mirror of
https://github.com/zeek/zeek.git
synced 2025-10-16 21:48:21 +00:00
Merge branch 'master' into topic/vern/script-inlining
This commit is contained in:
commit
64631a2d9f
58 changed files with 1151 additions and 326 deletions
|
@ -1,6 +1,12 @@
|
|||
# Test-case for valid message format:
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/dns-edns-ecs.pcap %INPUT > output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
# Test-case for malformed messages:
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/dns-edns-ecs-bad.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/dns-edns-ecs-weirds.pcap %INPUT base/frameworks/notice/weird
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
|
||||
@load policy/protocols/dns/auth-addl
|
||||
|
||||
event dns_EDNS_ecs(c: connection, msg: dns_msg, opt: dns_edns_ecs) {
|
||||
|
|
|
@ -1,13 +1,19 @@
|
|||
# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary-aborted.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log > ssl-out.log
|
||||
# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: echo "tls13draft16-ff52.a01-aborted.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: echo "tls13draft16-ff52.a01.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: echo "tls13_psk_succesfull.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: echo "hrr.pcap"
|
||||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/hrr.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: btest-diff ssl-out.log
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load base/protocols/ssl
|
||||
|
||||
redef SSL::disable_analyzer_after_detection=F;
|
||||
|
||||
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
|
||||
{
|
||||
print "encrypted", c$id, is_orig, SSL::version_strings[record_version], content_type;
|
||||
}
|
||||
|
||||
event ssl_established(c: connection)
|
||||
{
|
||||
print "Established!";
|
||||
}
|
||||
|
||||
event ssl_probable_encrypted_handshake_message(c: connection, is_orig: bool, length: count)
|
||||
{
|
||||
print "Probable handshake", is_orig, length;
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue