diff --git a/CHANGES b/CHANGES index 77b404540f..64ca3e1776 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,118 @@ +2.4-238 | 2016-01-15 12:56:33 -0800 + + * Add HTTP version information to HTTP log file. (Aaron Eppert) + + * Add NOTIFY as a valid SIP message, per RFC 3265. (Aaron Eppert) + + * Improve HTTP parser's handling of requests that don't have a URI. + (William Glodek/Robin Sommer) + + * Fix crash when deleting non existing record member. Addresses + BIT-1519. (Johanna Amann) + +2.4-228 | 2015-12-19 13:40:09 -0800 + + * Updating BroControl submodule. + +2.4-227 | 2015-12-18 17:47:24 -0800 + + * Update host name in windows-version-detection.bro. (Aaron Eppert) + + * Update installation instructions to mention OpenSSL dependency for + newer OS X version. (Johanna Amann) + + * Change a stale bro-ids.org to bro.org. (Johanna Amann) + + * StartTLS support for IRC. (Johanna Amann) + + * Adding usage guard to canonifier script. (Robin Sommer) + +2.4-217 | 2015-12-04 16:50:46 -0800 + + * SIP scripts code cleanup. (Seth Hall) + + - Daniel Guerra pointed out a type issue for SIP request and + response code length fields which is now corrected. + + - Some redundant code was removed. + + - if/else tree modified to use switch instead. + +2.4-214 | 2015-12-04 16:40:15 -0800 + + * Delaying BinPAC initializaton until afte plugins have been + activated. (Robin Sommer) + +2.4-213 | 2015-12-04 15:25:48 -0800 + + * Use better data structure for storing BPF filters. (Robin Sommer) + +2.4-211 | 2015-11-17 13:28:29 -0800 + + * Making cluster reconnect timeout configurable. (Robin Sommer) + + * Bugfix for child process' communication loop. (Robin Sommer) + +2.4-209 | 2015-11-16 07:31:22 -0800 + + * Updating submodule(s). + +2.4-207 | 2015-11-10 13:34:42 -0800 + + * Fix to compile with OpenSSL that has SSLv3 disalbed. (Christoph + Pietsch) + + * Fix potential race condition when logging VLAN info to conn.log. + (Daniel Thayer) + +2.4-201 | 2015-10-27 16:11:15 -0700 + + * Updating NEWS. (Robin Sommer) + +2.4-200 | 2015-10-26 16:57:39 -0700 + + * Adding missing file. (Robin Sommer) + +2.4-199 | 2015-10-26 16:51:47 -0700 + + * Fix problem with the JSON Serialization code. (Aaron Eppert) + +2.4-188 | 2015-10-26 14:11:21 -0700 + + * Extending rexmit_inconsistency() event to receive an additional + parameter with the packet's TCP flags, if available. (Robin + Sommer) + +2.4-187 | 2015-10-26 13:43:32 -0700 + + * Updating NEWS for new plugins. (Robin Sommer) + +2.4-186 | 2015-10-23 15:07:06 -0700 + + * Removing pcap options for AF_PACKET support. Addresses BIT-1363. + (Robin Sommer) + + * Correct a typo in controller.bro documentation. (Daniel Thayer) + + * Extend SSL DPD signature to allow alert before server_hello. + (Johanna Amann) + + * Make join_string_vec work with vectors containing empty elements. + (Johanna Amann) + + * Fix support for HTTP CONNECT when server adds headers to response. + (Eric Karasuda). + + * Load static CA list for validation tests too. (Johanna Amann) + + * Remove cluster certificate validation script. (Johanna Amann) + + * Fix a bug in diff-remove-x509-names canonifier. (Daniel Thayer) + + * Fix test canonifiers in scripts/policy/protocols/ssl. (Daniel + Thayer) + 2.4-169 | 2015-10-01 17:21:21 -0700 * Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509 diff --git a/CMakeLists.txt b/CMakeLists.txt index 846f2b484a..b96923aa56 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -155,7 +155,6 @@ include(TestBigEndian) test_big_endian(WORDS_BIGENDIAN) include(CheckSymbolExists) check_symbol_exists(htonll arpa/inet.h HAVE_BYTEORDER_64) -check_symbol_exists(PACKET_FANOUT linux/if_packet.h HAVE_PACKET_FANOUT) include(OSSpecific) include(CheckTypes) diff --git a/NEWS b/NEWS index 0ef4c4bbe5..5348826e04 100644 --- a/NEWS +++ b/NEWS @@ -20,11 +20,6 @@ New Dependencies - The pcap buffer size can set through the new option Pcap::bufsize. -- Bro can now leverage packet fanout mode on Linux through the new - options Pcap::packet_fanout_enable, Pcap::packet_fanout_id, and - Pcap::packet_fanout_defrag. - - New Functionality ----------------- @@ -40,10 +35,16 @@ New Functionality argument that will be used for decoding errors into weird.log (instead of reporter.log). +- The IRC analyzer now recognizes StartTLS sessions and enable the SSL + analyzer for them. + - New Bro plugins in aux/plugins: + - af_packet: Native AF_PACKET support. + - myricom: Native Myricom SNF v3 support. - pf_ring: Native PF_RING support. - - redis: An experimental log writer for Redis. + - redis: An experimental log writer for Redis. + - tcprs: An TCP-level analyzer detecting retransmissions, reordering, and more. Changed Functionality --------------------- diff --git a/VERSION b/VERSION index 622ec2383c..1b16a39866 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-169 +2.4-238 diff --git a/aux/binpac b/aux/binpac index 214294c502..83ecfd6d36 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 214294c502d377bb7bf511eac8c43608e54c875a +Subproject commit 83ecfd6d3618d66d585facf0afc12b0cfeba16a0 diff --git a/aux/bro-aux b/aux/bro-aux index 4e0d2bff4b..f5da34fb4f 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 4e0d2bff4b2c287f66186c3654ef784bb0748d11 +Subproject commit f5da34fb4fbe00a683697e9052cffdd7d804f8c1 diff --git a/aux/broccoli b/aux/broccoli index 8046800085..0880251535 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 80468000859bcb7c3784c69280888fcfe89d8922 +Subproject commit 0880251535df5a3a16feb2b25c26a04aa52585f1 diff --git a/aux/broctl b/aux/broctl index 921b0abcb9..5d765dd9d9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 921b0abcb967666d8349c0c6c2bb8e41e1300579 +Subproject commit 5d765dd9d94eb25b31d1ecf8df6561fc714694fc diff --git a/aux/broker b/aux/broker index e7da54a3f4..5c90543dee 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit e7da54a3f40e71ca9020f9846256f60c0b885963 +Subproject commit 5c90543dee9212121d08e6aa630fb81dd5133df7 diff --git a/aux/btest b/aux/btest index ce1d474859..71a1e3efc4 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit ce1d474859cc8a0f39d5eaf69fb1bb56eb1a5161 +Subproject commit 71a1e3efc437aa9f981be71affa1c4615e8d98a5 diff --git a/aux/plugins b/aux/plugins index 9b7943e1a6..1021ca5f24 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 9b7943e1a61062005f01b48eaad11bbb3b7ae757 +Subproject commit 1021ca5f248b9da01766e94d840896e029fb0e6e diff --git a/bro-config.h.in b/bro-config.h.in index fd24a1fe30..755a9eee98 100644 --- a/bro-config.h.in +++ b/bro-config.h.in @@ -213,9 +213,6 @@ /* Common IPv6 extension structure */ #cmakedefine HAVE_IP6_EXT -/* Linux packet fanout */ -#cmakedefine HAVE_PACKET_FANOUT - /* String with host architecture (e.g., "linux-x86_64") */ #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@" diff --git a/cmake b/cmake index 843cdf6a91..23773d7107 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 843cdf6a91f06e5407bffbc79a343bff3cf4c81f +Subproject commit 23773d7107e8d51e2b1bb0fd2e2d85fda50df743 diff --git a/doc/components/bro-plugins/af_packet/README.rst b/doc/components/bro-plugins/af_packet/README.rst new file mode 120000 index 0000000000..b8f745bed2 --- /dev/null +++ b/doc/components/bro-plugins/af_packet/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/af_packet/README \ No newline at end of file diff --git a/doc/components/bro-plugins/dataseries/README.rst b/doc/components/bro-plugins/dataseries/README.rst deleted file mode 120000 index 3362e911fc..0000000000 --- a/doc/components/bro-plugins/dataseries/README.rst +++ /dev/null @@ -1 +0,0 @@ -../../../../aux/plugins/dataseries/README \ No newline at end of file diff --git a/doc/components/bro-plugins/myricom/README.rst b/doc/components/bro-plugins/myricom/README.rst new file mode 120000 index 0000000000..3bfabcdae3 --- /dev/null +++ b/doc/components/bro-plugins/myricom/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/myricom/README \ No newline at end of file diff --git a/doc/components/bro-plugins/tcprs/README.rst b/doc/components/bro-plugins/tcprs/README.rst new file mode 120000 index 0000000000..c0e84fd579 --- /dev/null +++ b/doc/components/bro-plugins/tcprs/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/tcprs/README \ No newline at end of file diff --git a/doc/frameworks/logging.rst b/doc/frameworks/logging.rst index 9b6fef0c15..a5128da202 100644 --- a/doc/frameworks/logging.rst +++ b/doc/frameworks/logging.rst @@ -537,6 +537,5 @@ Additional writers are available as external plugins: .. toctree:: :maxdepth: 1 - ../components/bro-plugins/dataseries/README - ../components/bro-plugins/elasticsearch/README + ../components/bro-plugins/README diff --git a/doc/install/install.rst b/doc/install/install.rst index ca1ea7f26a..a9f1c85bdd 100644 --- a/doc/install/install.rst +++ b/doc/install/install.rst @@ -82,11 +82,14 @@ To install the required dependencies, you can use: "Preferences..." -> "Downloads" menus to install the "Command Line Tools" component). - OS X comes with all required dependencies except for CMake_, SWIG_, and CAF. - Distributions of these dependencies can likely be obtained from your - preferred Mac OS X package management system (e.g. Homebrew_, MacPorts_, - or Fink_). Specifically for Homebrew, the ``cmake``, ``swig``, - and ``caf`` packages provide the required dependencies. + OS X comes with all required dependencies except for CMake_, SWIG_, + OpenSSL, and CAF. (OpenSSL used to be part of OS X versions 10.10 + and older, for which it does not need to be installed manually. It + was removed in OS X 10.11). Distributions of these dependencies can + likely be obtained from your preferred Mac OS X package management + system (e.g. Homebrew_, MacPorts_, or Fink_). Specifically for + Homebrew, the ``cmake``, ``swig``, ``openssl`` and ``caf`` packages + provide the required dependencies. Optional Dependencies @@ -126,14 +129,8 @@ platforms for binary releases and for installation instructions. Linux based binary installations are usually performed by adding information about the Bro packages to the respective system packaging - tool. Then the usual system utilities such as ``apt``, ``yum`` - or ``zypper`` are used to perform the installation. By default, - installations of binary packages will go into ``/opt/bro``. - -* MacOS Disk Image with Installer - - Just open the ``Bro-*.dmg`` and then run the ``.pkg`` installer. - Everything installed by the package will go into ``/opt/bro``. + tool. Then the usual system utilities such as ``apt``, ``dnf``, ``yum``, + or ``zypper`` are used to perform the installation. The primary install prefix for binary packages is ``/opt/bro``. diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 218e309bad..3451cb4169 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -43,35 +43,35 @@ export { ## software. TIME_MACHINE, }; - + ## Events raised by a manager and handled by the workers. const manager2worker_events = /Drop::.*/ &redef; - + ## Events raised by a manager and handled by proxies. const manager2proxy_events = /EMPTY/ &redef; - + ## Events raised by proxies and handled by a manager. const proxy2manager_events = /EMPTY/ &redef; - + ## Events raised by proxies and handled by workers. const proxy2worker_events = /EMPTY/ &redef; - + ## Events raised by workers and handled by a manager. const worker2manager_events = /(TimeMachine::command|Drop::.*)/ &redef; - + ## Events raised by workers and handled by proxies. const worker2proxy_events = /EMPTY/ &redef; - + ## Events raised by TimeMachine instances and handled by a manager. const tm2manager_events = /EMPTY/ &redef; - + ## Events raised by TimeMachine instances and handled by workers. const tm2worker_events = /EMPTY/ &redef; - - ## Events sent by the control host (i.e. BroControl) when dynamically + + ## Events sent by the control host (i.e. BroControl) when dynamically ## connecting to a running instance to update settings or request data. const control_events = Control::controller_events &redef; - + ## Record type to indicate a node in a cluster. type Node: record { ## Identifies the type of cluster node in this node's configuration. @@ -96,13 +96,13 @@ export { ## Name of a time machine node with which this node connects. time_machine: string &optional; }; - + ## This function can be called at any time to determine if the cluster ## framework is being enabled for this run. ## ## Returns: True if :bro:id:`Cluster::node` has been set. global is_enabled: function(): bool; - + ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. ## If :bro:id:`Cluster::is_enabled` returns false, then @@ -110,22 +110,25 @@ export { ## ## Returns: The :bro:type:`Cluster::NodeType` the calling node acts as. global local_node_type: function(): NodeType; - + ## This gives the value for the number of workers currently connected to, - ## and it's maintained internally by the cluster framework. It's - ## primarily intended for use by managers to find out how many workers + ## and it's maintained internally by the cluster framework. It's + ## primarily intended for use by managers to find out how many workers ## should be responding to requests. global worker_count: count = 0; - + ## The cluster layout definition. This should be placed into a filter - ## named cluster-layout.bro somewhere in the BROPATH. It will be + ## named cluster-layout.bro somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. ## Note that BroControl handles all of this automatically. const nodes: table[string] of Node = {} &redef; - + ## This is usually supplied on the command line for each instance ## of the cluster that is started up. const node = getenv("CLUSTER_NODE") &redef; + + ## Interval for retrying failed connections between cluster nodes. + const retry_interval = 1min &redef; } function is_enabled(): bool @@ -158,6 +161,6 @@ event bro_init() &priority=5 Reporter::error(fmt("'%s' is not a valid node in the Cluster::nodes configuration", node)); terminate(); } - + Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster"]); } diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index 4576f5b913..95aff64a6c 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -11,7 +11,7 @@ module Cluster; event bro_init() &priority=9 { local me = nodes[node]; - + for ( i in Cluster::nodes ) { local n = nodes[i]; @@ -22,35 +22,35 @@ event bro_init() &priority=9 Communication::nodes["control"] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class="control", $events=control_events]; - + if ( me$node_type == MANAGER ) { if ( n$node_type == WORKER && n$manager == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $events=worker2manager_events, $request_logs=T]; - + if ( n$node_type == PROXY && n$manager == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $events=proxy2manager_events, $request_logs=T]; - + if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i ) Communication::nodes["time-machine"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1min, + $connect=T, $retry=retry_interval, $events=tm2manager_events]; } - + else if ( me$node_type == PROXY ) { if ( n$node_type == WORKER && n$proxy == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $sync=T, $auth=T, $events=worker2proxy_events]; - - # accepts connections from the previous one. + + # accepts connections from the previous one. # (This is not ideal for setups with many proxies) # FIXME: Once we're using multiple proxies, we should also figure out some $class scheme ... if ( n$node_type == PROXY ) @@ -58,49 +58,49 @@ event bro_init() &priority=9 if ( n?$proxy ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $p=n$p, - $connect=T, $auth=F, $sync=T, $retry=1mins]; + $connect=T, $auth=F, $sync=T, $retry=retry_interval]; else if ( me?$proxy && me$proxy == i ) Communication::nodes[me$proxy] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $connect=F, $auth=T, $sync=T]; } - + # Finally the manager, to send it status updates. if ( n$node_type == MANAGER && me$manager == i ) - Communication::nodes["manager"] = [$host=nodes[i]$ip, - $zone_id=nodes[i]$zone_id, - $p=nodes[i]$p, - $connect=T, $retry=1mins, + Communication::nodes["manager"] = [$host=nodes[i]$ip, + $zone_id=nodes[i]$zone_id, + $p=nodes[i]$p, + $connect=T, $retry=retry_interval, $class=node, $events=manager2proxy_events]; } else if ( me$node_type == WORKER ) { if ( n$node_type == MANAGER && me$manager == i ) - Communication::nodes["manager"] = [$host=nodes[i]$ip, + Communication::nodes["manager"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1mins, - $class=node, + $connect=T, $retry=retry_interval, + $class=node, $events=manager2worker_events]; - + if ( n$node_type == PROXY && me$proxy == i ) - Communication::nodes["proxy"] = [$host=nodes[i]$ip, + Communication::nodes["proxy"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1mins, - $sync=T, $class=node, + $connect=T, $retry=retry_interval, + $sync=T, $class=node, $events=proxy2worker_events]; - - if ( n$node_type == TIME_MACHINE && + + if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i ) - Communication::nodes["time-machine"] = [$host=nodes[i]$ip, + Communication::nodes["time-machine"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, - $retry=1min, + $connect=T, + $retry=retry_interval, $events=tm2worker_events]; - + } } } diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 2d8a20e7a3..94b6ed33e5 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -3707,19 +3707,8 @@ export { const snaplen = 8192 &redef; ## Number of Mbytes to provide as buffer space when capturing from live - ## interfaces. + ## interfaces. const bufsize = 128 &redef; - - ## Toggle whether to do packet fanout (Linux-only). - const packet_fanout_enable = F &redef; - - ## If packet fanout is enabled, the id to sue for it. This should be shared amongst - ## worker processes processing the same socket. - const packet_fanout_id = 0 &redef; - - ## If packet fanout is enabled, whether packets are to be defragmented before - ## fanout is applied. - const packet_fanout_defrag = T &redef; } # end export module GLOBAL; diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index e74ffaa8d4..e70d166f11 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -41,6 +41,8 @@ export { ## misspelled like the standard declares, but the name used here ## is "referrer" spelled correctly. referrer: string &log &optional; + ## Value of the version portion of the request. + version: string &log &optional; ## Value of the User-Agent header from the client. user_agent: string &log &optional; ## Actual uncompressed content size of the data transferred from @@ -222,6 +224,8 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p c$http$status_code = code; c$http$status_msg = reason; + c$http$version = version; + if ( code_in_range(code, 100, 199) ) { c$http$info_code = code; diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.bro index 0f396b8f74..dbe3c54800 100644 --- a/scripts/base/protocols/sip/main.bro +++ b/scripts/base/protocols/sip/main.bro @@ -60,9 +60,9 @@ export { ## Contents of the Warning: header warning: string &log &optional; ## Contents of the Content-Length: header from the client - request_body_len: string &log &optional; + request_body_len: count &log &optional; ## Contents of the Content-Length: header from the server - response_body_len: string &log &optional; + response_body_len: count &log &optional; ## Contents of the Content-Type: header from the server content_type: string &log &optional; }; @@ -80,7 +80,7 @@ export { ## that the SIP analyzer will only accept methods consisting solely ## of letters ``[A-Za-z]``. const sip_methods: set[string] = { - "REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS" + "REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS", "NOTIFY" } &redef; ## Event that can be handled to access the SIP record as it is sent on @@ -127,17 +127,6 @@ function set_state(c: connection, is_request: bool) c$sip_state = s; } - # These deal with new requests and responses. - if ( is_request && c$sip_state$current_request !in c$sip_state$pending ) - c$sip_state$pending[c$sip_state$current_request] = new_sip_session(c); - if ( ! is_request && c$sip_state$current_response !in c$sip_state$pending ) - c$sip_state$pending[c$sip_state$current_response] = new_sip_session(c); - - if ( is_request ) - c$sip = c$sip_state$pending[c$sip_state$current_request]; - else - c$sip = c$sip_state$pending[c$sip_state$current_response]; - if ( is_request ) { if ( c$sip_state$current_request !in c$sip_state$pending ) @@ -152,7 +141,6 @@ function set_state(c: connection, is_request: bool) c$sip = c$sip_state$pending[c$sip_state$current_response]; } - } function flush_pending(c: connection) @@ -163,7 +151,9 @@ function flush_pending(c: connection) for ( r in c$sip_state$pending ) { # We don't use pending elements at index 0. - if ( r == 0 ) next; + if ( r == 0 ) + next; + Log::write(SIP::LOG, c$sip_state$pending[r]); } } @@ -205,16 +195,39 @@ event sip_header(c: connection, is_request: bool, name: string, value: string) & if ( c$sip_state$current_request !in c$sip_state$pending ) ++c$sip_state$current_request; set_state(c, is_request); - if ( name == "CALL-ID" ) c$sip$call_id = value; - else if ( name == "CONTENT-LENGTH" || name == "L" ) c$sip$request_body_len = value; - else if ( name == "CSEQ" ) c$sip$seq = value; - else if ( name == "DATE" ) c$sip$date = value; - else if ( name == "FROM" || name == "F" ) c$sip$request_from = split_string1(value, /;[ ]?tag=/)[0]; - else if ( name == "REPLY-TO" ) c$sip$reply_to = value; - else if ( name == "SUBJECT" || name == "S" ) c$sip$subject = value; - else if ( name == "TO" || name == "T" ) c$sip$request_to = value; - else if ( name == "USER-AGENT" ) c$sip$user_agent = value; - else if ( name == "VIA" || name == "V" ) c$sip$request_path[|c$sip$request_path|] = split_string1(value, /;[ ]?branch/)[0]; + switch ( name ) + { + case "CALL-ID": + c$sip$call_id = value; + break; + case "CONTENT-LENGTH", "L": + c$sip$request_body_len = to_count(value); + break; + case "CSEQ": + c$sip$seq = value; + break; + case "DATE": + c$sip$date = value; + break; + case "FROM", "F": + c$sip$request_from = split_string1(value, /;[ ]?tag=/)[0]; + break; + case "REPLY-TO": + c$sip$reply_to = value; + break; + case "SUBJECT", "S": + c$sip$subject = value; + break; + case "TO", "T": + c$sip$request_to = value; + break; + case "USER-AGENT": + c$sip$user_agent = value; + break; + case "VIA", "V": + c$sip$request_path[|c$sip$request_path|] = split_string1(value, /;[ ]?branch/)[0]; + break; + } c$sip_state$pending[c$sip_state$current_request] = c$sip; } @@ -222,13 +235,29 @@ event sip_header(c: connection, is_request: bool, name: string, value: string) & { if ( c$sip_state$current_response !in c$sip_state$pending ) ++c$sip_state$current_response; + set_state(c, is_request); - if ( name == "CONTENT-LENGTH" || name == "L" ) c$sip$response_body_len = value; - else if ( name == "CONTENT-TYPE" || name == "C" ) c$sip$content_type = value; - else if ( name == "WARNING" ) c$sip$warning = value; - else if ( name == "FROM" || name == "F" ) c$sip$response_from = split_string1(value, /;[ ]?tag=/)[0]; - else if ( name == "TO" || name == "T" ) c$sip$response_to = value; - else if ( name == "VIA" || name == "V" ) c$sip$response_path[|c$sip$response_path|] = split_string1(value, /;[ ]?branch/)[0]; + switch ( name ) + { + case "CONTENT-LENGTH", "L": + c$sip$response_body_len = to_count(value); + break; + case "CONTENT-TYPE", "C": + c$sip$content_type = value; + break; + case "WARNING": + c$sip$warning = value; + break; + case "FROM", "F": + c$sip$response_from = split_string1(value, /;[ ]?tag=/)[0]; + break; + case "TO", "T": + c$sip$response_to = value; + break; + case "VIA", "V": + c$sip$response_path[|c$sip$response_path|] = split_string1(value, /;[ ]?branch/)[0]; + break; + } c$sip_state$pending[c$sip_state$current_response] = c$sip; } diff --git a/scripts/base/protocols/ssl/dpd.sig b/scripts/base/protocols/ssl/dpd.sig index e238575568..2ebe1cc634 100644 --- a/scripts/base/protocols/ssl/dpd.sig +++ b/scripts/base/protocols/ssl/dpd.sig @@ -1,7 +1,7 @@ signature dpd_ssl_server { ip-proto == tcp # Server hello. - payload /^(\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/ + payload /^((\x15\x03[\x00\x01\x02\x03]....)