Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote branch 'origin/master' into topic/bernhard/hyperloglog

Browse source 
Conflicts:
	src/3rdparty
This commit is contained in:
Bernhard Amann 2013-08-26 12:53:13 -07:00
commit 74f96d22ef
232 changed files with 9163 additions and 148274 deletions
Download patch file Download diff file Expand all files Collapse all files

4
testing/btest/Baseline/bifs.bloomfilter/output
View file

@ -12,8 +12,8 @@ error: false-positive rate must take value between 0 and 1
1
1
1
0, no fp
1
1, fp
1, fp
1
1
1

11
testing/btest/Baseline/bifs.levenshtein_distance/out Normal file
View file

@ -0,0 +1,11 @@
1
1
1
1
1
1
16
16
0
0
3

13
testing/btest/Baseline/core.leaks.ip-in-ip/output
View file

@ -1,13 +0,0 @@
new_connection: tunnel
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=UWkUyAuUGXf]]
new_connection: tunnel
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
encap: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=UWkUyAuUGXf], [cid=[orig_h=babe::beef, orig_p=0/unknown, resp_h=dead::babe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=arKYeMETxOg]]
new_connection: tunnel
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=UWkUyAuUGXf]]
tunnel_changed:
conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
old: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=UWkUyAuUGXf]]
new: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=k6kgXLOoSKl]]

4
testing/btest/Baseline/core.leaks.ipv6_ext_headers/output
View file

@ -1,4 +0,0 @@
weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2
[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp]
[ip=<uninitialized>, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=<uninitialized>, routing=<uninitialized>, fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>], [id=43, hopopts=<uninitialized>, dstopts=<uninitialized>, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=<uninitialized>, ah=<uninitialized>, esp=<uninitialized>, mobility=<uninitialized>]]], tcp=<uninitialized>, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=<uninitialized>]
[2001:78:1:32::1, 2001:78:1:32::2]

10
testing/btest/Baseline/core.leaks.vector-val-bifs/output
View file

@ -1,10 +0,0 @@
[1, 3, 0, 2]
[2374950123]
[1, 3, 0, 2]
[2374950123]
[1, 3, 0, 2]
[2374950123]
[1, 3, 0, 2]
[3353991673]
[1, 3, 0, 2]
[3353991673]

4
testing/btest/Baseline/core.print-bpf-filters/conn.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path conn
#open 2013-07-18-00-18-33
#open 2013-08-12-18-24-50
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1278600802.069419 UWkUyAuUGXf 10.20.80.1 50343 10.0.0.15 80 tcp - 0.004152 9 3429 SF - 0 ShADadfF 7 381 7 3801 (empty)
#close 2013-07-18-00-18-33
#close 2013-08-12-18-24-50

18
testing/btest/Baseline/core.print-bpf-filters/output
View file

@ -3,28 +3,28 @@
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2013-07-19-02-54-13
#open 2013-08-12-18-24-49
#fields ts node filter init success
#types time string string bool bool
1374202453.158981 - ip or not ip T T
#close 2013-07-19-02-54-13
1376331889.617206 - ip or not ip T T
#close 2013-08-12-18-24-49
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2013-07-19-02-54-13
#open 2013-08-12-18-24-49
#fields ts node filter init success
#types time string string bool bool
1374202453.437816 - port 42 T T
#close 2013-07-19-02-54-13
1376331889.904944 - port 42 T T
#close 2013-08-12-18-24-49
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2013-07-19-02-54-13
#open 2013-08-12-18-24-50
#fields ts node filter init success
#types time string string bool bool
1374202453.715717 - (vlan) and (ip or not ip) T T
#close 2013-07-19-02-54-13
1376331890.192875 - (vlan) and (ip or not ip) T T
#close 2013-08-12-18-24-50

9
testing/btest/Baseline/core.print-bpf-filters/output2
View file

@ -1,5 +1,6 @@
2 1080
1 137
1 20000
1 21
1 2123
1 2152
@ -38,8 +39,8 @@
1 992
1 993
1 995
42 and
41 or
42 port
31 tcp
43 and
42 or
43 port
32 tcp
11 udp

9
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2013-08-09-16-13-58
#open 2013-08-14-01-19-27
#fields name
#types string
scripts/base/init-bare.bro
@ -22,8 +22,11 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro
build/scripts/base/bif/plugins/Bro_File.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro
build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
@ -61,6 +64,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
scripts/base/frameworks/logging/__load__.bro
scripts/base/frameworks/logging/main.bro
@ -94,4 +99,4 @@ scripts/base/init-bare.bro
build/scripts/base/bif/top-k.bif.bro
scripts/policy/misc/loaded-scripts.bro
scripts/base/utils/paths.bro
#close 2013-08-09-16-13-58
#close 2013-08-14-01-19-27

14
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
#open 2013-08-09-16-13-37
#open 2013-08-14-01-19-28
#fields name
#types string
scripts/base/init-bare.bro
@ -22,8 +22,11 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro
build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro
build/scripts/base/bif/plugins/Bro_File.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro
build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro
build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro
build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro
build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
@ -61,6 +64,8 @@ scripts/base/init-bare.bro
build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro
build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro
build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro
build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
scripts/base/frameworks/logging/__load__.bro
scripts/base/frameworks/logging/main.bro
@ -162,6 +167,9 @@ scripts/base/init-default.bro
scripts/base/protocols/dhcp/consts.bro
scripts/base/protocols/dhcp/main.bro
scripts/base/protocols/dhcp/utils.bro
scripts/base/protocols/dnp3/__load__.bro
scripts/base/protocols/dnp3/main.bro
scripts/base/protocols/dnp3/consts.bro
scripts/base/protocols/dns/__load__.bro
scripts/base/protocols/dns/consts.bro
scripts/base/protocols/dns/main.bro
@ -206,6 +214,8 @@ scripts/base/init-default.bro
scripts/base/files/hash/main.bro
scripts/base/files/extract/__load__.bro
scripts/base/files/extract/main.bro
scripts/base/files/unified2/__load__.bro
scripts/base/files/unified2/main.bro
scripts/base/misc/find-checksum-offloading.bro
scripts/policy/misc/loaded-scripts.bro
#close 2013-08-09-16-13-37
#close 2013-08-14-01-19-28

1
testing/btest/Baseline/scripts.base.files.extract.limit/1.out Normal file
View file

@ -0,0 +1 @@
file_extraction_limit, 3000, 2896, 1448

3
testing/btest/Baseline/scripts.base.files.extract.limit/2.out Normal file
View file

@ -0,0 +1,3 @@
file_extraction_limit, 3000, 2896, 1448
T
file_extraction_limit, 6000, 5792, 1448

2
testing/btest/Baseline/scripts.base.files.extract.limit/3.out Normal file
View file

@ -0,0 +1,2 @@
file_extraction_limit, 7000, 5792, 1448
T

72
testing/btest/Baseline/scripts.base.files.extract.limit/extract_files.1 Normal file
View file

@ -0,0 +1,72 @@
The National Center for Supercomputing Applications 1/28/92
Anonymous FTP Server General Information
This file contains information about the general structure, as well as
information on how to obtain files and documentation from the FTP server.
NCSA software and documentation can also be obtained through the the U.S.
Mail. Instructions are included for using this method as well.
Information about the Software Development Group and NCSA software can be
found in the /ncsapubs directory in a file called TechResCatalog.
THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, FOR THE
SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT LIMITATION,
WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.
_____________________________________________________________
FTP INSTRUCTIONS
Most NCSA Software is released into the public domain. That is, for these
programs, the public domain has all rights for future licensing, resale,
and publication of available packages. If you are connected to Internet
(NSFNET, ARPANET, MILNET, etc) you may download NCSA software and documentation and source code if it is available, at no charge from the anonymous file
transfer protocol (FTP) server at NCSA where you got this file. The procedure
you should follow to do so is presented below. If you have any questions
regarding this procedure or whether you are connected to Internet, consult your local system administration or network expert.
1. Log on to a host at your site that is connected to the Internet and is
running software supporting the FTP command.
2. Invoke FTP on most systems by entering the Internet address of the server.
Type the following at the shell (usually "%") prompt:
% ftp ftp.ncsa.uiuc.edu
3. Log in by entering anonymous for the name.
4. Enter your local email address (login@host) for the password.
5. Enter the following at the "ftp>" prompt to copy a text file from our
server to your local host:
ftp> get filename
where "filename" is the name of the file you want a copy of. For example,
to get a copy of this file from the server enter:
ftp> get README.FIRST
To get a copy of our software brochure, enter:
ftp> cd ncsapubs
get TechResCatalog
NOTE: Some of the filenames on the server are rather long to aid in
identification. Some operating systems may have problems with names
this long. To change the name the file will have on your local
machine type the following at the "ftp>" prompt ("remoteName" is the
name of the file on the server and "localName" is the name you want
the file to have on your local machine):
ftp> get remoteName localName
Example:
ftp> get TechResCatalog catalog.txt
6. For files that are not text files (almost everything else) you will need to
specify that you want to transfer binary files. Do this by ty

157
testing/btest/Baseline/scripts.base.files.extract.limit/extract_files.2 Normal file
View file

@ -0,0 +1,157 @@
The National Center for Supercomputing Applications 1/28/92
Anonymous FTP Server General Information
This file contains information about the general structure, as well as
information on how to obtain files and documentation from the FTP server.
NCSA software and documentation can also be obtained through the the U.S.
Mail. Instructions are included for using this method as well.
Information about the Software Development Group and NCSA software can be
found in the /ncsapubs directory in a file called TechResCatalog.
THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, FOR THE
SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT LIMITATION,
WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.
_____________________________________________________________
FTP INSTRUCTIONS
Most NCSA Software is released into the public domain. That is, for these
programs, the public domain has all rights for future licensing, resale,
and publication of available packages. If you are connected to Internet
(NSFNET, ARPANET, MILNET, etc) you may download NCSA software and documentation and source code if it is available, at no charge from the anonymous file
transfer protocol (FTP) server at NCSA where you got this file. The procedure
you should follow to do so is presented below. If you have any questions
regarding this procedure or whether you are connected to Internet, consult your local system administration or network expert.
1. Log on to a host at your site that is connected to the Internet and is
running software supporting the FTP command.
2. Invoke FTP on most systems by entering the Internet address of the server.
Type the following at the shell (usually "%") prompt:
% ftp ftp.ncsa.uiuc.edu
3. Log in by entering anonymous for the name.
4. Enter your local email address (login@host) for the password.
5. Enter the following at the "ftp>" prompt to copy a text file from our
server to your local host:
ftp> get filename
where "filename" is the name of the file you want a copy of. For example,
to get a copy of this file from the server enter:
ftp> get README.FIRST
To get a copy of our software brochure, enter:
ftp> cd ncsapubs
get TechResCatalog
NOTE: Some of the filenames on the server are rather long to aid in
identification. Some operating systems may have problems with names
this long. To change the name the file will have on your local
machine type the following at the "ftp>" prompt ("remoteName" is the
name of the file on the server and "localName" is the name you want
the file to have on your local machine):
ftp> get remoteName localName
Example:
ftp> get TechResCatalog catalog.txt
6. For files that are not text files (almost everything else) you will need to
specify that you want to transfer binary files. Do this by typing the
following at the "ftp>" prompt:
ftp> type binary
You can now use the "get" command to download binary files. To switch back
to ASCII text transfers type:
ftp> type ascii
7. The "ls" and "cd" commands can be used at the "ftp>" prompt to list and
change directories as in the shell.
8. Enter "quit" or "bye" to exit FTP and return to your local host.
_____________________________________________________________
FTP SOFTWARE BY MAIL
To obtain an order form, send your request to the following address:
FTP Archive Tapes
c/o Debbie Shirley
152 Computing Applications Building
605 East Springfield Avenue
Champaign, IL 61820
or call:
Debbie at (217) 244-4130
_____________________________________________________________
VIRUS INFORMATION
The Software Development Group at NCSA is very virus-conscious. We routinely
check our machines for viruses and recommend that you do so also. For the
Macintoshes we use Disinfectant. You can obtain a copy of Disinfectant from
the /Mac/Utilities directory.
If you use Microsoft DOS or Windows you can find the latest virus scan from
the anonymous site oak.oakland.edu in the /SimTel/msdos/virus directory.
_____________________________________________________________
GENERAL INFORMATION
DIRECTORY STRUCTURE
The FTP server is organized as specified below:
/Mac Macintosh software
/PC IBM PC software
/Unix Software for machines running UNIX or equivalent OS
/Unix/SGI Software that primarily runs on Silicon Graphics
machines only
/Visualization Software tools for data visualization.
/Web World Wide Web tools, including Mosaic, httpd,
and html editors.
/HDF Hierarchical Data Format applications and tools
/Samples Samples that can be used with most of NCSA software
tools
/Documentation Currently being constructed, check each application's
directory for documentation
/ncsapubs Information produced by the Publications group,
including Metacenter announcements, data link & access,
a software listing, start-up guides, and other
reference documents.
/misc Miscellaneous documentation and software
/incoming directory for contributions
/outgoing swap directory
Information for a particular application can be found in the README file,
located in the same directory as the application. The README files contain
information on new features, known bugs, compile information, and other
important notes.
All directories on the FTP server contain an INDEX file. These files outline
the hierarchical structure of the directory and (recursively) all files and
directories contained within it. The INDEX at the root level contains the
structure of the enire server listing all files and directories on it. The
INDEX file in each software directory contains additional information about
each file. The letter in parenthesis after the file name indicates how the
file should be downloaded

425
testing/btest/Baseline/scripts.base.files.extract.limit/extract_files.3 Normal file
View file

@ -0,0 +1,425 @@
The National Center for Supercomputing Applications 1/28/92
Anonymous FTP Server General Information
This file contains information about the general structure, as well as
information on how to obtain files and documentation from the FTP server.
NCSA software and documentation can also be obtained through the the U.S.
Mail. Instructions are included for using this method as well.
Information about the Software Development Group and NCSA software can be
found in the /ncsapubs directory in a file called TechResCatalog.
THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, FOR THE
SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT LIMITATION,
WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.
_____________________________________________________________
FTP INSTRUCTIONS
Most NCSA Software is released into the public domain. That is, for these
programs, the public domain has all rights for future licensing, resale,
and publication of available packages. If you are connected to Internet
(NSFNET, ARPANET, MILNET, etc) you may download NCSA software and documentation and source code if it is available, at no charge from the anonymous file
transfer protocol (FTP) server at NCSA where you got this file. The procedure
you should follow to do so is presented below. If you have any questions
regarding this procedure or whether you are connected to Internet, consult your local system administration or network expert.
1. Log on to a host at your site that is connected to the Internet and is
running software supporting the FTP command.
2. Invoke FTP on most systems by entering the Internet address of the server.
Type the following at the shell (usually "%") prompt:
% ftp ftp.ncsa.uiuc.edu
3. Log in by entering anonymous for the name.
4. Enter your local email address (login@host) for the password.
5. Enter the following at the "ftp>" prompt to copy a text file from our
server to your local host:
ftp> get filename
where "filename" is the name of the file you want a copy of. For example,
to get a copy of this file from the server enter:
ftp> get README.FIRST
To get a copy of our software brochure, enter:
ftp> cd ncsapubs
get TechResCatalog
NOTE: Some of the filenames on the server are rather long to aid in
identification. Some operating systems may have problems with names
this long. To change the name the file will have on your local
machine type the following at the "ftp>" prompt ("remoteName" is the
name of the file on the server and "localName" is the name you want
the file to have on your local machine):
ftp> get remoteName localName
Example:
ftp> get TechResCatalog catalog.txt
6. For files that are not text files (almost everything else) you will need to
specify that you want to transfer binary files. Do this by typing the
following at the "ftp>" prompt:
ftp> type binary
You can now use the "get" command to download binary files. To switch back
to ASCII text transfers type:
ftp> type ascii
7. The "ls" and "cd" commands can be used at the "ftp>" prompt to list and
change directories as in the shell.
8. Enter "quit" or "bye" to exit FTP and return to your local host.
_____________________________________________________________
FTP SOFTWARE BY MAIL
To obtain an order form, send your request to the following address:
FTP Archive Tapes
c/o Debbie Shirley
152 Computing Applications Building
605 East Springfield Avenue
Champaign, IL 61820
or call:
Debbie at (217) 244-4130
_____________________________________________________________
VIRUS INFORMATION
The Software Development Group at NCSA is very virus-conscious. We routinely
check our machines for viruses and recommend that you do so also. For the
Macintoshes we use Disinfectant. You can obtain a copy of Disinfectant from
the /Mac/Utilities directory.
If you use Microsoft DOS or Windows you can find the latest virus scan from
the anonymous site oak.oakland.edu in the /SimTel/msdos/virus directory.
_____________________________________________________________
GENERAL INFORMATION
DIRECTORY STRUCTURE
The FTP server is organized as specified below:
/Mac Macintosh software
/PC IBM PC software
/Unix Software for machines running UNIX or equivalent OS
/Unix/SGI Software that primarily runs on Silicon Graphics
machines only
/Visualization Software tools for data visualization.
/Web World Wide Web tools, including Mosaic, httpd,
and html editors.
/HDF Hierarchical Data Format applications and tools
/Samples Samples that can be used with most of NCSA software
tools
/Documentation Currently being constructed, check each application's
directory for documentation
/ncsapubs Information produced by the Publications group,
including Metacenter announcements, data link & access,
a software listing, start-up guides, and other
reference documents.
/misc Miscellaneous documentation and software
/incoming directory for contributions
/outgoing swap directory
Information for a particular application can be found in the README file,
located in the same directory as the application. The README files contain
information on new features, known bugs, compile information, and other
important notes.
All directories on the FTP server contain an INDEX file. These files outline
the hierarchical structure of the directory and (recursively) all files and
directories contained within it. The INDEX at the root level contains the
structure of the enire server listing all files and directories on it. The
INDEX file in each software directory contains additional information about
each file. The letter in parenthesis after the file name indicates how the
file should be downloaded: ascii (a), binary (b), or mac binary (m).
The "misc" directories found in some software tool directories contain
supplementary code or other information. Refer to the README file in that
directory for a description of what is contained within the "misc" directory.
The "contrib" directories contain contributed software. This directory usually
contains NCSA source that has been modified by people outside of NCSA as well
as binaries compiled on different platforms not available to the Software
Development Group. If you have modified NCSA software or would like to share
some code please contact the developer of the source so arrangemnts can be
made to upload it to the "incoming" directory. If you are downloading
software from the "contrib" directory please note that this software is not
supported by NCSA and has not been checked for viruses (see statement on
viruses above). NCSA may not be held responsible for anything resulting from
use of the contributed software. *** RUN AT YOUR OWN RISK ***
FILE NAMES
All file names consist of the name of the tool, the version number, and one or
more extensions. The extensions identify what type of information is contained
in the file, and what format it is in. For example, here is a list of files in
the /Mac/DataScope directory:
DataScope2.0.1.asc.tar.Z
DataScope2.0.1.src.sit.hqx
DataScope2.0.1.smp.sit.hqx
DataScope2.0.1.mac.sit.hqx
DataScope2.0.1.msw.sit.hqx
The first three character extension indicates what type of data can be found in
that file (ASCII documentation, source, samples, etc.). The other extensions
indicate what format the files are in. The extensions ".tar" and ".sit"
indicate types of archives, and the ".Z" and ".hqx" indicate compression and
encoding schemes. (See below for instructions on extracting files that have
been archived and/or compressed.) Following are a list of extensions and their
meanings:
.sn3 Sun 3 executables
.sn4 Sun 4 executables
.386 Sun 386i executables
.sgi Silicon Graphics Iris executables
.dgl Silicon Graphics Iris using DGL executables
.rs6 IBM RS6000 executables
.cv2 Convex 2 executables
.cv3 Convex 3 executables
.cr2 Cray 2 executables
.crY CrayYMP executables
.d31 DEC 3100 executables
.m88 Motorola 88k executables
.m68 Motorola 68k executables
.exe IBM PC executables
.mac Macintosh executables
.src source code
.smp sample files
.asc ASCII text documentation
.msw Microsoft Word documentation
.ps postscript documentation
.man formatted man page
.shar Bourne shell archive
.sit archive created by Macintosh application, StuffIt
.hqx encoded with Macintosh application, BinHex
.sea Self extracting Macintosh archive
.tar archive created with UNIX tar command
.Z compressed with UNIX compress command
The files in the PC directory are the only exception to this naming convention.
In order to conform with the DOS convention of eight character file names and
one, three character extension, the names for PC files are slightly different.
Whenever possible the scheme outlined above is used, but the names are usually
abbreviated and all but one of the dots "." have been omitted.
_______________________________________________________________________________
EXTRACTING ARCHIVED FILES
INSTRUCTIONS FOR MACINTOSH FILES
If a file ends with the extension ".sit" it must be unstuffed with either the
shareware program StuffIt or the Public Domain program UnStuffIt. Files ending
with the ".hqx" must be decoded with BinHex. These programs can be found on
the FTP server in the /Mac/Utilities directory. Note that the BinHex program
must be downloaded with MacBinary enabled, and the StuffIt program must be
decoded before it can be used. Files downloaded from the server may be both
Stuffed (".sit" extension) and BinHexed (".hqx" extension). These files must
be first decoded and then unstuffed.
To decode a file with the ".hqx" extension (a BinHexed file):
1. Download the file to your Macintosh.
2. Start the application BinHex by double-clicking on it.
3. From the "File" menu in BinHex, choose "UpLoad -> Application".
4. Choose the ".hqx" file to be decoded and select "Open".
5. The suggested file name will appear in a dialog box.
6. Select "Save" to decode the file.
To uncompress a file with the ".sit" extension (a Stuffed file):
1. Download the file to your Macintosh.
2. Start the application Stuffit by double-clicking on it.
3. From the "File" menu in Stuffit, choose "Open Archive...".
4. Choose the ".sit" file to be unstuffed and select "Open". A window with
all the files contained in the stuffed file will appear.
5. Choose "Select All" in the "Edit" menu to select all of the files.
6. Click on the "Extract" box at the bottom of the window.
7. Select "Save All" in the dialog box to save all the selected files in
the current directory.
INSTRUCTIONS FOR PC FILES
Most IBM PC files are archived and compressed using the pkzip utility.
(If you do not have the pkzip utility on your PC, you may obtain it from the
FTP server by anonymous ftp. The file you need is called pkz110.exe and it
is located in /PC/Telnet/contributions. Set the ftp mode to binary and "get"
the file pkz110.exe. Then, on your PC, run PKZ110.EXE with no arguments and
several files will be self-extracted, including one called PKUNZIP.EXE. It
may then be convenient to copy PKUNZIP.EXE to the directory where you have
placed, or are going to place, your Telnet files.)
To extract these files, first download the file with the ".zip" extension to
your PC and then type the following at the DOS prompt:
> pkunzip -d filename.zip
where "filename" is the name of the file you want to unarchive.
INSTRUCTIONS FOR UNIX FILES
Most files on the FTP server will be both tarred and compressed. For more
information on the "tar" and "compress" commands you can type "man tar" and
"man compress" at your shell prompt to see the online manual page for these
commands, or ask your system administrator for help. You should first
uncompress and then unarchive files ending in ".tar.Z" with the following
procedure.
Files with the ".Z" extension have been compressed with the UNIX "compress"
command. To uncompress these files type the following at the shell prompt:
% uncompress filename.Z
where "filename.Z" is the name of the file ending with the ".Z" extension that
you wish to uncompress.
Files with the ".tar" extension have been archived with the UNIX "tar" command.
To extract the files type the following at the shell prompt:
% tar xf filename.tar
Some files are archived using a shell archive utility and are indicated as such
with the ".shar" extension. To extract the files type the following at the
shell prompt:
% sh filename.shar
_______________________________________________________________________________
DOCUMENTATION
NCSA offers users several documentation formats for its programs including
ASCII text, Microsoft Word, and postscript. If one of these formats does not
fit your needs, documentaion can be obtained through the mail at the following
address:
Documentation Orders
c/o Debbie Shirley
152 Computing Applications Building
605 East Springfield Avenue
Champaign, IL 61820
or call:
(217) 244-4130
Members of the Software Development Group within NCSA are currently working
on videotapes that demonstrate and also offer tutorials for NCSA programs. A
note will be posted here when these tapes are available for distribution.
ASCII FORMAT
ASCII text files are provided for all software and are indicated with the
".asc" extension. Helpful figures and diagrams obviously cannot be included
in this form of documentation. We suggest you use the other forms of
documentation if possible.
MICROSOFT WORD FORMAT
If you are a Macintosh user, please download documents with the ".msw"
extension. These files should also be stuffed and BinHexed (information on
extracting these files from the archive is contained earlier in this file).
The documents can be previewed and printed using the Microsoft Word
application. Word documents contain text, images, and formatting.
POSTSCRIPT FORMAT
If you are a UNIX user and/or have access to a postscript printer, please
download files with the ".pos" extension. The documents can be previewed using
a poscript previewer or can be printed directly to a poscript printer using a
command like "lpr".
_______________________________________________________________________________
BUG REPORTS AND SUPPORT
The Software Development Group at NCSA is very interested in how the software
tools developed here are being used. Please send any comments or suggestions
you may have to the appropriate address.
NOTE: This is a new kind of shareware. You share your science and
successes with us, and we can get more resources to share more
NCSA software with you.
If you want to see more NCSA software, please send us a letter,
email or US Mail, telling us what you are doing with our software.
We need to know:
(1) What science you are working on - an abstract of your
work would be fine.
(2) How NCSA software has helped you, for example, by increasing
your productivity or allowing you to do things you could
not do before.
We encourage you to cite the use of any NCSA software you have used in
your publications. A bibliography of your work would be extremely
helpful.
NCSA Telnet for the Macintosh: Please allow ***time*** for a response.
Bug reports, questions, suggestions may be sent to the addresses below.
mactelnet@ncsa.uiuc.edu (Internet)
NCSA Telnet for PCs: Please allow ***time*** for a response.
Bug reports, questions, suggestions may be sent to:
pctelnet@ncsa.uiuc.edu (Internet)
All other NCSA software:
Bug reports should be emailed to the adresses below. Be sure to check the
BUGS NOTES section of the README file before sending email.
Please allow ***time*** for a response.
bugs@ncsa.uiuc.edu (Internet)
Questions regarding NCSA developed software tools may be sent to the address
below. Please allow ***time*** for a response.
softdev@ncsa.uiuc.edu (Internet)
_______________________________________________________________________________
COPYRIGHTS AND TRADEMARKS
Apple
Motorola
Digital Equipment Corp.
Silicon Graphics Inc.
International Business Machines
Sun Microsystems
UNIX
StuffIt
Microsoft

11
testing/btest/Baseline/scripts.base.files.unified2.alert/unified2.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path unified2
#open 2013-08-13-07-16-01
#fields ts id.src_ip id.src_p id.dst_ip id.dst_p sensor_id signature_id signature generator_id generator signature_revision classification_id classification priority_id event_id packet
#types time addr port addr port count count string count string count count string count count string
1323827323.000000 192.168.1.72 50185 74.125.225.49 80 0 2003058 ET MALWARE 180solutions (Zango) Spyware Installer Download 1 snort general alert 5 21 trojan-activity 1 2 \xd80bH\xc5\xb5x\xca9\xb7\xe4r\x08\x00E\x10\x00\\x1a\xce@\x00@\x062\x1f\xc0\xa8\x01HJ}\xe11\xc4\x09\x00P*\xa8bv]z/\xde\x80\x18\x82+\x88,\x00\x00\x01\x01\x08\x0a\x17J\x83Q\xfe\xad\xac\x1aGET /Zango/ZangoInstaller.exe HTTP/1.0\x0d\x0a
1323827344.000000 192.168.1.72 49862 199.47.216.144 80 0 2012647 ET POLICY Dropbox.com Offsite File Backup in Use 1 snort general alert 3 33 policy-violation 1 3 \xd80bH\xc5\xb5x\xca9\xb7\xe4r\x08\x00E\x00\x00\xf8Q\xdf@\x00@\x06\x86p\xc0\xa8\x01H\xc7/\xd8\x90\xc2\xc6\x00P\x9cm\x97U\xf07\x084\x80\x18\x82\x18%<\x00\x00\x01\x01\x08\x0a\x17J\xd7\xde\x00\x92\x81\xc5GET /subscribe?host_int=43112345&ns_map=123456_1234524412104916591&ts=1323827344 HTTP/1.1\x0d\x0aHost: notify1.dropbox.com\x0d\x0aAccept-Encoding: identity\x0d\x0aConnection: keep-alive\x0d\x0aX-Dropbox-Locale: en_US\x0d\x0a\x0d\x0a
#close 2013-08-13-07-16-01

4
testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path files
#open 2013-07-25-16-57-31
#open 2013-08-14-04-50-17
#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid md5 sha1 sha256 extracted
#types time string table[addr] table[addr] table[string] string count table[string] string string interval bool bool count count count count bool string string string string string
1362692527.009721 G75mcAsU764 192.150.187.43 141.142.228.5 UWkUyAuUGXf HTTP 0 SHA256,DATA_EVENT,MD5,EXTRACT,SHA1 text/plain - 0.000054 - F 4705 4705 0 0 F - 397168fd09991a0e712254df7bc639ac 1dd7ac0398df6cbc0696445a91ec681facf4dc47 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 G75mcAsU764-file
#close 2013-07-25-16-57-31
#close 2013-08-14-04-50-17

1
testing/btest/Baseline/scripts.base.frameworks.input.missing-file/bro..stderr
View file

@ -1,5 +1,4 @@
error: does-not-exist.dat/Input::READER_ASCII: Init: cannot open does-not-exist.dat
error: does-not-exist.dat/Input::READER_ASCII: Init failed
warning: Stream input is already queued for removal. Ignoring remove.
error: does-not-exist.dat/Input::READER_ASCII: terminating thread
received termination signal

8
testing/btest/Baseline/scripts.base.frameworks.input.raw.basic/out
View file

@ -6,6 +6,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -23,6 +24,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -40,6 +42,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -57,6 +60,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -74,6 +78,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -91,6 +96,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -108,6 +114,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -125,6 +132,7 @@ print outfile, A::s;
try = try + 1;
if (8 == try)
{
Input::remove(input);
close(outfile);
terminate();
}

1
testing/btest/Baseline/scripts.base.frameworks.input.raw.execute/out
View file

@ -3,6 +3,7 @@
print outfile, description;
print outfile, tpe;
print outfile, s;
Input::remove(input);
close(outfile);
terminate();
}, config={

54
testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out
View file

@ -1,36 +1,20 @@
[source=cat |, reader=Input::READER_RAW, mode=Input::STREAM, name=input2, fields=<no value description>, want_record=F, ev=line
{
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (2 == try)
{
Input::remove(input2);
close(outfile);
terminate();
}
}, config={
[stdin] = hello^Jthere^A^B^C^D^E^A^B^Cyay
}]
Input::EVENT_NEW
Input::EVENT_NEW, cat |, input0
hello
[source=cat |, reader=Input::READER_RAW, mode=Input::STREAM, name=input2, fields=<no value description>, want_record=F, ev=line
{
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (2 == try)
{
Input::remove(input2);
close(outfile);
terminate();
}
}, config={
[stdin] = hello^Jthere^A^B^C^D^E^A^B^Cyay
}]
Input::EVENT_NEW
there^A^B^C^D^E^A^B^Cyay
Input::EVENT_NEW, cat |, input0
there^A^B^C^D^E^A^B^Cyay0
Input::EVENT_NEW, cat |, input1
hello
Input::EVENT_NEW, cat |, input1
there^A^B^C^D^E^A^B^Cyay01
Input::EVENT_NEW, cat |, input2
hello
Input::EVENT_NEW, cat |, input2
there^A^B^C^D^E^A^B^Cyay012
Input::EVENT_NEW, cat |, input3
hello
Input::EVENT_NEW, cat |, input3
there^A^B^C^D^E^A^B^Cyay0123
Input::EVENT_NEW, cat |, input4
hello
Input::EVENT_NEW, cat |, input4
there^A^B^C^D^E^A^B^Cyay01234

16
testing/btest/Baseline/scripts.base.frameworks.input.raw.rereadraw/out
View file

@ -6,6 +6,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -23,6 +24,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -40,6 +42,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -57,6 +60,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -74,6 +78,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -91,6 +96,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -108,6 +114,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -125,6 +132,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -142,6 +150,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -159,6 +168,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -176,6 +186,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -193,6 +204,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -210,6 +222,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -227,6 +240,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -244,6 +258,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}
@ -261,6 +276,7 @@ print outfile, A::s;
try = try + 1;
if (16 == try)
{
Input::remove(input);
close(outfile);
terminate();
}

10
testing/btest/Baseline/scripts.base.frameworks.intel.cluster-transparency/manager-1.intel.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2013-07-19-17-05-48
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string enum enum table[string]
1374253548.038580 - - - - - 123.123.123.123 Intel::ADDR Intel::IN_ANYWHERE worker-1
#close 2013-07-19-17-05-57
#open 2013-08-14-03-46-32
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string string string string enum enum table[string]
1376451992.872806 - - - - - - - - 123.123.123.123 Intel::ADDR Intel::IN_ANYWHERE worker-1
#close 2013-08-14-03-46-42

12
testing/btest/Baseline/scripts.base.frameworks.intel.input-and-match/broproc.intel.log
View file

@ -3,9 +3,9 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2013-07-19-17-04-26
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string enum enum table[string]
1374253466.857185 - - - - - e@mail.com Intel::EMAIL SOMEWHERE source1
1374253466.857185 - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE source1
#close 2013-07-19-17-04-26
#open 2013-08-14-03-47-03
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string string string string enum enum table[string]
1376452023.137179 - - - - - - - - e@mail.com Intel::EMAIL SOMEWHERE source1
1376452023.137179 - - - - - - - - 1.2.3.4 Intel::ADDR SOMEWHERE source1
#close 2013-08-14-03-47-03

16
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log
View file

@ -3,11 +3,11 @@
#empty_field (empty)
#unset_field -
#path intel
#open 2013-07-19-17-06-57
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string enum enum table[string]
1374253617.312158 - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
1374253617.312158 - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
1374253618.332565 - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
1374253618.332565 - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
#close 2013-07-19-17-07-06
#open 2013-08-14-03-47-23
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc seen.indicator seen.indicator_type seen.where sources
#types time string addr port addr port string string string string enum enum table[string]
1376452043.835810 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
1376452043.835810 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
1376452044.855238 - - - - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST source1
1376452044.855238 - - - - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST source1
#close 2013-08-14-03-47-32

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/coverage Normal file
View file

@ -0,0 +1 @@
6 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-23-58
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324503054.884183 UWkUyAuUGXf 130.126.142.250 49413 130.126.140.229 20000 DELAY_MEASURE RESPONSE 0
#close 2013-08-12-18-23-58

7
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_del_measure/output Normal file
View file

@ -0,0 +1,7 @@
dnp3_header_block, T, 25605, 8, 196, 2, 3
dnp3_application_request_header, T, 23
dnp3_header_block, F, 25605, 16, 68, 3, 2
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 13314, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/coverage Normal file
View file

@ -0,0 +1 @@
4 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-23-59
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324916729.150101 UWkUyAuUGXf 130.126.142.250 50059 130.126.140.229 20000 ENABLE_UNSOLICITED RESPONSE 0
#close 2013-08-12-18-23-59

7
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_en_spon/output Normal file
View file

@ -0,0 +1,7 @@
dnp3_header_block, T, 25605, 17, 196, 2, 3
dnp3_application_request_header, T, 20
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 2
dnp3_application_response_header, F, 129, 0

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/coverage Normal file
View file

@ -0,0 +1 @@
6 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-23-59
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1325044377.992570 UWkUyAuUGXf 130.126.142.250 50301 130.126.140.229 20000 DELETE_FILE RESPONSE 0
#close 2013-08-12-18-23-59

9
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_del/output Normal file
View file

@ -0,0 +1,9 @@
dnp3_header_block, T, 25605, 99, 196, 4, 3
dnp3_application_request_header, T, 27
dnp3_object_header, T, 17923, 91, 1, 1, 0
dnp3_object_prefix, T, 85
dnp3_header_block, F, 25605, 29, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 17924, 91, 1, 1, 0
dnp3_object_prefix, F, 13
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/coverage Normal file
View file

@ -0,0 +1 @@
9 of 51 events triggered by trace

14
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/dnp3.log Normal file
View file

@ -0,0 +1,14 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-00
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1325036012.621691 UWkUyAuUGXf 130.126.142.250 50276 130.126.140.229 20000 OPEN_FILE RESPONSE 4096
1325036016.729050 UWkUyAuUGXf 130.126.142.250 50276 130.126.140.229 20000 READ RESPONSE 4096
1325036019.765502 UWkUyAuUGXf 130.126.142.250 50276 130.126.140.229 20000 WRITE RESPONSE 0
1325036022.292689 UWkUyAuUGXf 130.126.142.250 50276 130.126.140.229 20000 WRITE RESPONSE 0
1325036024.820857 UWkUyAuUGXf 130.126.142.250 50276 130.126.140.229 20000 CLOSE_FILE RESPONSE 0
#close 2013-08-12-18-24-00

45
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_read/output Normal file
View file

@ -0,0 +1,45 @@
dnp3_header_block, T, 25605, 50, 196, 4, 3
dnp3_application_request_header, T, 25
dnp3_object_header, T, 17923, 91, 1, 1, 0
dnp3_object_prefix, T, 36
dnp3_header_block, F, 25605, 29, 68, 3, 4
dnp3_application_response_header, F, 129, 4096
dnp3_object_header, F, 17924, 91, 1, 1, 0
dnp3_object_prefix, F, 13
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 22, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 17925, 91, 1, 1, 0
dnp3_object_prefix, T, 8
dnp3_file_transport, T, 305419896, 0
^J
dnp3_header_block, F, 25605, 255, 68, 3, 4
dnp3_application_response_header, F, 129, 4096
dnp3_object_header, F, 17925, 91, 1, 1, 0
dnp3_object_prefix, F, 838
dnp3_file_transport, F, 305419896, 2147483648
0000 ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version^J0010 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d ="1.0" e ncoding=^J0020 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 3f 78 6d 6c "utf-8"? >..<?xml^J0030 2d 73 74 79 6c 65 73 68 65 65 74 20 74 79 70 65 -stylesh eet type^J0040 3d 27 74 65 78 74 2f 78 73 6c 27 20 68 72 65 66 ='text/x sl' href^J0050 3d 27 44 4e 50 33 44 65 76 69 63 65 50 72 6f 66 ='DNP3De viceProf^J0060 69 6c 65 4a 61 6e 32 30 31 30 2e 78 73 6c 74 27 ileJan20 10.xslt'^J0070 20 6d 65 64 69 61 3d 27 73 63 72 65 65 6e 27 3f media=' screen'?^J0080 3e 0d 0a 3c 44 4e 50 33 44 65 76 69 63 65 50 72 >..<DNP3 DevicePr^J0090 6f 66 69 6c 65 44 6f 63 75 6d 65 6e 74 20 78 6d ofileDoc ument xm^J00a0 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f lns:xsi= "http://^J00b0 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f www.w3.o rg/2001/^J00c0 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e XMLSchem a-instan^J00d0 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 ce" xmln s:xsd="h^J00e0 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 ttp://ww w.w3.org^J00f0 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 /2001/XM LSchema"^J0100 20 73 63 68 65 6d 61 56 65 72 73 69 6f 6e 3d 22 schemaV ersion="^J0110 32 2e 30 37 2e 30 30 22 20 78 6d 6c 6e 73 3d 22 2.07.00" xmlns="^J0120 68 74 74 70 3a 2f 2f 77 77 77 2e 64 6e 70 33 2e http://w ww.dnp3.^J0130 6f 72 67 2f 44 4e 50 33 2f 44 65 76 69 63 65 50 org/DNP3 /DeviceP^J0140 72 6f 66 69 6c 65 2f 4a 61 6e 32 30 31 30 22 3e rofile/J an2010">^J0150 0d 0a 20 20 3c 21 2d 2d 44 6f 63 75 6d 65 6e 74 .. <!-- Document^J0160 20 48 65 61 64 65 72 2d 2d 3e 0d 0a 20 20 3c 64 Header- ->.. <d^J0170 6f 63 75 6d 65 6e 74 48 65 61 64 65 72 3e 0d 0a ocumentH eader>..^J0180 20 20 20 20 3c 64 6f 63 75 6d 65 6e 74 4e 61 6d <doc umentNam^J0190 65 3e 41 20 44 4e 50 33 20 58 4d 4c 20 46 69 6c e>A DNP3 XML Fil^J01a0 65 3c 2f 64 6f 63 75 6d 65 6e 74 4e 61 6d 65 3e e</docum entName>^J01b0 0d 0a 20 20 20 20 3c 64 6f 63 75 6d 65 6e 74 44 .. <d ocumentD^J01c0 65 73 63 72 69 70 74 69 6f 6e 3e 54 68 69 73 20 escripti on>This ^J01d0 69 73 20 61 20 44 4e 50 33 20 43 6f 6d 70 6c 65 is a DNP 3 Comple^J01e0 74 65 20 44 65 76 69 63 65 20 50 72 6f 66 69 6c te Devic e Profil^J01f0 65 20 66 6f 72 20 44 4e 50 20 4f 75 74 73 74 61 e for DN P Outsta^J0200 74 69 6f 6e 20 69 6e 20 74 68 65 20 54 4d 57 20 tion in the TMW ^J0210 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 50 72 Communic ation Pr^J0220 6f 74 6f 63 6f 6c 20 54 65 73 74 20 48 61 72 6e otocol T est Harn^J0230 65 73 73 3c 2f 64 6f 63 75 6d 65 6e 74 44 65 73 ess</doc umentDes^J0240 63 72 69 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 3c cription >.. <^J0250 72 65 76 69 73 69 6f 6e 48 69 73 74 6f 72 79 20 revision History ^J0260 76 65 72 73 69 6f 6e 3d 22 32 22 3e 0d 0a 20 20 version= "2">.. ^J0270 20 20 20 20 3c 64 61 74 65 3e 32 30 31 30 2d 31 <dat e>2010-1^J0280 32 2d 30 31 3c 2f 64 61 74 65 3e 0d 0a 20 20 20 2-01</da te>.. ^J0290 20 20 20 3c 61 75 74 68 6f 72 3e 53 74 65 76 65 <auth or>Steve^J02a0 20 4d 63 43 6f 79 3c 2f 61 75 74 68 6f 72 3e 0d McCoy</ author>.^J02b0 0a 20 20 20 20 20 20 3c 72 65 61 73 6f 6e 3e 44 . < reason>D^J02c0 6f 63 75 6d 65 6e 74 65 64 20 54 65 73 74 20 48 ocumente d Test H^J02d0 61 72 6e 65 73 73 20 53 44 4e 50 20 44 65 76 69 arness S DNP Devi^J02e0 63 65 20 50 72 6f 66 69 6c 65 3c 2f 72 65 61 73 ce Profi le</reas^J02f0 6f 6e 3e 0d 0a 20 20 20 20 3c 2f 72 65 76 69 73 on>.. </revis^J0300 69 6f 6e 48 69 73 74 6f 72 79 3e 0d 0a 20 20 3c ionHisto ry>.. <^J0310 2f 64 6f 63 75 6d 65 6e 74 48 65 61 64 65 72 3e /documen tHeader>^J0320 0d 0a 3c 2f 44 4e 50 33 44 65 76 69 63 65 50 72 ..</DNP3 DevicePr^J0330 6f 66 69 6c 65 44 6f 63 75 6d 65 6e 74 3e ofileDoc ument>^J
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 27, 196, 4, 3
dnp3_application_request_header, T, 26
dnp3_object_header, T, 17924, 91, 1, 1, 0
dnp3_object_prefix, T, 13
dnp3_header_block, F, 25605, 29, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 17924, 91, 1, 1, 0
dnp3_object_prefix, F, 13
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/coverage Normal file
View file

@ -0,0 +1 @@
8 of 51 events triggered by trace

12
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/dnp3.log Normal file
View file

@ -0,0 +1,12 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-00
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1325043635.216629 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 OPEN_FILE RESPONSE 0
1325043637.790287 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 WRITE RESPONSE 0
1325043638.820071 UWkUyAuUGXf 130.126.142.250 50300 130.126.140.229 20000 CLOSE_FILE RESPONSE 0
#close 2013-08-12-18-24-00

29
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_file_write/output Normal file
View file

@ -0,0 +1,29 @@
dnp3_header_block, T, 25605, 99, 196, 4, 3
dnp3_application_request_header, T, 25
dnp3_object_header, T, 17923, 91, 1, 1, 0
dnp3_object_prefix, T, 85
dnp3_header_block, F, 25605, 29, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 17924, 91, 1, 1, 0
dnp3_object_prefix, F, 13
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 255, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 17925, 91, 1, 1, 0
dnp3_object_prefix, T, 838
dnp3_file_transport, T, 305419896, 2147483648
0000 ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version^J0010 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d ="1.0" e ncoding=^J0020 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 3f 78 6d 6c "utf-8"? >..<?xml^J0030 2d 73 74 79 6c 65 73 68 65 65 74 20 74 79 70 65 -stylesh eet type^J0040 3d 27 74 65 78 74 2f 78 73 6c 27 20 68 72 65 66 ='text/x sl' href^J0050 3d 27 44 4e 50 33 44 65 76 69 63 65 50 72 6f 66 ='DNP3De viceProf^J0060 69 6c 65 4a 61 6e 32 30 31 30 2e 78 73 6c 74 27 ileJan20 10.xslt'^J0070 20 6d 65 64 69 61 3d 27 73 63 72 65 65 6e 27 3f media=' screen'?^J0080 3e 0d 0a 3c 44 4e 50 33 44 65 76 69 63 65 50 72 >..<DNP3 DevicePr^J0090 6f 66 69 6c 65 44 6f 63 75 6d 65 6e 74 20 78 6d ofileDoc ument xm^J00a0 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f lns:xsi= "http://^J00b0 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f www.w3.o rg/2001/^J00c0 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e XMLSchem a-instan^J00d0 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 ce" xmln s:xsd="h^J00e0 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 ttp://ww w.w3.org^J00f0 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 /2001/XM LSchema"^J0100 20 73 63 68 65 6d 61 56 65 72 73 69 6f 6e 3d 22 schemaV ersion="^J0110 32 2e 30 37 2e 30 30 22 20 78 6d 6c 6e 73 3d 22 2.07.00" xmlns="^J0120 68 74 74 70 3a 2f 2f 77 77 77 2e 64 6e 70 33 2e http://w ww.dnp3.^J0130 6f 72 67 2f 44 4e 50 33 2f 44 65 76 69 63 65 50 org/DNP3 /DeviceP^J0140 72 6f 66 69 6c 65 2f 4a 61 6e 32 30 31 30 22 3e rofile/J an2010">^J0150 0d 0a 20 20 3c 21 2d 2d 44 6f 63 75 6d 65 6e 74 .. <!-- Document^J0160 20 48 65 61 64 65 72 2d 2d 3e 0d 0a 20 20 3c 64 Header- ->.. <d^J0170 6f 63 75 6d 65 6e 74 48 65 61 64 65 72 3e 0d 0a ocumentH eader>..^J0180 20 20 20 20 3c 64 6f 63 75 6d 65 6e 74 4e 61 6d <doc umentNam^J0190 65 3e 41 20 44 4e 50 33 20 58 4d 4c 20 46 69 6c e>A DNP3 XML Fil^J01a0 65 3c 2f 64 6f 63 75 6d 65 6e 74 4e 61 6d 65 3e e</docum entName>^J01b0 0d 0a 20 20 20 20 3c 64 6f 63 75 6d 65 6e 74 44 .. <d ocumentD^J01c0 65 73 63 72 69 70 74 69 6f 6e 3e 54 68 69 73 20 escripti on>This ^J01d0 69 73 20 61 20 44 4e 50 33 20 43 6f 6d 70 6c 65 is a DNP 3 Comple^J01e0 74 65 20 44 65 76 69 63 65 20 50 72 6f 66 69 6c te Devic e Profil^J01f0 65 20 66 6f 72 20 44 4e 50 20 4f 75 74 73 74 61 e for DN P Outsta^J0200 74 69 6f 6e 20 69 6e 20 74 68 65 20 54 4d 57 20 tion in the TMW ^J0210 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 50 72 Communic ation Pr^J0220 6f 74 6f 63 6f 6c 20 54 65 73 74 20 48 61 72 6e otocol T est Harn^J0230 65 73 73 3c 2f 64 6f 63 75 6d 65 6e 74 44 65 73 ess</doc umentDes^J0240 63 72 69 70 74 69 6f 6e 3e 0d 0a 20 20 20 20 3c cription >.. <^J0250 72 65 76 69 73 69 6f 6e 48 69 73 74 6f 72 79 20 revision History ^J0260 76 65 72 73 69 6f 6e 3d 22 32 22 3e 0d 0a 20 20 version= "2">.. ^J0270 20 20 20 20 3c 64 61 74 65 3e 32 30 31 30 2d 31 <dat e>2010-1^J0280 32 2d 30 31 3c 2f 64 61 74 65 3e 0d 0a 20 20 20 2-01</da te>.. ^J0290 20 20 20 3c 61 75 74 68 6f 72 3e 53 74 65 76 65 <auth or>Steve^J02a0 20 4d 63 43 6f 79 3c 2f 61 75 74 68 6f 72 3e 0d McCoy</ author>.^J02b0 0a 20 20 20 20 20 20 3c 72 65 61 73 6f 6e 3e 44 . < reason>D^J02c0 6f 63 75 6d 65 6e 74 65 64 20 54 65 73 74 20 48 ocumente d Test H^J02d0 61 72 6e 65 73 73 20 53 44 4e 50 20 44 65 76 69 arness S DNP Devi^J02e0 63 65 20 50 72 6f 66 69 6c 65 3c 2f 72 65 61 73 ce Profi le</reas^J02f0 6f 6e 3e 0d 0a 20 20 20 20 3c 2f 72 65 76 69 73 on>.. </revis^J0300 69 6f 6e 48 69 73 74 6f 72 79 3e 0d 0a 20 20 3c ionHisto ry>.. <^J0310 2f 64 6f 63 75 6d 65 6e 74 48 65 61 64 65 72 3e /documen tHeader>^J0320 0d 0a 3c 2f 44 4e 50 33 44 65 76 69 63 65 50 72 ..</DNP3 DevicePr^J0330 6f 66 69 6c 65 44 6f 63 75 6d 65 6e 74 3e ofileDoc ument>^J
dnp3_header_block, F, 25605, 25, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 17926, 91, 1, 1, 0
dnp3_object_prefix, F, 9
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 27, 196, 4, 3
dnp3_application_request_header, T, 26
dnp3_object_header, T, 17924, 91, 1, 1, 0
dnp3_object_prefix, T, 13
dnp3_header_block, F, 25605, 29, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 17924, 91, 1, 1, 0
dnp3_object_prefix, F, 13
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/coverage Normal file
View file

@ -0,0 +1 @@
7 of 51 events triggered by trace

1754
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_link_only/output Normal file
View file

File diff suppressed because it is too large Load diff

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/coverage Normal file
View file

@ -0,0 +1 @@
7 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-01
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324327256.650425 UWkUyAuUGXf 130.126.142.250 51006 130.126.140.229 20000 READ RESPONSE 0
#close 2013-08-12-18-24-01

88
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_read/output Normal file
View file

@ -0,0 +1,88 @@
dnp3_header_block, T, 25605, 20, 196, 2, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_object_header, T, 15361, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 116, 68, 3, 2
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 258, 0, 9, 0, 8
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 2562, 0, 7, 0, 6
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 7681, 0, 15, 0, 14
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 1007
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 3
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 1005
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 18446744073709539627
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 1005
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 12006
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 134423
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 134325
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 1, 134538
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32wFlag, F, 0, 0
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/coverage Normal file
View file

@ -0,0 +1 @@
3 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324502980.465157 UWkUyAuUGXf 130.126.142.250 49412 130.126.140.229 20000 RECORD_CURRENT_TIME RESPONSE 0
#close 2013-08-12-18-24-02

4
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_rec_time/output Normal file
View file

@ -0,0 +1,4 @@
dnp3_header_block, T, 25605, 8, 196, 2, 3
dnp3_application_request_header, T, 24
dnp3_header_block, F, 25605, 10, 68, 3, 2
dnp3_application_response_header, F, 129, 0

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/coverage Normal file
View file

@ -0,0 +1 @@
7 of 51 events triggered by trace

11
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/dnp3.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-02
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324501739.752598 UWkUyAuUGXf 130.126.142.250 49404 130.126.140.229 20000 SELECT RESPONSE 0
1324501743.758738 UWkUyAuUGXf 130.126.142.250 49404 130.126.140.229 20000 OPERATE RESPONSE 0
#close 2013-08-12-18-24-02

22
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_select_operate/output Normal file
View file

@ -0,0 +1,22 @@
dnp3_header_block, T, 25605, 26, 196, 2, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 1
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 2
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 1
dnp3_crob, F, 3, 1, 100, 100, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 26, 196, 2, 3
dnp3_application_request_header, T, 4
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 1
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 2
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 1
dnp3_crob, F, 3, 1, 100, 100, 0
dnp3_response_data_object, F, 255

1
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/coverage Normal file
View file

@ -0,0 +1 @@
5 of 51 events triggered by trace

10
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/dnp3.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-12-18-24-03
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1324502912.898449 UWkUyAuUGXf 130.126.142.250 49411 130.126.140.229 20000 WRITE RESPONSE 0
#close 2013-08-12-18-24-03

6
testing/btest/Baseline/scripts.base.protocols.dnp3.dnp3_write/output Normal file
View file

@ -0,0 +1,6 @@
dnp3_header_block, T, 25605, 18, 196, 2, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 2
dnp3_application_response_header, F, 129, 0

1
testing/btest/Baseline/scripts.base.protocols.dnp3.events/coverage Normal file
View file

@ -0,0 +1 @@
11 of 51 events triggered by trace

75
testing/btest/Baseline/scripts.base.protocols.dnp3.events/dnp3.log Normal file
View file

@ -0,0 +1,75 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path dnp3
#open 2013-08-23-23-05-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fc_request fc_reply iin
#types time string addr port addr port string string count
1097501938.504844 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
1097501941.569134 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 WRITE RESPONSE 0
1097502061.912093 UWkUyAuUGXf 10.0.0.8 2789 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 0
1097502623.047417 arKYeMETxOg 10.0.0.8 2803 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097504102.257400 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
1097504103.409070 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 WRITE RESPONSE 0
1097504186.667107 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
1097504195.106257 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097504196.566493 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504197.887726 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504199.597084 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504200.719510 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504202.513608 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504203.324245 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504204.663060 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504205.750705 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504210.792443 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 CONFIRM UNSOLICITED_RESPONSE 0
1097504223.905294 k6kgXLOoSKl 10.0.0.8 2828 10.0.0.3 20000 COLD_RESTART RESPONSE 0
1097505719.083365 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 COLD_RESTART UNSOLICITED_RESPONSE 0
1097505719.083898 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505719.084451 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - RESPONSE 0
1097505754.654239 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 READ RESPONSE 32768
1097505754.654731 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 32768
1097505754.756391 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
1097505754.864882 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 WRITE RESPONSE 0
1097505754.977534 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 READ RESPONSE 0
1097505769.716268 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505784.797836 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505799.908753 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505839.916865 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505880.043946 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505920.204187 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097505960.308661 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097506000.396024 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097506013.373353 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
1097506013.373850 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097506020.703162 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 ENABLE_UNSOLICITED RESPONSE 0
1097506028.446245 nQcgTWjvg4c 10.0.0.9 1080 10.0.0.3 20000 - UNSOLICITED_RESPONSE 0
1097507785.885063 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 - UNSOLICITED_RESPONSE 36864
1097507788.624309 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 36864
1097507788.834395 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 32768
1097507788.944297 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
1097507789.167700 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 32768
1097507789.274806 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 DISABLE_UNSOLICITED RESPONSE 32768
1097507789.484975 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WRITE RESPONSE 0
1097507789.797226 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 READ RESPONSE 0
1097507835.030339 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WARM_RESTART RESPONSE 0
1097507856.091024 j4u32Pc5bif 10.0.0.8 1086 10.0.0.3 20000 WARM_RESTART RESPONSE 0
1097510947.094289 TEfuqmmG4bh 10.0.0.8 1159 10.0.0.3 20000 - UNSOLICITED_RESPONSE 256
1097510959.359091 TEfuqmmG4bh 10.0.0.8 1159 10.0.0.3 20000 DISABLE_UNSOLICITED - -
1097512255.236054 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 - UNSOLICITED_RESPONSE 4096
1097512264.723894 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 STOP_APPL RESPONSE 4097
1097512267.537969 FrJExwHcSal 10.0.0.8 1184 10.0.0.3 20000 STOP_APPL RESPONSE 4097
1097513177.297272 5OKnoww6xl4 10.0.0.9 1084 10.0.0.3 20000 - UNSOLICITED_RESPONSE 38145
1097513182.837583 5OKnoww6xl4 10.0.0.9 1084 10.0.0.3 20000 STOP_APPL - -
1178205958.184068 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 0
1178205982.425227 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
1178205984.486492 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
1178205985.311235 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
1178205986.029976 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
1178205986.556099 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 SELECT RESPONSE 4
1178206042.953163 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206044.500956 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206045.032815 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206045.557097 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
1178206046.086403 3PKsZ2Uye21 192.168.66.33 1167 192.168.66.34 20000 READ RESPONSE 6
#close 2013-08-23-23-05-27

654
testing/btest/Baseline/scripts.base.protocols.dnp3.events/output Normal file
View file

@ -0,0 +1,654 @@
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 4096
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 4096
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 20
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, F, 25605, 76, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 71, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 4, 1024, 0
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 198
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 76, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 198
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 198
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 71, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 4, 1024, 0
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 200
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 76, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 50, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 76, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 198
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 199
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 199
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 66, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 200
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 76, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 5, 1280, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, F, 25605, 56, 68, 3, 4
dnp3_application_response_header, F, 130, 0
dnp3_object_header, F, 13057, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 515, 40, 1, 256, 0
dnp3_object_prefix, F, 2
dnp3_response_data_object, F, 255
dnp3_object_header, F, 8193, 40, 3, 768, 0
dnp3_object_prefix, F, 0
dnp3_analog_input_event_32woTime, F, 1, 203
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 1
dnp3_analog_input_event_32woTime, F, 1, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 2
dnp3_analog_input_event_32woTime, F, 1, 199
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 13
dnp3_header_block, F, 25605, 16, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 13314, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 13
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 16, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 13314, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 512, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 32768
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, T, 25605, 14, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 20481, 0, 1, 7, 7
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 20, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_object_header, T, 15361, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 78, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 257, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 2
dnp3_object_header, F, 2562, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 5125, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 5385, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_frozen_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 7683, 0, 7, 0, 6
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 197
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 199
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 200
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 1
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7205
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7182
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 7184
dnp3_response_data_object, F, 255
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 20
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 20
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, F, 25605, 10, 68, 6, 4
dnp3_application_response_header, F, 130, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 36864
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 36864
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, T, 25605, 18, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 12801, 7, 1, 1, 0
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 32768
dnp3_header_block, T, 25605, 14, 196, 4, 3
dnp3_application_request_header, T, 2
dnp3_object_header, T, 20481, 0, 1, 7, 7
dnp3_object_prefix, T, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 20, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_object_header, T, 15361, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 78, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 257, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 25
dnp3_object_header, F, 2562, 0, 6, 0, 5
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 129
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 1
dnp3_object_header, F, 5125, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_counter_32woFlag, F, 32
dnp3_response_data_object, F, 255
dnp3_object_header, F, 5385, 0, 1, 0, 0
dnp3_object_prefix, F, 0
dnp3_frozen_counter_32woFlag, F, 0
dnp3_response_data_object, F, 255
dnp3_object_header, F, 7683, 0, 7, 0, 6
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 202
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 203
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 201
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 18446744073709551615
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8550
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8537
dnp3_response_data_object, F, 255
dnp3_object_prefix, F, 0
dnp3_analog_input_32woFlag, F, 8523
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 14
dnp3_header_block, F, 25605, 16, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 13314, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 8, 196, 4, 3
dnp3_application_request_header, T, 14
dnp3_header_block, F, 25605, 16, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_object_header, F, 13314, 7, 1, 1, 0
dnp3_object_prefix, F, 0
dnp3_response_data_object, F, 255
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 256
dnp3_header_block, T, 25605, 17, 196, 65535, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, T, 25605, 17, 196, 65535, 3
dnp3_application_request_header, T, 21
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 130, 4096
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 18
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 263, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 4097
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 18
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 263, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 4097
dnp3_header_block, F, 25605, 10, 68, 3, 6
dnp3_application_response_header, F, 130, 38145
dnp3_header_block, T, 25605, 17, 196, 65535, 3
dnp3_application_request_header, T, 18
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 263, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, T, 25605, 17, 196, 65535, 3
dnp3_application_request_header, T, 18
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 263, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 237, 0, 0, 0
dnp3_header_block, T, 25605, 17, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 15362, 6, 0, 65535, 65535
dnp3_object_header, T, 15363, 6, 0, 65535, 65535
dnp3_object_header, T, 15364, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 0
dnp3_header_block, T, 25605, 26, 196, 4, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 34463
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 4
dnp3_application_response_header, F, 129, 4
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 34463
dnp3_crob, F, 3, 1, 100, 100, 4
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 26, 196, 4, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 34463
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 4
dnp3_application_response_header, F, 129, 4
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 34463
dnp3_crob, F, 3, 1, 100, 100, 4
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 26, 196, 4, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 34463
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 4
dnp3_application_response_header, F, 129, 4
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 34463
dnp3_crob, F, 3, 1, 100, 100, 4
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 26, 196, 4, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 34463
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 4
dnp3_application_response_header, F, 129, 4
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 34463
dnp3_crob, F, 3, 1, 100, 100, 4
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 26, 196, 4, 3
dnp3_application_request_header, T, 3
dnp3_object_header, T, 3073, 40, 1, 256, 0
dnp3_object_prefix, T, 34463
dnp3_crob, T, 3, 1, 100, 100, 0
dnp3_header_block, F, 25605, 28, 68, 3, 4
dnp3_application_response_header, F, 129, 4
dnp3_object_header, F, 3073, 40, 1, 256, 0
dnp3_object_prefix, F, 34463
dnp3_crob, F, 3, 1, 100, 100, 4
dnp3_response_data_object, F, 255
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 65280, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 6
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 65280, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 6
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 65280, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 6
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 65280, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 6
dnp3_header_block, T, 25605, 11, 196, 4, 3
dnp3_application_request_header, T, 1
dnp3_object_header, T, 65280, 6, 0, 65535, 65535
dnp3_header_block, F, 25605, 10, 68, 3, 4
dnp3_application_response_header, F, 129, 6

BIN
testing/btest/Files/unified2.u2 Executable file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3.trace Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_del_measure.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_en_spon.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_file_del.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_file_read.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_file_write.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_link_only.pcap Executable file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_read.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_read_p20001.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_rec_time.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_select_operate.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/dnp3/dnp3_write.pcap Normal file
View file

Binary file not shown.

4
testing/btest/bifs/bloomfilter.bro
View file

@ -28,8 +28,8 @@ function test_basic_bloom_filter()
bloomfilter_add(bf_str, "bar");
print bloomfilter_lookup(bf_str, "foo");
print bloomfilter_lookup(bf_str, "bar");
print bloomfilter_lookup(bf_str, "b4zzz"), "no fp"; # FP
print bloomfilter_lookup(bf_str, "quuux"); # FP
print bloomfilter_lookup(bf_str, "bazzz"), "fp"; # FP
print bloomfilter_lookup(bf_str, "quuux"), "fp"; # FP
bloomfilter_add(bf_str, 0.5); # Type mismatch
bloomfilter_add(bf_str, 100); # Type mismatch

27
testing/btest/bifs/levenshtein_distance.bro Normal file
View file

@ -0,0 +1,27 @@
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
event bro_init()
{
local a = "this is a string";
local b = "this is a tring";
local c = "this is a strings";
local d = "this is a strink";
print levenshtein_distance(a, b);
print levenshtein_distance(b, a);
print levenshtein_distance(a, c);
print levenshtein_distance(c, a);
print levenshtein_distance(a, d);
print levenshtein_distance(d, a);
print levenshtein_distance(d, "");
print levenshtein_distance("", d);
print levenshtein_distance("", "");
print levenshtein_distance(d, d);
print levenshtein_distance("kitten", "sitting");
}

1
testing/btest/btest.cfg
View file

@ -14,6 +14,7 @@ LC_ALL=C
BTEST_PATH=%(testbase)s/../../aux/btest
PATH=%(testbase)s/../../build/src:%(testbase)s/../scripts:%(testbase)s/../../aux/btest:%(testbase)s/../../aux/bro-aux/bro-cut:%(default_path)s
TRACES=%(testbase)s/Traces
FILES=%(testbase)s/Files
SCRIPTS=%(testbase)s/../scripts
DIST=%(testbase)s/../..
BUILD=%(testbase)s/../../build

3
testing/btest/core/leaks/ayiya.test
View file

@ -4,4 +4,5 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/tunnels/ayiya3.trace
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace
# @TEST-EXEC: btest-bg-wait 15

3
testing/btest/core/leaks/dataseries-rotate.bro
View file

@ -5,7 +5,8 @@
# @TEST-GROUP: leaks
# @TEST-GROUP: dataseries
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES
# @TEST-EXEC: btest-bg-wait 15
module Test;

3
testing/btest/core/leaks/dataseries.bro
View file

@ -7,4 +7,5 @@
# @TEST-GROUP: dataseries
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES
# @TEST-EXEC: btest-bg-wait 15

3
testing/btest/core/leaks/dns.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-bg-wait -k 15
const foo: set[addr] = {
google.com

3
testing/btest/core/leaks/file-analysis-http-get.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT
# @TEST-EXEC: btest-bg-wait 15
redef test_file_analysis_source = "HTTP";

3
testing/btest/core/leaks/gridftp.test
View file

@ -4,7 +4,8 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/globus-url-copy.trace %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
@load base/protocols/ftp/gridftp

3
testing/btest/core/leaks/gtp_opt_header.test
View file

@ -4,7 +4,8 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out
# @TEST-EXEC: btest-bg-wait 15
# Some GTPv1 headers have some optional fields totaling to a 4-byte extension
# of the mandatory header.

3
testing/btest/core/leaks/hook.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
type rec: record {
a: count;

3
testing/btest/core/leaks/incr-vec-expr.test
View file

@ -4,7 +4,8 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT
# @TEST-EXEC: btest-bg-wait 15
type rec: record {
a: count;

8
testing/btest/core/leaks/ip-in-ip.test
View file

@ -4,10 +4,10 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT >>output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT >>output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT >>output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT
# @TEST-EXEC: btest-bg-wait 15
event new_connection(c: connection)
{

4
testing/btest/core/leaks/ipv6_ext_headers.test
View file

@ -4,8 +4,8 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
# Just check that the event is raised correctly for a packet containing
# extension headers.

3
testing/btest/core/leaks/string-indexing.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
event new_connection(c: connection)

3
testing/btest/core/leaks/switch-statement.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
type MyEnum: enum {
RED,

3
testing/btest/core/leaks/teredo.bro
View file

@ -4,7 +4,8 @@
#
# @TEST-GROUP: leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output
# @TEST-EXEC: btest-bg-wait 15
function print_teredo(name: string, outer: connection, inner: teredo_hdr)
{

3
testing/btest/core/leaks/test-all.bro
View file

@ -4,4 +4,5 @@
#
# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace test-all-policy
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy
# @TEST-EXEC: btest-bg-wait 15

4
testing/btest/core/leaks/vector-val-bifs.test
View file

@ -8,8 +8,8 @@
# assuming that it didn't automatically Ref the VectorType argument and thus
# leaked that memeory.
#
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT
# @TEST-EXEC: btest-bg-wait 15
function myfunc(aa: interval, bb: interval): int
{

44
testing/btest/scripts/base/files/extract/limit.bro Normal file
View file

@ -0,0 +1,44 @@
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1
# @TEST-EXEC: btest-diff extract_files/1
# @TEST-EXEC: btest-diff 1.out
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T
# @TEST-EXEC: btest-diff extract_files/2
# @TEST-EXEC: btest-diff 2.out
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T
# @TEST-EXEC: btest-diff extract_files/3
# @TEST-EXEC: btest-diff 3.out
@load base/files/extract
@load base/protocols/ftp
global outfile: file;
const max_extract: count = 0 &redef;
const double_it: bool = F &redef;
const unlimit_it: bool = F &redef;
const efname: string = "0" &redef;
global doubled: bool = F;
event file_new(f: fa_file)
{
Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
[$extract_filename=efname, $extract_limit=max_extract]);
}
event file_extraction_limit(f: fa_file, args: any, limit: count, offset: count, len: count)
{
print outfile, "file_extraction_limit", limit, offset, len;
if ( double_it && ! doubled )
{
doubled = T;
print outfile, FileExtract::set_limit(f, args, max_extract*2);
}
if ( unlimit_it )
print outfile, FileExtract::set_limit(f, args, 0);
}
event bro_init()
{
outfile = open(fmt("%s.out", efname));
}

76
testing/btest/scripts/base/files/unified2/alert.bro Normal file
View file

@ -0,0 +1,76 @@
# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2
# @TEST-EXEC: btest-diff unified2.log
@TEST-START-FILE sid_msg.map
2003058 || ET MALWARE 180solutions (Zango) Spyware Installer Download || url,doc.emergingthreats.net/bin/view/Main/2003058 || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2012647 || ET POLICY Dropbox.com Offsite File Backup in Use || url,dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ || url,www.dropbox.com
@TEST-END-FILE
@TEST-START-FILE gen_msg.map
1 || 1 || snort general alert
2 || 1 || tag: Tagged Packet
3 || 1 || snort dynamic alert
100 || 1 || spp_portscan: Portscan Detected
100 || 2 || spp_portscan: Portscan Status
100 || 3 || spp_portscan: Portscan Ended
101 || 1 || spp_minfrag: minfrag alert
@TEST-END-FILE
@TEST-START-FILE classification.config
#
# config classification:shortname,short description,priority
#
#Traditional classifications. These will be replaced soon
config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information Leak,2
config classification: attempted-dos,Attempted Denial of Service,2
config classification: successful-dos,Denial of Service,2
config classification: attempted-user,Attempted User Privilege Gain,1
config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
config classification: successful-user,Successful User Privilege Gain,1
config classification: attempted-admin,Attempted Administrator Privilege Gain,1
config classification: successful-admin,Successful Administrator Privilege Gain,1
config classification: rpc-portmap-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable Code was Detected,1
config classification: string-detect,A Suspicious String was Detected,3
config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2
config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2
config classification: system-call-detect,A System Call was Detected,2
config classification: tcp-connection,A TCP Connection was Detected,4
config classification: trojan-activity,A Network Trojan was Detected, 1
config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: inappropriate-content,Inappropriate Content was Detected,1
config classification: policy-violation,Potential Corporate Privacy Violation,1
config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2
@TEST-END-FILE
redef exit_only_after_terminate = T;
@load base/files/unified2
redef Unified2::sid_msg = @DIR+"/sid_msg.map";
redef Unified2::gen_msg = @DIR+"/gen_msg.map";
redef Unified2::classification_config = @DIR+"/classification.config";
global i = 0;
event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet)
{
++i;
if ( i == 2 )
terminate();
}

4
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -50,13 +50,13 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
print outfile, to_count(servers[-42]$ns); # try to actually use a string. If null-termination is wrong this will fail.
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/bignumber.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -31,12 +31,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/binary.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -39,6 +39,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, a: string, b
try = try + 1;
if ( try == 3 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -49,5 +50,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

2
testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log

4
testing/btest/scripts/base/frameworks/input/emptyvals.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -34,12 +34,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -39,12 +39,12 @@ event bro_init()
{
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, "End-of-data";
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/invalidnumbers.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
@ -35,11 +35,11 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
terminate();
}

4
testing/btest/scripts/base/frameworks/input/invalidtext.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
@ -33,11 +33,11 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
terminate();
}

Some files were not shown because too many files have changed in this diff Show more