Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote branch 'origin/master' into topic/bernhard/hyperloglog

Browse source 
Conflicts:
	src/3rdparty
This commit is contained in:
Bernhard Amann 2013-08-26 12:53:13 -07:00
commit 74f96d22ef
232 changed files with 9163 additions and 148274 deletions
Download patch file Download diff file Expand all files Collapse all files

44
testing/btest/scripts/base/files/extract/limit.bro Normal file
View file

@ -0,0 +1,44 @@
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=1
# @TEST-EXEC: btest-diff extract_files/1
# @TEST-EXEC: btest-diff 1.out
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=3000 efname=2 double_it=T
# @TEST-EXEC: btest-diff extract_files/2
# @TEST-EXEC: btest-diff 2.out
# @TEST-EXEC: bro -b -r $TRACES/ftp/retr.trace %INPUT max_extract=7000 efname=3 unlimit_it=T
# @TEST-EXEC: btest-diff extract_files/3
# @TEST-EXEC: btest-diff 3.out
@load base/files/extract
@load base/protocols/ftp
global outfile: file;
const max_extract: count = 0 &redef;
const double_it: bool = F &redef;
const unlimit_it: bool = F &redef;
const efname: string = "0" &redef;
global doubled: bool = F;
event file_new(f: fa_file)
{
Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
[$extract_filename=efname, $extract_limit=max_extract]);
}
event file_extraction_limit(f: fa_file, args: any, limit: count, offset: count, len: count)
{
print outfile, "file_extraction_limit", limit, offset, len;
if ( double_it && ! doubled )
{
doubled = T;
print outfile, FileExtract::set_limit(f, args, max_extract*2);
}
if ( unlimit_it )
print outfile, FileExtract::set_limit(f, args, 0);
}
event bro_init()
{
outfile = open(fmt("%s.out", efname));
}

76
testing/btest/scripts/base/files/unified2/alert.bro Normal file
View file

@ -0,0 +1,76 @@
# @TEST-EXEC: bro -b %INPUT Unified2::watch_file=$FILES/unified2.u2
# @TEST-EXEC: btest-diff unified2.log
@TEST-START-FILE sid_msg.map
2003058 || ET MALWARE 180solutions (Zango) Spyware Installer Download || url,doc.emergingthreats.net/bin/view/Main/2003058 || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html
2012647 || ET POLICY Dropbox.com Offsite File Backup in Use || url,dereknewton.com/2011/04/dropbox-authentication-static-host-ids/ || url,www.dropbox.com
@TEST-END-FILE
@TEST-START-FILE gen_msg.map
1 || 1 || snort general alert
2 || 1 || tag: Tagged Packet
3 || 1 || snort dynamic alert
100 || 1 || spp_portscan: Portscan Detected
100 || 2 || spp_portscan: Portscan Status
100 || 3 || spp_portscan: Portscan Ended
101 || 1 || spp_minfrag: minfrag alert
@TEST-END-FILE
@TEST-START-FILE classification.config
#
# config classification:shortname,short description,priority
#
#Traditional classifications. These will be replaced soon
config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information Leak,2
config classification: attempted-dos,Attempted Denial of Service,2
config classification: successful-dos,Denial of Service,2
config classification: attempted-user,Attempted User Privilege Gain,1
config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
config classification: successful-user,Successful User Privilege Gain,1
config classification: attempted-admin,Attempted Administrator Privilege Gain,1
config classification: successful-admin,Successful Administrator Privilege Gain,1
config classification: rpc-portmap-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable Code was Detected,1
config classification: string-detect,A Suspicious String was Detected,3
config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2
config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2
config classification: system-call-detect,A System Call was Detected,2
config classification: tcp-connection,A TCP Connection was Detected,4
config classification: trojan-activity,A Network Trojan was Detected, 1
config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: inappropriate-content,Inappropriate Content was Detected,1
config classification: policy-violation,Potential Corporate Privacy Violation,1
config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2
@TEST-END-FILE
redef exit_only_after_terminate = T;
@load base/files/unified2
redef Unified2::sid_msg = @DIR+"/sid_msg.map";
redef Unified2::gen_msg = @DIR+"/gen_msg.map";
redef Unified2::classification_config = @DIR+"/classification.config";
global i = 0;
event Unified2::alert(f: fa_file, ev: Unified2::IDSEvent, pkt: Unified2::Packet)
{
++i;
if ( i == 2 )
terminate();
}