?\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/ requires-reverse-signature dpd_ssl_client enable "ssl" tcp-state responder diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro index cc94767370..edef4149f9 100644 --- a/scripts/policy/frameworks/control/controller.bro +++ b/scripts/policy/frameworks/control/controller.bro @@ -4,7 +4,7 @@ ##! ##! It's intended to be used from the command line like this:: ##! -##! bro frameworks/control/controller Control::host= Control::port= Control::cmd= [Control::arg=] +##! bro frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] @load base/frameworks/control @load base/frameworks/communication diff --git a/scripts/policy/frameworks/software/windows-version-detection.bro b/scripts/policy/frameworks/software/windows-version-detection.bro index 0162dddf75..7ed1ab359e 100644 --- a/scripts/policy/frameworks/software/windows-version-detection.bro +++ b/scripts/policy/frameworks/software/windows-version-detection.bro @@ -53,7 +53,7 @@ export { event HTTP::log_http(rec: HTTP::Info) &priority=5 { - if ( rec?$host && rec?$user_agent && rec$host == "crl.microsoft.com" && + if ( rec?$host && rec?$user_agent && /crl.microsoft.com/ in rec$host && /Microsoft-CryptoAPI\// in rec$user_agent ) { if ( rec$user_agent !in crypto_api_mapping ) diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.bro index c4408bcf59..e0692c5ab5 100644 --- a/scripts/policy/protocols/conn/vlan-logging.bro +++ b/scripts/policy/protocols/conn/vlan-logging.bro @@ -15,7 +15,7 @@ redef record Info += { # Add the VLAN information to the Conn::Info structure after the connection # has been removed. This ensures it's only done once, and is done before the # connection information is written to the log. -event connection_state_remove(c: connection) &priority=5 +event connection_state_remove(c: connection) { if ( c?$vlan ) c$conn$vlan = c$vlan; diff --git a/scripts/policy/protocols/conn/weirds.bro b/scripts/policy/protocols/conn/weirds.bro index 9d6730819c..8710635418 100644 --- a/scripts/policy/protocols/conn/weirds.bro +++ b/scripts/policy/protocols/conn/weirds.bro @@ -19,12 +19,12 @@ export { }; } -event rexmit_inconsistency(c: connection, t1: string, t2: string) +event rexmit_inconsistency(c: connection, t1: string, t2: string, tcp_flags: string) { NOTICE([$note=Retransmission_Inconsistency, $conn=c, - $msg=fmt("%s rexmit inconsistency (%s) (%s)", - id_string(c$id), t1, t2), + $msg=fmt("%s rexmit inconsistency (%s) (%s) [%s]", + id_string(c$id), t1, t2, tcp_flags), $identifier=fmt("%s", c$id)]); } diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index 4c43ea5bfa..0c402dc2af 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -709,7 +709,7 @@ bool ChunkedIOSSL::Init() { SSL_load_error_strings(); - ctx = SSL_CTX_new(SSLv3_method()); + ctx = SSL_CTX_new(SSLv23_method()); if ( ! ctx ) { Log("can't create SSL context"); diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 5113670e78..16add7c9c5 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -3459,7 +3459,11 @@ void SocketComm::Run() if ( io->CanWrite() ) ++canwrites; - int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, 0); + struct timeval timeout; + timeout.tv_sec = 1; + timeout.tv_usec = 0; + + int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &timeout); if ( selects % 100000 == 0 ) Log(fmt("selects=%ld canwrites=%ld pending=%lu", diff --git a/src/Reporter.cc b/src/Reporter.cc index 72c9e9868c..6020b6569c 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -393,4 +393,3 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( alloced ) free(alloced); } - diff --git a/src/Stmt.cc b/src/Stmt.cc index 1cd1e2510a..d93e8ff14e 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -994,6 +994,9 @@ bool AddStmt::DoUnserialize(UnserialInfo* info) DelStmt::DelStmt(Expr* arg_e) : ExprStmt(STMT_DELETE, arg_e) { + if ( e->IsError() ) + return; + if ( ! e->CanDel() ) Error("illegal delete statement"); } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index b477f939ec..36c92ed6e6 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -995,28 +995,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) HTTP_Reply(); - if ( connect_request && reply_code == 200 ) - { - pia = new pia::PIA_TCP(Conn()); - - if ( AddChildAnalyzer(pia) ) - { - pia->FirstPacket(true, 0); - pia->FirstPacket(false, 0); - - // This connection has transitioned to no longer - // being http and the content line support analyzers - // need to be removed. - RemoveSupportAnalyzer(content_line_orig); - RemoveSupportAnalyzer(content_line_resp); - - return; - } - - else - // AddChildAnalyzer() will have deleted PIA. - pia = 0; - } + if ( connect_request && reply_code != 200 ) + // Request failed, do not set up tunnel. + connect_request = false; InitHTTPMessage(content_line, reply_message, is_orig, @@ -1036,6 +1017,30 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REPLY_MESSAGE: reply_message->Deliver(len, line, 1); + + if ( connect_request && len == 0 ) + { + // End of message header reached, set up + // tunnel decapsulation. + pia = new pia::PIA_TCP(Conn()); + + if ( AddChildAnalyzer(pia) ) + { + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); + + // This connection has transitioned to no longer + // being http and the content line support analyzers + // need to be removed. + RemoveSupportAnalyzer(content_line_orig); + RemoveSupportAnalyzer(content_line_resp); + } + + else + // AddChildAnalyzer() will have deleted PIA. + pia = 0; + } + break; case EXPECT_REPLY_TRAILER: @@ -1244,6 +1249,12 @@ int HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) break; } + if ( end_of_uri >= end_of_line && PrefixMatch(line, end_of_line, "HTTP/") ) + { + Weird("missing_HTTP_uri"); + end_of_uri = line; // Leave URI empty. + } + for ( version_start = end_of_uri; version_start < end_of_line; ++version_start ) { end_of_uri = version_start; diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index d621ce2cce..2ed04ee6b1 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -2,7 +2,6 @@ #include #include "IRC.h" -#include "analyzer/protocol/tcp/ContentLine.h" #include "NetVar.h" #include "Event.h" #include "analyzer/protocol/zip/ZIP.h" @@ -21,8 +20,11 @@ IRC_Analyzer::IRC_Analyzer(Connection* conn) resp_status = WAIT_FOR_REGISTRATION; orig_zip_status = NO_ZIP; resp_zip_status = NO_ZIP; - AddSupportAnalyzer(new tcp::ContentLine_Analyzer(conn, true)); - AddSupportAnalyzer(new tcp::ContentLine_Analyzer(conn, false)); + starttls = false; + cl_orig = new tcp::ContentLine_Analyzer(conn, true); + AddSupportAnalyzer(cl_orig); + cl_resp = new tcp::ContentLine_Analyzer(conn, false); + AddSupportAnalyzer(cl_resp); } void IRC_Analyzer::Done() @@ -34,6 +36,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); + if ( starttls ) + { + ForwardStream(length, line, orig); + return; + } + // check line size if ( length > 512 ) { @@ -98,6 +106,11 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } else { // get command + + // special case that has no arguments + if ( myline == "STARTTLS" ) + return; + unsigned int pos = myline.find(' '); if ( pos > (unsigned int) length ) { @@ -556,6 +569,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } break; + case 670: + // StartTLS success reply to StartTLS + StartTLS(); + // All other server replies. default: val_list* vl = new val_list; @@ -1169,6 +1186,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } +void IRC_Analyzer::StartTLS() + { + // STARTTLS was succesful. Remove support analyzers, add SSL + // analyzer, and throw event signifying the change. + starttls = true; + + RemoveSupportAnalyzer(cl_orig); + RemoveSupportAnalyzer(cl_resp); + + Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + if ( ssl ) + AddChildAnalyzer(ssl); + + val_list* vl = new val_list; + vl->append(BuildConnVal()); + + ConnectionEvent(irc_starttls, vl); + } + vector IRC_Analyzer::SplitWords(const string input, const char split) { vector words; diff --git a/src/analyzer/protocol/irc/IRC.h b/src/analyzer/protocol/irc/IRC.h index bce9cdf054..82a97a4d4d 100644 --- a/src/analyzer/protocol/irc/IRC.h +++ b/src/analyzer/protocol/irc/IRC.h @@ -3,6 +3,7 @@ #ifndef ANALYZER_PROTOCOL_IRC_IRC_H #define ANALYZER_PROTOCOL_IRC_IRC_H #include "analyzer/protocol/tcp/TCP.h" +#include "analyzer/protocol/tcp/ContentLine.h" namespace analyzer { namespace irc { @@ -44,6 +45,8 @@ protected: int resp_zip_status; private: + void StartTLS(); + /** \brief counts number of invalid IRC messages */ int invalid_msg_count; @@ -60,6 +63,9 @@ private: */ vector SplitWords(const string input, const char split); + tcp::ContentLine_Analyzer* cl_orig; + tcp::ContentLine_Analyzer* cl_resp; + bool starttls; // if true, connection has been upgraded to tls }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/irc/events.bif b/src/analyzer/protocol/irc/events.bif index 4e69b9ad33..be425817b2 100644 --- a/src/analyzer/protocol/irc/events.bif +++ b/src/analyzer/protocol/irc/events.bif @@ -797,3 +797,10 @@ event irc_user_message%(c: connection, is_orig: bool, user: string, host: string ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response ## irc_part_message event irc_password_message%(c: connection, is_orig: bool, password: string%); + +## Generated if an IRC connection switched to TLS using STARTTLS. After this +## event no more IRC events will be raised for the connection. See the SSL +## analyzer for related SSL events, which will now be generated. +## +## c: The connection. +event irc_starttls%(c: connection%); diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 1adeb54a2d..7d73624dd0 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -1,5 +1,6 @@ #include "PIA.h" #include "RuleMatcher.h" +#include "analyzer/protocol/tcp/TCP_Flags.h" #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "events.bif.h" @@ -348,12 +349,16 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) for ( DataBlock* b = pkt_buffer.head; b; b = b->next ) { + // We don't have the TCP flags here during replay. We could + // funnel them through, but it's non-trivial and doesn't seem + // worth the effort. + if ( b->is_orig ) reass_orig->DataSent(network_time, orig_seq = b->seq, - b->len, b->data, true); + b->len, b->data, tcp::TCP_Flags(), true); else reass_resp->DataSent(network_time, resp_seq = b->seq, - b->len, b->data, true); + b->len, b->data, tcp::TCP_Flags(), true); } // We also need to pass the current packet on. @@ -363,11 +368,11 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) if ( current->is_orig ) reass_orig->DataSent(network_time, orig_seq = current->seq, - current->len, current->data, true); + current->len, current->data, analyzer::tcp::TCP_Flags(), true); else reass_resp->DataSent(network_time, resp_seq = current->seq, - current->len, current->data, true); + current->len, current->data, analyzer::tcp::TCP_Flags(), true); } ClearBuffer(&pkt_buffer); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 258fdfcf58..8b3876c7ce 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -946,23 +946,11 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - char tcp_flags[256]; - int tcp_flag_len = 0; - - if ( flags.SYN() ) tcp_flags[tcp_flag_len++] = 'S'; - if ( flags.FIN() ) tcp_flags[tcp_flag_len++] = 'F'; - if ( flags.RST() ) tcp_flags[tcp_flag_len++] = 'R'; - if ( flags.ACK() ) tcp_flags[tcp_flag_len++] = 'A'; - if ( flags.PUSH() ) tcp_flags[tcp_flag_len++] = 'P'; - if ( flags.URG() ) tcp_flags[tcp_flag_len++] = 'U'; - - tcp_flags[tcp_flag_len] = '\0'; - val_list* vl = new val_list(); vl->append(BuildConnVal()); vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new StringVal(tcp_flags)); + vl->append(new StringVal(flags.AsString())); vl->append(new Val(rel_seq, TYPE_COUNT)); vl->append(new Val(flags.ACK() ? rel_ack : 0, TYPE_COUNT)); vl->append(new Val(len, TYPE_COUNT)); diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 608c06a5aa..e5589b01a3 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -8,6 +8,7 @@ #include "PacketDumper.h" #include "IPAddr.h" #include "TCP_Endpoint.h" +#include "TCP_Flags.h" #include "Conn.h" // We define two classes here: @@ -23,21 +24,6 @@ class TCP_Endpoint; class TCP_ApplicationAnalyzer; class TCP_Reassembler; -class TCP_Flags { -public: - TCP_Flags(const struct tcphdr* tp) { flags = tp->th_flags; } - - bool SYN() { return flags & TH_SYN; } - bool FIN() { return flags & TH_FIN; } - bool RST() { return flags & TH_RST; } - bool ACK() { return flags & TH_ACK; } - bool URG() { return flags & TH_URG; } - bool PUSH() { return flags & TH_PUSH; } - -protected: - u_char flags; -}; - class TCP_Analyzer : public analyzer::TransportLayerAnalyzer { public: TCP_Analyzer(Connection* conn); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 846eb6d9d1..7c359623f3 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -204,7 +204,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_processor ) { if ( caplen >= len ) - status = contents_processor->DataSent(t, seq, len, data); + status = contents_processor->DataSent(t, seq, len, data, TCP_Flags(tp)); else TCP()->Weird("truncated_tcp_payload"); } diff --git a/src/analyzer/protocol/tcp/TCP_Flags.h b/src/analyzer/protocol/tcp/TCP_Flags.h new file mode 100644 index 0000000000..cc3c1f5915 --- /dev/null +++ b/src/analyzer/protocol/tcp/TCP_Flags.h @@ -0,0 +1,55 @@ +#ifndef ANALYZER_PROTOCOL_TCP_TCP_FLAGS_H +#define ANALYZER_PROTOCOL_TCP_TCP_FLAGS_H + +namespace analyzer { namespace tcp { + +class TCP_Flags { +public: + TCP_Flags(const struct tcphdr* tp) { flags = tp->th_flags; } + TCP_Flags() { flags = 0; } + + bool SYN() const { return flags & TH_SYN; } + bool FIN() const { return flags & TH_FIN; } + bool RST() const { return flags & TH_RST; } + bool ACK() const { return flags & TH_ACK; } + bool URG() const { return flags & TH_URG; } + bool PUSH() const { return flags & TH_PUSH; } + + string AsString() const; + +protected: + u_char flags; +}; + +inline string TCP_Flags::AsString() const + { + char tcp_flags[10]; + char* p = tcp_flags; + + if ( SYN() ) + *p++ = 'S'; + + if ( FIN() ) + *p++ = 'F'; + + if ( RST() ) + *p++ = 'R'; + + if ( ACK() ) + *p++ = 'A'; + + if ( PUSH() ) + *p++ = 'P'; + + if ( URG() ) + *p++ = 'U'; + + *p++ = '\0'; + return tcp_flags; + } +} + + +} + +#endif diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index bbcd9cb43a..5b88d2dafb 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -433,8 +433,13 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) { BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - tcp_analyzer->Event(rexmit_inconsistency, - new StringVal(b1_s), new StringVal(b2_s)); + + val_list* vl = new val_list(3); + vl->append(tcp_analyzer->BuildConnVal()); + vl->append(new StringVal(b1_s)); + vl->append(new StringVal(b2_s)); + vl->append(new StringVal(flags.AsString())); + tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); } } @@ -461,7 +466,7 @@ void TCP_Reassembler::Deliver(uint64 seq, int len, const u_char* data) } int TCP_Reassembler::DataSent(double t, uint64 seq, int len, - const u_char* data, bool replaying) + const u_char* data, TCP_Flags arg_flags, bool replaying) { uint64 ack = endp->ToRelativeSeqSpace(endp->AckSeq(), endp->AckWraps()); uint64 upper_seq = seq + len; @@ -492,7 +497,9 @@ int TCP_Reassembler::DataSent(double t, uint64 seq, int len, len -= amount_acked; } + flags = arg_flags; NewBlock(t, seq, len, data); + flags = TCP_Flags(); if ( Endpoint()->NoDataAcked() && tcp_max_above_hole_without_any_acks && NumUndeliveredBytes() > static_cast(tcp_max_above_hole_without_any_acks) ) diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index c2ed0175ca..2bd8a5eb5d 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -3,6 +3,7 @@ #include "Reassem.h" #include "TCP_Endpoint.h" +#include "TCP_Flags.h" class BroFile; class Connection; @@ -61,7 +62,7 @@ public: void SkipToSeq(uint64 seq); int DataSent(double t, uint64 seq, int len, const u_char* data, - bool replaying=true); + analyzer::tcp::TCP_Flags flags, bool replaying=true); void AckReceived(uint64 seq); // Checks if we have delivered all contents that we can possibly @@ -110,6 +111,7 @@ private: uint64 seq_to_skip; bool in_delivery; + analyzer::tcp::TCP_Flags flags; BroFile* record_contents_file; // file on which to reassemble contents diff --git a/src/event.bif b/src/event.bif index 456de20b3a..ff6ec059fb 100644 --- a/src/event.bif +++ b/src/event.bif @@ -305,8 +305,14 @@ event packet_contents%(c: connection, contents: string%); ## ## t2: The new payload. ## +## tcp_flags: A string with the TCP flags of the packet triggering the +## inconsistency. In the string, each character corresponds to one set flag, +## as follows: ``S`` -> SYN; ``F`` -> FIN; ``R`` -> RST; ``A`` -> ACK; ``P`` -> +## PUSH. This string will not always be set, only if the information is available; +## it's "best effort". +## ## .. bro:see:: tcp_rexmit tcp_contents -event rexmit_inconsistency%(c: connection, t1: string, t2: string%); +event rexmit_inconsistency%(c: connection, t1: string, t2: string, tcp_flags: string%); ## Generated when a TCP endpoint acknowledges payload that Bro never saw. ## diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index e4cbfe31e9..8db9db6ef1 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -36,9 +36,7 @@ PktSrc::PktSrc() PktSrc::~PktSrc() { - BPF_Program* code; - IterCookie* cookie = filters.InitForIteration(); - while ( (code = filters.NextEntry(cookie)) ) + for ( auto code : filters ) delete code; } @@ -335,16 +333,16 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) return 0; } - // Store it in hash. - HashKey* hash = new HashKey(HashKey(bro_int_t(index))); - BPF_Program* oldcode = filters.Lookup(hash); - if ( oldcode ) - delete oldcode; + // Store it in vector. + if ( index >= static_cast(filters.size()) ) + filters.resize(index + 1); - filters.Insert(hash, code); - delete hash; + if ( auto old = filters[index] ) + delete old; - return 1; + filters[index] = code; + + return true; } BPF_Program* PktSrc::GetBPFFilter(int index) @@ -352,10 +350,7 @@ BPF_Program* PktSrc::GetBPFFilter(int index) if ( index < 0 ) return 0; - HashKey* hash = new HashKey(HashKey(bro_int_t(index))); - BPF_Program* code = filters.Lookup(hash); - delete hash; - return code; + return (static_cast(filters.size()) > index ? filters[index] : 0); } bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt) diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h index 7d05a5583f..25a743dc53 100644 --- a/src/iosource/PktSrc.h +++ b/src/iosource/PktSrc.h @@ -3,6 +3,8 @@ #ifndef IOSOURCE_PKTSRC_PKTSRC_H #define IOSOURCE_PKTSRC_PKTSRC_H +#include + #include "IOSource.h" #include "BPF_Program.h" #include "Dict.h" @@ -362,7 +364,7 @@ private: Packet current_packet; // For BPF filtering support. - PDict(BPF_Program) filters; + std::vector filters; // Only set in pseudo-realtime mode. double first_timestamp; diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index 98be670e7a..8158266f1c 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -13,10 +13,6 @@ #include #endif -#ifdef HAVE_PACKET_FANOUT -#include -#endif - using namespace iosource::pcap; PcapSource::~PcapSource() @@ -156,24 +152,6 @@ void PcapSource::OpenLive() // Was closed, couldn't get header size. return; -#ifdef HAVE_PACKET_FANOUT - // Turn on cluster mode for the device. - if ( BifConst::Pcap::packet_fanout_enable ) - { - uint32_t packet_fanout_arg = (PACKET_FANOUT_HASH << 16) - | (BifConst::Pcap::packet_fanout_id & 0xffff); - - if ( BifConst::Pcap::packet_fanout_defrag ) - packet_fanout_arg |= (PACKET_FANOUT_FLAG_DEFRAG << 16); - - if ( setsockopt(props.selectable_fd, SOL_PACKET, PACKET_FANOUT, &packet_fanout_arg, sizeof(packet_fanout_arg)) == -1 ) - { - Error(fmt("packet fanout: %s", strerror(errno))); - return; - } - } -#endif - props.is_live = true; Opened(props); diff --git a/src/iosource/pcap/const.bif b/src/iosource/pcap/const.bif index 8b6d0b9017..877dccef74 100644 --- a/src/iosource/pcap/const.bif +++ b/src/iosource/pcap/const.bif @@ -2,8 +2,3 @@ const Pcap::snaplen: count; const Pcap::bufsize: count; - -const Pcap::packet_fanout_enable: bool; -const Pcap::packet_fanout_id: count; -const Pcap::packet_fanout_defrag: bool; - diff --git a/src/iosource/pcap/functions.bif b/src/iosource/pcap/functions.bif index e36c374a3c..6ba880c3b1 100644 --- a/src/iosource/pcap/functions.bif +++ b/src/iosource/pcap/functions.bif @@ -21,6 +21,15 @@ module Pcap; ## pcap_error function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %{ + if ( id->AsEnum() >= 100 ) + { + // We use a vector as underlying data structure for fast + // lookups and limit the ID space so that that doesn't grow too + // large. + builtin_error(fmt("PCAP filter ids must remain below 100 (is %ld)", id->AsInt())); + return new Val(false, TYPE_BOOL); + } + bool success = true; const iosource::Manager::PktSrcList& pkt_srcs(iosource_mgr->GetPktSrcs()); diff --git a/src/main.cc b/src/main.cc index 67b53f222e..73181c82f2 100644 --- a/src/main.cc +++ b/src/main.cc @@ -761,9 +761,6 @@ int main(int argc, char** argv) // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); init_hash_function(); - // Must come after hash initialization. - binpac::init(); - ERR_load_crypto_strings(); OPENSSL_add_all_algorithms_conf(); SSL_library_init(); @@ -863,6 +860,10 @@ int main(int argc, char** argv) if ( events_file ) event_player = new EventPlayer(events_file); + // Must come after plugin activation (and also after hash + // initialization). + binpac::init(); + init_event_handlers(); md5_type = new OpaqueType("md5"); diff --git a/src/strings.bif b/src/strings.bif index 80b60a57d0..ebee7d9cf7 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -216,7 +216,13 @@ function join_string_vec%(vec: string_vec, sep: string%): string if ( i > 0 ) d.Add(sep->CheckString(), 0); - v->Lookup(i)->Describe(&d); + Val* e = v->Lookup(i); + + // If the element is empty, skip it. + if ( ! e ) + continue; + + e->Describe(&d); } BroString* s = new BroString(1, d.TakeBytes(), d.Len()); diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 1a2fd84c4a..3558baee5c 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -35,7 +35,12 @@ bool JSON::Describe(ODesc* desc, int num_fields, const Field* const * fields, const u_char* bytes = desc->Bytes(); int len = desc->Len(); - if ( i > 0 && len > 0 && bytes[len-1] != ',' && vals[i]->present ) + if ( i > 0 && + len > 0 && + bytes[len-1] != ',' && + bytes[len-1] != '{' && + bytes[len-1] != '[' && + vals[i]->present ) desc->AddRaw(","); if ( ! Describe(desc, vals[i], fields[i]->name) ) diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index f1640a57ee..e916fc304a 