8p\xda\xa7\x0cK\xf6\x89=\xaa\xc57%\xf5\xc3U`(\xcc\xfb\x9c?N\x8b\x12\xf3\x01\x12\x1eI\x92\xd7\xb9*\xae\xbc\x14\xad\xf1\xae\xd7q\xf78\xe6\x91$aF\xe9\x8fb\xda\xeb\x06\xe8\x1f\x9a\x8e_\xc4\xaf=\x03\xe0\x80\x0b\xf2\x0f\x91\xd7n\xa6\xdb\x1b\xeb?gZ:\xc7\x82\x80\xa4\xba\xa7\xa0\xf8\xc3\xc7\x05</\xde\xd5\xd1\xe2 "m\x87.\x0b\x06Y\x0cA\xe7-\x80\xcb)\xb6+YD\x9c\x8d\x11b\xdbD\xe0\x8f"\x13\xc6S\xec\x96\x9b\x9c:\x91\x8bc;\xd2\xfe\xa4\xeaR\xbc\xd2\xb8\x15\xec @\x10 \x9d\x03F\xd8\x91JpC\xe8N\xf3\x88\x18T]
as_response, C2qZRm2yQg9RoQNkVg
[kvno=<uninitialized>, cipher=18, ciphertext=\x9d\x9f\x87\xb7\xa4_\xbesaey\xa3\xc3\x01\xe3\xec{\xa5b`k\x88m\xfc\x0b\xc8\xc8\x0b\x7f\xe6\xfc\xe9\x1a\xe2\xb2>Jo\xc6\xd02D,\x13\xe0\xe1E\xa7kX/\xdb\xd7\xa46w\xf3\x8e\xa14@\xb9|x~\x93\xf4\xdf(\xef\xed\xff<\xd2\x97%(9\x0dT\x08})\xd3\xb4\xea\x97^\xd0\xb2G\xb9&V\xf2\xfa{UQ\x10\xb6u\xbdZK\xce\xb7\xc2\xa3\xfep\xd0\xe0\xa4x-\x15d\xd0\x8a\x97\x7fw\xf0\xbaS\xdb'\xe0L\xa6tx%\xf3z\xb9T \x99\xbd\xc7\xdb\xb4\xe8F[#s,\xa0\xce\x0f\xb0"f\xb9sX3xM\x8f9]\xcfj'\x9e\xb6\x08SD\x1e6A\x03\x9f,\x9d\xd7\x8dD0I\xd62\xa4\xf4h&\x18\x88\xa3\xf1g|\x13xu\xb2Q\x84L2\x1d\x07Lk\xd4\xfc\xd7\xc8\x0fF\xcel\xfa\xb7\xf4\xefV\xa8\xf9\x00a*\xdd\x19h\xbf{\x98\xc0Q\xbd\xb1\x8c1\xc9Y\x97\xdcg\xe3\xd4!\xb5\x95\x96\xfb"\x18\xa4\xba\xa1\x813\x129]

3
testing/btest/Baseline/scripts.base.protocols.quic.analyzer-confirmations/conn.log.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

3
testing/btest/Baseline/scripts.base.protocols.quic.analyzer-confirmations/out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, Analyzer::ANALYZER_QUIC
analyzer_confirmation, 1692198386.837988, CHhAvVGS1DHFjwGM9, Analyzer::ANALYZER_SSL

2
testing/btest/Baseline/scripts.base.protocols.quic.chromium/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.chromium/quic.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.54.117 53727 110.213.53.115 443 1 95412c47018cdfe8 (empty) d5412c47018cdfe8 api.cirrus-ci.com h3 ISisH
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.54.117 53727 110.213.53.115 443 1 95412c47018cdfe8 (empty) d5412c47018cdfe8 api.cirrus-ci.com h3 ISishH
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.curl-http3/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

