Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 01:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into input

Browse source
This commit is contained in:
Bernhard Amann 2011-11-04 14:12:59 -07:00
commit 72736510de
26 changed files with 110 additions and 93 deletions
Download patch file Download diff file Expand all files Collapse all files

15
CHANGES
View file

@ -1,4 +1,19 @@
2.0-beta-19 | 2011-11-03 17:41:00 -0700
* Fixing packet filter test. (Robin Sommer)
2.0-beta-12 | 2011-11-03 15:21:08 -0700
* No longer write to the PacketFilter::LOG stream if not reading
traffic. (Seth Hall)
2.0-beta-10 | 2011-11-03 15:17:08 -0700
* Notice framework documentation update. (Seth Hall)
* Fixing compiler warnings (addresses #388) (Jon Siwek)
2.0-beta | 2011-10-27 17:46:28 -0700
* Preliminary fix for SSH login detection: we need a counted measure

2
VERSION
View file

@ -1 +1 @@
2.0-beta
2.0-beta-19

2
aux/binpac

@ -1 +1 @@
Subproject commit c379cefad994004e6ca5f6ba7de038ab6da3a5f5
Subproject commit e0b7d838c10da57d09a6645a64ee6fee47e0507d

2
aux/bro-aux

@ -1 +1 @@
Subproject commit 6c5c999d9fe05f0e08cc55af478b6e3e47d15c53
Subproject commit c876be28ab59a663ace668b63b14dc39936199df

2
aux/broccoli

@ -1 +1 @@
Subproject commit 8abb08f7f604bae286ddc7ae484dc7333ce7997a
Subproject commit 1553a19a559765989d7c0297e357f0402dff1a69

2
aux/broctl

@ -1 +1 @@
Subproject commit 8f535292ca45d1fe7207394dbf4768d4d13ab87b
Subproject commit 32ffde0e08d7f33aa20954755586174b4aa041c9

2
cmake

@ -1 +1 @@
Subproject commit bbf129bd7bd33dfb5641ff0d9242f4b3ebba8e82
Subproject commit 704e255d7ef2faf926836c1c64d16c5b8a02b063

3
scripts/base/frameworks/packet-filter/main.bro
View file

@ -144,7 +144,8 @@ function install()
$sub=default_filter]);
}
Log::write(PacketFilter::LOG, info);
if ( reading_live_traffic() || reading_traces() )
Log::write(PacketFilter::LOG, info);
}
event bro_init() &priority=10

2
src/Base64.h
View file

@ -44,7 +44,7 @@ public:
if ( analyzer )
analyzer->Weird("base64_illegal_encoding", msg);
else
reporter->Error(msg);
reporter->Error("%s", msg);
}
protected:

2
src/CompHash.cc
View file

@ -522,7 +522,7 @@ ListVal* CompositeHash::RecoverVals(const HashKey* k) const
}
if ( kp != k_end )
reporter->InternalError("under-ran key in CompositeHash::DescribeKey %ld", k_end - kp);
reporter->InternalError("under-ran key in CompositeHash::DescribeKey %zd", k_end - kp);
return l;
}

2
src/Debug.cc
View file

@ -797,7 +797,7 @@ int dbg_handle_debug_input()
input_line = (char*) safe_malloc(1024);
input_line[1023] = 0;
// ### Maybe it's not always stdin.
fgets(input_line, 1023, stdin);
input_line = fgets(input_line, 1023, stdin);
#endif
// ### Maybe not stdin; maybe do better cleanup.

