From e3cc7aa48f04e1ea474bb5f67a88042c68505e19 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Wed, 18 Mar 2015 00:28:19 -0400 Subject: [PATCH 01/47] Seems to fix a case where an entry in the table may be null on insert. #0 0x0000000000713b87 in Dictionary::Insert (this=0x1339840, new_entry=0xb18a9d0, copy_key=0) at /root/psdev/bro/src/Dict.cc:419 #1 0x00000000007130b0 in Dictionary::Insert (this=0x1339840, key=0xa23f6d0, key_size=36, hash=658668102, val=0x67fde40, copy_key=0) at /root/psdev/bro/src/Dict.cc:158 #2 0x00000000006cb508 in Dictionary::Insert (this=0x1339840, key=0x7ffff4ba81b0, val=0x67fde40) at /root/psdev/bro/src/Dict.h:47 (gdb) print *this $59 = {_vptr.Dictionary = 0xaf7810, tbl = 0x215b400, num_buckets = 1347, num_entries = 3879, max_num_entries = 4042, den_thresh = 3, thresh_entries = 4041, tbl2 = 0x1afcc9e0, num_buckets2 = 2695, num_entries2 = 181, max_num_entries2 = 181, den_thresh2 = 3, thresh_entries2 = 8085, tbl_next_ind = 60, order = 0x133bfb0, delete_func = 0, cookies = { = {entry = 0x133d790, chunk_size = 10, max_entries = 10, num_entries = 0}, }} (gdb) print *tbl $60 = (DictEntryPList *) 0x0 --- src/Dict.cc | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/Dict.cc b/src/Dict.cc index cd7792b539..15ac1b48f7 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -416,13 +416,15 @@ void* Dictionary::Insert(DictEntry* new_entry, int copy_key) { DictEntry* entry = (*chain)[i]; - if ( entry->hash == new_entry->hash && - entry->len == n && - ! memcmp(entry->key, new_entry->key, n) ) - { - void* old_value = entry->value; - entry->value = new_entry->value; - return old_value; + if ( entry ) { + if ( entry->hash == new_entry->hash && + entry->len == n && + ! memcmp(entry->key, new_entry->key, n) ) + { + void* old_value = entry->value; + entry->value = new_entry->value; + return old_value; + } } } } From 2088928fb603d2671d57f5f6a300e3d4df591cb4 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Wed, 18 Mar 2015 11:15:38 -0400 Subject: [PATCH 02/47] A fatal error, especially in DEBUG, should result in a core. This issue is especially helpful in the case of the Val::CONVERTER error and having: "fatal error in : Val::CONVERTER ..." Nebulous error and sans location, it is extremely hard to figure out the culprit. Thus, if Bro is built DEBUG, fatal should provide a core. This subtle change prevents having to change FatalErrors to FatalErrorWithCore everywhere. --- src/Reporter.