Merge branch 'fastpath' of git://git.bro-ids.org/bro into fastpath

2025-10-12 11:38:20 +00:00 · 2014-09-26 14:48:58 -05:00 · 2014-09-26 14:48:58 -05:00 · 6e7a4a4fee
commit 6e7a4a4fee
parent f933899b17 57d0346789
155 changed files with 4512 additions and 2521 deletions
--- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro
+++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro
@ -0,0 +1,26 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT
+
+# In this trace, we should be able to determine that a gap lies
+# entirely within the body of an entity that specifies Content-Range,
+# and so further deliveries after the gap can still be made.
+
+global got_gap = F;
+global got_data_after_gap = F;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	if ( got_gap )
+		got_data_after_gap = T;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	got_gap = T;
+	}
+
+event bro_done()
+	{
+	if ( ! got_data_after_gap )
+		exit(1);
+	}
--- a/testing/btest/scripts/base/protocols/http/content-range-gap.bro
+++ b/testing/btest/scripts/base/protocols/http/content-range-gap.bro
@ -0,0 +1,8 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-gap.trace %INPUT
+# @TEST-EXEC: btest-diff extract_files/thefile
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename="thefile"]);
+	}
--- a/testing/btest/scripts/base/protocols/http/entity-gap.bro
+++ b/testing/btest/scripts/base/protocols/http/entity-gap.bro
@ -0,0 +1,24 @@
+# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT
+# @TEST-EXEC: btest-diff entity_data
+# @TEST-EXEC: btest-diff extract_files/file0
+
+global f = open("entity_data");
+global fn = 0;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	print f, data;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	print f, fmt("<%d byte gap>", length);
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename=fmt("file%d", fn)]);
+	++fn;
+	}
--- a/testing/btest/scripts/base/protocols/http/entity-gap2.bro
+++ b/testing/btest/scripts/base/protocols/http/entity-gap2.bro
@ -0,0 +1,24 @@
+# @TEST-EXEC: bro -r $TRACES/http/entity_gap2.trace %INPUT
+# @TEST-EXEC: btest-diff entity_data
+# @TEST-EXEC: btest-diff extract_files/file0
+
+global f = open("entity_data");
+global fn = 0;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	print f, data;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	print f, fmt("<%d byte gap>", length);
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename=fmt("file%d", fn)]);
+	++fn;
+	}