2
src/Desc.cc
View file

@ -296,7 +296,7 @@ void ODesc::AddBytesRaw(const void* bytes, unsigned int n)
if ( ! write_failed )
// Most likely it's a "disk full" so report
// subsequent failures only once.
reporter->Error(fmt("error writing to %s: %s", f->Name(), strerror(errno)));
reporter->Error("error writing to %s: %s", f->Name(), strerror(errno));
write_failed = true;
return;

30
src/File.cc
View file

@ -149,7 +149,7 @@ BroFile::BroFile(const char* arg_name, const char* arg_access, BroType* arg_t)
t = arg_t ? arg_t : base_type(TYPE_STRING);
if ( ! Open() )
{
reporter->Error(fmt("cannot open %s: %s", name, strerror(errno)));
reporter->Error("cannot open %s: %s", name, strerror(errno));
is_open = 0;
okay_to_manage = 0;
}
@ -641,7 +641,7 @@ void BroFile::InitEncrypt(const char* keyfile)
if ( ! key )
{
reporter->Error(fmt("can't open key file %s: %s", keyfile, strerror(errno)));
reporter->Error("can't open key file %s: %s", keyfile, strerror(errno));
Close();
return;
}
@ -649,8 +649,8 @@ void BroFile::InitEncrypt(const char* keyfile)
pub_key = PEM_read_PUBKEY(key, 0, 0, 0);
if ( ! pub_key )
{
reporter->Error(fmt("can't read key from %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0)));
reporter->Error("can't read key from %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0));
Close();
return;
}
@ -671,8 +671,8 @@ void BroFile::InitEncrypt(const char* keyfile)
if ( ! EVP_SealInit(cipher_ctx, cipher_type, &psecret,
(int*) &secret_len, iv, &pub_key, 1) )
{
reporter->Error(fmt("can't init cipher context for %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0)));
reporter->Error("can't init cipher context for %s: %s", keyfile,
ERR_error_string(ERR_get_error(), 0));
Close();
return;
}
@ -684,8 +684,8 @@ void BroFile::InitEncrypt(const char* keyfile)
fwrite(secret, ntohl(secret_len), 1, f) &&
fwrite(iv, iv_len, 1, f)) )
{
reporter->Error(fmt("can't write header to log file %s: %s",
name, strerror(errno)));
reporter->Error("can't write header to log file %s: %s",
name, strerror(errno));
Close();
return;
}
@ -709,8 +709,8 @@ void BroFile::FinishEncrypt()
if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
{
reporter->Error(fmt("write error for %s: %s",
name, strerror(errno)));
reporter->Error("write error for %s: %s",
name, strerror(errno));
return;
}
@ -741,17 +741,17 @@ int BroFile::Write(const char* data, int len)
if ( ! EVP_SealUpdate(cipher_ctx, cipher_buffer, &outl,
(unsigned char*)data, inl) )
{
reporter->Error(fmt("encryption error for %s: %s",
reporter->Error("encryption error for %s: %s",
name,
ERR_error_string(ERR_get_error(), 0)));
ERR_error_string(ERR_get_error(), 0));
Close();
return 0;
}
if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
{
reporter->Error(fmt("write error for %s: %s",
name, strerror(errno)));
reporter->Error("write error for %s: %s",
name, strerror(errno));
Close();
return 0;
}
@ -798,7 +798,7 @@ void BroFile::UpdateFileSize()
struct stat s;
if ( fstat(fileno(f), &s) < 0 )
{
reporter->Error(fmt("can't stat fd for %s: %s", name, strerror(errno)));
reporter->Error("can't stat fd for %s: %s", name, strerror(errno));
current_size = 0;
return;
}

4
src/FileAnalyzer.cc
View file

@ -74,11 +74,11 @@ void File_Analyzer::InitMagic(magic_t* magic, int flags)
*magic = magic_open(flags);
if ( ! *magic )
reporter->Error(fmt("can't init libmagic: %s", magic_error(*magic)));
reporter->Error("can't init libmagic: %s", magic_error(*magic));
else if ( magic_load(*magic, 0) < 0 )
{
reporter->Error(fmt("can't load magic file: %s", magic_error(*magic)));
reporter->Error("can't load magic file: %s", magic_error(*magic));
magic_close(*magic);
*magic = 0;
}

4
src/LogMgr.cc
View file

@ -1453,8 +1453,8 @@ bool LogMgr::Flush(EnumVal* id)
void LogMgr::Error(LogWriter* writer, const char* msg)
{
reporter->Error(fmt("error with writer for %s: %s",
writer->Path().c_str(), msg));
reporter->Error("error with writer for %s: %s",
writer->Path().c_str(), msg);
}
// Timer which on dispatching rotates the filter.

12
src/OSFinger.cc
View file

@ -85,8 +85,8 @@ void OSFingerprint::collide(uint32 id)
if (sig[id].ttl % 32 && sig[id].ttl != 255 && sig[id].ttl % 30)
{
problems=1;
reporter->Warning(fmt("OS fingerprinting: [!] Unusual TTL (%d) for signature '%s %s' (line %d).",
sig[id].ttl,sig[id].os,sig[id].desc,sig[id].line));
reporter->Warning("OS fingerprinting: [!] Unusual TTL (%d) for signature '%s %s' (line %d).",
sig[id].ttl,sig[id].os,sig[id].desc,sig[id].line);
}
for (i=0;i<id;i++)
@ -94,8 +94,8 @@ void OSFingerprint::collide(uint32 id)
if (!strcmp(sig[i].os,sig[id].os) &&
!strcmp(sig[i].desc,sig[id].desc)) {
problems=1;
reporter->Warning(fmt("OS fingerprinting: [!] Duplicate signature name: '%s %s' (line %d and %d).",
sig[i].os,sig[i].desc,sig[i].line,sig[id].line));
reporter->Warning("OS fingerprinting: [!] Duplicate signature name: '%s %s' (line %d and %d).",
sig[i].os,sig[i].desc,sig[i].line,sig[id].line);
}
/* If TTLs are sufficiently away from each other, the risk of
@ -277,10 +277,10 @@ do_const:
if (sig[id].opt[j] ^ sig[i].opt[j]) goto reloop;
problems=1;
reporter->Warning(fmt("OS fingerprinting: [!] Signature '%s %s' (line %d)\n"
reporter->Warning("OS fingerprinting: [!] Signature '%s %s' (line %d)\n"
" is already covered by '%s %s' (line %d).",
sig[id].os,sig[id].desc,sig[id].line,sig[i].os,sig[i].desc,
sig[i].line));
sig[i].line);
reloop:
;

3
src/PolicyFile.cc
View file

@ -88,7 +88,8 @@ bool LoadPolicyFileText(const char* policy_filename)
// ### This code is not necessarily Unicode safe!
// (probably fine with UTF-8)
pf->filedata = new char[size+1];
fread(pf->filedata, size, 1, f);
if ( fread(pf->filedata, size, 1, f) != 1 )
reporter->InternalError("Failed to fread() file data");
pf->filedata[size] = 0;
fclose(f);

40
src/RemoteSerializer.cc
View file

@ -392,7 +392,7 @@ static bool sendToIO(ChunkedIO* io, ChunkedIO::Chunk* c)
{
if ( ! io->Write(c) )
{
reporter->Warning(fmt("can't send chunk: %s", io->Error()));
reporter->Warning("can't send chunk: %s", io->Error());
return false;
}
@ -404,7 +404,7 @@ static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id,
{
if ( ! sendCMsg(io, msg_type, id) )
{
reporter->Warning(fmt("can't send message of type %d: %s", msg_type, io->Error()));
reporter->Warning("can't send message of type %d: %s", msg_type, io->Error());
return false;
}
@ -419,7 +419,7 @@ static bool sendToIO(ChunkedIO* io, char msg_type, RemoteSerializer::PeerID id,
{
if ( ! sendCMsg(io, msg_type, id) )
{
reporter->Warning(fmt("can't send message of type %d: %s", msg_type, io->Error()));
reporter->Warning("can't send message of type %d: %s", msg_type, io->Error());
return false;
}
@ -715,7 +715,7 @@ bool RemoteSerializer::CloseConnection(PeerID id)
Peer* peer = LookupPeer(id, true);
if ( ! peer )
{
reporter->Error(fmt("unknown peer id %d for closing connection", int(id)));
reporter->Error("unknown peer id %d for closing connection", int(id));
return false;
}
@ -750,14 +750,14 @@ bool RemoteSerializer::RequestSync(PeerID id, bool auth)
Peer* peer = LookupPeer(id, true);
if ( ! peer )
{
reporter->Error(fmt("unknown peer id %d for request sync", int(id)));
reporter->Error("unknown peer id %d for request sync", int(id));
return false;
}
if ( peer->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't request sync from peer; wrong phase %d",
peer->phase));
reporter->Error("can't request sync from peer; wrong phase %d",
peer->phase);
return false;
}
@ -777,14 +777,14 @@ bool RemoteSerializer::RequestLogs(PeerID id)
Peer* peer = LookupPeer(id, true);
if ( ! peer )
{
reporter->Error(fmt("unknown peer id %d for request logs", int(id)));
reporter->Error("unknown peer id %d for request logs", int(id));
return false;
}
if ( peer->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't request logs from peer; wrong phase %d",
peer->phase));
reporter->Error("can't request logs from peer; wrong phase %d",
peer->phase);
return false;
}
@ -802,14 +802,14 @@ bool RemoteSerializer::RequestEvents(PeerID id, RE_Matcher* pattern)
Peer* peer = LookupPeer(id, true);
if ( ! peer )
{
reporter->Error(fmt("unknown peer id %d for request sync", int(id)));
reporter->Error("unknown peer id %d for request sync", int(id));
return false;
}
if ( peer->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't request events from peer; wrong phase %d",
peer->phase));
reporter->Error("can't request events from peer; wrong phase %d",
peer->phase);
return false;
}
@ -869,8 +869,8 @@ bool RemoteSerializer::CompleteHandshake(PeerID id)
if ( p->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't complete handshake; wrong phase %d",
p->phase));
reporter->Error("can't complete handshake; wrong phase %d",
p->phase);
return false;
}
@ -1138,7 +1138,7 @@ bool RemoteSerializer::SendCaptureFilter(PeerID id, const char* filter)
if ( peer->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't sent capture filter to peer; wrong phase %d", peer->phase));
reporter->Error("can't sent capture filter to peer; wrong phase %d", peer->phase);
return false;
}
@ -1215,8 +1215,8 @@ bool RemoteSerializer::SendCapabilities(Peer* peer)
{
if ( peer->phase != Peer::HANDSHAKE )
{
reporter->Error(fmt("can't sent capabilties to peer; wrong phase %d",
peer->phase));
reporter->Error("can't sent capabilties to peer; wrong phase %d",
peer->phase);
return false;
}
@ -3011,8 +3011,8 @@ bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer)
{
if ( ! sendCMsg(io, msg_type, peer ? peer->id : PEER_NONE) )
{
reporter->Warning(fmt("can't send message of type %d: %s",
msg_type, io->Error()));
reporter->Warning("can't send message of type %d: %s",
msg_type, io->Error());
return false;
}
return true;

4
src/SerialObj.cc
View file

@ -19,7 +19,7 @@ SerialObj* SerialObj::Instantiate(SerialType type)
return o;
}
reporter->Error(fmt("Unknown object type 0x%08x", type));
reporter->Error("Unknown object type 0x%08x", type);
return 0;
}
@ -29,7 +29,7 @@ const char* SerialObj::ClassName(SerialType type)
if ( f != names->end() )
return f->second;
reporter->Error(fmt("Unknown object type 0x%08x", type));
reporter->Error("Unknown object type 0x%08x", type);
return "<no-class-name>";
}

4
src/StateAccess.cc
View file

@ -350,7 +350,7 @@ void StateAccess::Replay()
v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0);
}
else
reporter->Error(fmt("access replay: unknown record field %s for assign", field));
reporter->Error("access replay: unknown record field %s for assign", field);
}
else if ( t == TYPE_VECTOR )
@ -411,7 +411,7 @@ void StateAccess::Replay()
v->AsRecordVal()->Assign(idx, new_val, OP_INCR);
}
else
reporter->Error(fmt("access replay: unknown record field %s for assign", field));
reporter->Error("access replay: unknown record field %s for assign", field);
}
else if ( t == TYPE_VECTOR )

8
src/bro.bif
View file

@ -2181,7 +2181,7 @@ function send_id%(p: event_peer, id: string%) : bool
ID* i = global_scope()->Lookup(id->CheckString());
if ( ! i )
{
reporter->Error(fmt("send_id: no global id %s", id->CheckString()));
reporter->Error("send_id: no global id %s", id->CheckString());
return new Val(0, TYPE_BOOL);
}
@ -2250,7 +2250,7 @@ function get_event_peer%(%) : event_peer
Val* v = remote_serializer->GetPeerVal(src);
if ( ! v )
{
reporter->Error(fmt("peer %d does not exist anymore", int(src)));
reporter->Error("peer %d does not exist anymore", int(src));
RecordVal* p = mgr.GetLocalPeerVal();
Ref(p);
return p;
@ -3295,13 +3295,13 @@ function identify_data%(data: string, return_mime: bool%): string
if ( ! *magic )
{
reporter->Error(fmt("can't init libmagic: %s", magic_error(*magic)));
reporter->Error("can't init libmagic: %s", magic_error(*magic));
return new StringVal("");
}
if ( magic_load(*magic, 0) < 0 )
{
reporter->Error(fmt("can't load magic file: %s", magic_error(*magic)));
reporter->Error("can't load magic file: %s", magic_error(*magic));
magic_close(*magic);
*magic = 0;
return new StringVal("");

2
src/scan.l
View file

@ -1030,7 +1030,7 @@ void clear_reST_doc_comments()
if ( ! reST_doc_comments )
return;
fprintf(stderr, "Warning: %lu unconsumed reST comments:\n",
fprintf(stderr, "Warning: %zu unconsumed reST comments:\n",
reST_doc_comments->size());
print_current_reST_doc_comments();

30
src/util.cc
View file

@ -478,22 +478,22 @@ bool ensure_dir(const char *dirname)
{
if ( errno != ENOENT )
{
reporter->Warning(fmt("can't stat directory %s: %s",
dirname, strerror(errno)));
reporter->Warning("can't stat directory %s: %s",
dirname, strerror(errno));
return false;
}
if ( mkdir(dirname, 0700) < 0 )
{
reporter->Warning(fmt("can't create directory %s: %s",
dirname, strerror(errno)));
reporter->Warning("can't create directory %s: %s",
dirname, strerror(errno));
return false;
}
}
else if ( ! S_ISDIR(st.st_mode) )
{
reporter->Warning(fmt("%s exists but is not a directory", dirname));
reporter->Warning("%s exists but is not a directory", dirname);
return false;
}
@ -506,7 +506,7 @@ bool is_dir(const char* path)
if ( stat(path, &st) < 0 )
{
if ( errno != ENOENT )
reporter->Warning(fmt("can't stat %s: %s", path, strerror(errno)));
reporter->Warning("can't stat %s: %s", path, strerror(errno));
return false;
}
@ -556,15 +556,15 @@ static bool read_random_seeds(const char* read_file, uint32* seed,
if ( stat(read_file, &st) < 0 )
{
reporter->Warning(fmt("Seed file '%s' does not exist: %s",
read_file, strerror(errno)));
reporter->Warning("Seed file '%s' does not exist: %s",
read_file, strerror(errno));
return false;
}
if ( ! (f = fopen(read_file, "r")) )
{
reporter->Warning(fmt("Could not open seed file '%s': %s",
read_file, strerror(errno)));
reporter->Warning("Could not open seed file '%s': %s",
read_file, strerror(errno));
return false;
}
@ -599,8 +599,8 @@ static bool write_random_seeds(const char* write_file, uint32 seed,
if ( ! (f = fopen(write_file, "w+")) )
{
reporter->Warning(fmt("Could not create seed file '%s': %s",
write_file, strerror(errno)));
reporter->Warning("Could not create seed file '%s': %s",
write_file, strerror(errno));
return false;
}
@ -1024,7 +1024,7 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
FILE* newf = fopen(tmpname, "w");
if ( ! newf )
{
reporter->Error(fmt("rotate_file: can't open %s: %s", tmpname, strerror(errno)));
reporter->Error("rotate_file: can't open %s: %s", tmpname, strerror(errno));
return 0;
}
@ -1033,7 +1033,7 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
struct stat dummy;
if ( link(name, newname) < 0 || stat(newname, &dummy) < 0 )
{
reporter->Error(fmt("rotate_file: can't move %s to %s: %s", name, newname, strerror(errno)));
reporter->Error("rotate_file: can't move %s to %s: %s", name, newname, strerror(errno));
fclose(newf);
unlink(newname);
unlink(tmpname);
@ -1043,7 +1043,7 @@ FILE* rotate_file(const char* name, RecordVal* rotate_info)
// Close current file, and move the tmp to its place.
if ( unlink(name) < 0 || link(tmpname, name) < 0 || unlink(tmpname) < 0 )
{
reporter->Error(fmt("rotate_file: can't move %s to %s: %s", tmpname, name, strerror(errno)));
reporter->Error("rotate_file: can't move %s to %s: %s", tmpname, name, strerror(errno));
exit(1); // hard to fix, but shouldn't happen anyway...
}

8
testing/btest/Baseline/core.print-bpf-filters-ipv4/output
View file

@ -2,19 +2,19 @@
#path packet_filter
#fields ts node filter init success
#types time string string bool bool
1318009349.267385 - not ip6 F T
1320367155.152502 - not ip6 T T
#separator \x09
#path packet_filter
#fields ts node filter init success
#types time string string bool bool
1318009349.503033 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) F T
1320367155.379066 - (((((((((((((((((((((((((port 53) or (tcp port 989)) or (tcp port 443)) or (port 6669)) or (udp and port 5353)) or (port 6668)) or (udp and port 5355)) or (tcp port 22)) or (tcp port 995)) or (port 21)) or (tcp port 25 or tcp port 587)) or (port 6667)) or (tcp port 614)) or (tcp port 990)) or (udp port 137)) or (tcp port 993)) or (tcp port 5223)) or (port 514)) or (tcp port 585)) or (tcp port 992)) or (tcp port 563)) or (tcp port 994)) or (tcp port 636)) or (tcp and port (80 or 81 or 631 or 1080 or 3138 or 8000 or 8080 or 8888))) or (port 6666)) and (not ip6) T T
#separator \x09
#path packet_filter
#fields ts node filter init success
#types time string string bool bool
1318009349.748468 - port 42 F T
1320367155.601980 - port 42 T T
#separator \x09
#path packet_filter
#fields ts node filter init success
#types time string string bool bool
1318009349.995387 - port 56730 T T
1320367155.826539 - port 56730 T T

8
testing/btest/core/print-bpf-filters-ipv4.bro
View file

@ -1,12 +1,12 @@
# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q F
#
# @TEST-EXEC: bro -e '' >output
# @TEST-EXEC: bro -r $TRACES/empty.trace -e '' >output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro PacketFilter::all_packets=F >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::all_packets=F >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -f "port 42" -e '' >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" -e '' >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff conn.log

8
testing/btest/core/print-bpf-filters-ipv6.bro
View file

@ -1,12 +1,12 @@
# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q T
#
# @TEST-EXEC: bro -e '' >output
# @TEST-EXEC: bro -r $TRACES/empty.trace -e '' >output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro PacketFilter::all_packets=F ssh >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace PacketFilter::all_packets=F >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -f "port 42" -e '' >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace -f "port 42" -e '' >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace conn >>output
# @TEST-EXEC: bro -r $TRACES/empty.trace -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace >>output
# @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff conn.log