From 7967a5b0aa680e97aae6a7dea3280d1b01557220 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Sat, 8 Aug 2020 00:54:50 -0700 Subject: [PATCH] General btest cleanup - Use `-b` most everywhere, it will save time. - Start some intel tests upon the input file being fully read instead of at an arbitrary time. - Improve termination condition for some sumstats/cluster tests. - Filter uninteresting output from some supervisor tests. - Test for `notice_policy.log` is no longer needed. --- .../conn.log | 8 +-- .../alarm-mail.txt | 2 +- .../weird.log | 10 +-- .../weird.log | 6 +- .../scripts.base.protocols.ntp.ntp3/ntp.log | 64 +++++++++---------- .../smtp.log | 8 +-- .../btest/bifs/get_current_packet_header.zeek | 2 +- testing/btest/bifs/hll_cardinality.zeek | 2 +- testing/btest/bifs/hll_cluster.zeek | 17 +++-- .../btest/bifs/install_src_addr_filter.test | 2 +- testing/btest/bifs/net_stats_trace.test | 2 +- testing/btest/bifs/reading_traces.zeek | 2 +- testing/btest/bifs/unique_id-pools.zeek | 4 +- testing/btest/bifs/x509_verify.zeek | 4 +- .../broker/store/brokerstore-attr-simple.zeek | 4 +- .../store/brokerstore-backend-invalid.zeek | 2 +- ...okerstore-backend-simple-incompatible.zeek | 10 +-- .../brokerstore-backend-simple-reverse.zeek | 12 +++- .../store/brokerstore-backend-simple.zeek | 44 +++++++++++-- .../store/brokerstore-backend-sqlite.zeek | 12 ++-- testing/btest/core/bits_per_uid.zeek | 12 ++-- testing/btest/core/checksums.test | 40 ++++++------ testing/btest/core/conn-size-threshold.zeek | 2 +- testing/btest/core/conn-uid.zeek | 6 +- testing/btest/core/dns-init.zeek | 2 +- testing/btest/core/expr-exception.zeek | 2 +- testing/btest/core/history-flip.zeek | 4 +- testing/btest/core/ipv6-atomic-frag.test | 4 +- testing/btest/core/ipv6-frag.test | 4 +- testing/btest/core/load-prefixes.zeek | 2 +- testing/btest/core/nflog.zeek | 2 +- testing/btest/core/nop.zeek | 2 +- testing/btest/core/option-errors.zeek | 2 +- testing/btest/core/option-priorities.zeek | 2 +- testing/btest/core/option-redef.zeek | 2 +- testing/btest/core/option-runtime-errors.zeek | 2 +- testing/btest/core/pcap/dumper.zeek | 2 +- testing/btest/core/pcap/dynamic-filter.zeek | 7 +- testing/btest/core/pcap/input-error.zeek | 4 +- testing/btest/core/pcap/pseudo-realtime.zeek | 2 +- .../btest/core/pcap/suspend-processing.zeek | 2 +- testing/btest/core/q-in-q.zeek | 2 +- testing/btest/core/radiotap.zeek | 6 +- testing/btest/core/reassembly.zeek | 10 +-- testing/btest/core/recursive-event.zeek | 2 +- .../core/reporter-shutdown-order-errors.zeek | 4 +- testing/btest/core/tcp/miss-end-data.zeek | 6 +- testing/btest/core/tcp/missing-syn.zeek | 6 +- testing/btest/core/tcp/tcp-dups.zeek | 2 +- testing/btest/core/truncation.test | 20 +++--- testing/btest/core/tunnels/ayiya.test | 7 +- testing/btest/core/tunnels/gre-in-gre.test | 5 +- testing/btest/core/tunnels/gre-pptp.test | 7 +- testing/btest/core/tunnels/gre.test | 9 ++- .../core/tunnels/gtp/different_dl_and_ul.test | 7 +- .../btest/core/tunnels/gtp/ext_header.test | 4 +- .../btest/core/tunnels/gtp/inner_ipv6.test | 7 +- .../btest/core/tunnels/gtp/opt_header.test | 7 +- .../core/tunnels/gtp/pdp_ctx_messages.test | 4 +- .../btest/core/tunnels/ip-in-ip-version.zeek | 5 +- .../core/tunnels/teredo-known-services.test | 2 +- testing/btest/core/tunnels/teredo.zeek | 11 +++- .../tunnels/teredo_bubble_with_payload.test | 9 ++- testing/btest/core/tunnels/vxlan.zeek | 6 +- testing/btest/core/vector-assignment.zeek | 2 +- testing/btest/core/vlan-mpls.zeek | 6 +- testing/btest/core/wlanmon.zeek | 6 +- testing/btest/core/x509-generalizedtime.zeek | 7 +- testing/btest/doc/zeekygen/example.zeek | 2 +- testing/btest/language/expire-func-undef.zeek | 2 +- testing/btest/language/expire_func.test | 2 +- testing/btest/language/expire_subnet.test | 2 +- .../btest/language/init-in-anon-function.zeek | 4 +- testing/btest/language/on_change-recurse.test | 2 +- testing/btest/language/on_change.test | 2 +- testing/btest/language/on_change_expire.test | 2 +- testing/btest/language/when.zeek | 2 +- .../plugins/plugin-withpatchversion.zeek | 2 +- .../scripts/base/files/data_event/basic.zeek | 4 +- .../scripts/base/files/entropy/basic.test | 5 +- .../btest/scripts/base/files/pe/basic.test | 5 +- .../btest/scripts/base/files/x509/1999.test | 2 +- .../scripts/base/files/x509/caching-hook.test | 4 +- .../scripts/base/files/x509/caching.test | 4 +- .../x509/signed_certificate_timestamp.test | 2 +- .../signed_certificate_timestamp_ocsp.test | 4 +- .../frameworks/analyzer/disable-analyzer.zeek | 13 ++-- .../frameworks/analyzer/enable-analyzer.zeek | 2 +- .../analyzer/register-for-port.zeek | 4 +- .../cluster/custom_pool_exclusivity.zeek | 8 ++- .../cluster/custom_pool_limits.zeek | 8 ++- .../base/frameworks/cluster/forwarding.zeek | 12 ++-- .../frameworks/cluster/log_distribution.zeek | 10 +-- .../cluster/start-it-up-logger.zeek | 16 +++-- .../base/frameworks/cluster/start-it-up.zeek | 14 ++-- .../cluster/topic_distribution.zeek | 10 +-- .../cluster/topic_distribution_bifs.zeek | 8 ++- .../base/frameworks/config/basic_cluster.zeek | 7 +- .../frameworks/config/cluster_resend.zeek | 8 +-- .../config/read_config_cluster.zeek | 9 ++- .../scripts/base/frameworks/config/weird.zeek | 4 +- .../control/configuration_update.zeek | 6 +- .../base/frameworks/control/id_value.zeek | 6 +- .../base/frameworks/control/shutdown.zeek | 6 +- .../file-analysis/actions/data_event.zeek | 4 +- .../bifs/file_exists_lookup_file.zeek | 4 +- .../bifs/register_mime_type.zeek | 6 +- .../file-analysis/bifs/remove_action.zeek | 4 +- .../bifs/set_timeout_interval.zeek | 6 +- .../frameworks/file-analysis/bifs/stop.zeek | 4 +- .../file-analysis/big-bof-buffer.zeek | 5 +- .../frameworks/file-analysis/byteranges.zeek | 2 +- .../base/frameworks/file-analysis/ftp.zeek | 4 +- .../frameworks/file-analysis/http/get.zeek | 6 +- .../file-analysis/http/multipart.zeek | 4 +- .../file-analysis/http/partial-content.zeek | 8 ++- .../file-analysis/http/pipeline.zeek | 4 +- .../frameworks/file-analysis/http/post.zeek | 4 +- .../base/frameworks/file-analysis/irc.zeek | 4 +- .../frameworks/file-analysis/logging.zeek | 4 +- .../base/frameworks/file-analysis/smtp.zeek | 5 +- .../input/missing-file-initially.zeek | 2 +- .../cluster-transparency-with-proxy.zeek | 11 ++-- .../intel/cluster-transparency.zeek | 9 ++- .../base/frameworks/intel/expire-item.zeek | 2 +- .../base/frameworks/intel/filter-item.zeek | 12 +++- .../frameworks/intel/input-and-match.zeek | 12 +++- .../base/frameworks/intel/match-subnet.zeek | 12 +++- .../intel/read-file-dist-cluster.zeek | 7 +- .../frameworks/intel/remove-item-cluster.zeek | 7 +- .../frameworks/intel/remove-non-existing.zeek | 9 ++- .../base/frameworks/intel/updated-match.zeek | 2 +- .../logging/ascii-escape-odd-url.zeek | 2 +- .../base/frameworks/logging/env-ext.test | 4 +- .../field-extension-cluster-error.zeek | 10 +-- .../logging/field-extension-cluster.zeek | 6 +- .../frameworks/logging/sqlite/wikipedia.zeek | 7 +- .../logging/writer-path-conflict.zeek | 3 +- .../frameworks/netcontrol/basic-cluster.zeek | 6 +- .../base/frameworks/netcontrol/basic.zeek | 2 +- .../netcontrol/delete-internal-state.zeek | 2 +- .../frameworks/netcontrol/find-rules.zeek | 2 +- .../base/frameworks/netcontrol/hook.zeek | 2 +- .../base/frameworks/netcontrol/multiple.zeek | 2 +- .../base/frameworks/netcontrol/openflow.zeek | 2 +- .../frameworks/netcontrol/packetfilter.zeek | 6 +- .../netcontrol/quarantine-openflow.zeek | 2 +- .../base/frameworks/notice/cluster.zeek | 9 ++- .../notice/default-policy-order.test | 10 --- .../base/frameworks/notice/mail-alarms.zeek | 4 +- .../notice/suppression-cluster.zeek | 41 ++++++++---- .../base/frameworks/openflow/log-basic.zeek | 2 +- .../base/frameworks/openflow/ryu-basic.zeek | 2 +- .../frameworks/packet-filter/bad-filter.test | 2 +- .../frameworks/reporter/disable-stderr.zeek | 2 +- .../base/frameworks/reporter/stderr.zeek | 2 +- .../frameworks/software/version-parsing.zeek | 4 +- .../frameworks/sumstats/basic-cluster.zeek | 16 +++-- .../base/frameworks/sumstats/basic.zeek | 6 +- .../sumstats/cluster-intermediate-update.zeek | 9 ++- .../frameworks/sumstats/last-cluster.zeek | 9 ++- .../sumstats/on-demand-cluster.zeek | 31 +++++---- .../base/frameworks/sumstats/on-demand.zeek | 4 +- .../frameworks/sumstats/sample-cluster.zeek | 16 +++-- .../base/frameworks/sumstats/sample.zeek | 4 +- .../frameworks/sumstats/thresholding.zeek | 5 +- .../frameworks/sumstats/topk-cluster.zeek | 18 ++++-- .../base/frameworks/sumstats/topk.zeek | 4 +- .../base/misc/find-filtered-trace.test | 6 +- .../btest/scripts/base/protocols/arp/bad.test | 2 +- .../scripts/base/protocols/arp/basic.test | 2 +- .../scripts/base/protocols/arp/radiotap.test | 2 +- .../scripts/base/protocols/arp/wlanmon.test | 2 +- .../conn/contents-default-extract.test | 2 +- .../conn/new_connection_contents.zeek | 2 +- .../base/protocols/conn/threshold-delete.zeek | 4 +- .../base/protocols/conn/threshold.zeek | 4 +- .../protocols/dhcp/dhcp-ack-msg-types.btest | 4 +- .../protocols/dhcp/dhcp-all-msg-types.btest | 4 +- .../dhcp/dhcp-discover-msg-types.btest | 4 +- .../base/protocols/dhcp/dhcp-sub-opts.btest | 4 +- .../scripts/base/protocols/dhcp/inform.test | 4 +- .../base/protocols/dnp3/dnp3_del_measure.zeek | 2 +- .../base/protocols/dnp3/dnp3_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_del.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_file_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_link_only.zeek | 2 +- .../base/protocols/dnp3/dnp3_read.zeek | 2 +- .../base/protocols/dnp3/dnp3_rec_time.zeek | 2 +- .../protocols/dnp3/dnp3_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_en_spon.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_read.zeek | 2 +- .../dnp3/dnp3_udp_select_operate.zeek | 2 +- .../base/protocols/dnp3/dnp3_udp_write.zeek | 2 +- .../base/protocols/dnp3/dnp3_write.zeek | 2 +- .../scripts/base/protocols/dnp3/events.zeek | 4 +- .../btest/scripts/base/protocols/dns/caa.zeek | 4 +- .../base/protocols/dns/dns-edns-ecs.zeek | 4 +- .../scripts/base/protocols/dns/dns-key.zeek | 2 +- .../scripts/base/protocols/dns/dnskey.zeek | 4 +- .../btest/scripts/base/protocols/dns/ds.zeek | 4 +- .../protocols/dns/duplicate-reponses.zeek | 2 +- .../scripts/base/protocols/dns/flip.zeek | 2 +- .../scripts/base/protocols/dns/huge-ttl.zeek | 4 +- .../protocols/dns/multiple-txt-strings.zeek | 2 +- .../scripts/base/protocols/dns/nsec.zeek | 2 +- .../scripts/base/protocols/dns/nsec3.zeek | 2 +- .../scripts/base/protocols/dns/rrsig.zeek | 4 +- .../scripts/base/protocols/dns/tsig.zeek | 4 +- .../base/protocols/dns/zero-responses.zeek | 4 +- .../base/protocols/ftp/bad-adat-encoding.zeek | 5 +- .../base/protocols/ftp/cwd-navigation.zeek | 6 +- .../base/protocols/ftp/ftp-get-file-size.zeek | 4 +- .../scripts/base/protocols/ftp/ftp-ipv4.zeek | 5 +- .../scripts/base/protocols/ftp/ftp-ipv6.zeek | 5 +- .../http/content-range-gap-skip.zeek | 4 +- .../protocols/http/content-range-gap.zeek | 5 +- .../http/content-range-less-than-len.zeek | 5 +- .../base/protocols/http/entity-gap.zeek | 5 +- .../base/protocols/http/entity-gap2.zeek | 5 +- .../protocols/http/fake-content-length.zeek | 2 +- .../http/http-bad-request-with-version.zeek | 4 +- .../http/http-connect-with-header.zeek | 3 +- .../base/protocols/http/http-connect.zeek | 2 +- .../base/protocols/http/http-filename.zeek | 6 +- .../base/protocols/http/http-header-crlf.zeek | 7 +- .../base/protocols/http/http-methods.zeek | 7 +- .../base/protocols/http/http-pipelining.zeek | 4 +- .../protocols/http/missing-zlib-header.zeek | 4 +- .../protocols/http/multipart-extract.zeek | 5 +- .../protocols/http/multipart-file-limit.zeek | 6 +- .../scripts/base/protocols/http/no-uri.zeek | 4 +- .../base/protocols/http/no-version.zeek | 3 +- .../protocols/http/percent-end-of-line.zeek | 4 +- .../scripts/base/protocols/http/x-gzip.zeek | 2 +- .../scripts/base/protocols/irc/basic.test | 6 +- .../scripts/base/protocols/irc/events.test | 8 ++- .../scripts/base/protocols/irc/longline.test | 4 +- .../base/protocols/irc/names-weird.zeek | 5 +- .../base/protocols/krb/krb-service-name.test | 6 +- .../base/protocols/krb/smb2_krb_nokeytab.test | 2 +- .../protocols/modbus/coil_parsing_big.zeek | 4 +- .../protocols/modbus/coil_parsing_small.zeek | 4 +- .../scripts/base/protocols/modbus/events.zeek | 6 +- .../protocols/modbus/register_parsing.zeek | 4 +- .../scripts/base/protocols/ncp/event.zeek | 2 +- .../base/protocols/ncp/frame_size_tuning.zeek | 2 +- .../base/protocols/ntp/ntp-digest.test | 2 +- .../btest/scripts/base/protocols/ntp/ntp.test | 2 +- .../scripts/base/protocols/ntp/ntp2.test | 2 +- .../scripts/base/protocols/ntp/ntp3.test | 2 +- .../scripts/base/protocols/ntp/ntpmode67.test | 2 +- .../rdp/rdp-client-cluster-data.zeek | 2 +- .../rdp/rdp-client-security-data.zeek | 2 +- .../rdp/rdp-native-encrypted-data.zeek | 2 +- .../rdp/rdp-proprietary-encryption.zeek | 2 +- .../base/protocols/rdp/rdp-to-ssl.zeek | 3 +- .../scripts/base/protocols/rdp/rdp-x509.zeek | 3 +- .../protocols/rdp/rdpeudp-handshake-fail.zeek | 4 +- .../rdp/rdpeudp-handshake-success.zeek | 4 +- .../rdp/rdpeudp2-handshake-success.zeek | 4 +- .../rfb/rfb-apple-remote-desktop.test | 2 +- .../base/protocols/rfb/vnc-mac-to-linux.test | 2 +- .../base/protocols/rfb/vnc-scanner.bro | 2 +- .../protocols/smb/smb2-write-response.test | 2 +- .../scripts/base/protocols/smtp/basic.test | 2 +- .../scripts/base/protocols/smtp/one-side.test | 2 +- .../scripts/base/protocols/smtp/starttls.test | 3 +- .../base/protocols/snmp/snmp-addr.zeek | 2 +- .../scripts/base/protocols/socks/trace3.test | 2 +- .../protocols/ssh/one-auth-fail-only.test | 4 +- .../base/protocols/ssl/common_name.test | 6 +- .../base/protocols/ssl/comp_methods.test | 4 +- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../btest/scripts/base/protocols/ssl/dhe.test | 4 +- .../base/protocols/ssl/dtls-stun-dpd.test | 5 +- .../scripts/base/protocols/ssl/dtls.test | 6 +- .../scripts/base/protocols/ssl/ecdhe.test | 5 +- .../scripts/base/protocols/ssl/ecdsa.test | 5 +- .../scripts/base/protocols/ssl/fragment.test | 4 +- .../base/protocols/ssl/keyexchange.test | 12 ++-- .../base/protocols/ssl/ocsp-stapling.test | 4 +- .../base/protocols/ssl/tls-1.2-ciphers.test | 4 +- .../ssl/tls-1.2-handshake-failure.test | 4 +- .../base/protocols/ssl/tls-1.2-random.test | 4 +- .../scripts/base/protocols/ssl/tls-1.2.test | 5 +- .../protocols/ssl/tls-extension-events.test | 8 ++- .../base/protocols/ssl/tls13-experiment.test | 4 +- .../base/protocols/ssl/tls13-version.test | 4 +- .../scripts/base/protocols/ssl/tls13.test | 14 ++-- .../scripts/base/protocols/ssl/tls1_1.test | 6 +- .../protocols/ssl/x509-invalid-extension.test | 4 +- .../base/protocols/ssl/x509_extensions.test | 5 +- .../base/protocols/syslog/missing-pri.zeek | 2 +- .../scripts/base/protocols/syslog/trace.test | 2 +- .../scripts/base/protocols/tcp/pending.zeek | 2 +- .../btest/scripts/base/utils/conn-ids.test | 5 +- .../base/utils/directions-and-hosts.test | 7 +- testing/btest/scripts/base/utils/files.test | 6 +- testing/btest/scripts/base/utils/json.test | 2 +- testing/btest/scripts/base/utils/numbers.test | 5 +- testing/btest/scripts/base/utils/paths.test | 5 +- testing/btest/scripts/base/utils/pattern.test | 5 +- testing/btest/scripts/base/utils/site.test | 5 +- testing/btest/scripts/base/utils/strings.test | 5 +- .../btest/scripts/base/utils/thresholds.test | 5 +- testing/btest/scripts/base/utils/urls.test | 5 +- .../policy/frameworks/files/extract-all.zeek | 2 +- .../policy/frameworks/intel/removal.zeek | 2 +- .../policy/frameworks/intel/seen/certs.zeek | 4 +- .../policy/frameworks/intel/seen/smb.zeek | 3 +- .../policy/frameworks/intel/seen/smtp.zeek | 3 +- .../policy/frameworks/intel/whitelisting.zeek | 4 +- .../catch-and-release-forgotten.zeek | 2 +- .../netcontrol/catch-and-release.zeek | 2 +- .../frameworks/software/vulnerable.zeek | 2 +- testing/btest/scripts/policy/misc/stats.zeek | 2 +- .../policy/misc/weird-stats-cluster.zeek | 7 +- .../scripts/policy/misc/weird-stats.zeek | 2 +- .../policy/protocols/conn/known-hosts.zeek | 8 +-- .../protocols/conn/known-services-multi.zeek | 5 +- .../protocols/conn/speculative-service.zeek | 8 ++- .../policy/protocols/conn/vlan-logging.zeek | 2 +- .../policy/protocols/dns/inverse-request.zeek | 2 +- .../policy/protocols/dns/original_case.zeek | 2 +- .../policy/protocols/http/flash-version.zeek | 2 +- .../policy/protocols/http/header-names.zeek | 3 +- .../http/test-sql-injection-regex.zeek | 2 +- .../protocols/ssh/detect-bruteforcing.zeek | 2 +- .../policy/protocols/ssl/expiring-certs.zeek | 2 +- .../protocols/ssl/extract-certs-pem.zeek | 2 +- .../policy/protocols/ssl/heartbleed.zeek | 10 +-- .../policy/protocols/ssl/known-certs.zeek | 2 +- .../protocols/ssl/log-hostcerts-only.zeek | 2 +- .../ssl/validate-certs-no-cache.zeek | 2 +- .../policy/protocols/ssl/validate-certs.zeek | 4 +- .../policy/protocols/ssl/validate-ocsp.zeek | 6 +- .../policy/protocols/ssl/validate-sct.zeek | 4 +- .../policy/protocols/ssl/weak-keys.zeek | 6 +- .../btest/signatures/bad-eval-condition.zeek | 2 +- testing/btest/signatures/dst-ip-cidr-v4.zeek | 2 +- testing/btest/signatures/eval-condition.zeek | 5 +- testing/btest/signatures/load-sigs.zeek | 2 +- .../udp-packetwise-insensitive.zeek | 2 +- .../signatures/udp-packetwise-match.zeek | 2 +- .../btest/signatures/udp-payload-size.zeek | 2 +- .../supervisor/output-redirect-hook.zeek | 2 +- testing/btest/supervisor/output-redirect.zeek | 2 +- testing/scripts/file-analysis-test.zeek | 2 +- 350 files changed, 1139 insertions(+), 638 deletions(-) delete mode 100644 testing/btest/scripts/base/frameworks/notice/default-policy-order.test diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log index e6a6ef559d..7de2e21fb8 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log @@ -3,12 +3,12 @@ #empty_field (empty) #unset_field - #path conn -#open 2020-07-22-05-02-04 +#open 2020-08-08-05-49-42 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1254722767.492060 CHhAvVGS1DHFjwGM9 10.10.1.4 56166 10.10.1.1 53 udp dns 0.034025 34 100 SF - - 0 Dd 1 62 1 128 - 1254722776.690444 C4J4Th3PJpwUYZZ6gc 10.10.1.20 138 10.10.1.255 138 udp - - - - S0 - - 0 D 1 229 0 0 - 1254722767.529046 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 tcp - 0.346950 0 0 S1 - - 0 Sh 1 48 1 48 - -1437831776.764391 CtPZjS20MLrsMUOJi2 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 - -1437831787.856895 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 tcp - 0.004707 0 0 S1 - - 0 Sh 1 64 1 60 - -#close 2020-07-22-05-02-04 +1437831776.764391 CUM0KZ3MLUfNB0cl11 192.168.133.100 49285 66.196.121.26 5050 tcp - 0.343008 41 0 OTH - - 0 Da 1 93 1 52 - +1437831787.856895 CtPZjS20MLrsMUOJi2 192.168.133.100 49648 192.168.133.102 25 tcp - 0.004707 0 0 S1 - - 0 Sh 1 64 1 60 - +#close 2020-08-08-05-49-42 diff --git a/testing/btest/Baseline/scripts.base.frameworks.notice.mail-alarms/alarm-mail.txt b/testing/btest/Baseline/scripts.base.frameworks.notice.mail-alarms/alarm-mail.txt index e69f1b2677..75696853d5 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.notice.mail-alarms/alarm-mail.txt +++ b/testing/btest/Baseline/scripts.base.frameworks.notice.mail-alarms/alarm-mail.txt @@ -1,4 +1,4 @@ -> 2005-10-07-23:23:55 Test_Notice 141.42.64.125:56730/tcp -> 125.190.109.199:80/tcp (uid ClEkJM2Vm5giqnMf4h) +> 2005-10-07-23:23:55 Test_Notice 141.42.64.125:56730/tcp -> 125.190.109.199:80/tcp (uid CHhAvVGS1DHFjwGM9) test # 141.42.64.125 = 125.190.109.199 = diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.longline/weird.log b/testing/btest/Baseline/scripts.base.protocols.irc.longline/weird.log index 67b7d6616e..b6298a5dec 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.longline/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.longline/weird.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path weird -#open 2019-06-07-02-00-46 +#open 2020-08-08-04-23-29 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string -1509735979.080381 CtPZjS20MLrsMUOJi2 127.0.0.1 50164 127.0.0.1 6667 contentline_size_exceeded - F zeek -1509735979.080381 CtPZjS20MLrsMUOJi2 127.0.0.1 50164 127.0.0.1 6667 irc_line_size_exceeded - F zeek -1509735981.241042 CtPZjS20MLrsMUOJi2 127.0.0.1 50164 127.0.0.1 6667 irc_invalid_command - F zeek -#close 2019-06-07-02-00-46 +1509735979.080381 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 contentline_size_exceeded - F zeek +1509735979.080381 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_line_size_exceeded - F zeek +1509735981.241042 CHhAvVGS1DHFjwGM9 127.0.0.1 50164 127.0.0.1 6667 irc_invalid_command - F zeek +#close 2020-08-08-04-23-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log b/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log index 959dd8febd..82f82027e9 100644 --- a/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path weird -#open 2019-06-07-02-00-46 +#open 2020-08-08-04-25-02 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string -1536797872.428637 ClEkJM2Vm5giqnMf4h 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F zeek -#close 2019-06-07-02-00-46 +1536797872.428637 CHhAvVGS1DHFjwGM9 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F zeek +#close 2020-08-08-04-25-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.ntp.ntp3/ntp.log b/testing/btest/Baseline/scripts.base.protocols.ntp.ntp3/ntp.log index 2f1c9cfbb2..7c8f12e52d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ntp.ntp3/ntp.log +++ b/testing/btest/Baseline/scripts.base.protocols.ntp.ntp3/ntp.log @@ -3,37 +3,37 @@ #empty_field (empty) #unset_field - #path ntp -#open 2019-06-16-00-50-01 +#open 2020-08-08-04-53-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version mode stratum poll precision root_delay root_disp ref_id ref_time org_time rec_time xmt_time num_exts #types time string addr port addr port count count count interval interval interval interval string time time time time count -1096255084.954975 ClEkJM2Vm5giqnMf4h 192.168.50.50 123 67.129.68.9 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.955306 C4J4Th3PJpwUYZZ6gc 192.168.50.50 123 69.44.57.60 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.955760 CtPZjS20MLrsMUOJi2 192.168.50.50 123 207.234.209.181 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.956155 CUM0KZ3MLUfNB0cl11 192.168.50.50 123 209.132.176.4 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.956577 CmES5u32sYpV7JYN 192.168.50.50 123 216.27.185.42 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.956975 CP5puj4I8PtEU4qzYg 192.168.50.50 123 24.34.79.42 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.957457 C37jN32gN3y3AZzyf6 192.168.50.50 123 24.123.202.230 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.957903 C3eiCBGOLw3VtHfOj 192.168.50.50 123 63.164.62.249 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.958625 CwjjYJ2WqgTbAqiHl6 192.168.50.50 123 64.112.189.11 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.959273 C0LAHyvtKSQHyJxIl 192.168.50.50 123 65.125.233.206 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 -1096255084.960065 CFLRIC3zaTU1loLGxh 192.168.50.50 123 66.33.206.5 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 -1096255084.960866 C9rXSW3KSpTYvPrlI1 192.168.50.50 123 66.33.216.11 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 -1096255084.961475 Ck51lg1bScffFj34Ri 192.168.50.50 123 66.92.68.246 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 -1096255084.962222 C9mvWx3ezztgzcexV7 192.168.50.50 123 66.111.46.200 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 -1096255084.962915 CNnMIj2QSd84NKf7U3 192.168.50.50 123 66.115.136.4 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 -1096255085.012029 C4J4Th3PJpwUYZZ6gc 192.168.50.50 123 69.44.57.60 123 3 2 3 1024.000000 0.000004 0.109238 0.081726 81.174.128.183 1096254668.551001 1096255084.922896 1096255083.809713 1096255083.809760 0 -1096255085.049280 C37jN32gN3y3AZzyf6 192.168.50.50 123 24.123.202.230 123 3 2 2 1024.000000 0.000001 0.030319 0.185547 198.30.92.2 1096252181.259041 1096255084.922896 1096255083.821124 1096255083.821134 0 -1096255085.092991 ClEkJM2Vm5giqnMf4h 192.168.50.50 123 67.129.68.9 123 3 2 2 1024.000000 0.000008 0.060455 7.464310 17.254.0.49 1095788645.064548 1096255084.922896 1096255083.848508 1096255083.848601 0 -1096255085.120557 C0LAHyvtKSQHyJxIl 192.168.50.50 123 65.125.233.206 123 3 2 2 1024.000000 0.000031 0.023254 0.012848 130.207.244.240 1096254901.858123 1096255084.922896 1096255083.828025 1096255083.828189 0 -1096255085.185955 C3eiCBGOLw3VtHfOj 192.168.50.50 123 63.164.62.249 123 3 2 2 1024.000000 0.000001 0.015015 0.037491 18.145.0.30 1096254668.213801 1096255084.922896 1096255083.829249 1096255083.829301 0 -1096255085.223026 CtPZjS20MLrsMUOJi2 192.168.50.50 123 207.234.209.181 123 3 2 3 1024.000000 0.000008 0.072678 0.035049 198.82.1.203 1096254326.189600 1096255084.922896 1096255083.824154 1096255083.824174 0 -1096255085.280949 Ck51lg1bScffFj34Ri 192.168.50.50 123 66.92.68.246 123 3 2 1 1024.000000 0.000015 0.000000 0.000320 GPS\x00 1096255078.223498 1096255084.932911 1096255083.836845 1096255083.836870 0 -1096255085.304774 CP5puj4I8PtEU4qzYg 192.168.50.50 123 24.34.79.42 123 3 2 2 1024.000000 0.000031 0.123322 0.039917 131.107.1.10 1096254970.010788 1096255084.922896 1096255083.825662 1096255083.825692 0 -1096255085.353360 CNnMIj2QSd84NKf7U3 192.168.50.50 123 66.115.136.4 123 3 2 2 1024.000000 0.000008 0.016632 0.028641 130.207.244.240 1096254406.517429 1096255084.932911 1096255083.853291 1096255083.853336 0 -1096255085.406368 CFLRIC3zaTU1loLGxh 192.168.50.50 123 66.33.206.5 123 3 2 2 1024.000000 0.000004 0.012360 0.022202 192.12.19.20 1096255027.694744 1096255084.932911 1096255083.850895 1096255083.850907 0 -1096255085.439833 C9rXSW3KSpTYvPrlI1 192.168.50.50 123 66.33.216.11 123 3 2 2 1024.000000 0.000001 0.009857 0.043747 204.123.2.72 1096254508.255586 1096255084.932911 1096255083.850965 1096255083.851024 0 -1096255085.480955 C9mvWx3ezztgzcexV7 192.168.50.50 123 66.111.46.200 123 3 2 2 1024.000000 0.000001 0.056396 0.062164 198.30.92.2 1096253376.841474 1096255084.932911 1096255083.847619 1096255083.847644 0 -1096255085.522297 CwjjYJ2WqgTbAqiHl6 192.168.50.50 123 64.112.189.11 123 3 2 2 1024.000000 0.000015 0.081268 0.029877 128.10.252.6 1096254706.140290 1096255084.922896 1096255083.850451 1096255083.850465 0 -1096255085.562197 CmES5u32sYpV7JYN 192.168.50.50 123 216.27.185.42 123 3 2 2 1024.000000 0.000004 0.029846 0.045456 164.67.62.194 1096254209.896379 1096255084.922896 1096255083.849099 1096255083.849269 0 -1096255085.599961 CUM0KZ3MLUfNB0cl11 192.168.50.50 123 209.132.176.4 123 3 2 1 1024.000000 0.000015 0.000000 0.000504 CDMA 1096255068.944018 1096255084.922896 1096255083.827772 1096255083.828313 0 -#close 2019-06-16-00-50-01 +1096255084.954975 CHhAvVGS1DHFjwGM9 192.168.50.50 123 67.129.68.9 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.955306 ClEkJM2Vm5giqnMf4h 192.168.50.50 123 69.44.57.60 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.955760 C4J4Th3PJpwUYZZ6gc 192.168.50.50 123 207.234.209.181 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.956155 CtPZjS20MLrsMUOJi2 192.168.50.50 123 209.132.176.4 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.956577 CUM0KZ3MLUfNB0cl11 192.168.50.50 123 216.27.185.42 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.956975 CmES5u32sYpV7JYN 192.168.50.50 123 24.34.79.42 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.957457 CP5puj4I8PtEU4qzYg 192.168.50.50 123 24.123.202.230 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.957903 C37jN32gN3y3AZzyf6 192.168.50.50 123 63.164.62.249 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.958625 C3eiCBGOLw3VtHfOj 192.168.50.50 123 64.112.189.11 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.959273 CwjjYJ2WqgTbAqiHl6 192.168.50.50 123 65.125.233.206 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.922896 0 +1096255084.960065 C0LAHyvtKSQHyJxIl 192.168.50.50 123 66.33.206.5 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 +1096255084.960866 CFLRIC3zaTU1loLGxh 192.168.50.50 123 66.33.216.11 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 +1096255084.961475 C9rXSW3KSpTYvPrlI1 192.168.50.50 123 66.92.68.246 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 +1096255084.962222 Ck51lg1bScffFj34Ri 192.168.50.50 123 66.111.46.200 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 +1096255084.962915 C9mvWx3ezztgzcexV7 192.168.50.50 123 66.115.136.4 123 3 1 0 1024.000000 0.015625 0.000000 1.010010 \x00\x00\x00\x00 0.000000 0.000000 0.000000 1096255084.932911 0 +1096255085.012029 ClEkJM2Vm5giqnMf4h 192.168.50.50 123 69.44.57.60 123 3 2 3 1024.000000 0.000004 0.109238 0.081726 81.174.128.183 1096254668.551001 1096255084.922896 1096255083.809713 1096255083.809760 0 +1096255085.049280 CP5puj4I8PtEU4qzYg 192.168.50.50 123 24.123.202.230 123 3 2 2 1024.000000 0.000001 0.030319 0.185547 198.30.92.2 1096252181.259041 1096255084.922896 1096255083.821124 1096255083.821134 0 +1096255085.092991 CHhAvVGS1DHFjwGM9 192.168.50.50 123 67.129.68.9 123 3 2 2 1024.000000 0.000008 0.060455 7.464310 17.254.0.49 1095788645.064548 1096255084.922896 1096255083.848508 1096255083.848601 0 +1096255085.120557 CwjjYJ2WqgTbAqiHl6 192.168.50.50 123 65.125.233.206 123 3 2 2 1024.000000 0.000031 0.023254 0.012848 130.207.244.240 1096254901.858123 1096255084.922896 1096255083.828025 1096255083.828189 0 +1096255085.185955 C37jN32gN3y3AZzyf6 192.168.50.50 123 63.164.62.249 123 3 2 2 1024.000000 0.000001 0.015015 0.037491 18.145.0.30 1096254668.213801 1096255084.922896 1096255083.829249 1096255083.829301 0 +1096255085.223026 C4J4Th3PJpwUYZZ6gc 192.168.50.50 123 207.234.209.181 123 3 2 3 1024.000000 0.000008 0.072678 0.035049 198.82.1.203 1096254326.189600 1096255084.922896 1096255083.824154 1096255083.824174 0 +1096255085.280949 C9rXSW3KSpTYvPrlI1 192.168.50.50 123 66.92.68.246 123 3 2 1 1024.000000 0.000015 0.000000 0.000320 GPS\x00 1096255078.223498 1096255084.932911 1096255083.836845 1096255083.836870 0 +1096255085.304774 CmES5u32sYpV7JYN 192.168.50.50 123 24.34.79.42 123 3 2 2 1024.000000 0.000031 0.123322 0.039917 131.107.1.10 1096254970.010788 1096255084.922896 1096255083.825662 1096255083.825692 0 +1096255085.353360 C9mvWx3ezztgzcexV7 192.168.50.50 123 66.115.136.4 123 3 2 2 1024.000000 0.000008 0.016632 0.028641 130.207.244.240 1096254406.517429 1096255084.932911 1096255083.853291 1096255083.853336 0 +1096255085.406368 C0LAHyvtKSQHyJxIl 192.168.50.50 123 66.33.206.5 123 3 2 2 1024.000000 0.000004 0.012360 0.022202 192.12.19.20 1096255027.694744 1096255084.932911 1096255083.850895 1096255083.850907 0 +1096255085.439833 CFLRIC3zaTU1loLGxh 192.168.50.50 123 66.33.216.11 123 3 2 2 1024.000000 0.000001 0.009857 0.043747 204.123.2.72 1096254508.255586 1096255084.932911 1096255083.850965 1096255083.851024 0 +1096255085.480955 Ck51lg1bScffFj34Ri 192.168.50.50 123 66.111.46.200 123 3 2 2 1024.000000 0.000001 0.056396 0.062164 198.30.92.2 1096253376.841474 1096255084.932911 1096255083.847619 1096255083.847644 0 +1096255085.522297 C3eiCBGOLw3VtHfOj 192.168.50.50 123 64.112.189.11 123 3 2 2 1024.000000 0.000015 0.081268 0.029877 128.10.252.6 1096254706.140290 1096255084.922896 1096255083.850451 1096255083.850465 0 +1096255085.562197 CUM0KZ3MLUfNB0cl11 192.168.50.50 123 216.27.185.42 123 3 2 2 1024.000000 0.000004 0.029846 0.045456 164.67.62.194 1096254209.896379 1096255084.922896 1096255083.849099 1096255083.849269 0 +1096255085.599961 CtPZjS20MLrsMUOJi2 192.168.50.50 123 209.132.176.4 123 3 2 1 1024.000000 0.000015 0.000000 0.000504 CDMA 1096255068.944018 1096255084.922896 1096255083.827772 1096255083.828313 0 +#close 2020-08-08-04-53-23 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log index 9352126e9f..a863057406 100644 --- a/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.basic/smtp.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path smtp -#open 2020-07-06-19-15-32 +#open 2020-08-08-04-26-29 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to cc reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent tls fuids #types time string addr port addr port count string string set[string] string string set[string] set[string] string string string string addr string string string vector[addr] string bool vector[string] -1254722768.219663 ClEkJM2Vm5giqnMf4h 10.10.1.4 1470 74.53.140.153 25 1 GP gurpartap@patriots.in raj_deol2002in@yahoo.co.in Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 F FmFp351N5nhsMmAfQg,Fqrb1K5DWEfgy4WU2,FEFYSd1s8Onn9LynKj -1437831787.867142 CmES5u32sYpV7JYN 192.168.133.100 49648 192.168.133.102 25 1 [192.168.133.100] albert@example.com felica4uu@hotmail.com,ericlim220@yahoo.com,davis_mark1@outlook.com Sat, 25 Jul 2015 16:43:07 +0300 Albert Zaharovits ericlim220@yahoo.com felica4uu@hotmail.com,davis_mark1@outlook.com - <9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com> Re: Bro SMTP CC Header - - - 250 Ok 192.168.133.102,192.168.133.100 Apple Mail (2.2102) F Fc5KpS3kUYqDLwWSMf -#close 2020-07-06-19-15-32 +1254722768.219663 CHhAvVGS1DHFjwGM9 10.10.1.4 1470 74.53.140.153 25 1 GP gurpartap@patriots.in raj_deol2002in@yahoo.co.in Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 F FmFp351N5nhsMmAfQg,Fqrb1K5DWEfgy4WU2,FEFYSd1s8Onn9LynKj +1437831787.867142 CUM0KZ3MLUfNB0cl11 192.168.133.100 49648 192.168.133.102 25 1 [192.168.133.100] albert@example.com felica4uu@hotmail.com,ericlim220@yahoo.com,davis_mark1@outlook.com Sat, 25 Jul 2015 16:43:07 +0300 Albert Zaharovits ericlim220@yahoo.com felica4uu@hotmail.com,davis_mark1@outlook.com - <9ACEE03C-AB98-4046-AEC1-BF4910C61E96@example.com> Re: Bro SMTP CC Header - - - 250 Ok 192.168.133.102,192.168.133.100 Apple Mail (2.2102) F Fc5KpS3kUYqDLwWSMf +#close 2020-08-08-04-26-29 diff --git a/testing/btest/bifs/get_current_packet_header.zeek b/testing/btest/bifs/get_current_packet_header.zeek index aeca5a8bdc..4354997ba1 100644 --- a/testing/btest/bifs/get_current_packet_header.zeek +++ b/testing/btest/bifs/get_current_packet_header.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/icmp/icmp6-neighbor-solicit.pcap %INPUT > output # @TEST-EXEC: btest-diff output event icmp_neighbor_solicitation(c: connection, info: icmp_info, tgt: addr, options: icmp6_nd_options) diff --git a/testing/btest/bifs/hll_cardinality.zeek b/testing/btest/bifs/hll_cardinality.zeek index 5a919a9f2f..87b3d7dd55 100644 --- a/testing/btest/bifs/hll_cardinality.zeek +++ b/testing/btest/bifs/hll_cardinality.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek %INPUT>out +# @TEST-EXEC: zeek -b %INPUT>out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/bifs/hll_cluster.zeek b/testing/btest/bifs/hll_cluster.zeek index c0fcb92da5..dae968ad66 100644 --- a/testing/btest/bifs/hll_cluster.zeek +++ b/testing/btest/bifs/hll_cluster.zeek @@ -2,16 +2,18 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: zeek %INPUT>out -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek runnumber=1 %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek runnumber=2 %INPUT +# @TEST-EXEC: zeek -b %INPUT>out +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT runnumber=1 +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT runnumber=2 # @TEST-EXEC: btest-bg-wait 30 # # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -33,6 +35,11 @@ event zeek_init() global runnumber: count &redef; # differentiate runs +event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) + { + terminate(); + } + event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) { local c = hll_cardinality_init(0.01, 0.95); @@ -78,8 +85,6 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) } event hll_data(c); - - terminate(); } @endif diff --git a/testing/btest/bifs/install_src_addr_filter.test b/testing/btest/bifs/install_src_addr_filter.test index 95d1f51d54..fcbcb7e787 100644 --- a/testing/btest/bifs/install_src_addr_filter.test +++ b/testing/btest/bifs/install_src_addr_filter.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/bifs/net_stats_trace.test b/testing/btest/bifs/net_stats_trace.test index 0b593c11e4..3ddac82fd0 100644 --- a/testing/btest/bifs/net_stats_trace.test +++ b/testing/btest/bifs/net_stats_trace.test @@ -1,5 +1,5 @@ # Checks that accurate stats are returned when reading from a trace file. -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace >output %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace >output %INPUT # @TEST-EXEC: btest-diff output event zeek_done() diff --git a/testing/btest/bifs/reading_traces.zeek b/testing/btest/bifs/reading_traces.zeek index 11d1e2a3f7..802613664c 100644 --- a/testing/btest/bifs/reading_traces.zeek +++ b/testing/btest/bifs/reading_traces.zeek @@ -1,7 +1,7 @@ # @TEST-EXEC: zeek -b %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: zeek -r $TRACES/web.trace %INPUT >out2 +# @TEST-EXEC: zeek -b -r $TRACES/web.trace %INPUT >out2 # @TEST-EXEC: btest-diff out2 event zeek_init() diff --git a/testing/btest/bifs/unique_id-pools.zeek b/testing/btest/bifs/unique_id-pools.zeek index 7e615d6625..6d85276771 100644 --- a/testing/btest/bifs/unique_id-pools.zeek +++ b/testing/btest/bifs/unique_id-pools.zeek @@ -1,6 +1,6 @@ # -# @TEST-EXEC: zeek order_rand | sort >out.1 -# @TEST-EXEC: zeek order_base | sort >out.2 +# @TEST-EXEC: zeek -b order_rand | sort >out.1 +# @TEST-EXEC: zeek -b order_base | sort >out.2 # @TEST-EXEC: cmp out.1 out.2 @TEST-START-FILE order_rand.zeek diff --git a/testing/btest/bifs/x509_verify.zeek b/testing/btest/bifs/x509_verify.zeek index dda8bfca09..cb59d3f4aa 100644 --- a/testing/btest/bifs/x509_verify.zeek +++ b/testing/btest/bifs/x509_verify.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-expired-cert.trace %INPUT # This is a hack: the results of OpenSSL 1.1's vs 1.0's # X509_verify_cert() -> X509_STORE_CTX_get1_chain() calls @@ -10,6 +10,8 @@ # @TEST-EXEC: grep -q "ZEEK_HAVE_OPENSSL_1_1" $BUILD/CMakeCache.txt && btest-diff stdout-openssl-1.1 || btest-diff stdout-openssl-1.0 +@load base/protocols/ssl + redef SSL::root_certs = { ["CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE"] = "\x30\x82\x04\x36\x30\x82\x03\x1E\xA0\x03\x02\x01\x02\x02\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x30\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x17\x0D\x32\x30\x30\x35\x33\x30\x31\x30\x34\x38\x33\x38\x5A\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xB7\xF7\x1A\x33\xE6\xF2\x00\x04\x2D\x39\xE0\x4E\x5B\xED\x1F\xBC\x6C\x0F\xCD\xB5\xFA\x23\xB6\xCE\xDE\x9B\x11\x33\x97\xA4\x29\x4C\x7D\x93\x9F\xBD\x4A\xBC\x93\xED\x03\x1A\xE3\x8F\xCF\xE5\x6D\x50\x5A\xD6\x97\x29\x94\x5A\x80\xB0\x49\x7A\xDB\x2E\x95\xFD\xB8\xCA\xBF\x37\x38\x2D\x1E\x3E\x91\x41\xAD\x70\x56\xC7\xF0\x4F\x3F\xE8\x32\x9E\x74\xCA\xC8\x90\x54\xE9\xC6\x5F\x0F\x78\x9D\x9A\x40\x3C\x0E\xAC\x61\xAA\x5E\x14\x8F\x9E\x87\xA1\x6A\x50\xDC\xD7\x9A\x4E\xAF\x05\xB3\xA6\x71\x94\x9C\x71\xB3\x50\x60\x0A\xC7\x13\x9D\x38\x07\x86\x02\xA8\xE9\xA8\x69\x26\x18\x90\xAB\x4C\xB0\x4F\x23\xAB\x3A\x4F\x84\xD8\xDF\xCE\x9F\xE1\x69\x6F\xBB\xD7\x42\xD7\x6B\x44\xE4\xC7\xAD\xEE\x6D\x41\x5F\x72\x5A\x71\x08\x37\xB3\x79\x65\xA4\x59\xA0\x94\x37\xF7\x00\x2F\x0D\xC2\x92\x72\xDA\xD0\x38\x72\xDB\x14\xA8\x45\xC4\x5D\x2A\x7D\xB7\xB4\xD6\xC4\xEE\xAC\xCD\x13\x44\xB7\xC9\x2B\xDD\x43\x00\x25\xFA\x61\xB9\x69\x6A\x58\x23\x11\xB7\xA7\x33\x8F\x56\x75\x59\xF5\xCD\x29\xD7\x46\xB7\x0A\x2B\x65\xB6\xD3\x42\x6F\x15\xB2\xB8\x7B\xFB\xEF\xE9\x5D\x53\xD5\x34\x5A\x27\x02\x03\x01\x00\x01\xA3\x81\xDC\x30\x81\xD9\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x81\x99\x06\x03\x55\x1D\x23\x04\x81\x91\x30\x81\x8E\x80\x14\xAD\xBD\x98\x7A\x34\xB4\x26\xF7\xFA\xC4\x26\x54\xEF\x03\xBD\xE0\x24\xCB\x54\x1A\xA1\x73\xA4\x71\x30\x6F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x53\x45\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x41\x64\x64\x54\x72\x75\x73\x74\x20\x41\x42\x31\x26\x30\x24\x06\x03\x55\x04\x0B\x13\x1D\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x54\x54\x50\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x22\x30\x20\x06\x03\x55\x04\x03\x13\x19\x41\x64\x64\x54\x72\x75\x73\x74\x20\x45\x78\x74\x65\x72\x6E\x61\x6C\x20\x43\x41\x20\x52\x6F\x6F\x74\x82\x01\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xB0\x9B\xE0\x85\x25\xC2\xD6\x23\xE2\x0F\x96\x06\x92\x9D\x41\x98\x9C\xD9\x84\x79\x81\xD9\x1E\x5B\x14\x07\x23\x36\x65\x8F\xB0\xD8\x77\xBB\xAC\x41\x6C\x47\x60\x83\x51\xB0\xF9\x32\x3D\xE7\xFC\xF6\x26\x13\xC7\x80\x16\xA5\xBF\x5A\xFC\x87\xCF\x78\x79\x89\x21\x9A\xE2\x4C\x07\x0A\x86\x35\xBC\xF2\xDE\x51\xC4\xD2\x96\xB7\xDC\x7E\x4E\xEE\x70\xFD\x1C\x39\xEB\x0C\x02\x51\x14\x2D\x8E\xBD\x16\xE0\xC1\xDF\x46\x75\xE7\x24\xAD\xEC\xF4\x42\xB4\x85\x93\x70\x10\x67\xBA\x9D\x06\x35\x4A\x18\xD3\x2B\x7A\xCC\x51\x42\xA1\x7A\x63\xD1\xE6\xBB\xA1\xC5\x2B\xC2\x36\xBE\x13\x0D\xE6\xBD\x63\x7E\x79\x7B\xA7\x09\x0D\x40\xAB\x6A\xDD\x8F\x8A\xC3\xF6\xF6\x8C\x1A\x42\x05\x51\xD4\x45\xF5\x9F\xA7\x62\x21\x68\x15\x20\x43\x3C\x99\xE7\x7C\xBD\x24\xD8\xA9\x91\x17\x73\x88\x3F\x56\x1B\x31\x38\x18\xB4\x71\x0F\x9A\xCD\xC8\x0E\x9E\x8E\x2E\x1B\xE1\x8C\x98\x83\xCB\x1F\x31\xF1\x44\x4C\xC6\x04\x73\x49\x76\x60\x0F\xC7\xF8\xBD\x17\x80\x6B\x2E\xE9\xCC\x4C\x0E\x5A\x9A\x79\x0F\x20\x0A\x2E\xD5\x9E\x63\x26\x1E\x55\x92\x94\xD8\x82\x17\x5A\x7B\xD0\xBC\xC7\x8F\x4E\x86\x04", ["CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x04\x1A\x30\x82\x03\x02\x02\x11\x00\x9B\x7E\x06\x49\xA3\x3E\x62\xB9\xD5\xEE\x90\x48\x71\x29\xEF\x57\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x1E\x17\x0D\x39\x39\x31\x30\x30\x31\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x33\x36\x30\x37\x31\x36\x32\x33\x35\x39\x35\x39\x5A\x30\x81\xCA\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x54\x72\x75\x73\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x31\x3A\x30\x38\x06\x03\x55\x04\x0B\x13\x31\x28\x63\x29\x20\x31\x39\x39\x39\x20\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x20\x2D\x20\x46\x6F\x72\x20\x61\x75\x74\x68\x6F\x72\x69\x7A\x65\x64\x20\x75\x73\x65\x20\x6F\x6E\x6C\x79\x31\x45\x30\x43\x06\x03\x55\x04\x03\x13\x3C\x56\x65\x72\x69\x53\x69\x67\x6E\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x2D\x20\x47\x33\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xCB\xBA\x9C\x52\xFC\x78\x1F\x1A\x1E\x6F\x1B\x37\x73\xBD\xF8\xC9\x6B\x94\x12\x30\x4F\xF0\x36\x47\xF5\xD0\x91\x0A\xF5\x17\xC8\xA5\x61\xC1\x16\x40\x4D\xFB\x8A\x61\x90\xE5\x76\x20\xC1\x11\x06\x7D\xAB\x2C\x6E\xA6\xF5\x11\x41\x8E\xFA\x2D\xAD\x2A\x61\x59\xA4\x67\x26\x4C\xD0\xE8\xBC\x52\x5B\x70\x20\x04\x58\xD1\x7A\xC9\xA4\x69\xBC\x83\x17\x64\xAD\x05\x8B\xBC\xD0\x58\xCE\x8D\x8C\xF5\xEB\xF0\x42\x49\x0B\x9D\x97\x27\x67\x32\x6E\xE1\xAE\x93\x15\x1C\x70\xBC\x20\x4D\x2F\x18\xDE\x92\x88\xE8\x6C\x85\x57\x11\x1A\xE9\x7E\xE3\x26\x11\x54\xA2\x45\x96\x55\x83\xCA\x30\x89\xE8\xDC\xD8\xA3\xED\x2A\x80\x3F\x7F\x79\x65\x57\x3E\x15\x20\x66\x08\x2F\x95\x93\xBF\xAA\x47\x2F\xA8\x46\x97\xF0\x12\xE2\xFE\xC2\x0A\x2B\x51\xE6\x76\xE6\xB7\x46\xB7\xE2\x0D\xA6\xCC\xA8\xC3\x4C\x59\x55\x89\xE6\xE8\x53\x5C\x1C\xEA\x9D\xF0\x62\x16\x0B\xA7\xC9\x5F\x0C\xF0\xDE\xC2\x76\xCE\xAF\xF7\x6A\xF2\xFA\x41\xA6\xA2\x33\x14\xC9\xE5\x7A\x63\xD3\x9E\x62\x37\xD5\x85\x65\x9E\x0E\xE6\x53\x24\x74\x1B\x5E\x1D\x12\x53\x5B\xC7\x2C\xE7\x83\x49\x3B\x15\xAE\x8A\x68\xB9\x57\x97\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x11\x14\x96\xC1\xAB\x92\x08\xF7\x3F\x2F\xC9\xB2\xFE\xE4\x5A\x9F\x64\xDE\xDB\x21\x4F\x86\x99\x34\x76\x36\x57\xDD\xD0\x15\x2F\xC5\xAD\x7F\x15\x1F\x37\x62\x73\x3E\xD4\xE7\x5F\xCE\x17\x03\xDB\x35\xFA\x2B\xDB\xAE\x60\x09\x5F\x1E\x5F\x8F\x6E\xBB\x0B\x3D\xEA\x5A\x13\x1E\x0C\x60\x6F\xB5\xC0\xB5\x23\x22\x2E\x07\x0B\xCB\xA9\x74\xCB\x47\xBB\x1D\xC1\xD7\xA5\x6B\xCC\x2F\xD2\x42\xFD\x49\xDD\xA7\x89\xCF\x53\xBA\xDA\x00\x5A\x28\xBF\x82\xDF\xF8\xBA\x13\x1D\x50\x86\x82\xFD\x8E\x30\x8F\x29\x46\xB0\x1E\x3D\x35\xDA\x38\x62\x16\x18\x4A\xAD\xE6\xB6\x51\x6C\xDE\xAF\x62\xEB\x01\xD0\x1E\x24\xFE\x7A\x8F\x12\x1A\x12\x68\xB8\xFB\x66\x99\x14\x14\x45\x5C\xAE\xE7\xAE\x69\x17\x81\x2B\x5A\x37\xC9\x5E\x2A\xF4\xC6\xE2\xA1\x5C\x54\x9B\xA6\x54\x00\xCF\xF0\xF1\xC1\xC7\x98\x30\x1A\x3B\x36\x16\xDB\xA3\x6E\xEA\xFD\xAD\xB2\xC2\xDA\xEF\x02\x47\x13\x8A\xC0\xF1\xB3\x31\xAD\x4F\x1C\xE1\x4F\x9C\xAF\x0F\x0C\x9D\xF7\x78\x0D\xD8\xF4\x35\x56\x80\xDA\xB7\x6D\x17\x8F\x9D\x1E\x81\x64\xE1\xFE\xC5\x45\xBA\xAD\x6B\xB9\x0A\x7A\x4E\x4F\x4B\x84\xEE\x4B\xF1\x7D\xDD\x11", diff --git a/testing/btest/broker/store/brokerstore-attr-simple.zeek b/testing/btest/broker/store/brokerstore-attr-simple.zeek index a38f249817..0b6a62c1c9 100644 --- a/testing/btest/broker/store/brokerstore-attr-simple.zeek +++ b/testing/btest/broker/store/brokerstore-attr-simple.zeek @@ -1,7 +1,7 @@ # @TEST-PORT: BROKER_PORT -# @TEST-EXEC: btest-bg-run master "zeek -B broker -b %DIR/sort-stuff.zeek ../master.zeek >../master.out" -# @TEST-EXEC: btest-bg-run clone "zeek -B broker -b %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" +# @TEST-EXEC: btest-bg-run master "zeek -b -B broker -b %DIR/sort-stuff.zeek ../master.zeek >../master.out" +# @TEST-EXEC: btest-bg-run clone "zeek -b -B broker -b %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" # @TEST-EXEC: btest-bg-wait 15 # # @TEST-EXEC: btest-diff clone.out diff --git a/testing/btest/broker/store/brokerstore-backend-invalid.zeek b/testing/btest/broker/store/brokerstore-backend-invalid.zeek index cad1828213..4e4a3a1c23 100644 --- a/testing/btest/broker/store/brokerstore-backend-invalid.zeek +++ b/testing/btest/broker/store/brokerstore-backend-invalid.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: zeek -B broker %INPUT +# @TEST-EXEC-FAIL: zeek -b -B broker %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr module TestModule; diff --git a/testing/btest/broker/store/brokerstore-backend-simple-incompatible.zeek b/testing/btest/broker/store/brokerstore-backend-simple-incompatible.zeek index 570ff9237c..ec9e07300b 100644 --- a/testing/btest/broker/store/brokerstore-backend-simple-incompatible.zeek +++ b/testing/btest/broker/store/brokerstore-backend-simple-incompatible.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 -# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -B broker ../master.zeek >../master.out" -# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -B broker ../clone.zeek >../clone.out" -# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -B broker ../clone.zeek >../clone2.out" -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b -B broker ../master.zeek >../master.out" +# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b -B broker ../clone.zeek >../clone.out" +# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b -B broker ../clone.zeek >../clone2.out" +# @TEST-EXEC: btest-bg-wait 20 # # @TEST-EXEC: grep -v PEER_UNAVAILABLE worker-1/.stderr > worker-1-stderr # @TEST-EXEC: btest-diff worker-1-stderr @@ -20,6 +20,7 @@ redef Cluster::nodes = { @TEST-START-FILE master.zeek +@load base/frameworks/cluster redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; @@ -44,6 +45,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE @TEST-START-FILE clone.zeek +@load base/frameworks/cluster redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; diff --git a/testing/btest/broker/store/brokerstore-backend-simple-reverse.zeek b/testing/btest/broker/store/brokerstore-backend-simple-reverse.zeek index 73e729f380..21fc3db5b5 100644 --- a/testing/btest/broker/store/brokerstore-backend-simple-reverse.zeek +++ b/testing/btest/broker/store/brokerstore-backend-simple-reverse.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 -# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -B broker %DIR/sort-stuff.zeek ../master.zeek >../master.out" -# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" -# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -B broker %DIR/sort-stuff.zeek ../clone2.zeek >../clone2.out" +# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b -B broker %DIR/sort-stuff.zeek ../master.zeek >../master.out" +# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" +# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b -B broker %DIR/sort-stuff.zeek ../clone2.zeek >../clone2.out" # @TEST-EXEC: btest-bg-wait 40 # # @TEST-EXEC: btest-diff master.out @@ -22,6 +22,8 @@ redef Cluster::nodes = { @TEST-START-FILE master.zeek +@load base/frameworks/cluster + redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; @@ -65,6 +67,8 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE @TEST-START-FILE clone.zeek +@load base/frameworks/cluster + redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; @@ -120,6 +124,8 @@ event Broker::announce_masters(masters: set[string]) @TEST-END-FILE @TEST-START-FILE clone2.zeek +@load base/frameworks/cluster + redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; diff --git a/testing/btest/broker/store/brokerstore-backend-simple.zeek b/testing/btest/broker/store/brokerstore-backend-simple.zeek index 42358287eb..bea47e7938 100644 --- a/testing/btest/broker/store/brokerstore-backend-simple.zeek +++ b/testing/btest/broker/store/brokerstore-backend-simple.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 -# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -B broker %DIR/sort-stuff.zeek ../master.zeek >../master.out" -# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" -# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone2.out" -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b -B broker ../common.zeek ../master.zeek >../master.out" +# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b -B broker ../common.zeek ../clone.zeek >../clone.out" +# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b -B broker ../common.zeek ../clone.zeek >../clone2.out" +# @TEST-EXEC: btest-bg-wait 20 # # @TEST-EXEC: btest-diff master.out # @TEST-EXEC: btest-diff clone.out @@ -20,6 +20,42 @@ redef Cluster::nodes = { }; @TEST-END-FILE +@TEST-START-FILE common.zeek +@load base/frameworks/cluster +@load base/frameworks/broker + +function sort_set(s: set[string]): vector of string + { + local v: vector of string = vector(); + + for ( e in s ) + v += e; + + sort(v, strcmp); + return v; + } + +type TableEntry: record { + key: string; + val: any; +}; + +function sort_table(t: table[string] of any): vector of TableEntry + { + local vs: vector of string = vector(); + local rval: vector of TableEntry = vector(); + + for ( k, v in t ) + vs += k; + + sort(vs, strcmp); + + for ( i in vs ) + rval += TableEntry($key=vs[i], $val=t[vs[i]]); + + return rval; + } +@TEST-END-FILE @TEST-START-FILE master.zeek redef exit_only_after_terminate = T; diff --git a/testing/btest/broker/store/brokerstore-backend-sqlite.zeek b/testing/btest/broker/store/brokerstore-backend-sqlite.zeek index cfb6a1f3a4..2ac84fea65 100644 --- a/testing/btest/broker/store/brokerstore-backend-sqlite.zeek +++ b/testing/btest/broker/store/brokerstore-backend-sqlite.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 -# @TEST-EXEC: zeek %DIR/sort-stuff.zeek preseed-sqlite.zeek; -# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -B broker %DIR/sort-stuff.zeek ../master.zeek >../master.out" -# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" -# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone2.out" +# @TEST-EXEC: zeek -b %DIR/sort-stuff.zeek preseed-sqlite.zeek; +# @TEST-EXEC: btest-bg-run manager-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b -B broker %DIR/sort-stuff.zeek ../master.zeek >../master.out" +# @TEST-EXEC: btest-bg-run worker-1 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone.out" +# @TEST-EXEC: btest-bg-run worker-2 "ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b -B broker %DIR/sort-stuff.zeek ../clone.zeek >../clone2.out" # @TEST-EXEC: btest-bg-wait 40 # # @TEST-EXEC: btest-diff master.out @@ -57,6 +57,8 @@ event zeek_init() @TEST-END-FILE @TEST-START-FILE master.zeek +@load base/frameworks/cluster + redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; @@ -96,6 +98,8 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) @TEST-END-FILE @TEST-START-FILE clone.zeek +@load base/frameworks/cluster + redef exit_only_after_terminate = T; redef Log::enable_local_logging = T; redef Log::default_rotation_interval = 0secs; diff --git a/testing/btest/core/bits_per_uid.zeek b/testing/btest/core/bits_per_uid.zeek index d252eefe23..2e0900406b 100644 --- a/testing/btest/core/bits_per_uid.zeek +++ b/testing/btest/core/bits_per_uid.zeek @@ -1,15 +1,17 @@ -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=32 >32 # @TEST-EXEC: btest-diff 32 -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=64 >64 # @TEST-EXEC: btest-diff 64 -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=96 >96 # @TEST-EXEC: btest-diff 96 -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=128 >128 # @TEST-EXEC: btest-diff 128 -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT bits_per_uid=256 >256 # @TEST-EXEC: btest-diff 256 # @TEST-EXEC: cmp 128 256 +@load base/protocols/ftp + event new_connection(c: connection) { print c$uid; diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test index 6d5d286097..efba6c0664 100644 --- a/testing/btest/core/checksums.test +++ b/testing/btest/core/checksums.test @@ -1,42 +1,44 @@ -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-bad-chksum.pcap %INPUT # @TEST-EXEC: mv weird.log bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> bad.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT # @TEST-EXEC: mv weird.log good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-udp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: zeek -r $TRACES/chksums/ip4-icmp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT # @TEST-EXEC: test ! -e weird.log -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-tcp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-udp-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out -# @TEST-EXEC: zeek -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap +# @TEST-EXEC: zeek -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT # @TEST-EXEC: cat weird.log >> good.out # @TEST-EXEC: btest-diff bad.out # @TEST-EXEC: btest-diff good.out + +@load base/frameworks/notice/weird diff --git a/testing/btest/core/conn-size-threshold.zeek b/testing/btest/core/conn-size-threshold.zeek index 9c25843290..76720310b5 100644 --- a/testing/btest/core/conn-size-threshold.zeek +++ b/testing/btest/core/conn-size-threshold.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/core/conn-uid.zeek b/testing/btest/core/conn-uid.zeek index b52587ad43..5852236ff0 100644 --- a/testing/btest/core/conn-uid.zeek +++ b/testing/btest/core/conn-uid.zeek @@ -1,15 +1,17 @@ # # In "normal" test mode, connection uids should be determistic. # -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # # Without a seed, they should differ each time: # -# @TEST-EXEC: unset ZEEK_SEED_FILE && unset BRO_SEED_FILE && zeek -C -r $TRACES/wikipedia.trace %INPUT >output2 +# @TEST-EXEC: unset ZEEK_SEED_FILE && unset BRO_SEED_FILE && zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output2 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: btest-diff counts +@load base/protocols/http + event new_connection(c: connection) { print c$id, c$uid; diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 0372bbf7b8..1205b5ca42 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,6 +1,6 @@ # We once had a bug where DNS lookups at init time lead to an immediate crash. # -# @TEST-EXEC: zeek %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b %INPUT >output 2>&1 # @TEST-EXEC: btest-diff output const foo: set[addr] = { diff --git a/testing/btest/core/expr-exception.zeek b/testing/btest/core/expr-exception.zeek index 79f460b1e4..0f22d1c496 100644 --- a/testing/btest/core/expr-exception.zeek +++ b/testing/btest/core/expr-exception.zeek @@ -1,7 +1,7 @@ # Expressions in an event handler that raise interpreter exceptions # shouldn't abort Zeek entirely, but just return from the function body. # -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace base/protocols/ftp base/protocols/http base/frameworks/reporter %INPUT >output # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/history-flip.zeek b/testing/btest/core/history-flip.zeek index 3895c3e2c6..c62c1ce77d 100644 --- a/testing/btest/core/history-flip.zeek +++ b/testing/btest/core/history-flip.zeek @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log +@load base/protocols/http +@load base/frameworks/dpd @load policy/protocols/conn/mac-logging diff --git a/testing/btest/core/ipv6-atomic-frag.test b/testing/btest/core/ipv6-atomic-frag.test index a247d50cec..241545b6b0 100644 --- a/testing/btest/core/ipv6-atomic-frag.test +++ b/testing/btest/core/ipv6-atomic-frag.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-http-atomic-frag.trace %INPUT >output # @TEST-EXEC: btest-diff output +@load base/protocols/http + event new_connection(c: connection) { if ( c$id$resp_p == 80/tcp ) diff --git a/testing/btest/core/ipv6-frag.test b/testing/btest/core/ipv6-frag.test index 815dd9910b..a0a2e1064d 100644 --- a/testing/btest/core/ipv6-frag.test +++ b/testing/btest/core/ipv6-frag.test @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ipv6-fragmented-dns.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff dns.log +@load base/protocols/dns + event new_packet(c: connection, p: pkt_hdr) { if ( p?$ip6 && p?$ udp ) diff --git a/testing/btest/core/load-prefixes.zeek b/testing/btest/core/load-prefixes.zeek index 0416319827..ea261112d9 100644 --- a/testing/btest/core/load-prefixes.zeek +++ b/testing/btest/core/load-prefixes.zeek @@ -1,6 +1,6 @@ # A test of prefix-based @load'ing -# @TEST-EXEC: zeek addprefixes >output +# @TEST-EXEC: zeek -b base/utils/site base/protocols/http addprefixes >output # @TEST-EXEC: btest-diff output @TEST-START-FILE addprefixes.zeek diff --git a/testing/btest/core/nflog.zeek b/testing/btest/core/nflog.zeek index e3bb62e4a5..a02c18bde4 100644 --- a/testing/btest/core/nflog.zeek +++ b/testing/btest/core/nflog.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/nflog-http.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/nflog-http.pcap %INPUT # @TEST-EXEC: btest-diff http.log @load base/protocols/http diff --git a/testing/btest/core/nop.zeek b/testing/btest/core/nop.zeek index e0f6f70323..3f113d2526 100644 --- a/testing/btest/core/nop.zeek +++ b/testing/btest/core/nop.zeek @@ -1,4 +1,4 @@ # Zeek shouldn't crash when doing nothing, nor outputting anything. # -# @TEST-EXEC: cat /dev/null | zeek >output 2>&1 +# @TEST-EXEC: cat /dev/null | zeek -b >output 2>&1 # @TEST-EXEC: btest-diff output diff --git a/testing/btest/core/option-errors.zeek b/testing/btest/core/option-errors.zeek index b08ba17864..946547be06 100644 --- a/testing/btest/core/option-errors.zeek +++ b/testing/btest/core/option-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: zeek %INPUT +# @TEST-EXEC-FAIL: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr option testbool; diff --git a/testing/btest/core/option-priorities.zeek b/testing/btest/core/option-priorities.zeek index cfc78aafe7..951de2f9cc 100644 --- a/testing/btest/core/option-priorities.zeek +++ b/testing/btest/core/option-priorities.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stdout export { diff --git a/testing/btest/core/option-redef.zeek b/testing/btest/core/option-redef.zeek index e47bd7344e..46c2585152 100644 --- a/testing/btest/core/option-redef.zeek +++ b/testing/btest/core/option-redef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stdout # options are allowed to be redef-able. diff --git a/testing/btest/core/option-runtime-errors.zeek b/testing/btest/core/option-runtime-errors.zeek index ef512c6a8e..c21ff5ba1a 100644 --- a/testing/btest/core/option-runtime-errors.zeek +++ b/testing/btest/core/option-runtime-errors.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # Errors that happen during runtime. At least at the moment we are not diff --git a/testing/btest/core/pcap/dumper.zeek b/testing/btest/core/pcap/dumper.zeek index 4602022b45..b53c01bc37 100644 --- a/testing/btest/core/pcap/dumper.zeek +++ b/testing/btest/core/pcap/dumper.zeek @@ -1,5 +1,5 @@ # @TEST-REQUIRES: which hexdump -# @TEST-EXEC: zeek -r $TRACES/workshop_2011_browse.trace -w dump +# @TEST-EXEC: zeek -b -r $TRACES/workshop_2011_browse.trace -w dump # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: diff 1 2 >output || true diff --git a/testing/btest/core/pcap/dynamic-filter.zeek b/testing/btest/core/pcap/dynamic-filter.zeek index 11edf87644..ccd5f83a3d 100644 --- a/testing/btest/core/pcap/dynamic-filter.zeek +++ b/testing/btest/core/pcap/dynamic-filter.zeek @@ -1,7 +1,12 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff conn.log +@load base/protocols/conn +@load base/protocols/http +@load base/protocols/dns +@load base/frameworks/dpd + redef enum PcapFilterID += { A, B }; global cnt = 0; diff --git a/testing/btest/core/pcap/input-error.zeek b/testing/btest/core/pcap/input-error.zeek index 8a67293a8b..b08ac962e9 100644 --- a/testing/btest/core/pcap/input-error.zeek +++ b/testing/btest/core/pcap/input-error.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC-FAIL: zeek -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 +# @TEST-EXEC-FAIL: zeek -b -i NO_SUCH_INTERFACE 2>&1 >>output 2>&1 # @TEST-EXEC: cat output | sed 's/(.*)//g' >output2 -# @TEST-EXEC-FAIL: zeek -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 +# @TEST-EXEC-FAIL: zeek -b -r NO_SUCH_TRACE 2>&1 >>output2 2>&1 # @TEST-EXEC: btest-diff output2 redef enum PcapFilterID += { A }; diff --git a/testing/btest/core/pcap/pseudo-realtime.zeek b/testing/btest/core/pcap/pseudo-realtime.zeek index 994fb42a65..7c25545efd 100644 --- a/testing/btest/core/pcap/pseudo-realtime.zeek +++ b/testing/btest/core/pcap/pseudo-realtime.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT --pseudo-realtime >output # @TEST-EXEC: btest-diff output global init = F; diff --git a/testing/btest/core/pcap/suspend-processing.zeek b/testing/btest/core/pcap/suspend-processing.zeek index fb56bbb75e..bbe4c4f471 100644 --- a/testing/btest/core/pcap/suspend-processing.zeek +++ b/testing/btest/core/pcap/suspend-processing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/core/q-in-q.zeek b/testing/btest/core/q-in-q.zeek index e864fdf3b5..9f2a68beb7 100644 --- a/testing/btest/core/q-in-q.zeek +++ b/testing/btest/core/q-in-q.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace +# @TEST-EXEC: zeek -b -r $TRACES/q-in-q.trace base/protocols/conn # @TEST-EXEC: btest-diff conn.log diff --git a/testing/btest/core/radiotap.zeek b/testing/btest/core/radiotap.zeek index 48886297ff..2e4cb58a3b 100644 --- a/testing/btest/core/radiotap.zeek +++ b/testing/btest/core/radiotap.zeek @@ -1,2 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/radiotap.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/radiotap.pcap %INPUT # @TEST-EXEC: btest-diff conn.log + +@load base/protocols/conn +@load base/protocols/dns +@load base/frameworks/dpd diff --git a/testing/btest/core/reassembly.zeek b/testing/btest/core/reassembly.zeek index ef95b6897b..4e47965d43 100644 --- a/testing/btest/core/reassembly.zeek +++ b/testing/btest/core/reassembly.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output -# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output -# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output -# @TEST-EXEC: zeek -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output -# @TEST-EXEC: zeek -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/ipv4/fragmented-1.pcap %INPUT >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/ipv4/fragmented-2.pcap %INPUT >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/ipv4/fragmented-3.pcap %INPUT >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/ipv4/fragmented-4.pcap %INPUT >>output +# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/reassembly.pcap %INPUT >>output # @TEST-EXEC: btest-diff output event zeek_init() diff --git a/testing/btest/core/recursive-event.zeek b/testing/btest/core/recursive-event.zeek index f82b4ed58b..8b96fda996 100644 --- a/testing/btest/core/recursive-event.zeek +++ b/testing/btest/core/recursive-event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output +# @TEST-EXEC: zeek -b %INPUT 2>&1 | grep -v termination | sort | uniq | wc -l | awk '{print $1}' >output # @TEST-EXEC: btest-diff output # In old version, the event would keep triggering endlessely, with the network diff --git a/testing/btest/core/reporter-shutdown-order-errors.zeek b/testing/btest/core/reporter-shutdown-order-errors.zeek index f1478124b8..02df35b46d 100644 --- a/testing/btest/core/reporter-shutdown-order-errors.zeek +++ b/testing/btest/core/reporter-shutdown-order-errors.zeek @@ -1,9 +1,11 @@ # @TEST-EXEC: touch reporter.log && chmod -w reporter.log -# @TEST-EXEC: zeek %INPUT >out 2>&1 +# @TEST-EXEC: zeek -b %INPUT >out 2>&1 # Output doesn't really matter, but we just want to know that Zeek shutdowns # without crashing in such scenarios (reporter log not writable # and also reporter errors being emitting during shutdown). +@load base/frameworks/config + redef Config::config_files += { "./config" }; diff --git a/testing/btest/core/tcp/miss-end-data.zeek b/testing/btest/core/tcp/miss-end-data.zeek index 6c802810f1..180913c0ac 100644 --- a/testing/btest/core/tcp/miss-end-data.zeek +++ b/testing/btest/core/tcp/miss-end-data.zeek @@ -1,7 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/tcp/miss_end_data.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tcp/miss_end_data.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log +@load base/protocols/conn +@load base/protocols/http +@load base/frameworks/dpd + redef report_gaps_for_partial = T; event content_gap(c: connection, is_orig: bool, seq: count, length: count) diff --git a/testing/btest/core/tcp/missing-syn.zeek b/testing/btest/core/tcp/missing-syn.zeek index 3450941584..9ab6414743 100644 --- a/testing/btest/core/tcp/missing-syn.zeek +++ b/testing/btest/core/tcp/missing-syn.zeek @@ -1,2 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tcp/missing-syn.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/missing-syn.pcap %INPUT # @TEST-EXEC: btest-diff conn.log + +@load base/protocols/conn +@load base/protocols/http +@load base/frameworks/dpd diff --git a/testing/btest/core/tcp/tcp-dups.zeek b/testing/btest/core/tcp/tcp-dups.zeek index 4857160561..76acfa6fa9 100644 --- a/testing/btest/core/tcp/tcp-dups.zeek +++ b/testing/btest/core/tcp/tcp-dups.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tcp/ssh-dups.pcap %INPUT >out +# @TEST-EXEC: zeek -b -C -r $TRACES/tcp/ssh-dups.pcap %INPUT >out # @TEST-EXEC: btest-diff out event tcp_multiple_retransmissions(c: connection, is_orig: bool, threshold: count) diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test index b602f13585..12cafcaa79 100644 --- a/testing/btest/core/truncation.test +++ b/testing/btest/core/truncation.test @@ -1,43 +1,45 @@ # Truncated IP packet's should not be analyzed, and generate truncated_IP weird -# @TEST-EXEC: zeek -r $TRACES/trunc/ip4-trunc.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/ip4-trunc.pcap %INPUT # @TEST-EXEC: mv weird.log output -# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-trunc.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/ip6-trunc.pcap %INPUT # @TEST-EXEC: cat weird.log >> output -# @TEST-EXEC: zeek -r $TRACES/trunc/ip6-ext-trunc.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/ip6-ext-trunc.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # If an ICMP packet's payload is truncated due to too small snaplen, # the checksum calculation is bypassed (and Zeek doesn't crash, of course). # @TEST-EXEC: rm -f weird.log -# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-payload-trunc.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/icmp-payload-trunc.pcap %INPUT # @TEST-EXEC: test ! -e weird.log # If an ICMP packet has the ICMP header truncated due to too small snaplen, # an internally_truncated_header weird gets generated. -# @TEST-EXEC: zeek -r $TRACES/trunc/icmp-header-trunc.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/icmp-header-trunc.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # Truncated packets where the captured length is less than the length required # for the packet header should also raise a Weird -# @TEST-EXEC: zeek -r $TRACES/trunc/trunc-hdr.pcap +# @TEST-EXEC: zeek -b -r $TRACES/trunc/trunc-hdr.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length -# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/trunc/ipv4-truncated-broken-header.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # Truncated packet where the captured length is big enough for the ip header # struct, but not large enough to capture the full header length (with options) -# @TEST-EXEC: zeek -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/trunc/ipv4-internally-truncated-header.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # Truncated packet where the length of the IP header is larger than the total # packet length inside several tunnels -# @TEST-EXEC: zeek -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/trunc/mpls-6in6-6in6-4in6-trunc.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output + +@load base/frameworks/notice/weird diff --git a/testing/btest/core/tunnels/ayiya.test b/testing/btest/core/tunnels/ayiya.test index d7a79e6eb2..c07139babb 100644 --- a/testing/btest/core/tunnels/ayiya.test +++ b/testing/btest/core/tunnels/ayiya.test @@ -1,4 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/ayiya3.trace +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/ayiya3.trace %INPUT # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log + +@load base/protocols/tunnels +@load base/protocols/conn +@load base/protocols/http +@load base/frameworks/dpd diff --git a/testing/btest/core/tunnels/gre-in-gre.test b/testing/btest/core/tunnels/gre-in-gre.test index 39a7bd774b..099afac61d 100644 --- a/testing/btest/core/tunnels/gre-in-gre.test +++ b/testing/btest/core/tunnels/gre-in-gre.test @@ -1,3 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-within-gre.pcap +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-within-gre.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log + +@load base/frameworks/tunnels +@load base/protocols/conn diff --git a/testing/btest/core/tunnels/gre-pptp.test b/testing/btest/core/tunnels/gre-pptp.test index 892f105fb2..13b640077a 100644 --- a/testing/btest/core/tunnels/gre-pptp.test +++ b/testing/btest/core/tunnels/gre-pptp.test @@ -1,4 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-pptp.pcap +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-pptp.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log +# +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/protocols/conn +@load base/protocols/dns diff --git a/testing/btest/core/tunnels/gre.test b/testing/btest/core/tunnels/gre.test index 395bcd38bd..b7f4e06b8b 100644 --- a/testing/btest/core/tunnels/gre.test +++ b/testing/btest/core/tunnels/gre.test @@ -1,5 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gre-sample.pcap +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gre-sample.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff ssh.log +# +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/protocols/conn +@load base/protocols/dns +@load base/protocols/ssh +@load base/protocols/ntp diff --git a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test index aedd6781dd..c8325b178d 100644 --- a/testing/btest/core/tunnels/gtp/different_dl_and_ul.test +++ b/testing/btest/core/tunnels/gtp/different_dl_and_ul.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/tunnels/gtp/gtp2_different_udp_port.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log @@ -8,3 +8,8 @@ # The Downlink GTP tunnel uses port 2152 for both src and dst. # (checksums are incorrect because packets were anonymized and tcprewrite # seems to fail to correct the checksums when there's IP fragmentation). +# +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/protocols/conn +@load base/protocols/http diff --git a/testing/btest/core/tunnels/gtp/ext_header.test b/testing/btest/core/tunnels/gtp/ext_header.test index 251d8fb9d6..8080bd2ed6 100644 --- a/testing/btest/core/tunnels/gtp/ext_header.test +++ b/testing/btest/core/tunnels/gtp/ext_header.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gtp/gtp_ext_header.pcap %INPUT >out # @TEST-EXEC: btest-diff out +@load base/frameworks/tunnels + event gtpv1_message(c: connection, hdr: gtpv1_hdr) { print "gtpv1_message", c$id; diff --git a/testing/btest/core/tunnels/gtp/inner_ipv6.test b/testing/btest/core/tunnels/gtp/inner_ipv6.test index 865401b9df..cad9f0f9a6 100644 --- a/testing/btest/core/tunnels/gtp/inner_ipv6.test +++ b/testing/btest/core/tunnels/gtp/inner_ipv6.test @@ -1,6 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gtp/gtp7_ipv6.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log # While the majority of user plane traffic inside the GTP tunnel is still IPv4, # there is sometimes already native IPv6. + +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/protocols/conn +@load base/protocols/dns diff --git a/testing/btest/core/tunnels/gtp/opt_header.test b/testing/btest/core/tunnels/gtp/opt_header.test index c1f3d89e03..c198df8034 100644 --- a/testing/btest/core/tunnels/gtp/opt_header.test +++ b/testing/btest/core/tunnels/gtp/opt_header.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log @@ -6,6 +6,11 @@ # Some GTPv1 headers have some optional fields totaling to a 4-byte extension # of the mandatory header. +@load base/protocols/conn +@load base/protocols/ssl +@load base/frameworks/tunnels +@load base/frameworks/dpd + event gtpv1_g_pdu_packet(outer: connection, inner_gtp: gtpv1_hdr, inner_ip: pkt_hdr) { print "gtpv1_packet", inner_gtp; diff --git a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test index 4f145252b3..08f5d4fcc3 100644 --- a/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test +++ b/testing/btest/core/tunnels/gtp/pdp_ctx_messages.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/pdp_ctx_messages.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/gtp/pdp_ctx_messages.trace %INPUT >out # @TEST-EXEC: btest-diff out +@load base/frameworks/tunnels + event gtpv1_message(c: connection, hdr: gtpv1_hdr) { print "gtpv1_message", c$id; diff --git a/testing/btest/core/tunnels/ip-in-ip-version.zeek b/testing/btest/core/tunnels/ip-in-ip-version.zeek index 49e8a5a3d0..36daece9ca 100644 --- a/testing/btest/core/tunnels/ip-in-ip-version.zeek +++ b/testing/btest/core/tunnels/ip-in-ip-version.zeek @@ -1,12 +1,13 @@ # Trace in we have mpls->ip6->ip6->ip4 where the ip4 packet # has an invalid IP version. -# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/tunnels/mpls-6in6-6in6-4in6-invalid-version-4.pcap %INPUT # @TEST-EXEC: mv weird.log output # Trace in which we have mpls->ip6->ip6 where the ip6 packet # has an invalid IP version. -# @TEST-EXEC: zeek -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/tunnels/mpls-6in6-6in6-invalid-version-6.pcap %INPUT # @TEST-EXEC: cat weird.log >> output # @TEST-EXEC: btest-diff output +@load base/frameworks/notice/weird diff --git a/testing/btest/core/tunnels/teredo-known-services.test b/testing/btest/core/tunnels/teredo-known-services.test index e77f137ccb..8e0a09862b 100644 --- a/testing/btest/core/tunnels/teredo-known-services.test +++ b/testing/btest/core/tunnels/teredo-known-services.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd base/protocols/tunnels base/protocols/dns protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}" # @TEST-EXEC: btest-diff known_services.log # Expect known_services.log to NOT indicate any service using teredo. diff --git a/testing/btest/core/tunnels/teredo.zeek b/testing/btest/core/tunnels/teredo.zeek index 0a884bc027..d82e4acf2b 100644 --- a/testing/btest/core/tunnels/teredo.zeek +++ b/testing/btest/core/tunnels/teredo.zeek @@ -1,9 +1,18 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/Teredo.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/Teredo.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/frameworks/notice/weird +@load base/protocols/tunnels +@load base/protocols/conn +@load base/protocols/http +@load base/protocols/dns +@load base/protocols/dhcp + function print_teredo(name: string, outer: connection, inner: teredo_hdr) { print fmt("%s: %s", name, outer$id); diff --git a/testing/btest/core/tunnels/teredo_bubble_with_payload.test b/testing/btest/core/tunnels/teredo_bubble_with_payload.test index ef72ddf519..b0e664bf6b 100644 --- a/testing/btest/core/tunnels/teredo_bubble_with_payload.test +++ b/testing/btest/core/tunnels/teredo_bubble_with_payload.test @@ -1,10 +1,17 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/teredo_bubble_with_payload.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff tunnel.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/frameworks/notice/weird +@load base/protocols/tunnels +@load base/protocols/conn +@load base/protocols/http + function print_teredo(name: string, outer: connection, inner: teredo_hdr) { print fmt("%s: %s", name, outer$id); diff --git a/testing/btest/core/tunnels/vxlan.zeek b/testing/btest/core/tunnels/vxlan.zeek index 5b1b9defaa..6fa2f88c9a 100644 --- a/testing/btest/core/tunnels/vxlan.zeek +++ b/testing/btest/core/tunnels/vxlan.zeek @@ -1,8 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/tunnels/vxlan.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff tunnel.log +@load base/frameworks/tunnels +@load base/frameworks/dpd +@load base/protocols/conn + event vxlan_packet(c: connection, inner: pkt_hdr, vni: count) { print "vxlan_packet", c$id, inner, vni; diff --git a/testing/btest/core/vector-assignment.zeek b/testing/btest/core/vector-assignment.zeek index a66830f713..7be61e1161 100644 --- a/testing/btest/core/vector-assignment.zeek +++ b/testing/btest/core/vector-assignment.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # This regression test checks a special case in the vector code. In this case # UnaryExpr will be called with a Type() of any. Tests succeeds if it does not diff --git a/testing/btest/core/vlan-mpls.zeek b/testing/btest/core/vlan-mpls.zeek index 9e345b762a..dfe4f881ec 100644 --- a/testing/btest/core/vlan-mpls.zeek +++ b/testing/btest/core/vlan-mpls.zeek @@ -1,2 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/mixed-vlan-mpls.trace +# @TEST-EXEC: zeek -b -C -r $TRACES/mixed-vlan-mpls.trace %INPUT # @TEST-EXEC: btest-diff conn.log + +@load base/protocols/conn +@load base/protocols/http +@load base/frameworks/dpd diff --git a/testing/btest/core/wlanmon.zeek b/testing/btest/core/wlanmon.zeek index e29613ae56..cfbf2cf327 100644 --- a/testing/btest/core/wlanmon.zeek +++ b/testing/btest/core/wlanmon.zeek @@ -1,2 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wlanmon.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/wlanmon.pcap %INPUT # @TEST-EXEC: btest-diff conn.log + +@load base/protocols/conn +@load base/protocols/dns +@load base/frameworks/dpd diff --git a/testing/btest/core/x509-generalizedtime.zeek b/testing/btest/core/x509-generalizedtime.zeek index 14e9edbf24..a0dae8aa14 100644 --- a/testing/btest/core/x509-generalizedtime.zeek +++ b/testing/btest/core/x509-generalizedtime.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/x509-generalizedtime.pcap %INPUT >>output 2>&1 +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls1.2.trace %INPUT >>output 2>&1 # @TEST-EXEC: btest-diff output + +@load base/protocols/ssl + event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) { print "----- x509_certificate ----"; diff --git a/testing/btest/doc/zeekygen/example.zeek b/testing/btest/doc/zeekygen/example.zeek index b1dfac934d..220de0be51 100644 --- a/testing/btest/doc/zeekygen/example.zeek +++ b/testing/btest/doc/zeekygen/example.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: unset ZEEK_DISABLE_ZEEKYGEN; unset BRO_DISABLE_BROXYGEN; zeek -X zeekygen.config %INPUT +# @TEST-EXEC: unset ZEEK_DISABLE_ZEEKYGEN; unset BRO_DISABLE_BROXYGEN; zeek -b -X zeekygen.config %INPUT # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE zeekygen.config diff --git a/testing/btest/language/expire-func-undef.zeek b/testing/btest/language/expire-func-undef.zeek index 9198edc6c4..ea562794b3 100644 --- a/testing/btest/language/expire-func-undef.zeek +++ b/testing/btest/language/expire-func-undef.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/rotation.trace -b %INPUT >output 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace -b %INPUT >output 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output module segfault; diff --git a/testing/btest/language/expire_func.test b/testing/btest/language/expire_func.test index 016ebe9d88..202120933a 100644 --- a/testing/btest/language/expire_func.test +++ b/testing/btest/language/expire_func.