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -4,3 +4,4 @@ mytest this__is__another__test thisisanothertest Test +...hi..there diff --git a/testing/btest/Baseline/core.reassembly/output b/testing/btest/Baseline/core.reassembly/output index 79922b43c4..5e0ef35929 100644 --- a/testing/btest/Baseline/core.reassembly/output +++ b/testing/btest/Baseline/core.reassembly/output @@ -23,10 +23,10 @@ net_weird, truncated_IP net_weird, truncated_IP net_weird, truncated_IP net_weird, truncated_IP -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml, A net_weird, truncated_IP -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO\x0d\x0a\x0d\x0a - - - (empty) - - - Fp32SIJztq0Szn5Qc text/plain - - -1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FNFYdH11h5iQcoD3a2 text/html -1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FHD5nv1iSVFZVM0aH7 text/html -1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - - - FS7lUf2cJFAVBCu6w6 text/html -#close 2015-03-14-01-46-26 +#open 2016-01-15-18-40-16 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1210953057.917183 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) 589 0 204 - - - (empty) - - - Fp32SIJztq0Szn5Qc text/plain - - +1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FNFYdH11h5iQcoD3a2 text/html +1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FHD5nv1iSVFZVM0aH7 text/html +1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - - - FS7lUf2cJFAVBCu6w6 text/html +#close 2016-01-15-18-40-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log index e611eeb679..57ec542b6c 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-02-19 +#open 2016-01-15-18-40-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -12,4 +12,4 @@ 1210953076.058333 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE -#close 2013-08-26-19-02-19 +#close 2016-01-15-18-40-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log index 91bcfdf170..41177e178d 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-21 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a @@ -13,4 +13,4 @@ 1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh 1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a 1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg -#close 2015-02-23-21-33-21 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log index eff4b8ff36..00a710a5b0 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-57-27 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FWSTWv4EZLVlc2Zywi text/html -1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FGKV3B3jz083xhGO13 text/html -#close 2014-04-01-22-57-27 +#open 2016-01-15-18-40-17 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FWSTWv4EZLVlc2Zywi text/html +1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FGKV3B3jz083xhGO13 text/html +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log index f988a996f8..2c041b6c59 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-02-20 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -12,4 +12,4 @@ 1340127577.406995 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE -#close 2013-08-26-19-02-20 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log index bec4732a8f..81c7bb0cf0 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path weird -#open 2013-08-26-19-46-43 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro 1340127577.346849 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro -#close 2013-08-26-19-46-43 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 index 461c3411d1..398fe5db94 100644 --- a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 +++ b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 @@ -9,7 +9,7 @@ }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={ - }], extract_orig=F, extract_resp=F, thresholds=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={ + }], extract_orig=F, extract_resp=F, thresholds=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={ }, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={ diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index b19aa4e229..ef4b7d5e14 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-00-17 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-19 +#open 2016-01-15-18-40-35 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883233.962989 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-36 diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index b19aa4e229..ef4b7d5e14 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-00-17 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-19 +#open 2016-01-15-18-40-35 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883233.962989 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-36 diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 50de2e7aa5..829797e69a 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-59-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-00 +#open 2016-01-15-18-40-24 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883223.630311 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-26 diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 50de2e7aa5..bca3ed980f 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-59-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-00 +#open 2016-01-15-18-40-24 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883223.630311 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-25 diff --git a/testing/btest/Baseline/language.init-in-anon-function/http.log b/testing/btest/Baseline/language.init-in-anon-function/http.log index 2f4bbbb8e4..24ee094c15 100644 --- a/testing/btest/Baseline/language.init-in-anon-function/http.log +++ b/testing/btest/Baseline/language.init-in-anon-function/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-12-50 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.0.0 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916183 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952296 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.0.0 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.976436 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014593 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -#close 2014-04-01-23-12-50 +#open 2016-01-15-18-40-39 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.0.0 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916183 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952296 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.0.0 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.976436 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014593 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +#close 2016-01-15-18-40-39 diff --git a/testing/btest/Baseline/language.undefined-delete-field/output b/testing/btest/Baseline/language.undefined-delete-field/output new file mode 100644 index 0000000000..bd0fb99289 --- /dev/null +++ b/testing/btest/Baseline/language.undefined-delete-field/output @@ -0,0 +1,2 @@ +error in /Users/johanna/bro/master/testing/btest/.tmp/language.undefined-delete-field/undefined-delete-field.bro, line 14: no such field in record (x$c) +1 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 94e0db8667..7a5718b1db 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -220,7 +220,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -326,7 +326,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -812,7 +812,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -918,7 +918,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -1403,7 +1403,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1509,7 +1509,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) @@ -1605,14 +1605,14 @@ 1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> 1362692526.939527 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> @@ -1642,14 +1642,14 @@ 1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (-%s, HTTP)) 1362692526.939527 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) @@ -1680,14 +1680,14 @@ 1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692526.939527 | HookCallFunction fmt(-%s, HTTP) 1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) diff --git a/testing/btest/Baseline/plugins.writer/output b/testing/btest/Baseline/plugins.writer/output index 26fac65662..a8d6f439e2 100644 --- a/testing/btest/Baseline/plugins.writer/output +++ b/testing/btest/Baseline/plugins.writer/output @@ -10,13 +10,13 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0) [conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0| [conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0| [files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|CjhGID4nQcgTWjvg4c|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|- -[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213019.580162|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|3|GET|www.osnews.com|/images/icons/9.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213020.155861|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|4|GET|www.osnews.com|/images/icons/26.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|1368|200|OK|-|-|-||-|-|-|-|-|FBtZ7y1ppK8iIeY622|image/gif -[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[packet_filter] 1424736260.256998|bro|ip or not ip|T|T +[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213019.580162|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|3|GET|www.osnews.com|/images/icons/9.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213020.155861|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|4|GET|www.osnews.com|/images/icons/26.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|1368|200|OK|-|-|-||-|-|-|-|-|FBtZ7y1ppK8iIeY622|image/gif +[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[packet_filter] 1452883255.997547|bro|ip or not ip|T|T [socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688 [tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log index 4786a6f8b9..5fb6e1672a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-14-58 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1315799856.264750 CXWv6p3arKYeMETxOg 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - - - FGNm7b3eXjhJLfvOWl text/html -#close 2014-04-01-23-14-58 +#open 2016-01-15-18-40-57 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1315799856.264750 CXWv6p3arKYeMETxOg 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - 1.1 Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - - - FGNm7b3eXjhJLfvOWl text/html +#close 2016-01-15-18-40-57 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-optional/testing.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-optional/testing.log new file mode 100644 index 0000000000..ba61a12d34 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json-optional/testing.log @@ -0,0 +1 @@ +{"msg":"Testing 1 2 3 "} diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select index 5c584af41b..a715425ded 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select @@ -1,14 +1,14 @@ -1300475168.78402|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|1|GET|bits.wikimedia.org|/skins-1.5/monobook/main.css|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91602|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/6/63/Wikipedia-logo.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91618|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91836|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/b/bd/Bookshelf-40x201_6.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.9523|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.95231|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.95482|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.96269|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|1|GET|meta.wikimedia.org|/images/wikimedia-button.