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Reporter.cc b/src/Reporter.cc index cd1aa09d4c..d138e23b88 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -88,7 +88,11 @@ void Reporter::FatalError(const char* fmt, ...) va_end(ap); set_processing_status("TERMINATED", "fatal_error"); +#ifdef DEBUG + abort(); +#else exit(1); +#endif // DEBUG } void Reporter::FatalErrorWithCore(const char* fmt, ...) @@ -393,4 +397,3 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, if ( alloced ) free(alloced); } - From 5a8eac521ce01a81b6e2cf13a241433670d31265 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 29 Jul 2015 11:47:59 -0700 Subject: [PATCH 03/47] StartTLS support for IRC --- src/analyzer/protocol/irc/IRC.cc | 41 ++++++++++++++++-- src/analyzer/protocol/irc/IRC.h | 6 +++ src/analyzer/protocol/irc/events.bif | 7 +++ .../conn.log | 10 +++++ .../ssl.log | 10 +++++ .../x509.log | 10 +++++ testing/btest/Traces/tls/irc-starttls.pcap | Bin 0 -> 4512 bytes .../scripts/base/protocols/irc/starttls.test | 9 ++++ 8 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log create mode 100644 testing/btest/Traces/tls/irc-starttls.pcap create mode 100644 testing/btest/scripts/base/protocols/irc/starttls.test diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index d621ce2cce..238a058b15 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -2,7 +2,6 @@ #include #include "IRC.h" -#include "analyzer/protocol/tcp/ContentLine.h" #include "NetVar.h" #include "Event.h" #include "analyzer/protocol/zip/ZIP.h" @@ -21,8 +20,11 @@ IRC_Analyzer::IRC_Analyzer(Connection* conn) resp_status = WAIT_FOR_REGISTRATION; orig_zip_status = NO_ZIP; resp_zip_status = NO_ZIP; - AddSupportAnalyzer(new tcp::ContentLine_Analyzer(conn, true)); - AddSupportAnalyzer(new tcp::ContentLine_Analyzer(conn, false)); + starttls = false; + cl_orig = new tcp::ContentLine_Analyzer(conn, true); + AddSupportAnalyzer(cl_orig); + cl_resp = new tcp::ContentLine_Analyzer(conn, false); + AddSupportAnalyzer(cl_resp); } void IRC_Analyzer::Done() @@ -34,6 +36,12 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { tcp::TCP_ApplicationAnalyzer::DeliverStream(length, line, orig); + if ( starttls ) + { + ForwardStream(length, line, orig); + return; + } + // check line size if ( length > 512 ) { @@ -98,6 +106,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } else { // get command + // special case that has no arguments + if ( myline == "STARTTLS" ) + return; + unsigned int pos = myline.find(' '); if ( pos > (unsigned int) length ) { @@ -556,6 +568,10 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) } break; + case 670: + // StartTLS success reply to StartTLS + StartTLS(); + // All other server replies. default: val_list* vl = new val_list; @@ -1169,6 +1185,25 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) return; } +void IRC_Analyzer::StartTLS() + { + // STARTTLS was succesful. Remove support analyzers, add SSL + // analyzer, and throw event signifying the change. + starttls = true; + + RemoveSupportAnalyzer(cl_orig); + RemoveSupportAnalyzer(cl_resp); + + Analyzer* ssl = analyzer_mgr->InstantiateAnalyzer("SSL", Conn()); + if ( ssl ) + AddChildAnalyzer(ssl); + + val_list* vl = new val_list; + vl->append(BuildConnVal()); + + ConnectionEvent(irc_starttls, vl); + } + vector