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output function inform_me(s: set[string], idx: string): interval diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test index a444c7a723..caf402b658 100644 --- a/testing/btest/language/expire_subnet.test +++ b/testing/btest/language/expire_subnet.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff expire-nums-output # @TEST-EXEC: btest-diff expire-nets-output diff --git a/testing/btest/language/init-in-anon-function.zeek b/testing/btest/language/init-in-anon-function.zeek index f5808c1d99..7fcf2225fb 100644 --- a/testing/btest/language/init-in-anon-function.zeek +++ b/testing/btest/language/init-in-anon-function.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r ${TRACES}/wikipedia.trace %INPUT >out +# @TEST-EXEC: zeek -b -r ${TRACES}/wikipedia.trace %INPUT >out # @TEST-EXEC: btest-diff http.log +@load base/protocols/http + module Foo; event zeek_init() { diff --git a/testing/btest/language/on_change-recurse.test b/testing/btest/language/on_change-recurse.test index 184505f636..b1ba739927 100644 --- a/testing/btest/language/on_change-recurse.test +++ b/testing/btest/language/on_change-recurse.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output module TestModule; diff --git a/testing/btest/language/on_change.test b/testing/btest/language/on_change.test index 0bc309e201..2839988d30 100644 --- a/testing/btest/language/on_change.test +++ b/testing/btest/language/on_change.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output module TestModule; diff --git a/testing/btest/language/on_change_expire.test b/testing/btest/language/on_change_expire.test index df748e67d2..5ce6674ce2 100644 --- a/testing/btest/language/on_change_expire.test +++ b/testing/btest/language/on_change_expire.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/var-services-std-ports.trace %INPUT >output # @TEST-EXEC: btest-diff output function inform_me(s: table[string] of count, idx: string): interval diff --git a/testing/btest/language/when.zeek b/testing/btest/language/when.zeek index de710aa736..38367dd8fb 100644 --- a/testing/btest/language/when.zeek +++ b/testing/btest/language/when.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run test1 zeek %INPUT +# @TEST-EXEC: btest-bg-run test1 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 10 # @TEST-EXEC: mv test1/.stdout out # @TEST-EXEC: btest-diff out diff --git a/testing/btest/plugins/plugin-withpatchversion.zeek b/testing/btest/plugins/plugin-withpatchversion.zeek index 54dc7c3142..ca9eb00bc0 100644 --- a/testing/btest/plugins/plugin-withpatchversion.zeek +++ b/testing/btest/plugins/plugin-withpatchversion.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Testing WithPatchVersion # @TEST-EXEC: cp -r %DIR/plugin-withpatchversion-plugin/* . # @TEST-EXEC: ./configure --zeek-dist=${DIST} && make -# @TEST-EXEC: ZEEK_PLUGIN_PATH=$(pwd) zeek -N Testing::WithPatchVersion >> output +# @TEST-EXEC: ZEEK_PLUGIN_PATH=$(pwd) zeek -b -N Testing::WithPatchVersion >> output # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/files/data_event/basic.zeek b/testing/btest/scripts/base/files/data_event/basic.zeek index a5026c287c..14f784e036 100644 --- a/testing/btest/scripts/base/files/data_event/basic.zeek +++ b/testing/btest/scripts/base/files/data_event/basic.zeek @@ -1,9 +1,11 @@ # Just a very basic test to check if ANALYZER_DATA_EVENT works. # Also check if "in" works with binary data. -# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr +@load base/protocols/ftp + event stream_data(f: fa_file, data: string) { if ( "Windows" in data ) diff --git a/testing/btest/scripts/base/files/entropy/basic.test b/testing/btest/scripts/base/files/entropy/basic.test index fda15d9724..26e82f726d 100644 --- a/testing/btest/scripts/base/files/entropy/basic.test +++ b/testing/btest/scripts/base/files/entropy/basic.test @@ -1,6 +1,7 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/http event file_new(f: fa_file) { @@ -10,4 +11,4 @@ event file_new(f: fa_file) event file_entropy(f: fa_file, ent: entropy_test_result) { print ent; - } \ No newline at end of file + } diff --git a/testing/btest/scripts/base/files/pe/basic.test b/testing/btest/scripts/base/files/pe/basic.test index 99778b7943..8b7567fcce 100644 --- a/testing/btest/scripts/base/files/pe/basic.test +++ b/testing/btest/scripts/base/files/pe/basic.test @@ -1,5 +1,8 @@ # This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP. # The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files. -# @TEST-EXEC: zeek -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT # @TEST-EXEC: btest-diff pe.log + +@load base/protocols/ftp +@load base/files/pe diff --git a/testing/btest/scripts/base/files/x509/1999.test b/testing/btest/scripts/base/files/x509/1999.test index 10c041db4f..3ea1ea36ad 100644 --- a/testing/btest/scripts/base/files/x509/1999.test +++ b/testing/btest/scripts/base/files/x509/1999.test @@ -1,5 +1,5 @@ # Test that the timestamp of a pre-y-2000 certificate is correctly parsed -# @TEST-EXEC: zeek -r $TRACES/tls/telesec.pcap +# @TEST-EXEC: zeek -b -r $TRACES/tls/telesec.pcap base/protocols/ssl # @TEST-EXEC: btest-diff x509.log diff --git a/testing/btest/scripts/base/files/x509/caching-hook.test b/testing/btest/scripts/base/files/x509/caching-hook.test index 516998018a..151c97aaa2 100644 --- a/testing/btest/scripts/base/files/x509/caching-hook.test +++ b/testing/btest/scripts/base/files/x509/caching-hook.test @@ -1,10 +1,12 @@ # Test that certificate caching works as expected. # Prevent certificate events to be raised/caching from occurring for cached certificates. -# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + redef X509::caching_required_encounters = 1; hook X509::x509_certificate_cache_replay(f: fa_file, e: any, sha256: string) &priority=1 diff --git a/testing/btest/scripts/base/files/x509/caching.test b/testing/btest/scripts/base/files/x509/caching.test index 4d15da2908..d28c00f39e 100644 --- a/testing/btest/scripts/base/files/x509/caching.test +++ b/testing/btest/scripts/base/files/x509/caching.test @@ -1,9 +1,11 @@ # Test that certificate caching works as expected. -# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + redef X509::caching_required_encounters = 1; hook X509::x509_certificate_cache_replay(f: fa_file, e: any, sha256: string) &priority=1 diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test index b50d9e2697..e600c5e7f8 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/certificate-with-sct.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/certificate-with-sct.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test index 9755f4f2f0..a4237757b4 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek index 5b98ea0f6d..afa2caa70b 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/disable-analyzer.zeek @@ -1,8 +1,13 @@ # -# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT -# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq dns -# @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh -# +# @TEST-EXEC: zeek -b -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: cat conn.log | zeek-cut service > service.out +# @TEST-EXEC-FAIL: grep -q ssh service.out +# @TEST-EXEC-FAIL: grep -q dns service.out + +@load base/protocols/conn +@load base/protocols/dns +@load base/protocols/ssh +@load base/frameworks/dpd redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH }; diff --git a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek index edd2a77361..148d9b4846 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/enable-analyzer.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r ${TRACES}/var-services-std-ports.trace %INPUT +# @TEST-EXEC: zeek -b -r ${TRACES}/var-services-std-ports.trace %INPUT base/protocols/dns base/protocols/conn base/frameworks/dpd # @TEST-EXEC: cat conn.log | zeek-cut service | grep -q dns # diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek index 8d3f92534b..d7fdb5fc50 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek +++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.zeek @@ -1,8 +1,8 @@ # -# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; +# @TEST-EXEC: zeek -b -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0 base/protocols/conn base/protocols/ssh base/frameworks/dpd # @TEST-EXEC: cat conn.log | zeek-cut service | grep -q ssh # -# @TEST-EXEC: zeek -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; +# @TEST-EXEC: zeek -b -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0 base/protocols/conn base/protocols/ssh base/frameworks/dpd # @TEST-EXEC: cat conn.log | zeek-cut service | grep -vq ssh event zeek_init() diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek index 05ea16112a..eff665fccb 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.zeek @@ -4,12 +4,14 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff manager-1/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek index d474d5d346..26127dc1e2 100644 --- a/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.zeek @@ -4,12 +4,14 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff manager-1/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek index d01d4be3f1..bc696123a5 100644 --- a/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/forwarding.zeek @@ -4,11 +4,11 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout @@ -16,6 +16,8 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek index 5e04c70d13..940707665e 100644 --- a/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/log_distribution.zeek @@ -6,14 +6,16 @@ # Note: the logger names are chosen on purpose such that one is a prefix of the # other to help verify that the node-specific Cluster topics are able to # uniquely target a particular node. -# @TEST-EXEC: btest-bg-run logger-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run logger-10 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-10 zeek %INPUT -# @TEST-EXEC: btest-bg-run manager ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run logger-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run logger-10 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=logger-10 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run manager ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff logger-1/test.log # @TEST-EXEC: btest-diff logger-10/test.log +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::manager_is_logger = F; diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek index a97cbf06b3..1facae44fe 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.zeek @@ -5,13 +5,13 @@ # @TEST-PORT: BROKER_PORT5 # @TEST-PORT: BROKER_PORT6 # -# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 ZEEKPATH=$ZEEKPATH:.. zeek %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-run logger-1 CLUSTER_NODE=logger-1 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 CLUSTER_NODE=proxy-1 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 CLUSTER_NODE=proxy-2 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 CLUSTER_NODE=worker-1 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 CLUSTER_NODE=worker-2 ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 40 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout @@ -19,6 +19,8 @@ # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::manager_is_logger = F; redef Cluster::nodes = { diff --git a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek index 6f3c7d7651..a5384fe9dc 100644 --- a/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/start-it-up.zeek @@ -4,18 +4,20 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 40 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout # @TEST-EXEC: btest-diff proxy-2/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek index ff30aabea8..6b7f70435f 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution.zeek @@ -4,12 +4,14 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 40 # @TEST-EXEC: btest-diff manager-1/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek index 47bdaee125..c75ca7c368 100644 --- a/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek +++ b/testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.zeek @@ -4,14 +4,16 @@ # @TEST-PORT: BROKER_PORT4 # @TEST-PORT: BROKER_PORT5 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff proxy-1/.stdout # @TEST-EXEC: btest-diff proxy-2/.stdout +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek index d625754a57..accbff83c2 100644 --- a/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/basic_cluster.zeek @@ -2,10 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek index c62364b02e..5a22253ac5 100644 --- a/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek +++ b/testing/btest/scripts/base/frameworks/config/cluster_resend.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT -# @TEST-EXEC: btest-bg-wait 45 +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout diff --git a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek index 2c89d7a44f..249668bdd5 100644 --- a/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek +++ b/testing/btest/scripts/base/frameworks/config/read_config_cluster.zeek @@ -2,10 +2,10 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout @@ -13,6 +13,9 @@ # @TEST-EXEC: btest-diff manager-1/config.log @load base/frameworks/config +@load base/frameworks/cluster +@load base/protocols/ssh +@load base/protocols/conn @TEST-START-FILE cluster-layout.zeek diff --git a/testing/btest/scripts/base/frameworks/config/weird.zeek b/testing/btest/scripts/base/frameworks/config/weird.zeek index ed6241bf50..568e0596af 100644 --- a/testing/btest/scripts/base/frameworks/config/weird.zeek +++ b/testing/btest/scripts/base/frameworks/config/weird.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/http/bro.org.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org.pcap %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff config.log +@load base/frameworks/config + event zeek_init() { Config::set_value("Weird::sampling_duration", 5sec); diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek index 78aa916408..1a57dbff0a 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.zeek +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.zeek @@ -1,10 +1,12 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update +# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek -b -Bbroker %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek -b -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=configuration_update # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff controllee/.stdout +@load base/frameworks/control + const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef; @TEST-START-FILE test-redef.zeek diff --git a/testing/btest/scripts/base/frameworks/control/id_value.zeek b/testing/btest/scripts/base/frameworks/control/id_value.zeek index 9bedd22aff..0db404ce4c 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.zeek +++ b/testing/btest/scripts/base/frameworks/control/id_value.zeek @@ -1,10 +1,12 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var +# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=id_value Control::arg=test_var # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff controller/.stdout +@load base/frameworks/control + # This value shouldn't ever be printed to the controllers stdout. const test_var = "Original value" &redef; diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.zeek b/testing/btest/scripts/base/frameworks/control/shutdown.zeek index 3fd58ef033..832ca8a591 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.zeek +++ b/testing/btest/scripts/base/frameworks/control/shutdown.zeek @@ -1,6 +1,6 @@ # @TEST-PORT: BROKER_PORT # -# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT -# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown -# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-bg-run controllee ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT frameworks/control/controllee Broker::default_port=$BROKER_PORT +# @TEST-EXEC: btest-bg-run controller ZEEKPATH=$ZEEKPATH:.. zeek -b %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=$BROKER_PORT Control::cmd=shutdown +# @TEST-EXEC: btest-bg-wait 20 diff --git a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek index d5ecb55445..a412920b43 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/actions/data_event.zeek @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out +@load base/protocols/http + redef test_print_file_data_events = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek index c3a6fe208b..782c9a81d9 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT 2>&1 # @TEST-EXEC: btest-diff .stdout +@load base/protocols/http + event zeek_init() { print "This should fail but not crash"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek index 2392c8558d..6ef0f5300c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.zeek @@ -1,6 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log +@load base/protocols/http +@load base/files/hash +@load base/files/extract + event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_MD5, "text/plain"); diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek index 3d2d9b5949..a8d51a7a49 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/remove_action.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; redef test_get_file_name = function(f: fa_file): string diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek index c78bb521a8..4742e0dda1 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/set_timeout_interval.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: btest-bg-run zeek zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT -# @TEST-EXEC: btest-bg-wait 8 +# @TEST-EXEC: btest-bg-run zeek zeek -b -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff zeek/.stdout +@load base/protocols/http + global cnt: count = 0; global timeout_cnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek index e70ea5a553..f1b1a97225 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/bifs/stop.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT >get.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: test ! -s Cx92a0ym5R8-file +@load base/protocols/http + event file_new(f: fa_file) { Files::stop(f); diff --git a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek index fdf320cd43..a109791e93 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/big-bof-buffer.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT # @TEST-EXEC: btest-diff files.log +@load base/protocols/http +@load base/files/hash +@load base/files/extract @load frameworks/files/hash-all-files redef default_file_bof_buffer_size=5000; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek index 583a97481e..a7e27901f3 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/byteranges.zeek @@ -1,6 +1,6 @@ # This used to crash the file reassemly code. # -# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace frameworks/files/extract-all-files FileExtract::default_limit=4000 +# @TEST-EXEC: zeek -b -r $TRACES/http/byteranges.trace base/protocols/http base/files/hash frameworks/files/extract-all-files FileExtract::default_limit=4000 # # @TEST-EXEC: btest-diff files.log diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek index 43a6506f6c..272f1c306e 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/ftp/retr.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile +@load base/protocols/ftp + redef test_file_analysis_source = "FTP_DATA"; redef test_get_file_name = function(f: fa_file): string diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek index e62a952410..8112be149c 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.zeek @@ -1,10 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out -# @TEST-EXEC: zeek -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=1 >get.out +# @TEST-EXEC: zeek -b -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.zeek %INPUT c=2 >get-gzip.out # @TEST-EXEC: btest-diff get.out # @TEST-EXEC: btest-diff get-gzip.out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; global c = 0 &redef; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek index 7cc1efda09..206eecb285 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/multipart.zeek @@ -1,10 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/http/multipart.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file # @TEST-EXEC: btest-diff 3-file # @TEST-EXEC: btest-diff 4-file +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; global cnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek index c675adbb40..1039de306b 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.zeek @@ -1,18 +1,20 @@ -# @TEST-EXEC: zeek -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out +# @TEST-EXEC: zeek -b -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >a.out # @TEST-EXEC: btest-diff a.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size # @TEST-EXEC: btest-diff a.size -# @TEST-EXEC: zeek -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out +# @TEST-EXEC: zeek -b -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >b.out # @TEST-EXEC: btest-diff b.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size # @TEST-EXEC: btest-diff b.size -# @TEST-EXEC: zeek -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out +# @TEST-EXEC: zeek -b -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.zeek %INPUT >c.out # @TEST-EXEC: btest-diff c.out # @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size # @TEST-EXEC: btest-diff c.size +@load base/protocols/http + global cnt: count = 0; redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek index acc635ae29..c5d4db7cff 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file @@ -6,6 +6,8 @@ # @TEST-EXEC: btest-diff 4-file # @TEST-EXEC: btest-diff 5-file +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; global c = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek index 122c188b6c..54e3e31313 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.zeek @@ -1,8 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff 1-file # @TEST-EXEC: btest-diff 2-file +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; global c = 0; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek index 4b3e641f34..07c1e52845 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile +@load base/protocols/irc + redef test_file_analysis_source = "IRC_DATA"; global first: bool = T; diff --git a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek index 96c302a31a..768cb2f7a9 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/logging.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.zeek %INPUT # @TEST-EXEC: btest-diff files.log +@load base/protocols/http + redef test_file_analysis_source = "HTTP"; redef test_get_file_name = function(f: fa_file): string diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek index 0fddcc7f98..f962bb54a8 100644 --- a/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.zeek @@ -1,9 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace $SCRIPTS/file-analysis-test.zeek %INPUT >out # @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff thefile0 # @TEST-EXEC: btest-diff thefile1 # @TEST-EXEC: btest-diff thefile2 +@load base/protocols/smtp +@load base/protocols/ssl + redef test_file_analysis_source = "SMTP"; global mycnt: count = 0; diff --git a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek index d4898ef60f..d68c8b0086 100644 --- a/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek +++ b/testing/btest/scripts/base/frameworks/input/missing-file-initially.zeek @@ -3,7 +3,7 @@ # It does a second test at the same time which configures the old # failing behavior. -# @TEST-EXEC: btest-bg-run zeek zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: $SCRIPTS/wait-for-file zeek/init 10 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: mv does-exist.dat does-not-exist.dat # @TEST-EXEC: $SCRIPTS/wait-for-file zeek/next 10 || (btest-bg-wait -k 1 && false) diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek index 98a43620eb..0bbe1b5e19 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.zeek @@ -3,10 +3,10 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout @@ -22,6 +22,9 @@ redef Cluster::nodes = { }; @TEST-END-FILE +@load base/frameworks/cluster +@load base/frameworks/intel + module Intel; redef Log::default_rotation_interval=0sec; diff --git a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek index dcc1d787c7..8ba417cec3 100644 --- a/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek +++ b/testing/btest/scripts/base/frameworks/intel/cluster-transparency.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout @@ -19,6 +19,9 @@ redef Cluster::nodes = { }; @TEST-END-FILE +@load base/frameworks/cluster +@load base/frameworks/intel + module Intel; redef Log::default_rotation_interval=0sec; diff --git a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek index e4f4be28dc..fda4ba319b 100644 --- a/testing/btest/scripts/base/frameworks/intel/expire-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/expire-item.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: cat zeekproc/intel.log > output # @TEST-EXEC: cat zeekproc/.stdout >> output diff --git a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek index ffb99fe96c..494103ec08 100644 --- a/testing/btest/scripts/base/frameworks/intel/filter-item.zeek +++ b/testing/btest/scripts/base/frameworks/intel/filter-item.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff zeekproc/intel.log @@ -9,6 +9,8 @@ 10.0.0.1 Intel::ADDR source1 this host is just plain baaad http://some-data-distributor.com/1234 @TEST-END-FILE +@load base/frameworks/intel + redef exit_only_after_terminate = T; redef Site::local_nets += { 10.0.0.0/8 }; redef Intel::read_files += { "../intel.dat" }; @@ -37,7 +39,11 @@ event Intel::log_intel(rec: Intel::Info) terminate(); } -event zeek_init() &priority=-10 +global read = 0; +event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item) { - schedule 4sec { do_it() }; + ++read; + + if ( read == 2 ) + event do_it(); } diff --git a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek index da43b808fc..4222fb1d68 100644 --- a/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/input-and-match.