4
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -50,13 +50,13 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
print outfile, to_count(servers[-42]$ns); # try to actually use a string. If null-termination is wrong this will fail.
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/bignumber.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -31,12 +31,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/binary.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@ -39,6 +39,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, a: string, b
try = try + 1;
if ( try == 3 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -49,5 +50,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

2
testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log

4
testing/btest/scripts/base/frameworks/input/emptyvals.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -34,12 +34,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -39,12 +39,12 @@ event bro_init()
{
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, "End-of-data";
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/invalidnumbers.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
@ -35,11 +35,11 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
terminate();
}

4
testing/btest/scripts/base/frameworks/input/invalidtext.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
@ -33,11 +33,11 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
terminate();
}

1
testing/btest/scripts/base/frameworks/input/missing-file.bro
View file

@ -23,5 +23,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="does-not-exist.dat", $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

4
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -32,12 +32,12 @@ event bro_init()
{
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
{
print outfile, servers;
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -32,12 +32,12 @@ event bro_init()
{
outfile = open("../out");
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
{
print outfile, servers;
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/optional.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -42,12 +42,12 @@ event bro_init()
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; }
]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
{
print outfile, servers;
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -37,7 +37,6 @@ event bro_init()
print outfile, servers[1.2.3.5];
if ( 1.2.3.6 in servers )
print outfile, servers[1.2.3.6];
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
@ -45,6 +44,7 @@ event Input::end_of_data(name: string, source: string)
print outfile, servers[1.2.3.4];
print outfile, servers[1.2.3.5];
print outfile, servers[1.2.3.6];
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
#
# only difference from predicate.bro is, that this one uses a stream source.
@ -59,6 +59,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
Input::remove("input");
close(outfile);
terminate();
}
@ -71,6 +72,5 @@ event bro_init()
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}

4
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -41,7 +41,6 @@ event bro_init()
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
@ -60,6 +59,7 @@ event Input::end_of_data(name: string, source: string)
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/predicatemodify.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -45,12 +45,12 @@ event bro_init()
return T;
}
]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
{
print outfile, servers;
Input::remove("input");
close(outfile);
terminate();
}

2
testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro
View file

@ -8,7 +8,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
#

4
testing/btest/scripts/base/frameworks/input/predicaterefusesecondsamerecord.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
# Ok, this one tests a fun case.
@ -42,12 +42,12 @@ event bro_init()
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = { if ( right$confidence > 90 ) { return T; } return F; }
]);
Input::remove("input");
}
event Input::end_of_data(name: string, source: string)
{
print outfile, servers;
Input::remove("input");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/raw/basic.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -32,6 +32,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
try = try + 1;
if ( try == 8 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -42,5 +43,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

4
testing/btest/scripts/base/frameworks/input/raw/execute.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
# @TEST-EXEC: btest-diff out
@ -27,6 +27,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
print outfile, description;
print outfile, tpe;
print outfile, s;
Input::remove("input");
close(outfile);
terminate();
}
@ -35,5 +36,4 @@ event bro_init()
{
outfile = open("../out.tmp");
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