IRC_Analyzer::SplitWords(const string input, const char split) { vector words; diff --git a/src/analyzer/protocol/irc/IRC.h b/src/analyzer/protocol/irc/IRC.h index bce9cdf054..82a97a4d4d 100644 --- a/src/analyzer/protocol/irc/IRC.h +++ b/src/analyzer/protocol/irc/IRC.h @@ -3,6 +3,7 @@ #ifndef ANALYZER_PROTOCOL_IRC_IRC_H #define ANALYZER_PROTOCOL_IRC_IRC_H #include "analyzer/protocol/tcp/TCP.h" +#include "analyzer/protocol/tcp/ContentLine.h" namespace analyzer { namespace irc { @@ -44,6 +45,8 @@ protected: int resp_zip_status; private: + void StartTLS(); + /** \brief counts number of invalid IRC messages */ int invalid_msg_count; @@ -60,6 +63,9 @@ private: */ vector SplitWords(const string input, const char split); + tcp::ContentLine_Analyzer* cl_orig; + tcp::ContentLine_Analyzer* cl_resp; + bool starttls; // if true, connection has been upgraded to tls }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/irc/events.bif b/src/analyzer/protocol/irc/events.bif index 4e69b9ad33..039ec9c6a7 100644 --- a/src/analyzer/protocol/irc/events.bif +++ b/src/analyzer/protocol/irc/events.bif @@ -797,3 +797,10 @@ event irc_user_message%(c: connection, is_orig: bool, user: string, host: string ## irc_nick_message irc_notice_message irc_oper_message irc_oper_response ## irc_part_message event irc_password_message%(c: connection, is_orig: bool, password: string%); + +## Generated if a connection switched to using TLS using STARTTLS. After this +## event no more IRC events will be raised for the connection. See the SSL +## analyzer for related SSL events, which will now be generated. +## +## c: The connection. +event irc_starttls%(c: connection%); diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log new file mode 100644 index 0000000000..a4f9d436d6 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/conn.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2015-07-29-18-47-29 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1438145937.325196 CXWv6p3arKYeMETxOg 203.143.168.47 55123 185.18.76.170 6667 tcp irc,ssl 4.923144 913 1903 SF - - 0 ShADadFRf 11 1469 9 2379 (empty) +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log new file mode 100644 index 0000000000..41a49a16cc --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-07-29-18-47-29 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1438145937.994419 CXWv6p3arKYeMETxOg 203.143.168.47 55123 185.18.76.170 6667 TLSv12 TLS_RSA_WITH_AES_256_GCM_SHA384 - - F - - T Fyz2bd3loV0LDM3r95 (empty) CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI - - +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log new file mode 100644 index 0000000000..957d807f9e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.starttls/x509.