3
testing/btest/Baseline/scripts.base.protocols.quic.events/out
View file

@ -4,17 +4,20 @@
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, 1b036a11,
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, F, 1, , fc674735
1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , fc674735
1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , fc674735
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, fc674735,
1.0, handshake_packet, T, C4J4Th3PJpwUYZZ6gc, 1, ef3a4e06,
zerortt.pcap
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, b7c7841c64883e3261d840,
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, F, 1, , 8d2041ac
1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , 8d2041ac
1.0, handshake_packet, F, C4J4Th3PJpwUYZZ6gc, 1, , 8d2041ac
1.0, initial_packet, C4J4Th3PJpwUYZZ6gc, T, 1, 8d2041ac,
1.0, handshake_packet, T, C4J4Th3PJpwUYZZ6gc, 1, 5b7bc400,
1.0, initial_packet, CtPZjS20MLrsMUOJi2, T, 1, 15ae5e5e4962163f410b5529fc125bbc,
1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc,
1.0, initial_packet, CtPZjS20MLrsMUOJi2, F, 1, , e483a751
1.0, handshake_packet, F, CtPZjS20MLrsMUOJi2, 1, , e483a751
1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc,
1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc,
1.0, zero_rtt_packet, T, CtPZjS20MLrsMUOJi2, 1, 15ae5e5e4962163f410b5529fc125bbc,

2
testing/btest/Baseline/scripts.base.protocols.quic.firefox/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.fragmented-crypto/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.handshake/conn.log.cut
View file

@ -2,4 +2,4 @@
ts uid history service
0.015059 ClEkJM2Vm5giqnMf4h - -
0.001000 CHhAvVGS1DHFjwGM9 - -
0.648580 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
0.648580 C4J4Th3PJpwUYZZ6gc Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.handshake/quic.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 40084 193.167.100.100 443 1 a771f6161a4072c0bf10 (empty) 5911deff server4:443 hq-interop ISishIH
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 40084 193.167.100.100 443 1 a771f6161a4072c0bf10 (empty) 5911deff server4:443 hq-interop ISishhIH
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.retry/conn.log.cut
View file

@ -2,4 +2,4 @@
ts uid history service
0.000000 CHhAvVGS1DHFjwGM9 - -
0.016059 ClEkJM2Vm5giqnMf4h - -
0.669020 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
0.669020 C4J4Th3PJpwUYZZ6gc Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.retry/quic.log
View file

@ -8,5 +8,5 @@
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 1 4a8294bf9201d6cf (empty) - server4:443 hq-interop ISr
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 1 1b036a11 (empty) fc674735 server4:443 hq-interop ISishIH
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 42834 193.167.100.100 443 1 1b036a11 (empty) fc674735 server4:443 hq-interop ISishhIH
#close XXXX-XX-XX-XX-XX-XX

4
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.zerortt/conn.log.cut
View file

@ -2,5 +2,5 @@
ts uid history service
0.015059 ClEkJM2Vm5giqnMf4h - -
0.001000 CHhAvVGS1DHFjwGM9 - -
0.790739 CtPZjS20MLrsMUOJi2 Dd ssl,quic
0.718160 C4J4Th3PJpwUYZZ6gc Dd ssl,quic
0.790739 CtPZjS20MLrsMUOJi2 Dd quic,ssl
0.718160 C4J4Th3PJpwUYZZ6gc Dd quic,ssl

4
testing/btest/Baseline/scripts.base.protocols.quic.interop.quic-go_quic-go.zerortt/quic.log
View file

@ -7,6 +7,6 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
1.000000 CtPZjS20MLrsMUOJi2 193.167.0.100 49394 193.167.100.100 443 1 15ae5e5e4962163f410b5529fc125bbc (empty) e483a751 server4:443 hq-interop ISZisZZZZZZZZZZZZZZZZZZZZZZZZZZZIH
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 60492 193.167.100.100 443 1 b7c7841c64883e3261d840 (empty) 8d2041ac server4:443 hq-interop ISishIH
1.000000 CtPZjS20MLrsMUOJi2 193.167.0.100 49394 193.167.100.100 443 1 15ae5e5e4962163f410b5529fc125bbc (empty) e483a751 server4:443 hq-interop ISZishZZZZZZZZZZZZZZZZZZZZZZZZZZZIH
1.000000 C4J4Th3PJpwUYZZ6gc 193.167.0.100 60492 193.167.100.100 443 1 b7c7841c64883e3261d840 (empty) 8d2041ac server4:443 hq-interop ISishhIH
#close XXXX-XX-XX-XX-XX-XX

3
testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/conn.log.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

11
testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/quic.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path quic
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.4 53241 24.199.110.233 443 1 f21fdf87f736f235846c7f460ca017 1b3ff910 eab5f6f4 - h3 ISishhIH
#close XXXX-XX-XX-XX-XX-XX