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff zeekproc/intel.log @@ -10,6 +10,8 @@ e@mail.com Intel::EMAIL source1 Phishing email source http://some-data-distributor.com/100000 @TEST-END-FILE +@load base/frameworks/intel + redef exit_only_after_terminate = T; redef Intel::read_files += { "../intel.dat" }; redef enum Intel::Where += { SOMEWHERE }; @@ -32,7 +34,11 @@ event Intel::log_intel(rec: Intel::Info) terminate(); } -event zeek_init() &priority=-10 +global reads = 0; +event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item) { - schedule 4sec { do_it() }; + ++reads; + + if ( reads == 3 ) + event do_it(); } diff --git a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek index 49aabff694..7eeb9cf73b 100644 --- a/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek +++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: cat zeekproc/intel.log > output # @TEST-EXEC: cat zeekproc/.stdout >> output @@ -14,6 +14,8 @@ 192.168.128.0/18 Intel::SUBNET source1 this subnetwork might be baaad http://some-data-distributor.com/5 # @TEST-END-FILE +@load base/frameworks/intel + redef exit_only_after_terminate = T; redef Intel::read_files += { "../intel.dat" }; @@ -29,9 +31,13 @@ event do_it() $where=SOMEWHERE]); } -event zeek_init() &priority=-10 +global read = 0; +event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item) { - schedule 4sec { do_it() }; + ++read; + + if ( read == 6 ) + event do_it(); } global log_lines = 0; diff --git a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek index 84c8868a89..1346961395 100644 --- a/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 40 # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log @@ -27,6 +27,7 @@ e@mail.com Intel::EMAIL source1 Phishing email source http://some-data-distribut @TEST-END-FILE @load base/frameworks/control +@load base/frameworks/intel redef Log::default_rotation_interval=0sec; module Intel; diff --git a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek index 38be4d51b3..987c3061cc 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-item-cluster.zeek @@ -1,13 +1,16 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff manager-1/intel.log +@load base/frameworks/intel +@load base/frameworks/cluster + # @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek index 45cb607e0a..216e40e835 100644 --- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek +++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: cat zeekproc/reporter.log > output # @TEST-EXEC: cat zeekproc/.stdout >> output @@ -9,6 +9,9 @@ 192.168.1.1 Intel::ADDR source1 this host is just plain baaad http://some-data-distributor.com/1 # @TEST-END-FILE +@load base/frameworks/intel +@load base/frameworks/reporter + redef exit_only_after_terminate = T; redef Intel::read_files += { "../intel.dat" }; @@ -25,7 +28,7 @@ event do_it() terminate(); } -event zeek_init() &priority=-10 +event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item) { - schedule 3sec { do_it() }; + event do_it(); } diff --git a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek index eadb90047e..272e89718d 100644 --- a/testing/btest/scripts/base/frameworks/intel/updated-match.zeek +++ b/testing/btest/scripts/base/frameworks/intel/updated-match.zeek @@ -1,5 +1,5 @@ # @TEST-EXEC: cp intel1.dat intel.dat -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got1 15 || (btest-bg-wait -k 1 && false) # @TEST-EXEC: cp intel2.dat intel.dat # @TEST-EXEC: $SCRIPTS/wait-for-file zeekproc/got2 15 || (btest-bg-wait -k 1 && false) diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek index f64f00f857..ed1e64aa7c 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek +++ b/testing/btest/scripts/base/frameworks/logging/ascii-escape-odd-url.zeek @@ -1,4 +1,4 @@ # -# @TEST-EXEC: zeek -C -r $TRACES/www-odd-url.trace +# @TEST-EXEC: zeek -b -C -r $TRACES/www-odd-url.trace base/protocols/http # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/frameworks/logging/env-ext.test b/testing/btest/scripts/base/frameworks/logging/env-ext.test index f7539ea7b4..ca14d3021d 100644 --- a/testing/btest/scripts/base/frameworks/logging/env-ext.test +++ b/testing/btest/scripts/base/frameworks/logging/env-ext.test @@ -1,2 +1,4 @@ -# @TEST-EXEC: ZEEK_LOG_SUFFIX=txt zeek -r $TRACES/wikipedia.trace +# @TEST-EXEC: ZEEK_LOG_SUFFIX=txt zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: test -f conn.txt + +@load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek index 6c4f9af6e4..175237cd39 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.zeek @@ -1,14 +1,13 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek -b %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek -b --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: grep qux manager-1/reporter.log | sed 's#line ..#line XX#g' > manager-reporter.log # @TEST-EXEC: grep qux manager-1/reporter-2.log | sed 's#line ..*#line XX#g' >> manager-reporter.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | $SCRIPTS/diff-remove-abspath | grep -v ^# | $SCRIPTS/diff-sort" btest-diff manager-reporter.log - @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -16,6 +15,9 @@ redef Cluster::nodes = { }; @TEST-END-FILE +@load base/frameworks/cluster +@load base/frameworks/logging +@load base/frameworks/reporter @load base/protocols/conn @if ( Cluster::node == "worker-1" ) diff --git a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek index da17800a00..bd61ad37f5 100644 --- a/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/logging/field-extension-cluster.zeek @@ -1,8 +1,8 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek -b %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek -b --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT" # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/http.log @@ -15,6 +15,8 @@ redef Cluster::nodes = { @TEST-END-FILE @load base/protocols/conn +@load base/protocols/http +@load base/frameworks/cluster @if ( Cluster::node == "worker-1" ) redef exit_only_after_terminate = T; diff --git a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek index cd6eaf7f26..e1e0c0bf87 100644 --- a/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek +++ b/testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.zeek @@ -3,8 +3,13 @@ # @TEST-REQUIRES: has-writer Zeek::SQLiteWriter # @TEST-GROUP: sqlite # -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_SQLITE # @TEST-EXEC: sqlite3 conn.sqlite 'select * from conn order by ts' | sort -n > conn.select # @TEST-EXEC: sqlite3 http.sqlite 'select * from http order by ts' | sort -n > http.select # @TEST-EXEC: btest-diff conn.select # @TEST-EXEC: btest-diff http.select + +@load base/protocols/http +@load base/protocols/dns +@load base/protocols/conn +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek index 60984f1fc7..6ceafb71b3 100644 --- a/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek +++ b/testing/btest/scripts/base/frameworks/logging/writer-path-conflict.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff reporter.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http-2.log @@ -6,6 +6,7 @@ # @TEST-EXEC: btest-diff http-2-2.log @load base/protocols/http +@load base/frameworks/reporter event zeek_init() { diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek index b3aa5344f2..61b44d6692 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek @@ -2,12 +2,12 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek %INPUT" -# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek -b %INPUT" +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek -b --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: $SCRIPTS/wait-for-file manager-1/lost 15 || (btest-bg-wait -k 1 && false) -# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 zeek --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-2 zeek -b --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT" # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff worker-1/.stdout # @TEST-EXEC: btest-diff worker-2/.stdout diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek index b7510e4c2c..0502890f2f 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_shunt.log # @TEST-EXEC: btest-diff netcontrol_drop.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek index 935142b33c..44a80b41b8 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # Verify the state of internal tables after rules have been deleted... diff --git a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek index 09694cc1f8..0ef6d87ba1 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff out @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek index e12599db83..91f2760162 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/hook.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek index 4fc05d4f45..c89ab3bc3a 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek index 04cd1302b3..b0651cdd36 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek index ac8a3f5c0a..329b12d16f 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.zeek @@ -1,6 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log +@load base/protocols/conn +@load base/protocols/smtp +@load base/protocols/dns +@load base/frameworks/dpd @load base/frameworks/netcontrol event NetControl::init() diff --git a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek index 71ef2b3efe..9e712b8a0b 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek +++ b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff netcontrol.log # @TEST-EXEC: btest-diff openflow.log diff --git a/testing/btest/scripts/base/frameworks/notice/cluster.zeek b/testing/btest/scripts/base/frameworks/notice/cluster.zeek index 5a8a5fdf4f..ee7bb55273 100644 --- a/testing/btest/scripts/base/frameworks/notice/cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/cluster.zeek @@ -2,12 +2,15 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff manager-1/notice.log +@load base/frameworks/cluster +@load base/frameworks/notice + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test b/testing/btest/scripts/base/frameworks/notice/default-policy-order.test deleted file mode 100644 index 7daffc2ea0..0000000000 --- a/testing/btest/scripts/base/frameworks/notice/default-policy-order.test +++ /dev/null @@ -1,10 +0,0 @@ -# This test checks that the default notice policy ordering does not -# change from run to run. -# @TEST-EXEC: zeek -e '' -# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.1 -# @TEST-EXEC: zeek -e '' -# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.2 -# @TEST-EXEC: zeek -e '' -# @TEST-EXEC: cat notice_policy.log | $SCRIPTS/diff-remove-timestamps > notice_policy.log.3 -# @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.2 -# @TEST-EXEC: diff notice_policy.log.1 notice_policy.log.3 diff --git a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek index 373d773bd2..1de5b443d1 100644 --- a/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek +++ b/testing/btest/scripts/base/frameworks/notice/mail-alarms.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/web.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/web.trace %INPUT # @TEST-EXEC: btest-diff alarm-mail.txt +@load base/frameworks/notice + hook Notice::policy(n: Notice::Info) &priority=1 { add n$actions[Notice::ACTION_ALARM]; diff --git a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek index 7c1dbaf5bc..2e7df11f5e 100644 --- a/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/notice/suppression-cluster.zeek @@ -3,13 +3,16 @@ # @TEST-PORT: BROKER_PORT3 # @TEST-PORT: BROKER_PORT4 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=proxy-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/notice.log +@load base/frameworks/notice +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -30,7 +33,7 @@ event Cluster::node_down(name: string, id: string) terminate(); } -event delayed_notice() +event do_notice() { NOTICE([$note=Test_Notice, $msg="test notice!", @@ -38,19 +41,35 @@ event delayed_notice() } event ready() - { + { + print "ready"; + + if ( Cluster::node == "manager-1" ) + Broker::publish(Cluster::node_topic("worker-1"), ready); if ( Cluster::node == "worker-1" ) - schedule 4secs { delayed_notice() }; + schedule 1sec { do_notice() }; if ( Cluster::node == "worker-2" ) - schedule 1secs { delayed_notice() }; - } + { + event do_notice(); + Broker::publish(Cluster::node_topic("manager-1"), ready); + } + } event Notice::suppressed(n: Notice::Info) { + print "suppressed", n$note, n$identifier; + if ( Cluster::node == "worker-1" ) terminate(); } +event Notice::begin_suppression(ts: time, suppress_for: interval, note: Notice::Type, + identifier: string) + { + print "begin suppression", suppress_for, note, identifier; + Broker::publish(Cluster::node_topic("manager-1"), ready); + } + @if ( Cluster::local_node_type() == Cluster::MANAGER ) global peer_count = 0; @@ -60,7 +79,7 @@ event Cluster::node_up(name: string, id: string) peer_count = peer_count + 1; if ( peer_count == 3 ) - Broker::publish(Cluster::worker_topic, ready); + Broker::publish(Cluster::node_topic("worker-2"), ready); } @endif diff --git a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek index 3604c95eec..920e65fac9 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff openflow.log @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek index 8f1dc35fce..50783baceb 100644 --- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek +++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/conn diff --git a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test index 537b210128..f8da1e66d3 100644 --- a/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test +++ b/testing/btest/scripts/base/frameworks/packet-filter/bad-filter.test @@ -1,2 +1,2 @@ -# @TEST-EXEC-FAIL: zeek -r $TRACES/web.trace -f "bad filter" +# @TEST-EXEC-FAIL: zeek -b -r $TRACES/web.trace base/frameworks/packet-filter -f "bad filter" # @TEST-EXEC: test -s .stderr diff --git a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek index 1395f20807..98f26e394e 100644 --- a/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/disable-stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b base/frameworks/reporter %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek index 5c3793b435..d78d374063 100644 --- a/testing/btest/scripts/base/frameworks/reporter/stderr.zeek +++ b/testing/btest/scripts/base/frameworks/reporter/stderr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT base/frameworks/reporter # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log diff --git a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek index ecf36ca8dc..5730348c3d 100644 --- a/testing/btest/scripts/base/frameworks/software/version-parsing.zeek +++ b/testing/btest/scripts/base/frameworks/software/version-parsing.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff output +@load base/frameworks/software + module Software; global matched_software: table[string] of Software::Description = { diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek index 86f81b14e5..c486149260 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic-cluster.zeek @@ -2,13 +2,16 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout +@load base/frameworks/sumstats +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -20,6 +23,7 @@ redef Cluster::nodes = { redef Log::default_rotation_interval = 0secs; global n = 0; +global did_data = F; event zeek_init() &priority=5 { @@ -29,12 +33,14 @@ event zeek_init() &priority=5 $reducers=set(r1), $epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) = { + if ( ! did_data ) return; local r = result["test"]; print fmt("Host: %s - num:%d - sum:%.1f - avg:%.1f - max:%.1f - min:%.1f - var:%.1f - std_dev:%.1f - unique:%d - hllunique:%d", key$host, r$num, r$sum, r$average, r$max, r$min, r$variance, r$std_dev, r$unique, r$hll_unique); }, $epoch_finished(ts: time) = { - terminate(); + if ( did_data ) + terminate(); }]); } @@ -67,6 +73,8 @@ event ready_for_data() SumStats::observe("test", [$host=7.2.1.5], [$num=91]); SumStats::observe("test", [$host=10.10.10.10], [$num=5]); } + + did_data = T; } @if ( Cluster::local_node_type() == Cluster::MANAGER ) diff --git a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek index 3b454ebaa4..c9d136de63 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/basic.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/basic.zeek @@ -1,7 +1,9 @@ -# @TEST-EXEC: btest-bg-run standalone zeek %INPUT -# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-bg-run standalone zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 15 # @TEST-EXEC: btest-diff standalone/.stdout +@load base/frameworks/sumstats + redef exit_only_after_terminate=T; event zeek_init() &priority=5 diff --git a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek index 200339128c..2c901f2c38 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.zeek @@ -2,12 +2,15 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff manager-1/.stdout +@load base/frameworks/cluster +@load base/frameworks/sumstats + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek index 7d23ae9e80..b62e4af519 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/last-cluster.zeek @@ -1,12 +1,15 @@ # @TEST-PORT: BROKER_PORT1 # @TEST-PORT: BROKER_PORT2 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 25 # @TEST-EXEC: btest-diff manager-1/.stdout -# + +@load base/frameworks/sumstats +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek index bd0cdc2d1a..16f371b28d 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.zeek @@ -2,14 +2,17 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT +# @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff manager-1/.stdout # +@load base/frameworks/cluster +@load base/frameworks/sumstats + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -37,11 +40,6 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string) global ready_for_data: event(); -event zeek_init() - { - Broker::auto_publish(Cluster::worker_topic, ready_for_data); - } - event on_demand() { local host = 7.2.1.5; @@ -56,6 +54,15 @@ event on_demand() } } +global ready_count = 0; +event ready_to_demand() + { + ++ready_count; + + if ( ready_count == 2 ) + event on_demand(); + } + event ready_for_data() { if ( Cluster::node == "worker-1" ) @@ -73,7 +80,7 @@ event ready_for_data() SumStats::observe("test", [$host=10.10.10.10], [$num=5]); } - schedule 1sec { on_demand() }; + Broker::publish(Cluster::manager_topic, ready_to_demand); } global peer_count = 0; @@ -84,8 +91,6 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string) ++peer_count; if ( peer_count == 2 ) - { - event ready_for_data(); - } + Broker::publish(Cluster::worker_topic, ready_for_data); } diff --git a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek index 4faedd9bac..208d9248f2 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/on-demand.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/frameworks/sumstats + redef exit_only_after_terminate=T; diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek index 38a2738329..c5057760fa 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample-cluster.zeek @@ -2,12 +2,15 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout +@load base/frameworks/sumstats +@load base/frameworks/cluster + @TEST-START-FILE cluster-layout.zeek redef Cluster::nodes = { ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))], @@ -17,6 +20,7 @@ redef Cluster::nodes = { @TEST-END-FILE redef Log::default_rotation_interval = 0secs; +global did_data = F; event zeek_init() &priority=5 { @@ -26,6 +30,7 @@ event zeek_init() &priority=5 $reducers=set(r1), $epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) = { + if ( ! did_data ) return; local r = result["test"]; print fmt("Host: %s Sampled observations: %d", key$host, r$sample_elements); local sample_nums: vector of count = vector(); @@ -36,7 +41,8 @@ event zeek_init() &priority=5 }, $epoch_finished(ts: time) = { - terminate(); + if ( did_data ) + terminate(); }]); } @@ -102,6 +108,8 @@ event ready_for_data() SumStats::observe("test", [$host=7.2.1.5], [$num=91]); SumStats::observe("test", [$host=10.10.10.10], [$num=5]); } + + did_data = T; } @if ( Cluster::local_node_type() == Cluster::MANAGER ) diff --git a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek index 7d63c2e946..8dad317d4d 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/sample.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/sample.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/frameworks/sumstats + event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", diff --git a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek index 93ae99e0ef..17f93742a1 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/thresholding.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek %INPUT | sort >output +# @TEST-EXEC: zeek -b %INPUT | sort >output # @TEST-EXEC: btest-diff output +@load base/frameworks/sumstats +@load base/frameworks/notice + redef enum Notice::Type += { Test_Notice, }; diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek index 2a73fc6ba7..f9ccf1455f 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout @@ -17,18 +17,23 @@ redef Cluster::nodes = { }; @TEST-END-FILE +@load base/frameworks/sumstats +@load base/frameworks/cluster + redef Log::default_rotation_interval = 0secs; +global did_data = F; event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", $apply=set(SumStats::TOPK)]; SumStats::create([$name="topk-test", - $epoch=5secs, + $epoch=1secs, $reducers=set(r1), $epoch_result(ts: time, key: SumStats::Key, result: SumStats::Result) = { + if ( ! did_data ) return; local r = result["test.metric"]; local s: vector of SumStats::Observation; s = topk_get_top(r$topk, 5); @@ -40,7 +45,8 @@ event zeek_init() &priority=5 }, $epoch_finished(ts: time) = { - terminate(); + if ( did_data ) + terminate(); }]); @@ -96,6 +102,8 @@ event ready_for_data() SumStats::observe("test.metric", [$str="counter"], [$num=995]); } } + + did_data = T; } @if ( Cluster::local_node_type() == Cluster::MANAGER ) diff --git a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek index 2375cddd10..f85d44ede7 100644 --- a/testing/btest/scripts/base/frameworks/sumstats/topk.zeek +++ b/testing/btest/scripts/base/frameworks/sumstats/topk.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/frameworks/sumstats + event zeek_init() &priority=5 { local r1: SumStats::Reducer = [$stream="test.metric", diff --git a/testing/btest/scripts/base/misc/find-filtered-trace.test b/testing/btest/scripts/base/misc/find-filtered-trace.test index a63e0c7a2b..65a7f2ec5a 100644 --- a/testing/btest/scripts/base/misc/find-filtered-trace.test +++ b/testing/btest/scripts/base/misc/find-filtered-trace.test @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap >out1 2>&1 -# @TEST-EXEC: zeek -r $TRACES/http/bro.org-filtered.pcap "FilteredTraceDetection::enable=F" >out2 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org-filtered.pcap %INPUT >out1 2>&1 +# @TEST-EXEC: zeek -b -r $TRACES/http/bro.org-filtered.pcap %INPUT "FilteredTraceDetection::enable=F" >out2 2>&1 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out1 # @TEST-EXEC: btest-diff out2 + +@load base/misc/find-filtered-trace diff --git a/testing/btest/scripts/base/protocols/arp/bad.test b/testing/btest/scripts/base/protocols/arp/bad.test index fb3444f105..50d08ba6fe 100644 --- a/testing/btest/scripts/base/protocols/arp/bad.test +++ b/testing/btest/scripts/base/protocols/arp/bad.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/arp-leak.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/arp-leak.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/basic.test b/testing/btest/scripts/base/protocols/arp/basic.test index c8dbc58cff..4f243c77df 100644 --- a/testing/btest/scripts/base/protocols/arp/basic.test +++ b/testing/btest/scripts/base/protocols/arp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/arp-who-has.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/arp-who-has.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/radiotap.test b/testing/btest/scripts/base/protocols/arp/radiotap.test index 59f69aca13..2f9e7b7924 100644 --- a/testing/btest/scripts/base/protocols/arp/radiotap.test +++ b/testing/btest/scripts/base/protocols/arp/radiotap.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/arp-who-has-radiotap.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/arp-who-has-radiotap.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/arp/wlanmon.test b/testing/btest/scripts/base/protocols/arp/wlanmon.test index 6516d424e9..9f5de74912 100644 --- a/testing/btest/scripts/base/protocols/arp/wlanmon.test +++ b/testing/btest/scripts/base/protocols/arp/wlanmon.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/arp-who-has-wlanmon.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/arp-who-has-wlanmon.pcap %INPUT # @TEST-EXEC: btest-diff .stdout event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string) diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test index 5bd0044dbc..198790b2c3 100644 --- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: zeek -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" +# @TEST-EXEC: zeek -b -f "tcp port 21" -r $TRACES/ftp/ipv6.trace base/protocols/conn "Conn::default_extract=T" # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat diff --git a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek index 6278078d49..bb02621a0a 100644 --- a/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek +++ b/testing/btest/scripts/base/protocols/conn/new_connection_contents.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout event new_connection_contents(c: connection) diff --git a/testing/btest/scripts/base/protocols/conn/threshold-delete.zeek b/testing/btest/scripts/base/protocols/conn/threshold-delete.zeek index e15e2013fd..50a262de47 100644 --- a/testing/btest/scripts/base/protocols/conn/threshold-delete.zeek +++ b/testing/btest/scripts/base/protocols/conn/threshold-delete.zeek @@ -1,9 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr # # This tests that no events are raised once all thresholds have been deleted. +@load base/protocols/conn + event connection_established(c: connection) { ConnThreshold::set_bytes_threshold(c, 1, T); diff --git a/testing/btest/scripts/base/protocols/conn/threshold.zeek b/testing/btest/scripts/base/protocols/conn/threshold.zeek index 7bdca12861..edc34b30ec 100644 --- a/testing/btest/scripts/base/protocols/conn/threshold.zeek +++ b/testing/btest/scripts/base/protocols/conn/threshold.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/conn + event connection_established(c: connection) { print fmt("Threshold set for %s", cat(c$id)); diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest index 8f32736572..7bd6be9562 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest @@ -2,5 +2,7 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log + +@load base/protocols/dhcp diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest index 0c902911a2..ed6a49b015 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-all-msg-types.btest @@ -2,5 +2,7 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log + +@load base/protocols/dhcp diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest index 1833bd70ab..90aec4ce73 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest @@ -2,5 +2,7 @@ # The trace has a message of each DHCP message type, # but only one lease should show up in the logs. -# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log + +@load base/protocols/dhcp diff --git a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest index f5fc6be660..14add06f16 100644 --- a/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest +++ b/testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest @@ -1,2 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts +# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts # @TEST-EXEC: btest-diff dhcp.log + +@load base/protocols/dhcp diff --git a/testing/btest/scripts/base/protocols/dhcp/inform.test b/testing/btest/scripts/base/protocols/dhcp/inform.test index 7a6fa78eaa..e3251cec98 100644 --- a/testing/btest/scripts/base/protocols/dhcp/inform.test +++ b/testing/btest/scripts/base/protocols/dhcp/inform.test @@ -1,5 +1,7 @@ # DHCPINFORM leases are special-cased in the code. # This tests that those leases are correctly logged. -# @TEST-EXEC: zeek -r $TRACES/dhcp/dhcp_inform.