From 6bb6fed49fc88792f33aab894e0421d10417e124 Mon Sep 17 00:00:00 2001 From: Tim Wojtulewicz Date: Fri, 14 Oct 2022 13:51:53 -0500 Subject: [PATCH] Add btest that exercises the pcap filter warnings --- .../Baseline/core.pcap.filter-warning/notice.log | 11 +++++++++++ .../btest/Baseline/core.pcap.filter-warning/output | 2 ++ .../core.pcap.filter-warning/packet_filter.log | 11 +++++++++++ .../Baseline/core.pcap.filter-warning/reporter.log | 11 +++++++++++ testing/btest/Traces/ieee80211.15.4.pcap | Bin 0 -> 91 bytes testing/btest/core/pcap/filter-warning.zeek | 9 +++++++++ 6 files changed, 44 insertions(+) create mode 100644 testing/btest/Baseline/core.pcap.filter-warning/notice.log create mode 100644 testing/btest/Baseline/core.pcap.filter-warning/output create mode 100644 testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log create mode 100644 testing/btest/Baseline/core.pcap.filter-warning/reporter.log create mode 100644 testing/btest/Traces/ieee80211.15.4.pcap create mode 100644 testing/btest/core/pcap/filter-warning.zeek diff --git a/testing/btest/Baseline/core.pcap.filter-warning/notice.log b/testing/btest/Baseline/core.pcap.filter-warning/notice.log new file mode 100644 index 0000000000..901a31bc81 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/notice.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path notice +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude +#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double +0.000000 - - - - - - - - - PacketFilter::Install_Failure Installing packet filter failed ip or not ip - - - - - Notice::ACTION_LOG (empty) 3600.000000 - - - - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.pcap.filter-warning/output b/testing/btest/Baseline/core.pcap.filter-warning/output new file mode 100644 index 0000000000..fdfc24df5d --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/output @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/main.zeek, line 307: Warning while compiling pcap filter 'ip or not ip': IEEE 802.15.4 link-layer type filtering not implemented diff --git a/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log b/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log new file mode 100644 index 0000000000..040588d961 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path packet_filter +#open XXXX-XX-XX-XX-XX-XX +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek ip or not ip T F IEEE 802.15.4 link-layer type filtering not implemented +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.pcap.filter-warning/reporter.log b/testing/btest/Baseline/core.pcap.filter-warning/reporter.log new file mode 100644 index 0000000000..4da94c04f6 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/reporter.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path reporter +#open XXXX-XX-XX-XX-XX-XX +#fields ts level message location +#types time enum string string +XXXXXXXXXX.XXXXXX Reporter::WARNING Warning while compiling pcap filter 'ip or not ip': IEEE 802.15.4 link-layer type filtering not implemented <...>/main.zeek, line 307 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Traces/ieee80211.15.4.pcap b/testing/btest/Traces/ieee80211.15.4.pcap new file mode 100644 index 0000000000000000000000000000000000000000..eb2295319a14e6b9c4bf75159d5c49ab6aa16834 GIT binary patch literal 91 zcmca|c+)~A1{MYw`2U}Q;Tedt&NI1eIV*!PkO{&J9E=HI%Gv=$Apu4tHi*f{!SEeu H2m=EE#fl4~ literal 0 HcmV?d00001 diff --git a/testing/btest/core/pcap/filter-warning.zeek b/testing/btest/core/pcap/filter-warning.zeek new file mode 100644 index 0000000000..04a38f99e6 --- /dev/null +++ b/testing/btest/core/pcap/filter-warning.zeek @@ -0,0 +1,9 @@ +# Don't run for C++ scripts, since first invocation doesn't use the input +# and hence leads to complaints that there are no scripts. +# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1" +# +# @TEST-EXEC: zeek -r $TRACES/ieee80211.15.4.pcap >output 2>&1 +# @TEST-EXEC: btest-diff notice.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER='$SCRIPTS/diff-canonifier | $SCRIPTS/diff-remove-abspath' btest-diff reporter.log +# @TEST-EXEC: btest-diff packet_filter.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output