11
testing/btest/Baseline/scripts.base.protocols.quic.merlinc2/ssl.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.0.0.4 53241 24.199.110.233 443 TLSv13 TLS_AES_128_GCM_SHA256 x25519 - F - - F Cs - - -
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.quicdoq/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.quicdoq/quic.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 46907 127.0.0.1 853 1 fda05288ab9ff546 0fb934775f247b8e a31f4933d8727231 - doq ISishH
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 46907 127.0.0.1 853 1 fda05288ab9ff546 0fb934775f247b8e a31f4933d8727231 - doq ISishhH
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.quicv2-echo-443/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.quicv2-echo-443/quic.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 49320 127.0.0.1 443 quicv2 fa603212c8688817af3d3238735bc7 (empty) b168b5cc localhost quic-echo-example ISIIisIH
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 49320 127.0.0.1 443 quicv2 fa603212c8688817af3d3238735bc7 (empty) b168b5cc localhost quic-echo-example ISIIishIH
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.quicv2-http3-443/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

2
testing/btest/Baseline/scripts.base.protocols.quic.quicv2-http3-443/quic.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version client_initial_dcid client_scid server_scid server_name client_protocol history
#types time string addr port addr port string string string string string string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 50841 127.0.0.1 443 quicv2 bdf0c5b27927cc667e58d95b 71b8f3f4 cdc8b6e6 - h3 ISishIHH
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 50841 127.0.0.1 443 quicv2 bdf0c5b27927cc667e58d95b 71b8f3f4 cdc8b6e6 - h3 ISishhIHH
#close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/scripts.base.protocols.quic.run-pcap/conn.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid history service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd ssl,quic
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 Dd quic,ssl

13
testing/btest/Baseline/scripts.policy.protocols.dns.detect-external-names-mdns-broadcast-2/notice.log Normal file
View file

@ -0,0 +1,13 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude
#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4 5353 ff02::fb 5353 - - - udp DNS::External_Name johanna-qemu-virtual-machine.local is pointing to a local host - fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4. - fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4 ff02::fb 5353 - - Notice::ACTION_LOG (empty) 3600.000000 - - - - -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4 5353 ff02::fb 5353 - - - udp DNS::External_Name johanna-qemu-virtual-machine.local is pointing to a local host - fd52:429e:c03c:8235:5968:5bc6:1563:f82f. - fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4 ff02::fb 5353 - - Notice::ACTION_LOG (empty) 3600.000000 - - - - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 10.0.2.7 5353 224.0.0.251 5353 - - - udp DNS::External_Name johanna-qemu-virtual-machine.local is pointing to a local host - 10.0.2.7. - 10.0.2.7 224.0.0.251 5353 - - Notice::ACTION_LOG (empty) 3600.000000 - - - - -
#close XXXX-XX-XX-XX-XX-XX

1
testing/btest/Baseline/scripts.policy.protocols.dns.detect-external-names-mdns-broadcast/notice.log Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

12
testing/btest/Traces/README
View file

@ -6,8 +6,9 @@ depend on them for tests.
Trace Index/Sources:
- modbus/modbus-eit.trace: Sourced from https://www.netresec.com/?page=PCAP4SICS, credit to https://cs3sthlm.se/. The packets in this trace were pulled from the 4SICS-GeekLounge-151021.pcap file.
- modbus/modbus-eit.trace:
Sourced from https://www.netresec.com/?page=PCAP4SICS, credit to https://cs3sthlm.se/.
The packets in this trace were pulled from the 4SICS-GeekLounge-151021.pcap file.
- [ldap/simpleauth.pcap](https://github.com/arkime/arkime/blob/main/tests/pcap/ldap-simpleauth.pcap)
- ldap/simpleauth-diff-port.pcap: made with
`tcprewrite -r 3268:32681 -i simpleauth.pcap -o simpleauth-diff-port.pcap`
@ -38,3 +39,10 @@ Trace Index/Sources:
- http/docker-http-upgrade.pcap
Provided by blightzero on #4068
https://github.com/zeek/zeek/issues/4068
- quic/merlinc2_Zeek_example.pcapng
Provided by Faan Rossouw on #4198
https://github.com/zeek/zeek/issues/4198
- pe/pe.trace
VirusTotal reports that this file contains malware. The PE analyzer was originally added
to decode info for malware, so this is expected. See
https://zeekorg.slack.com/archives/CSZBXF6TH/p1738261449655049

BIN
testing/btest/Traces/dns/mdns.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/quic/merlinc2_Zeek_example.pcapng Normal file
View file

Binary file not shown.

58
testing/btest/bifs/lookup_connection.zeek Normal file
View file

@ -0,0 +1,58 @@
# @TEST-DOC: Test lookup_connection() and connection_exists()
#
# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
event new_connection(c: connection)
{
local c2 = lookup_connection(c$id);
assert c$uid == c2$uid;
local cid: conn_id;
cid$orig_h = c$id$orig_h;
cid$orig_p = c$id$orig_p;
cid$resp_h = c$id$resp_h;
cid$resp_p = c$id$resp_p;
# Produces an error on .stderr because cid$proto wasn't
# initialized and then returns a dummy record.
local c3 = lookup_connection(cid);
assert c3$history == "";
assert c3$id$orig_h == 0.0.0.0;
assert c3$id$orig_p == 0/udp;
cid$proto = c$id$proto;
local c4 = lookup_connection(cid);
assert c$uid == c4$uid;
}
event new_connection(c: connection)
{
# This needs to hold.
assert connection_exists(c$id);
local my_id: conn_id;
my_id$orig_h = c$id$orig_h;
my_id$orig_p = c$id$orig_p;
my_id$resp_h = c$id$resp_h;
my_id$resp_p = c$id$resp_p;
# Produces an error because cid$proto wasn't initialized.
assert ! connection_exists(my_id);
my_id$proto = c$id$proto;
assert connection_exists(my_id);
}
event new_connection(c: connection)
{
# This crashed previously!
local my_id: conn_id;
local c2 = lookup_connection(my_id);
assert c2$history == "";
assert c2$id$orig_h == 0.0.0.0;
assert c2$id$orig_p == 0/udp;
# This also crashed!
assert ! connection_exists(my_id);
}

15
testing/btest/bifs/x509_verify.zeek
View file

@ -1,14 +1,7 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-expired-cert.trace %INPUT
# This is a hack: the results of OpenSSL 1.1's vs 1.0's
# X509_verify_cert() -> X509_STORE_CTX_get1_chain() calls
# differ. Word seems to be that OpenSSL 1.1's cert-chain-building
# code is significantly different/rewritten so may be the reason...
# @TEST-EXEC: cp .stdout stdout-openssl-1.0
# @TEST-EXEC: cp .stdout stdout-openssl-1.1
# @TEST-EXEC: grep -q "ZEEK_HAVE_OPENSSL_1_1" $BUILD/CMakeCache.txt && btest-diff stdout-openssl-1.1 || btest-diff stdout-openssl-1.0
# Fedora/RedHat have SHA1 disabled for certificate verification, re-enable it for testing by setting OPENSSL_ENABLE_SHA1_SIGNATURES=1
#
# @TEST-EXEC: OPENSSL_ENABLE_SHA1_SIGNATURES=1 zeek -b -r $TRACES/tls/tls-expired-cert.trace %INPUT >out
# @TEST-EXEC: btest-diff out
@load base/protocols/ssl

16
testing/btest/core/save-load-seeds.zeek Normal file
View file

@ -0,0 +1,16 @@
# @TEST-DOC: Save seeds and read and assure the UIDs are the same. Regression test for #4209
#
# @TEST-EXEC: zeek --save-seeds myseeds -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: mkdir save && mv *log save
# @TEST-EXEC: zeek-cut -m uid history service < save/conn.log >save/conn.log.cut
#
# @TEST-EXEC: zeek --load-seeds myseeds -r $TRACES/http/get.trace %INPUT
# @TEST-EXEC: mkdir load && mv *log load
# @TEST-EXEC: zeek-cut -m uid history service < load/conn.log >load/conn.log.cut
#
# @TEST-EXEC: btest-diff load/conn.log.cut
# @TEST-EXEC: btest-diff save/conn.log.cut
# @TEST-EXEC: diff load/conn.log.cut save/conn.log.cut
@load base/protocols/conn
@load base/protocols/http

10
testing/btest/language/type-expr.zeek Normal file
View file

@ -0,0 +1,10 @@
# @TEST-DOC: Test valid use of type expressions in scripts
# @TEST-EXEC: zeek -b %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff .stdout
event zeek_init()
{
# Try a couple of functions that take types
print from_json("\"aoeu\"", string);
print type_name(string);
}

12
testing/btest/scripts/base/protocols/krb/enc_part.test Normal file
View file

@ -0,0 +1,12 @@
# This test prints the enc_part value from the KRB::KDC_Response
# @TEST-EXEC: zeek -b -r $TRACES/krb/kinit.trace %INPUT > output
# @TEST-EXEC: btest-diff output
@load base/protocols/krb
event krb_as_response(c: connection, rep: KRB::KDC_Response)
{
print "as_response", c$uid;
print rep$enc_part;
}