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97593|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97644|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97926|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01459|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01462|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01493|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.78402|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|1|GET|bits.wikimedia.org|/skins-1.5/monobook/main.css|http://www.wikipedia.org/|1.1|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91602|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/6/63/Wikipedia-logo.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91618|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91836|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/b/bd/Bookshelf-40x201_6.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.9523|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.95231|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.95482|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.96269|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|1|GET|meta.wikimedia.org|/images/wikimedia-button.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97593|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97644|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97926|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01459|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01462|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01493|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log index cbc90d9926..ab4979f69d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-2-2 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields status_code #types count 304 @@ -20,4 +20,4 @@ 304 304 304 -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log index 8f66184146..30ffbac472 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-2 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields host #types string bits.wikimedia.org @@ -20,4 +20,4 @@ upload.wikimedia.org upload.wikimedia.org upload.wikimedia.org upload.wikimedia.org -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log index d64b9aa128..d0ef6e21ce 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-3 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields uri #types string /skins-1.5/monobook/main.css @@ -20,4 +20,4 @@ /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log index 0f1c694c8b..5fb44c25ee 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-23 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -#close 2014-04-01-23-15-23 +#open 2016-01-15-18-40-59 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log index 35e9134583..1e0ff1b11d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path reporter -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields ts level message location #types time enum string string 1300475168.843894 Reporter::WARNING Write using filter 'host-only' on path 'http' changed to use new path 'http-2' to avoid conflict with filter 'default' (empty) 1300475168.843894 Reporter::WARNING Write using filter 'uri-only' on path 'http' changed to use new path 'http-3' to avoid conflict with filter 'default' (empty) 1300475168.843894 Reporter::WARNING Write using filter 'status-only' on path 'http-2' changed to use new path 'http-2-2' to avoid conflict with filter 'host-only' (empty) -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log index 0418b88b69..774163695e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-57 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1237440095.634312 CXWv6p3arKYeMETxOg 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - F7Wq2D1IW7Cp2nfZMa text/plain FFhC1T3ieHHQqVBLpc text/html -#close 2014-04-01-23-15-57 +#open 2016-01-15-18-41-00 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1237440095.634312 CXWv6p3arKYeMETxOg 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - 1.1 curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - F7Wq2D1IW7Cp2nfZMa text/plain FFhC1T3ieHHQqVBLpc text/html +#close 2016-01-15-18-41-00 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log new file mode 100644 index 0000000000..0a578fc3d7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2016-01-15-18-41-02 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1443732977.727740 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 (empty) +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log new file mode 100644 index 0000000000..121c1499dc --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2016-01-15-18-41-02 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1443732977.728092 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 1 CONNECT secure.newegg.com secure.newegg.com:443 - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0 0 0 200 Connection Established - - - (empty) - - PROXY-CONNECTION -> keep-alive - - - - +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log new file mode 100644 index 0000000000..87789e66f2 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path tunnel +#open 2016-01-15-18-41-02 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action +#types time string addr port addr port enum enum +1443732977.848660 - ::1 0 ::1 80 Tunnel::HTTP Tunnel::DISCOVER +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log index ab5cd0d9bf..b255e8cb3f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-43-52 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 (empty) -#close 2015-02-23-21-43-52 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log index 6fd4a5a937..0c2d648a7b 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1078232252.284420 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 CONNECT - mailin03.sul.t-online.de:25 / - - 0 0 200 Connection established - - - (empty) - - - - - - - -#close 2014-04-01-23-15-59 +#open 2016-01-15-18-41-01 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1078232252.284420 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 CONNECT - mailin03.sul.t-online.de:25 / - 1.0 - 0 0 200 Connection established - - - (empty) - - - - - - - +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log index 99850b35a2..f7c07eb9dd 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path smtp -#open 2015-07-26-18-33-18 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to cc reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent tls fuids #types time string addr port addr port count string string set[string] string string set[string] set[string] string string string string addr string string string vector[addr] string bool vector[string] 1078232255.642953 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 208.191.73.21 Tue, 2 Mar 2004 13:57:49 +0100 Sybille Ostermann thenightwatch@t-online.de - - - - Hier sind die dicken Girls hemmungloser denn je.. grcu - from mail.iosphere.net (mail.iosphere.net [216.58.97.33]) by mail.netsync.net with esmtp; Mrz, 02 2004 12:55:34 -0700 - 250 Message accepted. 254.228.86.79,79.26.245.236,216.58.97.33 Microsoft Outlook Build 10.0.2616 F FVS9k93PUgScEUCOjd -#close 2015-07-26-18-33-18 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log index 9e18e38e03..2b3c719e2c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2014-02-13-03-37-02 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1078232252.284420 - 79.26.245.236 0 254.228.86.79 8240 Tunnel::HTTP Tunnel::DISCOVER -#close 2014-02-13-03-37-02 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log index d8a78a38b1..353348a40d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log @@ -3,56 +3,56 @@ #empty_field (empty) #unset_field - #path http -#open 2015-04-20-12-36-37 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html -1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FWUdF12OgqGLhf3NPl text/html -1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FrYoRN2EwpZyXbyvF8 text/html -1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FJPouz1lbXUsa4Ef1 text/html -1354328874.364020 CRJuHdVW0XPVINV8a 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - - 0 43911 200 OK - - - (empty) - - - - - FbONWS332vB7QP1sDi text/html -1354328878.470424 CPbrpk1qSsw6ESzHV4 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - - 0 43983 200 OK - - - (empty) - - - - - Fw8xGD2taqNAOVvI88 text/html -1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 1 GET www.google.com /HTTP/1.1 - - 0 1207 403 Forbidden - - - (empty) - - - - - FdEQPY3H4Z608y5yq1 text/html -1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FcNjaW3kDUju84cG3 text/html -1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fe8v8c49yLvORp3zva text/html -1354328882.990373 CJ3xTn1c4Zw9TmAE05 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - - 0 43913 200 OK - - - (empty) - - - - - FAbDo7c8yz5wducYb text/html -1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 1 - - - - - 0 961 405 Method Not Allowed - - - (empty) - - - - - F7zifu3d5nGrdGffO4 text/html -1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FNf9mc2b0BWWP1UxWe text/html -1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FG2K813sKEZvZ2TNY4 text/html -1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FOOeqs4Vg0Zs3rcVYi text/html -1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - F2wfYn1yFdeOeHFYA8 text/html -1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 1 CCM_POST www.google.com / - - 0 963 405 Method Not Allowed - - - (empty) - - - - - F1d9bG11AdUoYIAPna text/html -1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 1 CCM_POST www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - F73Xpt400aDAjp1tOj text/html -1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FANgwp2fEJblWfGtqk text/html -1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FUelQv4zC3B2JEWwQ6 text/html -1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 1 CCM_POST www.google.com / - - 0 963 405 Method Not Allowed - - - (empty) - - - - - FodlEg40uUijFetJb9 text/html -1354328899.526682 Cx2FqO23omNawSNrxj 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - - - FgQlB81dSyLHN5T8Q4 text/html -1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 1 CONNECT www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FW2UCD2e0jxAndsTK3 text/html -1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FKANAL2sLvMgJdaEKa text/html -1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FNRuYy4eahAmiehFvd text/html -1354328903.697693 CRrfvP2lalMAYOCLhj 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - - - FAVGIL2N6x9nLyfGHh text/html -1354328907.743696 Cn78a440HlxuyZKs6f 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - - - FKbiICMAvCsO6CFjk text/html -1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 1 TRACE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FD5riIpYe5BLR0aok text/html -1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FUzHwP1gT2UJYnUpUi text/html -1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FfLe59279TLFl2hHKc text/html -1354328911.918511 ClAbxY1nmdjCuo0Le2 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - - - FQrvtP3qpKeKPxn5Gf text/html -1354328915.964678 CwG0BF1VXE0gWgs78 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - - - Fs5qiV3XoBOExKLdi4 text/html -1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 1 DELETE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FpkucFbcGcM4CNkZf text/html -1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FBu6A04t7ZjbY0dCi8 text/html -1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fk7Se84fbLvbZEfBCd text/html -1354328920.136714 Cktvtw2VqwbTG0OgWk 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - - - FNb8ZY2Zvw0MpF1qU4 text/html -1354328924.183211 CKfF8L3XSsgT2WYDN 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - Fo23U03XCMamm7QQWe text/html -1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 1 PUT www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - - - FqyVeZqSV8Tz7hfT1 text/html -1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Ft15j5I9xSpfcA7Fh text/html -1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FyF5ac1kxwCDvXZKz7 text/html -1354328924.350343 CUqYZc2XzbfnZKbgT 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - FuGiTK15gnR7f8Uti2 text/html -1354328924.391728 CVdnYXVEtNT1lQVL6 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - F93zuy2MGUDDPwg0xl text/html -1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 1 POST www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - - - FRJvy31aqXlFemaBfc text/html -1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fcnnrf1A8AgOFzLHM text/html -1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FI3I73110YtFWCuaG3 text/html -1354328924.559704 CZTTFm2GrMAs8leAyl 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - - -1354328928.625437 CV23rC3tBHfPhMUPtf 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - - -1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - - 0 0 400 Bad Request - - - (empty) - - - - - - - -1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FaVAsywxxOtGAzel8 text/html -1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FmzgEKnyfPnyZqmh text/html -#close 2015-04-20-12-36-37 +#open 2016-01-15-20-54-31 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - 1.1 - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html +1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com (empty) - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FWUdF12OgqGLhf3NPl text/html +1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FrYoRN2EwpZyXbyvF8 text/html +1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FJPouz1lbXUsa4Ef1 text/html +1354328874.364020 CRJuHdVW0XPVINV8a 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43911 200 OK - - - (empty) - - - - - FbONWS332vB7QP1sDi text/html +1354328878.470424 CPbrpk1qSsw6ESzHV4 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43983 200 OK - - - (empty) - - - - - Fw8xGD2taqNAOVvI88 text/html +1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 1 GET www.google.com /HTTP/1.1 - 1.0 - 0 1207 403 Forbidden - - - (empty) - - - - - FdEQPY3H4Z608y5yq1 text/html +1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FcNjaW3kDUju84cG3 text/html +1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fe8v8c49yLvORp3zva text/html +1354328882.990373 CJ3xTn1c4Zw9TmAE05 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43913 200 OK - - - (empty) - - - - - FAbDo7c8yz5wducYb text/html +1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 1 - - - - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - F7zifu3d5nGrdGffO4 text/html +1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FNf9mc2b0BWWP1UxWe text/html +1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FG2K813sKEZvZ2TNY4 text/html +1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FOOeqs4Vg0Zs3rcVYi text/html +1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - F2wfYn1yFdeOeHFYA8 text/html +1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - F1d9bG11AdUoYIAPna text/html +1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 1 CCM_POST www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - F73Xpt400aDAjp1tOj text/html +1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FANgwp2fEJblWfGtqk text/html +1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUelQv4zC3B2JEWwQ6 text/html +1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - FodlEg40uUijFetJb9 text/html +1354328899.526682 Cx2FqO23omNawSNrxj 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FgQlB81dSyLHN5T8Q4 text/html +1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 1 CONNECT www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FW2UCD2e0jxAndsTK3 text/html +1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FKANAL2sLvMgJdaEKa text/html +1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FNRuYy4eahAmiehFvd text/html +1354328903.697693 CRrfvP2lalMAYOCLhj 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FAVGIL2N6x9nLyfGHh text/html +1354328907.743696 Cn78a440HlxuyZKs6f 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FKbiICMAvCsO6CFjk text/html +1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 1 TRACE www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FD5riIpYe5BLR0aok text/html +1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUzHwP1gT2UJYnUpUi text/html +1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FfLe59279TLFl2hHKc text/html +1354328911.918511 ClAbxY1nmdjCuo0Le2 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FQrvtP3qpKeKPxn5Gf text/html +1354328915.964678 CwG0BF1VXE0gWgs78 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - Fs5qiV3XoBOExKLdi4 text/html +1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 1 DELETE www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FpkucFbcGcM4CNkZf text/html +1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FBu6A04t7ZjbY0dCi8 text/html +1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fk7Se84fbLvbZEfBCd text/html +1354328920.136714 Cktvtw2VqwbTG0OgWk 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - FNb8ZY2Zvw0MpF1qU4 text/html +1354328924.183211 CKfF8L3XSsgT2WYDN 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - Fo23U03XCMamm7QQWe text/html +1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 1 PUT www.google.com /HTTP/1.1 - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FqyVeZqSV8Tz7hfT1 text/html +1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Ft15j5I9xSpfcA7Fh text/html +1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FyF5ac1kxwCDvXZKz7 text/html +1354328924.350343 CUqYZc2XzbfnZKbgT 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FuGiTK15gnR7f8Uti2 text/html +1354328924.391728 CVdnYXVEtNT1lQVL6 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - F93zuy2MGUDDPwg0xl text/html +1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 1 POST www.google.com /HTTP/1.1 - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FRJvy31aqXlFemaBfc text/html +1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fcnnrf1A8AgOFzLHM text/html +1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FI3I73110YtFWCuaG3 text/html +1354328924.559704 CZTTFm2GrMAs8leAyl 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - +1354328928.625437 CV23rC3tBHfPhMUPtf 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - +1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - 1.0 - 0 0 400 Bad Request - - - (empty) - - - - - - - +1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FaVAsywxxOtGAzel8 text/html +1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FmzgEKnyfPnyZqmh text/html +#close 2016-01-15-20-54-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log index 1721f8f79f..e10847fe2d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log @@ -3,9 +3,10 @@ #empty_field (empty) #unset_field - #path weird -#open 2015-03-20-16-03-02 +#open 2016-01-15-20-54-31 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string +1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F bro 1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro @@ -32,4 +33,4 @@ 1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro -#close 2015-03-20-16-03-02 +#close 2016-01-15-20-54-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log index 09cc270c2a..d02f2a9bcc 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log @@ -3,12 +3,12 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-16-13 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1258577884.844956 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - Fa7DPI2ItmEOoVqyYj text/plain -1258577884.960135 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - - FnBh5P1KP0SnMzl3Qj text/plain -1258577885.317160 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - F2TV5w2Kwn3G7doSk5 image/gif -1258577885.349639 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - F4kk4T3Unyqtkczzue image/png -1258577885.394612 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - FcB26G4nL7jRheOyA8 image/png -#close 2014-04-01-23-16-13 +#open 2016-01-15-18-41-04 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1258577884.844956 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - Fa7DPI2ItmEOoVqyYj text/plain +1258577884.960135 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - - FnBh5P1KP0SnMzl3Qj text/plain +1258577885.317160 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - F2TV5w2Kwn3G7doSk5 image/gif +1258577885.349639 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - F4kk4T3Unyqtkczzue image/png +1258577885.394612 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - FcB26G4nL7jRheOyA8 image/png +#close 2016-01-15-18-41-04 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log index c4c96b7fb9..059d4a6a28 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2015-05-12-16-26-53 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1232039472.314927 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 1 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FBcNS3RwceOxW15xg text/plain -1232039472.446194 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 2 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FDWU85N0DpedJPh93 text/plain -#close 2015-05-12-16-26-53 +#open 2016-01-15-18-41-05 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1232039472.314927 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 1 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm 1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FBcNS3RwceOxW15xg text/plain +1232039472.446194 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 2 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm 1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FDWU85N0DpedJPh93 text/plain +#close 2016-01-15-18-41-05 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log index a9cf1ccfaf..db69de700e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2015-04-20-12-37-23 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1369159408.455878 CXWv6p3arKYeMETxOg 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - curl/7.30.0 370 465 200 OK - - - (empty) - - - F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg - FjeopJ2lRk9U1CNNb5 text/json -#close 2015-04-20-12-37-23 +#open 2016-01-15-18-41-06 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1369159408.455878 CXWv6p3arKYeMETxOg 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - 1.1 curl/7.30.0 370 465 200 OK - - - (empty) - - - F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg - FjeopJ2lRk9U1CNNb5 text/json +#close 2016-01-15-18-41-06 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log new file mode 100644 index 0000000000..bdcd4aae19 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2016-01-15-20-42-50 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1362692526.939527 CXWv6p3arKYeMETxOg 141.142.228.5 59856 192.150.187.43 80 1 GET bro.org (empty) - 1.1 - 0 4705 200 OK - - - (empty) - - - - - FakNcS1Jfe01uljb3 text/plain +#close 2016-01-15-20-42-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log new file mode 100644 index 0000000000..cd31c6030f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open 2016-01-15-20-42-50 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1362692526.939527 CXWv6p3arKYeMETxOg 141.142.228.5 59856 192.150.187.43 80 missing_HTTP_uri - F bro +#close 2016-01-15-20-42-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log