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dhcp/dhcp_inform.trace %INPUT # @TEST-EXEC: btest-diff dhcp.log + +@load base/protocols/dhcp diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek index dd2fe42007..58681eeb96 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_del_measure.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_del_measure.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek index 3fd98f90a9..9b70c0909a 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek index 9fa7cff416..5cac077078 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_del.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_file_del.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek index 279ce73fc5..7212a70e60 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_file_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek index a7bf5a6c51..5fba3bb7c4 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_file_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_file_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek index c55ad9eaf5..727c0b8fcb 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_link_only.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnp3/dnp3_link_only.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek index c474cc5594..3e48f97e74 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek index 7f0e2437af..f1e69662b5 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_rec_time.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_rec_time.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek index 44fcd570c1..04726f31ac 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek index 2efaa4f5d7..298d1c6080 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_en_spon.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_udp_en_spon.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek index 9f817b5bc1..9a96518600 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_read.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_udp_read.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek index 8c1aa79dba..2fd68503fe 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_select_operate.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_udp_select_operate.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek index 60eeb30480..9561400c90 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_udp_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_udp_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek index cb0e0560d3..eca04288e3 100644 --- a/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/dnp3_write.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3_write.pcap %DIR/events.zeek >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total diff --git a/testing/btest/scripts/base/protocols/dnp3/events.zeek b/testing/btest/scripts/base/protocols/dnp3/events.zeek index ec871b0932..d8aad724e6 100644 --- a/testing/btest/scripts/base/protocols/dnp3/events.zeek +++ b/testing/btest/scripts/base/protocols/dnp3/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/dnp3/dnp3.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/dnp3/dnp3.trace %INPUT >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $1}' | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/dnp3/events.bif | grep "^event dnp3_" | wc -l >total @@ -7,6 +7,8 @@ # @TEST-EXEC: btest-diff coverage # @TEST-EXEC: btest-diff dnp3.log # +@load base/protocols/dnp3 + event dnp3_application_request_header(c: connection, is_orig: bool, application_control: count, fc: count) { print "dnp3_application_request_header", is_orig, application_control, fc; diff --git a/testing/btest/scripts/base/protocols/dns/caa.zeek b/testing/btest/scripts/base/protocols/dns/caa.zeek index 4c3b5af22d..af6d51e24d 100644 --- a/testing/btest/scripts/base/protocols/dns/caa.zeek +++ b/testing/btest/scripts/base/protocols/dns/caa.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/dns-caa.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dns-caa.pcap %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/dns + event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string) { print flags,tag,value; diff --git a/testing/btest/scripts/base/protocols/dns/dns-edns-ecs.zeek b/testing/btest/scripts/base/protocols/dns/dns-edns-ecs.zeek index 09a694f15f..384014db25 100644 --- a/testing/btest/scripts/base/protocols/dns/dns-edns-ecs.zeek +++ b/testing/btest/scripts/base/protocols/dns/dns-edns-ecs.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dns-edns-ecs.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dns-edns-ecs.pcap %INPUT > output # @TEST-EXEC: btest-diff output @load policy/protocols/dns/auth-addl event dns_EDNS_ecs(c: connection, msg: dns_msg, opt: dns_edns_ecs) { print opt; -} \ No newline at end of file +} diff --git a/testing/btest/scripts/base/protocols/dns/dns-key.zeek b/testing/btest/scripts/base/protocols/dns/dns-key.zeek index 7ab37cb015..bed5177a50 100644 --- a/testing/btest/scripts/base/protocols/dns/dns-key.zeek +++ b/testing/btest/scripts/base/protocols/dns/dns-key.zeek @@ -1,4 +1,4 @@ # Making sure DNSKEY gets logged as such. # -# @TEST-EXEC: zeek -r $TRACES/dnssec/dnskey2.pcap +# @TEST-EXEC: zeek -b -r $TRACES/dnssec/dnskey2.pcap base/protocols/dns # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/dnskey.zeek b/testing/btest/scripts/base/protocols/dns/dnskey.zeek index b790b832cf..c0a5e0ea5a 100644 --- a/testing/btest/scripts/base/protocols/dns/dnskey.zeek +++ b/testing/btest/scripts/base/protocols/dns/dnskey.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/dnskey.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output -#@load policy/protocols/dns/auth-addl +@load base/protocols/dns event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) { diff --git a/testing/btest/scripts/base/protocols/dns/ds.zeek b/testing/btest/scripts/base/protocols/dns/ds.zeek index 4c1a75562f..1e024e31f1 100644 --- a/testing/btest/scripts/base/protocols/dns/ds.zeek +++ b/testing/btest/scripts/base/protocols/dns/ds.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dnssec/ds.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/ds.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output -#@load policy/protocols/dns/auth-addl +@load base/protocols/dns event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) { diff --git a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek index 91f37fa723..838cf586ca 100644 --- a/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek +++ b/testing/btest/scripts/base/protocols/dns/duplicate-reponses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: zeek -r $TRACES/dns-two-responses.trace +# @TEST-EXEC: zeek -b -r $TRACES/dns-two-responses.trace base/protocols/dns # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/flip.zeek b/testing/btest/scripts/base/protocols/dns/flip.zeek index 92058c6c49..0838f71f58 100644 --- a/testing/btest/scripts/base/protocols/dns/flip.zeek +++ b/testing/btest/scripts/base/protocols/dns/flip.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: zeek -r $TRACES/dns53.pcap +# @TEST-EXEC: zeek -b -r $TRACES/dns53.pcap base/protocols/dns # @TEST-EXEC: btest-diff dns.log # If the DNS reply is seen first, should be able to correctly set orig/resp. diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek index 90ed2275b0..b99c8625c9 100644 --- a/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek +++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/dns-huge-ttl.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dns-huge-ttl.pcap %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/dns + event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) { print ans; diff --git a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek index 55ea225106..acb5cffeef 100644 --- a/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek +++ b/testing/btest/scripts/base/protocols/dns/multiple-txt-strings.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: zeek -r $TRACES/dns-txt-multiple.trace +# @TEST-EXEC: zeek -b -r $TRACES/dns-txt-multiple.trace base/protocols/dns # @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/dns/nsec.zeek b/testing/btest/scripts/base/protocols/dns/nsec.zeek index 006e24057b..714c2a802a 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/nsec.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/nsec3.zeek b/testing/btest/scripts/base/protocols/dns/nsec3.zeek index ce77ae857d..aff667894b 100644 --- a/testing/btest/scripts/base/protocols/dns/nsec3.zeek +++ b/testing/btest/scripts/base/protocols/dns/nsec3.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/nsec3.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output diff --git a/testing/btest/scripts/base/protocols/dns/rrsig.zeek b/testing/btest/scripts/base/protocols/dns/rrsig.zeek index 68f6a46e0a..bb0c5ad464 100644 --- a/testing/btest/scripts/base/protocols/dns/rrsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/rrsig.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output +# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/rrsig.pcap %INPUT > output # @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff output -#@load policy/protocols/dns/auth-addl +@load base/protocols/dns event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) { diff --git a/testing/btest/scripts/base/protocols/dns/tsig.zeek b/testing/btest/scripts/base/protocols/dns/tsig.zeek index 7df31eb9c4..50e00cb5b1 100644 --- a/testing/btest/scripts/base/protocols/dns/tsig.zeek +++ b/testing/btest/scripts/base/protocols/dns/tsig.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/dns-tsig.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/dns-tsig.trace %INPUT >out # @TEST-EXEC: btest-diff out +@load base/protocols/dns + redef dns_skip_all_addl = F; event dns_TSIG_addl(c: connection, msg: dns_msg, ans: dns_tsig_additional) diff --git a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek index aff38b4402..29eefa9a28 100644 --- a/testing/btest/scripts/base/protocols/dns/zero-responses.zeek +++ b/testing/btest/scripts/base/protocols/dns/zero-responses.zeek @@ -1,4 +1,4 @@ # This tests the case where the DNS server responded with zero RRs. # -# @TEST-EXEC: zeek -r $TRACES/dns-zero-RRs.trace -# @TEST-EXEC: btest-diff dns.log \ No newline at end of file +# @TEST-EXEC: zeek -b -r $TRACES/dns-zero-RRs.trace base/protocols/dns +# @TEST-EXEC: btest-diff dns.log diff --git a/testing/btest/scripts/base/protocols/ftp/bad-adat-encoding.zeek b/testing/btest/scripts/base/protocols/ftp/bad-adat-encoding.zeek index 282c12bf6e..d25e28e3b2 100644 --- a/testing/btest/scripts/base/protocols/ftp/bad-adat-encoding.zeek +++ b/testing/btest/scripts/base/protocols/ftp/bad-adat-encoding.zeek @@ -1,2 +1,5 @@ -# @TEST-EXEC: zeek -C -r $TRACES/globus-url-copy-bad-encoding.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/globus-url-copy-bad-encoding.trace %INPUT # @TEST-EXEC: btest-diff weird.log + +@load base/protocols/ftp +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek index b07033ca7c..7f04f573c1 100644 --- a/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek +++ b/testing/btest/scripts/base/protocols/ftp/cwd-navigation.zeek @@ -1,8 +1,12 @@ -# @TEST-EXEC: zeek -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/ftp/cwd-navigation.pcap >output.log %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log # @TEST-EXEC: btest-diff output.log +@load base/protocols/conn +@load base/protocols/ftp +@load base/frameworks/dpd + # Make sure we're tracking the CWD correctly. event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &priority=10 { diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek index 42e90301b4..80c8b77760 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.zeek @@ -1,5 +1,7 @@ # This tests extracting the server reported file size # from FTP sessions. # -# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap %INPUT # @TEST-EXEC: btest-diff ftp.log + +@load base/protocols/ftp diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek index f12ef0d109..18d1890280 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.zeek @@ -1,6 +1,9 @@ # This tests both active and passive FTP over IPv4. # -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log +@load base/protocols/conn +@load base/protocols/ftp +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek index bb8bf9ca1b..5f33407223 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.zeek @@ -1,6 +1,9 @@ # This tests both active and passive FTP over IPv6. # -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6.trace +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv6.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log +@load base/protocols/conn +@load base/protocols/ftp +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek index f499543327..a08e060451 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap-skip.zeek @@ -1,9 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap-skip.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/content-range-gap-skip.trace %INPUT # In this trace, we should be able to determine that a gap lies # entirely within the body of an entity that specifies Content-Range, # and so further deliveries after the gap can still be made. +@load base/protocols/http + global got_gap = F; global got_data_after_gap = F; diff --git a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek index d992ef4d38..81d7fe042d 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-gap.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/http/content-range-gap.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/content-range-gap.trace %INPUT # @TEST-EXEC: btest-diff extract_files/thefile +@load base/protocols/http +@load base/files/extract + event file_new(f: fa_file) { Files::add_analyzer(f, Files::ANALYZER_EXTRACT, diff --git a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek index e10e504635..dced876c3e 100644 --- a/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek +++ b/testing/btest/scripts/base/protocols/http/content-range-less-than-len.zeek @@ -1,3 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/http/content-range-less-than-len.pcap +# @TEST-EXEC: zeek -b -r $TRACES/http/content-range-less-than-len.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log + +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/entity-gap.zeek b/testing/btest/scripts/base/protocols/http/entity-gap.zeek index 6f82801d2d..94291fc6ca 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap.zeek @@ -1,7 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/http/entity_gap.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/entity_gap.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 +@load base/protocols/http +@load base/files/extract + global f = open("entity_data"); global fn = 0; diff --git a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek index e8703efc85..8e54c6a549 100644 --- a/testing/btest/scripts/base/protocols/http/entity-gap2.zeek +++ b/testing/btest/scripts/base/protocols/http/entity-gap2.zeek @@ -1,7 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/http/entity_gap2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/entity_gap2.trace %INPUT # @TEST-EXEC: btest-diff entity_data # @TEST-EXEC: btest-diff extract_files/file0 +@load base/protocols/http +@load base/files/extract + global f = open("entity_data"); global fn = 0; diff --git a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek index 30bb628958..22a0564ed0 100644 --- a/testing/btest/scripts/base/protocols/http/fake-content-length.zeek +++ b/testing/btest/scripts/base/protocols/http/fake-content-length.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: zeek -r $TRACES/http/fake-content-length.pcap +# @TEST-EXEC: zeek -b -r $TRACES/http/fake-content-length.pcap base/protocols/http # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek index dbd4747598..8520a54c97 100644 --- a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek +++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.zeek @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek index 6c2cbcc815..9cdb8d1eae 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.zeek @@ -1,12 +1,13 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly # when the server include a header line into its response. # -# @TEST-EXEC: zeek -C -r $TRACES/http/connect-with-header.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/http/connect-with-header.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff tunnel.log @load base/protocols/conn @load base/protocols/http +@load base/protocols/ssl @load base/protocols/tunnels @load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/http/http-connect.zeek b/testing/btest/scripts/base/protocols/http/http-connect.zeek index 39cf3f3271..9bf5d321b2 100644 --- a/testing/btest/scripts/base/protocols/http/http-connect.zeek +++ b/testing/btest/scripts/base/protocols/http/http-connect.zeek @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly. # -# @TEST-EXEC: zeek -r $TRACES/http/connect-with-smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/connect-with-smtp.trace %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff smtp.log diff --git a/testing/btest/scripts/base/protocols/http/http-filename.zeek b/testing/btest/scripts/base/protocols/http/http-filename.zeek index b3528191c0..41f8ec9502 100644 --- a/testing/btest/scripts/base/protocols/http/http-filename.zeek +++ b/testing/btest/scripts/base/protocols/http/http-filename.zeek @@ -1,8 +1,6 @@ # This tests that the HTTP analyzer handles filenames over HTTP correctly. # -# @TEST-EXEC: zeek -r $TRACES/http/http-filename.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/http-filename.pcap %INPUT # @TEST-EXEC: btest-diff http.log -# The base analysis scripts are loaded by default. -#@load base/protocols/http - +@load base/protocols/http diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek index 60d5095d97..4eecb88096 100644 --- a/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek +++ b/testing/btest/scripts/base/protocols/http/http-header-crlf.zeek @@ -2,9 +2,8 @@ # it gets confused whether it's in a header or not; it shouldn't report # the http_no_crlf_in_header_list wierd. # -# @TEST-EXEC: zeek -r $TRACES/http/byteranges.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/byteranges.trace %INPUT # @TEST-EXEC: test ! -f weird.log -# The base analysis scripts are loaded by default. -#@load base/protocols/http - +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/http-methods.zeek b/testing/btest/scripts/base/protocols/http/http-methods.zeek index 810868184f..11e9dc9668 100644 --- a/testing/btest/scripts/base/protocols/http/http-methods.zeek +++ b/testing/btest/scripts/base/protocols/http/http-methods.zeek @@ -1,9 +1,8 @@ # This tests that the HTTP analyzer handles strange HTTP methods properly. # -# @TEST-EXEC: zeek -r $TRACES/http/methods.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/methods.trace %INPUT # @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff http.log -# The base analysis scripts are loaded by default. -#@load base/protocols/http - +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek index d1451276fe..6550e1b969 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.zeek +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.zeek @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/http/pipelined-requests.trace %INPUT > output +# @TEST-EXEC: zeek -b -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log +@load base/protocols/http + # mime type is irrelevant to this test, so filter it out event zeek_init() { diff --git a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek index 9c993c7e7f..0001ca1ef9 100644 --- a/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek +++ b/testing/btest/scripts/base/protocols/http/missing-zlib-header.zeek @@ -2,5 +2,7 @@ # include an appropriate ZLIB header on deflated # content. # -# @TEST-EXEC: zeek -r $TRACES/http/missing-zlib-header.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/http/missing-zlib-header.pcap %INPUT # @TEST-EXEC: btest-diff http.log + +@load base/protocols/http diff --git a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek index 93f12e13d7..ef9adf85ab 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-extract.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-extract.zeek @@ -1,7 +1,10 @@ -# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/http/multipart.trace %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: cat extract_files/http-item-* | sort > extractions +@load base/protocols/http +@load base/files/extract + event file_new(f: fa_file) { local fname = fmt("http-item-%s", f$id); diff --git a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek index 21980ae7e0..1050baccaa 100644 --- a/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek +++ b/testing/btest/scripts/base/protocols/http/multipart-file-limit.zeek @@ -1,10 +1,10 @@ -# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace +# @TEST-EXEC: zeek -b -C -r $TRACES/http/multipart.trace base/protocols/http # @TEST-EXEC: btest-diff http.log -# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT >out-limited +# @TEST-EXEC: zeek -b -C -r $TRACES/http/multipart.trace base/protocols/http %INPUT >out-limited # @TEST-EXEC: mv http.log http-limited.log # @TEST-EXEC: btest-diff http-limited.log # @TEST-EXEC: btest-diff out-limited -# @TEST-EXEC: zeek -C -r $TRACES/http/multipart.trace %INPUT ignore_http_file_limit=T >out-limit-ignored +# @TEST-EXEC: zeek -b -C -r $TRACES/http/multipart.trace base/protocols/http %INPUT ignore_http_file_limit=T >out-limit-ignored # @TEST-EXEC: mv http.log http-limit-ignored.log # @TEST-EXEC: btest-diff http-limit-ignored.log # @TEST-EXEC: btest-diff out-limit-ignored diff --git a/testing/btest/scripts/base/protocols/http/no-uri.zeek b/testing/btest/scripts/base/protocols/http/no-uri.zeek index dc0a3f313d..ff49aed910 100644 --- a/testing/btest/scripts/base/protocols/http/no-uri.zeek +++ b/testing/btest/scripts/base/protocols/http/no-uri.zeek @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/http/no-uri.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/no-version.zeek b/testing/btest/scripts/base/protocols/http/no-version.zeek index d926cb565e..24a27e2a04 100644 --- a/testing/btest/scripts/base/protocols/http/no-version.zeek +++ b/testing/btest/scripts/base/protocols/http/no-version.zeek @@ -1,3 +1,4 @@ -# @TEST-EXEC: zeek -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/http/no-version.pcap %INPUT # @TEST-EXEC: btest-diff http.log +@load base/protocols/http diff --git a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek index 9bfd21d46f..a80e9be719 100644 --- a/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek +++ b/testing/btest/scripts/base/protocols/http/percent-end-of-line.zeek @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -Cr $TRACES/http/percent-end-of-line.pcap %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/http/percent-end-of-line.pcap %INPUT # @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff weird.log +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/http/x-gzip.zeek b/testing/btest/scripts/base/protocols/http/x-gzip.zeek index 75cd505490..cc7b457a89 100644 --- a/testing/btest/scripts/base/protocols/http/x-gzip.zeek +++ b/testing/btest/scripts/base/protocols/http/x-gzip.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: zeek -r $TRACES/http/x-gzip.pcap +# @TEST-EXEC: zeek -b -r $TRACES/http/x-gzip.pcap base/protocols/http # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/irc/basic.test b/testing/btest/scripts/base/protocols/irc/basic.test index 0941e34532..7d5e1fb0cd 100644 --- a/testing/btest/scripts/base/protocols/irc/basic.test +++ b/testing/btest/scripts/base/protocols/irc/basic.test @@ -1,11 +1,15 @@ # This tests that basic IRC commands (NICK, USER, JOIN, DCC SEND) # are logged for a client. -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT >out # @TEST-EXEC: btest-diff irc.log # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff out +@load base/protocols/conn +@load base/protocols/irc +@load base/frameworks/dpd + # dcc mime types are irrelevant to this test, so filter it out event zeek_init() { diff --git a/testing/btest/scripts/base/protocols/irc/events.test b/testing/btest/scripts/base/protocols/irc/events.test index 3e187d9da9..074e6c3df4 100644 --- a/testing/btest/scripts/base/protocols/irc/events.test +++ b/testing/btest/scripts/base/protocols/irc/events.test @@ -1,10 +1,12 @@ # Test IRC events -# @TEST-EXEC: zeek -r $TRACES/irc-dcc-send.trace %INPUT -# @TEST-EXEC: zeek -r $TRACES/irc-basic.trace %INPUT -# @TEST-EXEC: zeek -r $TRACES/irc-whitespace.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-dcc-send.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-basic.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/irc-whitespace.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/irc + event irc_privmsg_message(c: connection, is_orig: bool, source: string, target: string, message: string) { print fmt("%s -> %s: %s", source, target, message); diff --git a/testing/btest/scripts/base/protocols/irc/longline.test b/testing/btest/scripts/base/protocols/irc/longline.test index fec493d086..a6d60dcf2f 100644 --- a/testing/btest/scripts/base/protocols/irc/longline.test +++ b/testing/btest/scripts/base/protocols/irc/longline.test @@ -1,6 +1,8 @@ # This tests that an excessively long line is truncated by the contentline # analyzer -# @TEST-EXEC: zeek -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT # @TEST-EXEC: btest-diff weird.log +@load base/protocols/irc +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.zeek b/testing/btest/scripts/base/protocols/irc/names-weird.zeek index 2d0ff001b2..6e6b5c535c 100644 --- a/testing/btest/scripts/base/protocols/irc/names-weird.zeek +++ b/testing/btest/scripts/base/protocols/irc/names-weird.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -C -r $TRACES/irc-353.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/irc-353.pcap %INPUT # @TEST-EXEC: btest-diff weird.log +@load base/protocols/irc +@load base/frameworks/notice/weird + event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) { print channel, users; diff --git a/testing/btest/scripts/base/protocols/krb/krb-service-name.test b/testing/btest/scripts/base/protocols/krb/krb-service-name.test index 8eceedef14..90d7305371 100644 --- a/testing/btest/scripts/base/protocols/krb/krb-service-name.test +++ b/testing/btest/scripts/base/protocols/krb/krb-service-name.test @@ -1,3 +1,7 @@ -# @TEST-EXEC: zeek -r $TRACES/krb/optional-service-name.pcap +# @TEST-EXEC: zeek -b -r $TRACES/krb/optional-service-name.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff kerberos.log + +@load base/protocols/krb +@load base/protocols/conn +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test index 557b0128b5..2f7cff52ea 100644 --- a/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test +++ b/testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test @@ -4,7 +4,7 @@ # @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/zeek-config.h # # @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab -# @TEST-EXEC: zeek -C -r $TRACES/krb/smb2_krb.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff .stderr diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek index 1cecf4c541..4fb0d905c2 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_big.zeek @@ -1,11 +1,13 @@ # -# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -b -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage # @TEST-EXEC: btest-diff coverage +@load base/protocols/modbus + event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool) { print "modbus_message", c$id, headers, is_orig; diff --git a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek index 0e21021d6e..e9dc8913c0 100644 --- a/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek +++ b/testing/btest/scripts/base/protocols/modbus/coil_parsing_small.zeek @@ -1,11 +1,13 @@ # -# @TEST-EXEC: zeek -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -b -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage # @TEST-EXEC: btest-diff coverage +@load base/protocols/modbus + event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool) { print "modbus_message", c$id, headers, is_orig; diff --git a/testing/btest/scripts/base/protocols/modbus/events.zeek b/testing/btest/scripts/base/protocols/modbus/events.zeek index 4b55828565..ba7f6cdaee 100644 --- a/testing/btest/scripts/base/protocols/modbus/events.zeek +++ b/testing/btest/scripts/base/protocols/modbus/events.zeek @@ -1,5 +1,5 @@ # -# @TEST-EXEC: zeek -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output +# @TEST-EXEC: zeek -b -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output # @TEST-EXEC: btest-diff output # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered # @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif | grep "^event modbus_" | wc -l >total @@ -7,6 +7,10 @@ # @TEST-EXEC: btest-diff coverage # @TEST-EXEC: btest-diff conn.log +@load base/protocols/modbus +@load base/protocols/conn +@load base/frameworks/dpd + redef DPD::ignore_violations_after = 1; event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool) diff --git a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek index 1fc482ee95..4297424f15 100644 --- a/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek +++ b/testing/btest/scripts/base/protocols/modbus/register_parsing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/modbus/fuzz-1011.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/modbus/fuzz-1011.trace %INPUT >output # @TEST-EXEC: btest-diff modbus.log # @TEST-EXEC: btest-diff output @@ -10,6 +10,8 @@ # case TCP_ApplicationAnalyzer::ProtocolViolation asserts its behavior for # incomplete connections). +@load base/protocols/modbus + event modbus_read_input_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count) { print "modbus_read_input_registers_request", c$id, headers, start_address, quantity; diff --git a/testing/btest/scripts/base/protocols/ncp/event.zeek b/testing/btest/scripts/base/protocols/ncp/event.zeek index 58ac47c8e8..76a9be9e08 100644 --- a/testing/btest/scripts/base/protocols/ncp/event.zeek +++ b/testing/btest/scripts/base/protocols/ncp/event.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT >out +# @TEST-EXEC: zeek -b -C -r $TRACES/ncp.pcap %INPUT >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek index c18f322892..46d6f9533e 100644 --- a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek +++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out +# @TEST-EXEC: zeek -b -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out # @TEST-EXEC: btest-diff out redef likely_server_ports += { 524/tcp }; diff --git a/testing/btest/scripts/base/protocols/ntp/ntp-digest.test b/testing/btest/scripts/base/protocols/ntp/ntp-digest.test index 8fd3961924..704f8a23b4 100644 --- a/testing/btest/scripts/base/protocols/ntp/ntp-digest.test +++ b/testing/btest/scripts/base/protocols/ntp/ntp-digest.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ntp/NTP-digest.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ntp/NTP-digest.pcap %INPUT # @TEST-EXEC: btest-diff ntp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ntp/ntp.test b/testing/btest/scripts/base/protocols/ntp/ntp.test index 451f88b5cf..1833a745cf 100644 --- a/testing/btest/scripts/base/protocols/ntp/ntp.test +++ b/testing/btest/scripts/base/protocols/ntp/ntp.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ntp/ntp.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ntp/ntp.pcap %INPUT # @TEST-EXEC: btest-diff ntp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ntp/ntp2.test b/testing/btest/scripts/base/protocols/ntp/ntp2.test index 540416e1ba..77090c897f 100644 --- a/testing/btest/scripts/base/protocols/ntp/ntp2.test +++ b/testing/btest/scripts/base/protocols/ntp/ntp2.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ntp/ntp2.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ntp/ntp2.pcap %INPUT # @TEST-EXEC: btest-diff ntp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ntp/ntp3.test b/testing/btest/scripts/base/protocols/ntp/ntp3.test index 02df867077..9129208bf5 100644 --- a/testing/btest/scripts/base/protocols/ntp/ntp3.test +++ b/testing/btest/scripts/base/protocols/ntp/ntp3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ntp/NTP_sync.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ntp/NTP_sync.pcap %INPUT # @TEST-EXEC: btest-diff ntp.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/base/protocols/ntp/ntpmode67.test b/testing/btest/scripts/base/protocols/ntp/ntpmode67.test index efacbc14c5..e18d297d58 100644 --- a/testing/btest/scripts/base/protocols/ntp/ntpmode67.test +++ b/testing/btest/scripts/base/protocols/ntp/ntpmode67.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ntp/ntpmode67.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ntp/ntpmode67.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/ntp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-client-cluster-data.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-client-cluster-data.zeek index 7bea9c16e1..5714a878c7 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-client-cluster-data.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-client-cluster-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out # @TEST-EXEC: btest-diff out @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-client-security-data.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-client-security-data.zeek index 97390c1248..3b8fe200ab 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-client-security-data.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-client-security-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out # @TEST-EXEC: btest-diff out @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-native-encrypted-data.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-native-encrypted-data.zeek index 2c2b84735a..143e1865cd 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-native-encrypted-data.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-native-encrypted-data.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT >out # @TEST-EXEC: btest-diff out @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek index 7558506c8f..07438fe90d 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-proprietary-encryption.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log @load base/protocols/rdp diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek index 47f154eef3..4d24cd5674 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.zeek @@ -1,5 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-to-ssl.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: btest-diff ssl.log @load base/protocols/rdp +@load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek index 56747a915b..49c3b991f8 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdp-x509.zeek @@ -1,5 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdp-x509.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdp-x509.pcap %INPUT # @TEST-EXEC: btest-diff rdp.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-timestamps | $SCRIPTS/diff-remove-x509-key-info" btest-diff x509.log @load base/protocols/rdp +@load base/files/x509 diff --git a/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-fail.zeek b/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-fail.zeek index 39c355e849..149821cf8a 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-fail.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-fail.zeek @@ -1,8 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdpeudp-handshake-fail.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdpeudp-handshake-fail.pcap %INPUT >out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff out @load base/protocols/rdp +@load base/protocols/conn +@load base/frameworks/dpd event rdpeudp_syn(c: connection) { diff --git a/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-success.zeek b/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-success.zeek index 1ab87bd5bc..5cbd8a91a8 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-success.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdpeudp-handshake-success.zeek @@ -1,8 +1,10 @@ -# @TEST-EXEC: zeek -r $TRACES/rdp/rdpeudp-handshake-success.pcap %INPUT >out +# @TEST-EXEC: zeek -b -r $TRACES/rdp/rdpeudp-handshake-success.pcap %INPUT >out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff out @load base/protocols/rdp +@load base/protocols/conn +@load base/frameworks/dpd event rdpeudp_syn(c: connection) { diff --git a/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek index cc78165c45..1faba20c55 100644 --- a/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek +++ b/testing/btest/scripts/base/protocols/rdp/rdpeudp2-handshake-success.zeek @@ -1,8 +1,10 @@ -# @TEST-EXEC: zeek -Cr $TRACES/rdp/rdpeudp2-handshake-success.pcap %INPUT >out +# @TEST-EXEC: zeek -b -Cr $TRACES/rdp/rdpeudp2-handshake-success.pcap %INPUT >out # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff out @load base/protocols/rdp +@load base/protocols/conn +@load base/frameworks/dpd event rdpeudp_syn(c: connection) { diff --git a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test index 2fc8129c67..b8b89110d0 100644 --- a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test +++ b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/rfb/vncmac.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/rfb/vncmac.pcap %INPUT # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test index 027a70e955..b00764db83 100644 --- a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test +++ b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-mac-to-linux.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/rfb/vnc-mac-to-linux.pcap %INPUT # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/rfb/vnc-scanner.bro b/testing/btest/scripts/base/protocols/rfb/vnc-scanner.bro index f886917c1a..618b771155 100644 --- a/testing/btest/scripts/base/protocols/rfb/vnc-scanner.bro +++ b/testing/btest/scripts/base/protocols/rfb/vnc-scanner.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/rfb/vnc-scanner.pcap +# @TEST-EXEC: zeek -b -C -r $TRACES/rfb/vnc-scanner.pcap %INPUT # @TEST-EXEC: btest-diff rfb.log @load base/protocols/rfb diff --git a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test index c737b43991..22d0d8b970 100644 --- a/testing/btest/scripts/base/protocols/smb/smb2-write-response.test +++ b/testing/btest/scripts/base/protocols/smb/smb2-write-response.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/smb diff --git a/testing/btest/scripts/base/protocols/smtp/basic.test b/testing/btest/scripts/base/protocols/smtp/basic.test index 41a9290f13..8bf94def09 100644 --- a/testing/btest/scripts/base/protocols/smtp/basic.test +++ b/testing/btest/scripts/base/protocols/smtp/basic.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/one-side.test b/testing/btest/scripts/base/protocols/smtp/one-side.test index 9c9e036a8c..e20d9f7b9d 100644 --- a/testing/btest/scripts/base/protocols/smtp/one-side.test +++ b/testing/btest/scripts/base/protocols/smtp/one-side.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/smtp-one-side-only.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smtp-one-side-only.trace %INPUT # @TEST-EXEC: btest-diff smtp.log @load base/protocols/smtp diff --git a/testing/btest/scripts/base/protocols/smtp/starttls.test b/testing/btest/scripts/base/protocols/smtp/starttls.test index 865497f022..7d82b16189 100644 --- a/testing/btest/scripts/base/protocols/smtp/starttls.test +++ b/testing/btest/scripts/base/protocols/smtp/starttls.test @@ -1,6 +1,7 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/smtp-starttls.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/smtp-starttls.pcap %INPUT # @TEST-EXEC: btest-diff smtp.log # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log @load base/protocols/smtp +@load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek index 16203c597e..6ca29b8a7c 100644 --- a/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek +++ b/testing/btest/scripts/base/protocols/snmp/snmp-addr.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT +# @TEST-EXEC: zeek -b -C -b -r $TRACES/snmp/snmpwalk-short.pcap %INPUT # @TEST-EXEC: btest-diff .stdout @load base/protocols/snmp diff --git a/testing/btest/scripts/base/protocols/socks/trace3.test b/testing/btest/scripts/base/protocols/socks/trace3.test index c83ad4fa87..dd8c7a7800 100644 --- a/testing/btest/scripts/base/protocols/socks/trace3.test +++ b/testing/btest/scripts/base/protocols/socks/trace3.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tunnels/socks.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tunnels/socks.pcap %INPUT # @TEST-EXEC: btest-diff tunnel.log @load base/protocols/socks diff --git a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test index e87a246957..7f482ed939 100644 --- a/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test +++ b/testing/btest/scripts/base/protocols/ssh/one-auth-fail-only.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output +# @TEST-EXEC: zeek -b -C -r $TRACES/ssh/sshguess.pcap %INPUT | sort >output # @TEST-EXEC: btest-diff output +@load base/protocols/ssh + event ssh_auth_attempted(c: connection, authenticated: bool) { print "auth_attempted", c$uid, authenticated; diff --git a/testing/btest/scripts/base/protocols/ssl/common_name.test b/testing/btest/scripts/base/protocols/ssl/common_name.test index 32565b2ea7..2aec341448 100644 --- a/testing/btest/scripts/base/protocols/ssl/common_name.test +++ b/testing/btest/scripts/base/protocols/ssl/common_name.test @@ -1,9 +1,11 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT -# @TEST-EXEC: zeek -C -r $TRACES/tls/cert-no-cn.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/cert-no-cn.pcap %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate) { if ( cert?$cn ) diff --git a/testing/btest/scripts/base/protocols/ssl/comp_methods.test b/testing/btest/scripts/base/protocols/ssl/comp_methods.test index ae6b43e179..fe9565248d 100644 --- a/testing/btest/scripts/base/protocols/ssl/comp_methods.test +++ b/testing/btest/scripts/base/protocols/ssl/comp_methods.test @@ -1,8 +1,10 @@ # This tests that the values sent for compression methods are correct. -# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) { print comp_methods; diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index ec33326cad..3f0815700f 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -1,6 +1,6 @@ # This tests if Zeek does not crash when exposed to CVE-2015-3194 -# @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/dhe.test b/testing/btest/scripts/base/protocols/ssl/dhe.test index df22cea9cc..27db5fb41a 100644 --- a/testing/btest/scripts/base/protocols/ssl/dhe.test +++ b/testing/btest/scripts/base/protocols/ssl/dhe.test @@ -1,7 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: btest-diff ssl.log +@load base/protocols/ssl + event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) { print "key length in bits", |Ys|*8; diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test index b86ff75ee4..cde422bec4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test @@ -1,8 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/webrtc-stun.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/webrtc-stun.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: touch dpd.log # @TEST-EXEC: btest-diff dpd.log +@load base/protocols/ssl +@load base/frameworks/dpd + event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) { print version, client_random, session_id, ciphers; diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test index 2f31758cbf..a7b45507b0 100644 --- a/testing/btest/scripts/base/protocols/ssl/dtls.test +++ b/testing/btest/scripts/base/protocols/ssl/dtls.test @@ -1,10 +1,12 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log -# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cp ssl.log ssl1_2.log # @TEST-EXEC: cp x509.log x5091_2.log # @TEST-EXEC: btest-diff ssl1_2.log # @TEST-EXEC: btest-diff x5091_2.log + +@load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/ecdhe.test b/testing/btest/scripts/base/protocols/ssl/ecdhe.test index e200619013..2d911986c6 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdhe.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdhe.test @@ -1,3 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log + +@load base/protocols/ssl +@load base/files/x509 diff --git a/testing/btest/scripts/base/protocols/ssl/ecdsa.test b/testing/btest/scripts/base/protocols/ssl/ecdsa.test index 2ace638a41..70d5535a3e 100644 --- a/testing/btest/scripts/base/protocols/ssl/ecdsa.test +++ b/testing/btest/scripts/base/protocols/ssl/ecdsa.test @@ -1,3 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log + +@load base/protocols/ssl +@load base/files/x509 diff --git a/testing/btest/scripts/base/protocols/ssl/fragment.test b/testing/btest/scripts/base/protocols/ssl/fragment.test index 2ea87d8291..21db90cf79 100644 --- a/testing/btest/scripts/base/protocols/ssl/fragment.test +++ b/testing/btest/scripts/base/protocols/ssl/fragment.test @@ -1,9 +1,11 @@ # Test a heavily fragmented tls connection -# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -r - %INPUT +# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -b -r - %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + # Certificate has 10,000 alternative names :) event x509_ext_subject_alternative_name(f: fa_file, ext: X509::SubjectAlternativeName) { diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 252237f0dd..dc8d658f85 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -1,14 +1,14 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff ssl-all.log diff --git a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test index 3c338933aa..0534bd8a4f 100644 --- a/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test +++ b/testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + redef SSL::root_certs += { ["OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US"] = "\x30\x82\x02\x3C\x30\x82\x01\xA5\x02\x10\x70\xBA\xE4\x1D\x10\xD9\x29\x34\xB6\x38\xCA\x7B\x03\xCC\xBA\xBF\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x1E\x17\x0D\x39\x36\x30\x31\x32\x39\x30\x30\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x38\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x5F\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0A\x13\x0E\x56\x65\x72\x69\x53\x69\x67\x6E\x2C\x20\x49\x6E\x63\x2E\x31\x37\x30\x35\x06\x03\x55\x04\x0B\x13\x2E\x43\x6C\x61\x73\x73\x20\x33\x20\x50\x75\x62\x6C\x69\x63\x20\x50\x72\x69\x6D\x61\x72\x79\x20\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\xC9\x5C\x59\x9E\xF2\x1B\x8A\x01\x14\xB4\x10\xDF\x04\x40\xDB\xE3\x57\xAF\x6A\x45\x40\x8F\x84\x0C\x0B\xD1\x33\xD9\xD9\x11\xCF\xEE\x02\x58\x1F\x25\xF7\x2A\xA8\x44\x05\xAA\xEC\x03\x1F\x78\x7F\x9E\x93\xB9\x9A\x00\xAA\x23\x7D\xD6\xAC\x85\xA2\x63\x45\xC7\x72\x27\xCC\xF4\x4C\xC6\x75\x71\xD2\x39\xEF\x4F\x42\xF0\x75\xDF\x0A\x90\xC6\x8E\x20\x6F\x98\x0F\xF8\xAC\x23\x5F\x70\x29\x36\xA4\xC9\x86\xE7\xB1\x9A\x20\xCB\x53\xA5\x85\xE7\x3D\xBE\x7D\x9A\xFE\x24\x45\x33\xDC\x76\x15\xED\x0F\xA2\x71\x64\x4C\x65\x2E\x81\x68\x45\xA7\x02\x03\x01\x00\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02\x05\x00\x03\x81\x81\x00\xBB\x4C\x12\x2B\xCF\x2C\x26\x00\x4F\x14\x13\xDD\xA6\xFB\xFC\x0A\x11\x84\x8C\xF3\x28\x1C\x67\x92\x2F\x7C\xB6\xC5\xFA\xDF\xF0\xE8\x95\xBC\x1D\x8F\x6C\x2C\xA8\x51\xCC\x73\xD8\xA4\xC0\x53\xF0\x4E\xD6\x26\xC0\x76\x01\x57\x81\x92\x5E\x21\xF1\xD1\xB1\xFF\xE7\xD0\x21\x58\xCD\x69\x17\xE3\x44\x1C\x9C\x19\x44\x39\x89\x5C\xDC\x9C\x00\x0F\x56\x8D\x02\x99\xED\xA2\x90\x45\x4C\xE4\xBB\x10\xA4\x3D\xF0\x32\x03\x0E\xF1\xCE\xF8\xE8\xC9\x51\x8C\xE6\x62\x9F\xE6\x9F\xC0\x7D\xB7\x72\x9C\xC9\x36\x3A\x6B\x9F\x4E\xA8\xFF\x64\x0D\x64", }; diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test index 077aa15f1a..e15dee116a 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-ciphers.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) { print fmt("Got %d cipher suites", |ciphers|); diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test index 6507e58793..fbfdc15778 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test @@ -1,2 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT # @TEST-EXEC: btest-diff ssl.log + +@load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test index b21fc4ee11..0252d32dd9 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2-random.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) { print client_random; diff --git a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test index 8e2189d9f6..7c6682779d 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-1.2.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-1.2.test @@ -1,8 +1,11 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl +@load base/files/x509 + event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5 { print "client", SSL::version_strings[record_version], SSL::version_strings[version]; diff --git a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test index 99e9847fb4..7e34aef9ca 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test +++ b/testing/btest/scripts/base/protocols/ssl/tls-extension-events.test @@ -1,8 +1,10 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec) { print "Curves", c$id$orig_h, c$id$resp_h; diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test index f784ea0af0..92c47777de 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-experiment.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff .stdout @@ -12,6 +12,8 @@ # In the meantime this way of establishing TLS 1.3 was standardized. Still keeping the test even # though we parse this correctly now. +@load base/protocols/ssl + event ssl_extension(c: connection, is_orig: bool, code: count, val: string) { if ( ! is_orig && code == 43 ) diff --git a/testing/btest/scripts/base/protocols/ssl/tls13-version.test b/testing/btest/scripts/base/protocols/ssl/tls13-version.test index 29c6da9261..e9d8d8525e 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13-version.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13-version.test @@ -1,4 +1,6 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # Test that we correctly parse the version out of the extension in an 1.3 connection + +@load base/protocols/ssl diff --git a/testing/btest/scripts/base/protocols/ssl/tls13.test b/testing/btest/scripts/base/protocols/ssl/tls13.test index d7db1626e4..c00a44dcc5 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls13.test +++ b/testing/btest/scripts/base/protocols/ssl/tls13.test @@ -1,18 +1,20 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log > ssl-out.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/hrr.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/hrr.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-out.log # @TEST-EXEC: btest-diff ssl-out.log # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + redef SSL::disable_analyzer_after_detection=F; event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec) diff --git a/testing/btest/scripts/base/protocols/ssl/tls1_1.test b/testing/btest/scripts/base/protocols/ssl/tls1_1.test index de3ed740b4..9b88906f1e 100644 --- a/testing/btest/scripts/base/protocols/ssl/tls1_1.test +++ b/testing/btest/scripts/base/protocols/ssl/tls1_1.test @@ -1,6 +1,10 @@ # This tests a normal SSL connection and the log it outputs. -# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: test ! -f dpd.log + +@load base/protocols/ssl +@load base/files/x509 +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test index 05bac2d21b..6abf95efbc 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test +++ b/testing/btest/scripts/base/protocols/ssl/x509-invalid-extension.test @@ -1,6 +1,8 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl + event x509_extension(f: fa_file, ext: X509::Extension) { if ( ext$oid != "1.3.6.1.5.5.7.1.12" ) diff --git a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test index ee7fa103e4..3cf04ab513 100644 --- a/testing/btest/scripts/base/protocols/ssl/x509_extensions.test +++ b/testing/btest/scripts/base/protocols/ssl/x509_extensions.test @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT # @TEST-EXEC: btest-diff .stdout +@load base/protocols/ssl +@load base/files/x509 + event x509_extension(f: fa_file, extension: X509::Extension) { # The formatting of CRL Distribution Points varies between OpenSSL versions. Skip it diff --git a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek index 0382fa0aaf..489d502430 100644 --- a/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek +++ b/testing/btest/scripts/base/protocols/syslog/missing-pri.