15
testing/btest/scripts/base/protocols/quic/analyzer-confirmations.zeek Normal file
View file

@ -0,0 +1,15 @@
# @TEST-DOC: Test the order of analyzer confirmations for QUIC and SSL, QUIC should come first.
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
# @TEST-EXEC: zeek -Cr $TRACES/quic/chromium-115.0.5790.110-api-cirrus-com.pcap %INPUT >out
# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff out
# @TEST-EXEC: btest-diff conn.log.cut
@load base/protocols/quic
event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirmationInfo)
{
print "analyzer_confirmation", network_time(), info$c$uid, atype;
}

8
testing/btest/scripts/base/protocols/quic/merlinc2.zeek Normal file
View file

@ -0,0 +1,8 @@
# @TEST-DOC: Test PCAP for Merlin C2 from issue #4198
# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
# @TEST-EXEC: zeek -Cr $TRACES/quic/merlinc2_Zeek_example.pcapng base/protocols/quic
# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
# @TEST-EXEC: btest-diff conn.log.cut
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff quic.log

4
testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test
View file

@ -1,4 +1,6 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# Fedora/RedHat have SHA1 disabled for certificate verification, re-enable it for testing by setting OPENSSL_ENABLE_SHA1_SIGNATURES=1
#
# @TEST-EXEC: OPENSSL_ENABLE_SHA1_SIGNATURES=1 zeek -b -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# @TEST-EXEC: btest-diff .stdout
@load base/protocols/ssl

27
testing/btest/scripts/policy/protocols/dns/detect-external-names-mdns-broadcast.zeek Normal file
View file

@ -0,0 +1,27 @@
# Test verifies that mDNS broadcasts are not logged by default.
# @TEST-EXEC: zeek -b -C -r $TRACES/dns/mdns.pcap %INPUT
# @TEST-EXEC: touch notice.log
# @TEST-EXEC: btest-diff notice.log
##! First test - no log
@load base/protocols/dns
@load policy/protocols/dns/detect-external-names
redef Site::local_zones += {"example.inalid"};
@TEST-START-NEXT
##! second test - should output log due to changed config
@load base/protocols/dns
@load policy/protocols/dns/detect-external-names
@load base/frameworks/config
redef Site::local_zones += {"example.inalid"};
event zeek_init()
{
print Site::local_nets;
Config::set_value("DNS::skip_resp_host_port_pairs", set());
}

4
testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek
View file

@ -1,4 +1,6 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT
# Fedora/RedHat have SHA1 disabled for certificate verification, re-enable it for testing by setting OPENSSL_ENABLE_SHA1_SIGNATURES=1
#
# @TEST-EXEC: OPENSSL_ENABLE_SHA1_SIGNATURES=1 zeek -b -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT
# @TEST-EXEC: cat ssl.log > ssl-all.log
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log

6
testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek
View file

@ -1,6 +1,8 @@
# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# Fedora/RedHat have SHA1 disabled for certificate verification, re-enable it for testing by setting OPENSSL_ENABLE_SHA1_SIGNATURES=1
#
# @TEST-EXEC: OPENSSL_ENABLE_SHA1_SIGNATURES=1 zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
# @TEST-EXEC: OPENSSL_ENABLE_SHA1_SIGNATURES=1 zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
# @TEST-EXEC: mv ssl.log ssl-twimg.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log
# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT

2
testing/external/commit-hash.zeek-testing vendored
View file

@ -1 +1 @@
6a1cb339d394fe8d73c0f46e79bd13fbee507313
fe1c3a18274c2deaf060fa7c90e679d5244a99b1

2
testing/external/commit-hash.zeek-testing-cluster vendored
View file

@ -1 +1 @@
43966c3a8c1a1a9d2cc3c77aebdbded602bf2cb3
2d1f0ae518b26938e24bd26f701dab17e174a626

2
testing/external/subdir-btest.cfg vendored
View file

@ -25,4 +25,6 @@ BUILD=%(testbase)s/../../../%(build_dir)s
ZEEK_DNS_FAKE=1
# Fedora/CentOS/RedHat have MD5 disabled for certificate verification and need setting an environment variable to permit it:
OPENSSL_ENABLE_MD5_VERIFY=1
# Fedora/RedHat have SHA1 disabled for certificate verification and need setting an environment variable to permit it:
OPENSSL_ENABLE_SHA1_SIGNATURES=1
UBSAN_OPTIONS=print_stacktrace=1