57
testing/btest/scripts/base/frameworks/input/raw/executestdin.bro
View file

@ -1,13 +1,19 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 15
# @TEST-EXEC: btest-diff test.txt
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
redef exit_only_after_terminate = T;
@load base/frameworks/communication # let network-time run. otherwise there are no heartbeats...
global outfile: file;
global try: count;
global processes_finished: count = 0;
global n: count = 0;
global total_processes: count = 0;
global config_strings: table[string] of string = {
["stdin"] = "hello\nthere\1\2\3\4\5\1\2\3yay"
};
module A;
@ -17,27 +23,46 @@ type Val: record {
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, tpe, description$source, description$name;
print outfile, s;
try = try + 1;
if ( try == 2 )
}
event InputRaw::process_finished(name: string, source:string, exit_code:count, signal_exit:bool)
{
print "process_finished", name, source;
Input::remove(name);
++processes_finished;
if ( processes_finished == total_processes )
{
Input::remove("input2");
close(outfile);
terminate();
}
}
function more_input(name_prefix: string)
{
local name = fmt("%s%d", name_prefix, n);
config_strings["stdin"] += fmt("%d", n);
++n;
++total_processes;
Input::add_event([$source="cat |",
$reader=Input::READER_RAW, $mode=Input::STREAM,
$name=name, $fields=Val, $ev=line, $want_record=F,
$config=config_strings]);
}
event bro_init()
{
local config_strings: table[string] of string = {
["stdin"] = "hello\nthere\1\2\3\4\5\1\2\3yay"
#["stdin"] = "yay"
};
try = 0;
outfile = open("../out");
Input::add_event([$source="cat > ../test.txt |", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F, $config=config_strings]);
Input::add_event([$source="cat |", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input2", $fields=Val, $ev=line, $want_record=F, $config=config_strings]);
++total_processes;
Input::add_event([$source="cat > ../test.txt |",
$reader=Input::READER_RAW, $mode=Input::STREAM,
$name="input", $fields=Val, $ev=line, $want_record=F,
$config=config_strings]);
more_input("input");
more_input("input");
more_input("input");
more_input("input");
more_input("input");
}

2
testing/btest/scripts/base/frameworks/input/raw/executestream.bro
View file

@ -4,7 +4,7 @@
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;

4
testing/btest/scripts/base/frameworks/input/raw/long.bro
View file

@ -1,6 +1,6 @@
# @TEST-EXEC: dd if=/dev/zero of=input.log bs=8193 count=1
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
#
# this test should be longer than one block-size. to test behavior of input-reader if it has to re-allocate stuff.
@ -23,6 +23,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
try = try + 1;
if ( try == 1 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -33,5 +34,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::remove("input");
}

4
testing/btest/scripts/base/frameworks/input/raw/rereadraw.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -32,6 +32,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
try = try + 1;
if ( try == 16 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -43,5 +44,4 @@ event bro_init()
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::force_update("input");
Input::remove("input");
}

15
testing/btest/scripts/base/frameworks/input/raw/stderr.bro
View file

@ -1,8 +1,9 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;
@load base/frameworks/communication # let network-time run. otherwise there are no heartbeats...
type Val: record {
s: string;
@ -37,12 +38,15 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string, i
}
}
global n = 0;
event Input::end_of_data(name: string, source:string)
{
print outfile, "End of Data event";
print outfile, name;
terminate(); # due to the current design, end_of_data will be called after process_finshed and all line events.
# this could potentially change
++n;
if ( n == 2 )
terminate();
}
event InputRaw::process_finished(name: string, source:string, exit_code:count, signal_exit:bool)
@ -51,6 +55,9 @@ event InputRaw::process_finished(name: string, source:string, exit_code:count, s
print outfile, name;
if ( exit_code != 0 )
print outfile, "Exit code != 0";
++n;
if ( n == 2 )
terminate();
}
event bro_init()
@ -62,5 +69,5 @@ event bro_init()
outfile = open("../out");
try = 0;
Input::add_event([$source="ls .. ../nonexistant ../nonexistant2 ../nonexistant3 |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F, $config=config_strings]);
Input::add_event([$source="ls .. ../nonexistant ../nonexistant2 ../nonexistant3 |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F, $config=config_strings, $mode=Input::STREAM]);
}

2
testing/btest/scripts/base/frameworks/input/raw/streamraw.bro
View file

@ -4,7 +4,7 @@
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;