b/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log new file mode 100644 index 0000000000..a1ab36435b --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2016-01-15-20-44-15 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1036020209.801685 CXWv6p3arKYeMETxOg 131.243.1.23 1035 131.243.1.10 80 1 GET - /cgi-bin/formmail.pl?email=f2@aol.com&subject=www-nrg.ee/cgi-bin/formmail.pl&recipient=unknownz@buy2save.com&msg=w00t - - - 0 0 - - - - - (empty) - - - - - - - +#close 2016-01-15-20-44-15 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log new file mode 100644 index 0000000000..a4f9d436d6 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2015-07-29-18-47-29 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1438145937.325196 CXWv6p3arKYeMETxOg 203.143.168.47 55123 185.18.76.170 6667 tcp irc,ssl 4.923144 913 1903 SF - - 0 ShADadFRf 11 1469 9 2379 (empty) +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log new file mode 100644 index 0000000000..41a49a16cc --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-07-29-18-47-29 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1438145937.994419 CXWv6p3arKYeMETxOg 203.143.168.47 55123 185.18.76.170 6667 TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384 - - F - - T Fyz2bd3loV0LDM3r95 (empty) CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI - - +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log new file mode 100644 index 0000000000..957d807f9e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2015-07-29-18-47-29 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1438145938.995683 Fyz2bd3loV0LDM3r95 3 F9435743EF353D9E CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI 1436555613.000000 1751915613.000000 rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log index 047fa4e2d1..d78eb61ef7 100644 --- a/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log +++ b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path sip -#open 2015-09-03-21-02-33 +#open 2015-11-29-05-05-42 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method uri date request_from request_to response_from response_to reply_to call_id seq subject request_path response_path user_agent status_code status_msg warning request_body_len response_body_len content_type -#types time string addr port addr port count string string string string string string string string string string string vector[string] vector[string] string count string string string string string +#types time string addr port addr port count string string string string string string string string string string string vector[string] vector[string] string count string string count count string 1120469572.844249 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04092-1701af62-120c67172 - 578222729-4665d775@578222732-4665d772 68 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 - 1120469590.259876 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - - 578222729-4665d775@578222732-4665d772 69 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 0 0 - 1120469590.259876 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04085-1701af98-51a65b340 - 578222729-4665d775@578222732-4665d772 69 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 403 Wrong password - 0 0 - @@ -42,4 +42,4 @@ 1120470984.353086 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04074-1701bac9-1daa0b4c5 - 29858147-465b0752@29858051-465b07b2 5 REGISTER - SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 - 1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 0 0 - 1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04087-1701bae7-76fb74995 - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 200 OK - 0 0 - -#close 2015-09-03-21-02-33 +#close 2015-11-29-05-05-42 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout index b59ed28b18..7b2d255900 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout @@ -6,3 +6,5 @@ Client hello, 192.150.187.164, 194.127.84.106, 769 Client hello, 192.150.187.164, 194.127.84.106, 769 Start test run Client hello, 10.0.0.80, 68.233.76.12, 771 +Start test run +Client hello, 192.168.6.217, 67.207.128.99, 771 diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log index ca510300c2..08ee00ffd0 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log +++ b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2015-03-16-20-10-52 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -#close 2015-03-16-20-10-52 +#open 2016-01-15-18-41-07 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +#close 2016-01-15-18-41-07 diff --git a/testing/btest/Traces/http/connect-with-header.trace b/testing/btest/Traces/http/connect-with-header.trace new file mode 100644 index 0000000000..740b5ffce8 Binary files /dev/null and b/testing/btest/Traces/http/connect-with-header.trace differ diff --git a/testing/btest/Traces/http/no-uri.pcap b/testing/btest/Traces/http/no-uri.pcap new file mode 100644 index 0000000000..86c42097a1 Binary files /dev/null and b/testing/btest/Traces/http/no-uri.pcap differ diff --git a/testing/btest/Traces/http/no-version.pcap b/testing/btest/Traces/http/no-version.pcap new file mode 100644 index 0000000000..90906e934f Binary files /dev/null and b/testing/btest/Traces/http/no-version.pcap differ diff --git a/testing/btest/Traces/tls/irc-starttls.pcap b/testing/btest/Traces/tls/irc-starttls.pcap new file mode 100644 index 0000000000..77b244685f Binary files /dev/null and b/testing/btest/Traces/tls/irc-starttls.pcap differ diff --git a/testing/btest/Traces/tls/tls-early-alert.trace b/testing/btest/Traces/tls/tls-early-alert.trace new file mode 100644 index 0000000000..b91b50691d Binary files /dev/null and b/testing/btest/Traces/tls/tls-early-alert.trace differ diff --git a/testing/btest/bifs/join_string.bro b/testing/btest/bifs/join_string.bro index 83917ef322..0b2d94029a 100644 --- a/testing/btest/bifs/join_string.bro +++ b/testing/btest/bifs/join_string.bro @@ -10,6 +10,9 @@ event bro_init() local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); local d: string_vec = vector( "Test" ); + local e: string_vec = vector(); + e[3] = "hi"; + e[5] = "there"; print join_string_array(" * ", a); print join_string_array("", a); @@ -18,4 +21,5 @@ event bro_init() print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); + print join_string_vec(e, "."); } diff --git a/testing/btest/core/reassembly.bro b/testing/btest/core/reassembly.bro index cb04ace71b..30cfaa727e 100644 --- a/testing/btest/core/reassembly.bro +++ b/testing/btest/core/reassembly.bro @@ -20,7 +20,7 @@ event net_weird(name: string) print "net_weird", name; } -event rexmit_inconsistency(c: connection, t1: string, t2: string) +event rexmit_inconsistency(c: connection, t1: string, t2: string, tcp_flags: string) { - print "rexmit_inconsistency", c$id, t1, t2 ; + print "rexmit_inconsistency", c$id, t1, t2, tcp_flags; } diff --git a/testing/btest/core/tcp/quantum-insert.bro b/testing/btest/core/tcp/quantum-insert.bro index 3fff5cd911..8b4738c9e1 100644 --- a/testing/btest/core/tcp/quantum-insert.bro +++ b/testing/btest/core/tcp/quantum-insert.bro @@ -3,10 +3,11 @@ # Quantum Insert like attack, overlapping TCP packet with different content redef tcp_max_old_segments = 10; -event rexmit_inconsistency(c: connection, t1: string, t2: string) +event rexmit_inconsistency(c: connection, t1: string, t2: string, tcp_flags: string) { print "----- rexmit_inconsistency -----"; print fmt("%.6f c: %s", network_time(), c$id); print fmt("%.6f t1: %s", network_time(), t1); print fmt("%.6f t2: %s", network_time(), t2); + print fmt("%.6f tcp_flags: %s", network_time(), tcp_flags); } diff --git a/testing/btest/language/undefined-delete-field.bro b/testing/btest/language/undefined-delete-field.bro new file mode 100644 index 0000000000..8271f016fe --- /dev/null +++ b/testing/btest/language/undefined-delete-field.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -b %INPUT >output 2>&1 || echo $? >>output +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +type MyRecordType: record + { + a: count; + b: count; + }; + +event bro_init() + { + local x = MyRecordType($a=1, $b=2); + + delete x$c; + } diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro new file mode 100644 index 0000000000..c26683a338 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro @@ -0,0 +1,27 @@ +# +# @TEST-EXEC: bro -b %INPUT +# @TEST-EXEC: btest-diff testing.log + +@load tuning/json-logs.bro + +module testing; + +export { + redef enum Log::ID += { LOG }; + + type Info: record { + ts: time &log &optional; + msg: string &log &optional; + }; + + global log_test: event(rec: Info); +} + +event bro_init() &priority=5 +{ + Log::create_stream(testing::LOG, [$columns=testing::Info, $ev=log_test]); + local info: Info; + info$msg = "Testing 1 2 3 "; + Log::write(testing::LOG, info); +} + diff --git a/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro b/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro new file mode 100644 index 0000000000..84172878f6 --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro @@ -0,0 +1,12 @@ +# This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly +# when the server include a header line into its response. +# +# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT +# @TEST-EXEC: btest-diff conn.log +# @TEST-EXEC: btest-diff http.log +# @TEST-EXEC: btest-diff tunnel.log + +@load base/protocols/conn +@load base/protocols/http +@load base/protocols/tunnels +@load base/frameworks/dpd diff --git a/testing/btest/scripts/base/protocols/http/no-uri.bro b/testing/btest/scripts/base/protocols/http/no-uri.bro new file mode 100644 index 0000000000..9793b93c58 --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/no-uri.bro @@ -0,0 +1,4 @@ +# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: btest-diff http.log +# @TEST-EXEC: btest-diff weird.log + diff --git a/testing/btest/scripts/base/protocols/http/no-version.bro b/testing/btest/scripts/base/protocols/http/no-version.bro new file mode 100644 index 0000000000..3e861534bd --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/no-version.bro @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: btest-diff http.log + diff --git a/testing/btest/scripts/base/protocols/irc/starttls.test b/testing/btest/scripts/base/protocols/irc/starttls.test new file mode 100644 index 0000000000..c110a77c39 --- /dev/null +++ b/testing/btest/scripts/base/protocols/irc/starttls.test @@ -0,0 +1,9 @@ +# @TEST-EXEC: bro -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT +# @TEST-EXEC: btest-diff conn.log +# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: btest-diff x509.log + +@load base/protocols/conn +@load base/frameworks/dpd +@load base/protocols/ssl +@load base/protocols/irc diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index ff1f6385ec..dc514ff9d4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -1,6 +1,7 @@ # @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/frameworks/dpd diff --git a/testing/external/Makefile b/testing/external/Makefile index 6c1ac97e60..bf384edd86 100644 --- a/testing/external/Makefile +++ b/testing/external/Makefile @@ -1,5 +1,5 @@ -PUBLIC_REPO=git://git.bro-ids.org/bro-testing +PUBLIC_REPO=git://git.bro.org/bro-testing REPOS=`./scripts/find-git-repos ` DIAG=diag.log diff --git a/testing/scripts/diff-canonifier-external b/testing/scripts/diff-canonifier-external index 611d7c7baf..bd91924d48 100755 --- a/testing/scripts/diff-canonifier-external +++ b/testing/scripts/diff-canonifier-external @@ -2,6 +2,11 @@ # # Default canonifier used with the trace-based tests in testing/external/*. +if [ $# != 1 ]; then + echo "usage: `basename $0` " + exit 1 +fi + filename=`basename $1` addl="cat"