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/syslog-missing-pri.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/syslog-missing-pri.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/syslog/trace.test b/testing/btest/scripts/base/protocols/syslog/trace.test index f4dba5c807..68989ab50e 100644 --- a/testing/btest/scripts/base/protocols/syslog/trace.test +++ b/testing/btest/scripts/base/protocols/syslog/trace.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/syslog-single-udp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/syslog-single-udp.trace %INPUT # @TEST-EXEC: btest-diff syslog.log @load base/protocols/syslog diff --git a/testing/btest/scripts/base/protocols/tcp/pending.zeek b/testing/btest/scripts/base/protocols/tcp/pending.zeek index 8695f71b47..c505f5069b 100644 --- a/testing/btest/scripts/base/protocols/tcp/pending.zeek +++ b/testing/btest/scripts/base/protocols/tcp/pending.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/chrome-34-google.trace %INPUT # @TEST-EXEC: btest-diff .stdout event connection_pending(c: connection) diff --git a/testing/btest/scripts/base/utils/conn-ids.test b/testing/btest/scripts/base/utils/conn-ids.test index b44615b102..86e89c08c4 100644 --- a/testing/btest/scripts/base/utils/conn-ids.test +++ b/testing/btest/scripts/base/utils/conn-ids.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/conn-ids +@load base/utils/conn-ids global c: conn_id = [ $orig_h = 10.0.0.100, $orig_p = 10000/tcp, $resp_h = 10.0.0.200, $resp_p = 20000/tcp ]; diff --git a/testing/btest/scripts/base/utils/directions-and-hosts.test b/testing/btest/scripts/base/utils/directions-and-hosts.test index 7e731aba2e..365c4bd06b 100644 --- a/testing/btest/scripts/base/utils/directions-and-hosts.test +++ b/testing/btest/scripts/base/utils/directions-and-hosts.test @@ -1,9 +1,8 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# These are loaded by default. -#@load base/utils/site -#@load base/utils/directions-and-hosts +@load base/utils/site +@load base/utils/directions-and-hosts redef Site::local_nets += { 10.0.0.0/8 }; diff --git a/testing/btest/scripts/base/utils/files.test b/testing/btest/scripts/base/utils/files.test index 8410c50a1a..e9c3e7df27 100644 --- a/testing/btest/scripts/base/utils/files.test +++ b/testing/btest/scripts/base/utils/files.test @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/files +@load base/protocols/http +@load base/utils/files event connection_established(c: connection) { diff --git a/testing/btest/scripts/base/utils/json.test b/testing/btest/scripts/base/utils/json.test index 3572bd3e07..0c2199a940 100644 --- a/testing/btest/scripts/base/utils/json.test +++ b/testing/btest/scripts/base/utils/json.test @@ -2,7 +2,7 @@ # test with no elements, with one element, and with more than one element. # Test that the "only_loggable" option works (output only record fields with # the &log attribute). -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output type color: enum { Red, White, Blue }; diff --git a/testing/btest/scripts/base/utils/numbers.test b/testing/btest/scripts/base/utils/numbers.test index f80b64c26a..1a3f34090e 100644 --- a/testing/btest/scripts/base/utils/numbers.test +++ b/testing/btest/scripts/base/utils/numbers.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/numbers +@load base/utils/numbers print extract_count("These aren't the numbers you're looking for."); print extract_count("13These aren't the numbers you're looking for."); diff --git a/testing/btest/scripts/base/utils/paths.test b/testing/btest/scripts/base/utils/paths.test index 09e8b96f97..17b579fefc 100644 --- a/testing/btest/scripts/base/utils/paths.test +++ b/testing/btest/scripts/base/utils/paths.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/paths +@load base/utils/paths function test_extract(str: string, expect: string) { diff --git a/testing/btest/scripts/base/utils/pattern.test b/testing/btest/scripts/base/utils/pattern.test index 1c5ad227ef..65920bcb06 100644 --- a/testing/btest/scripts/base/utils/pattern.test +++ b/testing/btest/scripts/base/utils/pattern.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/pattern +@load base/utils/patterns global r1 = set_to_regex(set("blah", "bleh", "blarg"), "(~~)"); global r2 = set_to_regex(set("blah", "bleh", "blarg"), "foo(~~)bar"); diff --git a/testing/btest/scripts/base/utils/site.test b/testing/btest/scripts/base/utils/site.test index c97d98acbd..c66cedf16e 100644 --- a/testing/btest/scripts/base/utils/site.test +++ b/testing/btest/scripts/base/utils/site.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/site +@load base/utils/site global a = { "site-admin@example.com", "other-site-admin@example.com" }; global b = { "net-admin@example.com" }; diff --git a/testing/btest/scripts/base/utils/strings.test b/testing/btest/scripts/base/utils/strings.test index 9606ab3213..538c6b670d 100644 --- a/testing/btest/scripts/base/utils/strings.test +++ b/testing/btest/scripts/base/utils/strings.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/strings +@load base/utils/strings function test_binary_string(s: string) { diff --git a/testing/btest/scripts/base/utils/thresholds.test b/testing/btest/scripts/base/utils/thresholds.test index 1c56057090..e47de05710 100644 --- a/testing/btest/scripts/base/utils/thresholds.test +++ b/testing/btest/scripts/base/utils/thresholds.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/thresholds +@load base/utils/thresholds redef default_notice_thresholds = { 2, 4, 6, 8, 10 }; const my_thresholds: vector of count = { 2, 4, 6, 8, 10 }; diff --git a/testing/btest/scripts/base/utils/urls.test b/testing/btest/scripts/base/utils/urls.test index 002cc0087a..896ec73798 100644 --- a/testing/btest/scripts/base/utils/urls.test +++ b/testing/btest/scripts/base/utils/urls.test @@ -1,8 +1,7 @@ -# @TEST-EXEC: zeek %INPUT >output +# @TEST-EXEC: zeek -b %INPUT >output # @TEST-EXEC: btest-diff output -# This is loaded by default. -#@load base/utils/urls +@load base/utils/urls print decompose_uri("https://www.example.com/"); print decompose_uri("http://example.com:99/test//?foo=bar"); diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek index b043e48830..565b53b290 100644 --- a/testing/btest/scripts/policy/frameworks/files/extract-all.zeek +++ b/testing/btest/scripts/policy/frameworks/files/extract-all.zeek @@ -1,2 +1,2 @@ -# @TEST-EXEC: zeek -r $TRACES/http/get.trace frameworks/files/extract-all-files +# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace frameworks/files/extract-all-files base/protocols/http # @TEST-EXEC: grep -q EXTRACT files.log diff --git a/testing/btest/scripts/policy/frameworks/intel/removal.zeek b/testing/btest/scripts/policy/frameworks/intel/removal.zeek index ef225e71c7..5b40130a23 100644 --- a/testing/btest/scripts/policy/frameworks/intel/removal.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/removal.zeek @@ -1,5 +1,5 @@ -# @TEST-EXEC: btest-bg-run zeekproc zeek %INPUT +# @TEST-EXEC: btest-bg-run zeekproc zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff zeekproc/intel.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek index bd9abdf452..80fdd4ec55 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: zeek -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/tls/ecdsa-cert.pcap %INPUT # @TEST-EXEC: cat intel.log > intel-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat intel.log >> intel-all.log # @TEST-EXEC: btest-diff intel-all.log diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek index ad87bf8955..8c5f20b4b0 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smb.zeek @@ -1,6 +1,7 @@ -# @TEST-EXEC: zeek -C -r $TRACES/smb/smb2readwrite.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/smb/smb2readwrite.pcap %INPUT # @TEST-EXEC: btest-diff intel.log +@load base/protocols/smb @load base/frameworks/intel @load frameworks/intel/seen diff --git a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek index ca144d3a55..1873805a59 100644 --- a/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/seen/smtp.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp-multi-addr.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp-multi-addr.pcap %INPUT # @TEST-EXEC: btest-diff intel.log @TEST-START-FILE intel.dat @@ -11,6 +11,7 @@ angle-addr@example.com Intel::EMAIL source1 test entry http://some-data-distribu name-addr@example.com Intel::EMAIL source1 test entry http://some-data-distributor.com/100000 @TEST-END-FILE +@load base/protocols/smtp @load base/frameworks/intel @load frameworks/intel/seen diff --git a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek index de8e28c7d4..d9dcdff2b2 100644 --- a/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek +++ b/testing/btest/scripts/policy/frameworks/intel/whitelisting.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -Cr $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -Cr $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff intel.log #@TEST-START-FILE intel.dat @@ -12,6 +12,8 @@ meta.wikimedia.org Intel::DOMAIN source1 also bad http://some-data-distributor.c meta.wikimedia.org Intel::DOMAIN source2 also bad T http://some-data-distributor.com/1 #@TEST-END-FILE +@load base/protocols/http +@load base/protocols/dns @load base/frameworks/intel @load frameworks/intel/whitelist @load frameworks/intel/seen diff --git a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-forgotten.zeek b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-forgotten.zeek index 040f4e1426..516f78af82 100644 --- a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-forgotten.zeek +++ b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-forgotten.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/smtp.trace %INPUT # @TEST-EXEC: btest-diff netcontrol_catch_release.log # @TEST-EXEC: btest-diff .stdout diff --git a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release.zeek b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release.zeek index 433be6a593..23fe9be464 100644 --- a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release.zeek +++ b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log # @TEST-EXEC: btest-diff netcontrol_catch_release.log diff --git a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek index 4d36bbf3f4..d50a4d52a1 100644 --- a/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek +++ b/testing/btest/scripts/policy/frameworks/software/vulnerable.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT +# @TEST-EXEC: zeek -b %INPUT # @TEST-EXEC: btest-diff notice.log @load frameworks/software/vulnerable diff --git a/testing/btest/scripts/policy/misc/stats.zeek b/testing/btest/scripts/policy/misc/stats.zeek index ffceead050..ffe25bbc13 100644 --- a/testing/btest/scripts/policy/misc/stats.zeek +++ b/testing/btest/scripts/policy/misc/stats.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff stats.log @load policy/misc/stats diff --git a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek index e43c93d6bb..9b5926bc5a 100644 --- a/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats-cluster.zeek @@ -2,9 +2,9 @@ # @TEST-PORT: BROKER_PORT2 # @TEST-PORT: BROKER_PORT3 # -# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek %INPUT -# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek %INPUT +# @TEST-EXEC: btest-bg-run manager-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=manager-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-1 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-1 zeek -b %INPUT +# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 45 # @TEST-EXEC: btest-diff manager-1/weird_stats.log @@ -18,6 +18,7 @@ redef Cluster::nodes = { @TEST-END-FILE @load misc/weird-stats +@load base/frameworks/cluster redef Cluster::retry_interval = 1sec; redef Broker::default_listen_retry = 1sec; diff --git a/testing/btest/scripts/policy/misc/weird-stats.zeek b/testing/btest/scripts/policy/misc/weird-stats.zeek index 8fc7f626f2..85c647c97c 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.zeek +++ b/testing/btest/scripts/policy/misc/weird-stats.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run zeek zeek %INPUT +# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT # @TEST-EXEC: btest-bg-wait 40 # @TEST-EXEC: btest-diff zeek/weird_stats.log diff --git a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek index cdb3fa5058..38d14a4607 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-hosts.zeek @@ -1,18 +1,18 @@ # A basic test of the known-hosts script's logging and asset_tracking options -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=LOCAL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-local.log # @TEST-EXEC: btest-diff knownhosts-local.log -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=REMOTE_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-remote.log # @TEST-EXEC: btest-diff knownhosts-remote.log -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=ALL_HOSTS # @TEST-EXEC: mv known_hosts.log knownhosts-all.log # @TEST-EXEC: btest-diff knownhosts-all.log -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT Known::host_tracking=NO_HOSTS # @TEST-EXEC: test '!' -e known_hosts.log @load protocols/conn/known-hosts diff --git a/testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek b/testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek index 649dcf03a2..e24293fb66 100644 --- a/testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek +++ b/testing/btest/scripts/policy/protocols/conn/known-services-multi.zeek @@ -1,7 +1,10 @@ # A test case for when more than a single service is detected for a given # (addr, port) pair. -# @TEST-EXEC: zeek -C -r $TRACES/ssl-and-ssh-using-sslh.trace %INPUT "Known::service_tracking = ALL_HOSTS" +# @TEST-EXEC: zeek -b -C -r $TRACES/ssl-and-ssh-using-sslh.trace %INPUT "Known::service_tracking = ALL_HOSTS" # @TEST-EXEC: btest-diff known_services.log +@load base/protocols/ssh +@load base/protocols/ssl +@load base/frameworks/dpd @load protocols/conn/known-services diff --git a/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek b/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek index b95f0f337c..51fd6d7984 100644 --- a/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek +++ b/testing/btest/scripts/policy/protocols/conn/speculative-service.zeek @@ -1,11 +1,15 @@ # A basic test of the speculative service detection -# @TEST-EXEC: zeek -C -r $TRACES/http/http-post-large.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/http/http-post-large.pcap %INPUT # @TEST-EXEC: mv conn.log conn-post-large.log # @TEST-EXEC: btest-diff conn-post-large.log -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: mv conn.log conn-wiki.log # @TEST-EXEC: btest-diff conn-wiki.log +@load base/protocols/conn +@load base/protocols/dns +@load base/protocols/http +@load base/frameworks/dpd @load protocols/conn/speculative-service diff --git a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek index 6ee809af52..ee1fd96234 100644 --- a/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek +++ b/testing/btest/scripts/policy/protocols/conn/vlan-logging.zeek @@ -1,6 +1,6 @@ # A basic test of the vlan logging script -# @TEST-EXEC: zeek -r $TRACES/q-in-q.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/q-in-q.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load protocols/conn/vlan-logging diff --git a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek index 770386072c..292a6c0970 100644 --- a/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek +++ b/testing/btest/scripts/policy/protocols/dns/inverse-request.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/dns-inverse-query.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dns-inverse-query.trace %INPUT # @TEST-EXEC: test ! -e dns.log @load protocols/dns/auth-addl diff --git a/testing/btest/scripts/policy/protocols/dns/original_case.zeek b/testing/btest/scripts/policy/protocols/dns/original_case.zeek index c3b1d07388..b9643ebc9f 100644 --- a/testing/btest/scripts/policy/protocols/dns/original_case.zeek +++ b/testing/btest/scripts/policy/protocols/dns/original_case.zeek @@ -1,3 +1,3 @@ -# @TEST-EXEC: zeek -r $TRACES/dns_original_case.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/dns_original_case.pcap %INPUT # @TEST-EXEC: btest-diff dns.log @load protocols/dns/log-original-query-case diff --git a/testing/btest/scripts/policy/protocols/http/flash-version.zeek b/testing/btest/scripts/policy/protocols/http/flash-version.zeek index e2ad2ebf3b..4e3c7b2c75 100644 --- a/testing/btest/scripts/policy/protocols/http/flash-version.zeek +++ b/testing/btest/scripts/policy/protocols/http/flash-version.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r ${TRACES}/http/flash-version.trace %INPUT +# @TEST-EXEC: zeek -b -r ${TRACES}/http/flash-version.trace %INPUT # @TEST-EXEC: btest-diff software.log @load protocols/http/software diff --git a/testing/btest/scripts/policy/protocols/http/header-names.zeek b/testing/btest/scripts/policy/protocols/http/header-names.zeek index 5422c8e9e2..e2ccab182a 100644 --- a/testing/btest/scripts/policy/protocols/http/header-names.zeek +++ b/testing/btest/scripts/policy/protocols/http/header-names.zeek @@ -1,5 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/wikipedia.trace %INPUT # @TEST-EXEC: btest-diff http.log +@load base/protocols/http @load protocols/http/header-names redef HTTP::log_server_header_names=T; diff --git a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek index 129acde477..2dc2324ac0 100644 --- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek +++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek %INPUT > output +# @TEST-EXEC: zeek -b %INPUT > output # @TEST-EXEC: btest-diff output @load protocols/http/detect-sqli diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek index 583c8ae0a5..51f3b6b50a 100644 --- a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/ssh/sshguess.pcap %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssh/detect-bruteforcing diff --git a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek index 16591d560c..9bdec4077c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/expiring-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-expired-cert.trace %INPUT # @TEST-EXEC: btest-diff notice.log @load protocols/ssl/expiring-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek index 660181942e..d84da10256 100644 --- a/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/extract-certs-pem.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: btest-diff certs-remote.pem @load protocols/ssl/extract-certs-pem diff --git a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek index 233dfd82c4..b4a521f79c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/heartbleed.zeek @@ -1,16 +1,16 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/heartbleed.pcap %INPUT # @TEST-EXEC: mv notice.log notice-heartbleed.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-success.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/heartbleed-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-heartbleed-success.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/heartbleed-encrypted.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/heartbleed-encrypted-success.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-success.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/heartbleed-encrypted-short.pcap %INPUT # @TEST-EXEC: mv notice.log notice-encrypted-short.log # @TEST-EXEC: btest-diff notice-heartbleed.log diff --git a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek index e3a586b292..b7c5211027 100644 --- a/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/known-certs.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff ssl.log # @TEST-EXEC: btest-diff x509.log # @TEST-EXEC: btest-diff known_certs.log diff --git a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek index 25d830acb0..fd1c74edf5 100644 --- a/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/log-hostcerts-only.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/google-duplicate.trace %INPUT # @TEST-EXEC: btest-diff x509.log @load protocols/ssl/log-hostcerts-only diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek index cb5d72a0d9..b242e2e36c 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log @load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek index 434b3b020b..f878ead3db 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: zeek -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -b -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek index 948fa38b01..c3a32da70d 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-ocsp.zeek @@ -1,9 +1,9 @@ -# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT +# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT +# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-twimg.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log -# @TEST-EXEC: zeek $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT +# @TEST-EXEC: zeek -b $SCRIPTS/external-ca-list.zeek -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT # @TEST-EXEC: mv ssl.log ssl-digicert.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index 7d2ac86865..fe3dcf0b31 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -1,6 +1,6 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/signed_certificate_timestamp.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log > ssl-all.log -# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/signed_certificate_timestamp-2.pcap $SCRIPTS/external-ca-list.zeek %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log diff --git a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek index efc9aebf12..c273ad6786 100644 --- a/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/weak-keys.zeek @@ -1,8 +1,8 @@ -# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT # @TEST-EXEC: cp notice.log notice-out.log -# @TEST-EXEC: zeek -r $TRACES/tls/ssl-v2.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log -# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: cat notice.log >> notice-out.log # @TEST-EXEC: btest-diff notice-out.log diff --git a/testing/btest/signatures/bad-eval-condition.zeek b/testing/btest/signatures/bad-eval-condition.zeek index 19a048e94a..4491aaa710 100644 --- a/testing/btest/signatures/bad-eval-condition.zeek +++ b/testing/btest/signatures/bad-eval-condition.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: zeek -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC-FAIL: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr @load-sigs blah.sig diff --git a/testing/btest/signatures/dst-ip-cidr-v4.zeek b/testing/btest/signatures/dst-ip-cidr-v4.zeek index 9c80a9148a..5291f7a246 100644 --- a/testing/btest/signatures/dst-ip-cidr-v4.zeek +++ b/testing/btest/signatures/dst-ip-cidr-v4.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/btest/signatures/eval-condition.zeek b/testing/btest/signatures/eval-condition.zeek index fe2db7482b..e614c71fc8 100644 --- a/testing/btest/signatures/eval-condition.zeek +++ b/testing/btest/signatures/eval-condition.zeek @@ -1,6 +1,9 @@ -# @TEST-EXEC: zeek -r $TRACES/ftp/ipv4.trace %INPUT +# @TEST-EXEC: zeek -b -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log +@load base/protocols/conn +@load base/protocols/ftp +@load base/frameworks/dpd @load-sigs blah.sig @TEST-START-FILE blah.sig diff --git a/testing/btest/signatures/load-sigs.zeek b/testing/btest/signatures/load-sigs.zeek index d57630ec14..eaac2f5910 100644 --- a/testing/btest/signatures/load-sigs.zeek +++ b/testing/btest/signatures/load-sigs.zeek @@ -1,6 +1,6 @@ # A test of signature loading using @load-sigs. -# @TEST-EXEC: zeek -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: zeek -b -C -r $TRACES/wikipedia.trace %INPUT >output # @TEST-EXEC: btest-diff output @load-sigs ./subdir/mysigs.sig diff --git a/testing/btest/signatures/udp-packetwise-insensitive.zeek b/testing/btest/signatures/udp-packetwise-insensitive.zeek index a87971d5c8..d63401739c 100644 --- a/testing/btest/signatures/udp-packetwise-insensitive.zeek +++ b/testing/btest/signatures/udp-packetwise-insensitive.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: zeek -b -r $TRACES/udp-signature-test.pcap %INPUT | sort >out # @TEST-EXEC: btest-diff out @load-sigs test.sig diff --git a/testing/btest/signatures/udp-packetwise-match.zeek b/testing/btest/signatures/udp-packetwise-match.zeek index feb531c37c..39d1805880 100644 --- a/testing/btest/signatures/udp-packetwise-match.zeek +++ b/testing/btest/signatures/udp-packetwise-match.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/udp-signature-test.pcap %INPUT | sort >out +# @TEST-EXEC: zeek -b -r $TRACES/udp-signature-test.pcap %INPUT | sort >out # @TEST-EXEC: btest-diff out @load-sigs test.sig diff --git a/testing/btest/signatures/udp-payload-size.zeek b/testing/btest/signatures/udp-payload-size.zeek index c1c6a6d49b..ee3c38fff3 100644 --- a/testing/btest/signatures/udp-payload-size.zeek +++ b/testing/btest/signatures/udp-payload-size.zeek @@ -1,4 +1,4 @@ -# @TEST-EXEC: zeek -r $TRACES/ntp.pcap %INPUT >output +# @TEST-EXEC: zeek -b -r $TRACES/ntp.pcap %INPUT >output # @TEST-EXEC: btest-diff output @TEST-START-FILE a.sig diff --git a/testing/btest/supervisor/output-redirect-hook.zeek b/testing/btest/supervisor/output-redirect-hook.zeek index 81cb0f6f54..246005faf4 100644 --- a/testing/btest/supervisor/output-redirect-hook.zeek +++ b/testing/btest/supervisor/output-redirect-hook.zeek @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff zeek/supervisor.out # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-sort | grep -v 'while waiting for thread'" btest-diff zeek/.stderr # This test checks the default stdout/stderr redirection will get intercepted # by the supervisor process and sent through the hook mechanisms diff --git a/testing/btest/supervisor/output-redirect.zeek b/testing/btest/supervisor/output-redirect.zeek index fa0f7ee714..a81175a8be 100644 --- a/testing/btest/supervisor/output-redirect.zeek +++ b/testing/btest/supervisor/output-redirect.zeek @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-bg-wait 30 # @TEST-EXEC: btest-diff zeek/supervisor.out # @TEST-EXEC: btest-diff zeek/.stdout -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff zeek/.stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-sort | grep -v 'while waiting for thread'" btest-diff zeek/.stderr # This test checks the default stdout/stderr redirection will get intercepted # by the supervisor process and prefixed with the associated node name. diff --git a/testing/scripts/file-analysis-test.zeek b/testing/scripts/file-analysis-test.zeek index 337bf3c1c0..cdde1f3e9e 100644 --- a/testing/scripts/file-analysis-test.zeek +++ b/testing/scripts/file-analysis-test.zeek @@ -1,5 +1,5 @@ -@load base/files/extract @load base/files/hash +@load base/files/extract redef FileExtract::prefix = "./";