6
testing/btest/scripts/base/frameworks/input/repeat.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
@ -36,10 +36,7 @@ event bro_init()
try = 0;
outfile = open("../out");
for ( i in one_to_32 )
{
Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
Input::remove(fmt("input%d", i));
}
}
event Input::end_of_data(name: string, source: string)
@ -47,6 +44,7 @@ event Input::end_of_data(name: string, source: string)
print outfile, name;
print outfile, source;
print outfile, destination;
Input::remove(name);
try = try + 1;
if ( try == 32 )
{

2
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -8,7 +8,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log

4
testing/btest/scripts/base/frameworks/input/set.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
@ -32,12 +32,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/setseparator.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
@ -32,12 +32,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/setspecialcases.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
@ -36,12 +36,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

2
testing/btest/scripts/base/frameworks/input/sqlite/basic.bro
View file

@ -3,7 +3,7 @@
#
# @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE conn.sql

4
testing/btest/scripts/base/frameworks/input/sqlite/error.bro
View file

@ -3,7 +3,7 @@
# @TEST-GROUP: sqlite
#
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: sed '1d' .stderr | sort > cmpfile
# @TEST-EXEC: btest-diff cmpfile
@ -93,6 +93,6 @@ event bro_init()
Input::add_event([$source="../ssh", $name="ssh", $fields=SSH::Log, $ev=line, $reader=Input::READER_SQLITE, $want_record=T, $config=config_strings]);
Input::add_event([$source="../ssh", $name="ssh2", $fields=SSH::Log, $ev=line, $reader=Input::READER_SQLITE, $want_record=T, $config=config_strings2]);
schedule +1secs { term_me() };
schedule +3secs { term_me() };
}

2
testing/btest/scripts/base/frameworks/input/sqlite/port.bro
View file

@ -3,7 +3,7 @@
#
# @TEST-EXEC: cat port.sql | sqlite3 port.sqlite
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE port.sql

2
testing/btest/scripts/base/frameworks/input/sqlite/types.bro
View file

@ -3,7 +3,7 @@
# @TEST-GROUP: sqlite
#
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE ssh.sql

2
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -4,7 +4,7 @@
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log

4
testing/btest/scripts/base/frameworks/input/subrecord-event.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -58,6 +58,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, value: Val)
try = try + 1;
if ( try == 1 )
{
Input::remove("ssh");
close(outfile);
terminate();
}
@ -68,5 +69,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="ssh", $fields=Val, $ev=line, $want_record=T]);
Input::remove("ssh");
}

4
testing/btest/scripts/base/frameworks/input/subrecord.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -56,12 +56,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

4
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -41,6 +41,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
try = try + 1;
if ( try == 7 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -51,5 +52,4 @@ event bro_init()
try = 0;
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::remove("input");
}

2
testing/btest/scripts/base/frameworks/input/twotables.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 5
# @TEST-EXEC: cp input3.log input.log
# @TEST-EXEC: btest-bg-wait -k 10
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff event.out
# @TEST-EXEC: btest-diff pred1.out
# @TEST-EXEC: btest-diff pred2.out

4
testing/btest/scripts/base/frameworks/input/unsupported_types.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -50,12 +50,12 @@ event bro_init()
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
event Input::end_of_data(name: string, source:string)
{
print outfile, servers;
Input::remove("ssh");
close(outfile);
terminate();
}

9
testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

8
testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.bro Normal file
View file

@ -0,0 +1,8 @@
#
# @TEST-EXEC: bro -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_read.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

9
testing/btest/scripts/base/protocols/dnp3/dnp3_write.bro Normal file
View file

@ -0,0 +1,9 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.bro >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#

266
testing/btest/scripts/base/protocols/dnp3/events.bro Normal file
View file

@ -0,0 +1,266 @@
#
# @TEST-EXEC: bro -r $TRACES/dnp3/dnp3.trace %INPUT >output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered
# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total
# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff dnp3.log
#
event dnp3_application_request_header(c: connection, is_orig: bool, fc: count)
{
print "dnp3_application_request_header", is_orig, fc;
}
event dnp3_application_response_header(c: connection, is_orig: bool, fc: count, iin: count)
{
print "dnp3_application_response_header", is_orig, fc, iin;
}
event dnp3_object_header(c: connection, is_orig: bool, obj_type: count, qua_field: count, number: count, rf_low: count, rf_high: count)
{
print "dnp3_object_header", is_orig, obj_type, qua_field, number, rf_low, rf_high;
}
event dnp3_object_prefix(c: connection, is_orig: bool, prefix_value: count)
{
print "dnp3_object_prefix", is_orig, prefix_value;
}
event dnp3_header_block(c: connection, is_orig: bool, start: count, len: count, ctrl: count, dest_addr: count, src_addr: count)
{
print "dnp3_header_block", is_orig, start, len, ctrl, dest_addr, src_addr;
}
event dnp3_response_data_object(c: connection, is_orig: bool, data_value: count)
{
print "dnp3_response_data_object", is_orig, data_value;
}
event dnp3_attribute_common(c: connection, is_orig: bool, data_type_code: count, leng: count, attribute_obj: string)
{
print "dnp3_attribute_common", is_orig, data_type_code, leng, attribute_obj;
}
event dnp3_crob(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)
{
print "dnp3_crob", is_orig, control_code, count8, on_time, off_time, status_code;
}
event dnp3_pcb(c: connection, is_orig: bool, control_code: count, count8: count, on_time: count, off_time: count, status_code: count)
{
print "dnp3_pcb", is_orig, control_code, count8, on_time, off_time, status_code;
}
event dnp3_counter_32wFlag(c: connection, is_orig: bool, flag: count, count_value: count)
{
print "dnp3_counter_32wFlag", is_orig, flag, count_value;
}
event dnp3_counter_16wFlag(c: connection, is_orig: bool, flag: count, count_value: count)
{
print "dnp3_counter_16wFlag", is_orig, flag, count_value;
}
event dnp3_counter_32woFlag(c: connection, is_orig: bool, count_value: count)
{
print "dnp3_counter_32woFlag", is_orig, count_value;
}
event dnp3_counter_16woFlag(c: connection, is_orig: bool, count_value: count)
{
print "dnp3_counter_16woFlag", is_orig, count_value;
}
event dnp3_frozen_counter_32wFlag(c: connection, is_orig: bool, flag:count, count_value: count)
{
print "dnp3_frozen_counter_32wFlag", is_orig, flag;
}
event dnp3_frozen_counter_16wFlag(c: connection, is_orig: bool, flag:count, count_value: count)
{
print "dnp3_frozen_counter_16wFlag", is_orig, flag;
}
event dnp3_frozen_counter_32wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
{
print "dnp3_frozen_counter_32wFlagTime", is_orig, flag;
}
event dnp3_frozen_counter_16wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
{
print "dnp3_frozen_counter_16wFlagTime", is_orig, flag;
}
event dnp3_frozen_counter_32woFlag(c: connection, is_orig: bool, count_value: count)
{
print "dnp3_frozen_counter_32woFlag", is_orig, count_value;
}
event dnp3_frozen_counter_16woFlag(c: connection, is_orig: bool, count_value: count)
{
print "dnp3_frozen_counter_16woFlag", is_orig, count_value;
}
event dnp3_analog_input_32wFlag(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_32wFlag", is_orig, flag, value;
}
event dnp3_analog_input_16wFlag(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_16wFlag", is_orig, flag, value;
}
event dnp3_analog_input_32woFlag(c: connection, is_orig: bool, value: count)
{
print "dnp3_analog_input_32woFlag", is_orig, value;
}
event dnp3_analog_input_16woFlag(c: connection, is_orig: bool, value: count)
{
print "dnp3_analog_input_16woFlag", is_orig, value;
}
event dnp3_analog_input_SPwFlag(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_SPwFlag", is_orig, flag, value;
}
event dnp3_analog_input_DPwFlag(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)
{
print "dnp3_analog_input_DPwFlag", is_orig, flag, value_low, value_high;
}
event dnp3_frozen_analog_input_32wFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_32wFlag", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_16wFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_16wFlag", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
{
print "dnp3_frozen_analog_input_32wTime", is_orig, flag, frozen_value, time48;
}
event dnp3_frozen_analog_input_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
{
print "dnp3_frozen_analog_input_16wTime", is_orig, flag, frozen_value, time48;
}
event dnp3_frozen_analog_input_32woFlag(c: connection, is_orig: bool, frozen_value: count)
{
print "dnp3_frozen_analog_input_32woFlag", is_orig, frozen_value;
}
event dnp3_frozen_analog_input_16woFlag(c: connection, is_orig: bool, frozen_value: count)
{
print "dnp3_frozen_analog_input_16woFlag", is_orig, frozen_value;
}
event dnp3_frozen_analog_input_SPwFlag(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_SPwFlag", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_DPwFlag(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)
{
print "dnp3_frozen_analog_input_DPwFlag", is_orig, flag, frozen_value_low, frozen_value_high;
}
event dnp3_analog_input_event_32woTime(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_event_32woTime", is_orig, flag, value;
}
event dnp3_analog_input_event_16woTime(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_event_16woTime", is_orig, flag, value;
}
event dnp3_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
{
print "dnp3_analog_input_event_32wTime", is_orig, flag, value, time48;
}
event dnp3_analog_input_16wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
{
print "dnp3_analog_input_event_16wTime", is_orig, flag, value, time48;
}
event dnp3_analog_inputSP_woTime(c: connection, is_orig: bool, flag: count, value: count)
{
print "dnp3_analog_input_event_SPwoTime", is_orig, flag, value;
}
event dnp3_analog_inputDP_woTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count)
{
print "dnp3_analog_input_event_DPwoTime", is_orig, flag, value_low, value_high;
}
event dnp3_analog_inputSP_wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
{
print "dnp3_analog_input_event_SPwTime", is_orig, flag, value, time48;
}
event dnp3_analog_inputDP_wTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: string)
{
print "dnp3_analog_input_event_DPwTime", is_orig, flag, value_low, value_high, time48;
}
event dnp3_frozen_analog_input_event_32woTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_event_32woTime", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_event_16woTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_event_16woTime", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
{
print "dnp3_frozen_analog_input_event_32wTime", is_orig, flag, frozen_value, time48;
}
event dnp3_frozen_analog_input_event_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
{
print "dnp3_frozen_analog_input_event_16wTime", is_orig, flag, frozen_value, time48;
}
event dnp3_frozen_analog_input_event_SPwoTime(c: connection, is_orig: bool, flag: count, frozen_value: count)
{
print "dnp3_frozen_analog_input_event_SPwoTime", is_orig, flag, frozen_value;
}
event dnp3_frozen_analog_input_event_DPwoTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count)
{
print "dnp3_frozen_analog_input_event_DPwoTime", is_orig, flag, frozen_value_low, frozen_value_high;
}
event dnp3_frozen_analog_input_event_SPwTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
{
print "dnp3_frozen_analog_inputeventSP_wTime", is_orig, flag, frozen_value, time48;
}
event dnp3_frozen_analog_input_event_DPwTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: string)
{
print "dnp3_frozen_analog_inputeventDP_wTime", is_orig, flag, frozen_value_low, frozen_value_high, time48;
}
event dnp3_file_transport(c: connection, is_orig: bool, file_handle: count, block_num: count, file_data: string)
{
print "dnp3_file_transport", is_orig, file_handle, block_num;
print hexdump(file_data);
}
event dnp3_debug_byte(c: connection, is_orig: bool, debug: string)
{
print "dnp3_debug_byte", is_orig, debug;
}