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2015-07-29-18-47-29 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1438145938.995683 Fyz2bd3loV0LDM3r95 3 F9435743EF353D9E CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI CN=irc.joulunet.org,OU=IRCd,O=Multim,L=Pori,ST=Pori,C=FI 1436555613.000000 1751915613.000000 rsaEncryption sha256WithRSAEncryption rsa 4096 65537 - - - - - T - +#close 2015-07-29-18-47-29 diff --git a/testing/btest/Traces/tls/irc-starttls.pcap b/testing/btest/Traces/tls/irc-starttls.pcap new file mode 100644 index 0000000000000000000000000000000000000000..77b244685f1e62ce97622867a5884f89fe4f37a5 GIT binary patch literal 4512 zcmchac|29=8^GUt?#AVEEnTv8?Xq0=W=pbVNkz7jrOlQ-V@=7L&}c-Ga7UyhB8pL3 z9EB{CVQ7;fDk{xXXpE)&-gBF#lF!V4zw`M#pL^c(zUO}?Y;*Wum@J~VHm8}Z_kjg^S3!PK zJPkbCdkQLq!(h_W;$*%b=b7Y+L21Z=rKxy zpEds08`?dJm^VoB3%rp8y-^=elQP2de56Bdi=ZbOFy=coL68oW#ROgpJsjJkgfWQ^ z7G;V{8C}=?nz_m^)RXBS91$3?+dG^Y9O}c+)nhRjt3Fx62#fIa^bQN#6%nY;@CjzP z`+B>3G4}X{`!b-N3}5%%USYoO0p1@iCaQm7@wd69&AH9>XTk!1*25TeejTG45zK1L z;xNcezyYp&8zWo@rxjz$n=Q(OG1@oy(PE(Wkx9qna4T^Dr;W#xD#3BR5rbDhJ05?1 zm2b;C>J2;F-xCD>Xx&wyZ$G1T9e|%u7OIY_pbDrcN&#m;F(?8jK>+Xve!v&#gOxxJ z=z>&`0+PW&bOp*pRZ%5W5G8^ifg#WVNvI~OhAN}-s0hjnPJ>gR5EK9(xDAYf5zqoF z02{DC9>@hJKn~n~=D-ZBLD{GVx*SzR1yBOufYm?~90#U=j0&M-lpjR^5fD&eln2m( z2%rHfN=5O20+s+_APD#YFPMk!+6?#r0S|BpoRI<&KnyH}zmh;4-qV2qpu%}ykRjnn2nkQb5fLJufFmFTJRXNf@OT7=AP63^ak!%}AQ>Fuzo)e_H?3tCq+q9+ z8*3__CW%A%|4G4lEGQV$lPw5*Nq{TgrZvgAM+IZf&o0Uom&C=jd}8M0V@x_M8mkZh zbn$r8Vc*zwmT1|IViQuvqw06cOPSq$)Q%m7^}9@`oc;&`FjPPQx(qrEa|LE5e4SXq z2Z-kYu>=r{S&77xtVDcDA=eeWVA^bp*=rrc0v46TtD0<;JVnLf_=teDi_OR4CE+&{ zNFs>kIyRNXhYfi633kDuexHWqzlVbGZ8%HeC)q>J-KG<57ri9M7x_uarxlQQVx4OQ+=)qg6)zs*LrL^dXBCYaqnwrtB( ze{zX8ZGK}p&%}(3PS>W11GyH55`9{=%H9Z!&KZCc!VaDLwt4$Vj96w5ypV9xNRF*h$ z%7*U-v^h&huD0t%2fJn*FP;vcH?=kir-wQ}i4S=7+smJ70%lA%6teA$RzF0=t3pxV ztbp4O&L0!g_i=pJMV^ijOMQ?ow$Hb#U80onV$R~{D|#_wI@%SCE}_oD9;r{{8VnDq zb=HWwo}wko7U7tD`))?|w+9Q#T@Y~fu0mr>;|yeLJ?f(s!Uh8O?!01Za<=IXj+p*o zPc)@Py}a;OgsyzE-+XPL%_Vb96936cfrE-GT>2E3XQ&0Qt%z#~iCPkRC+ERKyzSNQ zrD@x{qzoR9H~z)gZqyTGF&Kf!uDpHojaI>l!Lxd|#A623&o{11%%i+%>$eWNXCI-? zr*FKG>}7;Y%Qu_dUU`H(eSf{%#kC#wr^N5JU5XRPjoduKT+t{uY(d3 zJ_sJ}s$x6VMwT>8WoZEdoghljm@T?@x4WplKzPscw6c_Q6nZ9W88$6X5NFZj7hk}S zEf66PS+ID|f0=V|+rgZ}0Xu=vK44{(E2H=O#BQ3-gwSe2_3;|w_LnP{Bou~bFD2No zm5!IqEZI4o{Qa;`@K9S$CZjRjiC}DXV)(Hf>v`#u;48+Saz=86-6HA3oy;4~DfAC) z+p#RCQG@=ZA(j>I<5PEw?87NN)rUlM~pPY2)xE$R$7Hm~XYVhA*HRgxBmVKbl z@b_1o6mefu9bnj6rb^8?XsID&S+|pOKiBIOGM=S8>R8@5wbpank*cG1wdYxO=XCEi z#TCZMYC7?s(H-LbZuu4GJ_WgLA8v&?t;vYlYHTy!)a0L*=KSKC{|a(&evR5;vo*qw z)PcNK*Rz7=HL_)KLmvBsl-Nv(@!dTWuHlkzn>`|JlvarKhBgn`{rb$d`^b2&E(=BH zHoQsGf0iVy*s-V4AsiXk1}}v0l+=W;JNd!O=TOmVTt>?xnNCo zw`>@P4a@t_O=T@rtTZPdV-9G;77d;~n0(u?AhDcwj47wRC{rA~kAC&3Vfo0!Oe6CF zfQLAEkC12pp2vW^ad=)iCy%(&W+Coi1@my^iTE`6e@|>po}Y9`^&isbiC)`@#(9oFe+M@JY$o z=G#CfJbTc@P`|T!P0YhhZxurZqsy{8bk{e%4exs;Rz+tQT;Awcp|t;Lkw{SSZG+~L z>n97Hmw7z*I4mL>IH{4E3ARaSDJM#%d-UKNTFJUwdv84!Soiynn>`Yh^BNzr9K;TH zYW}t*Td;z3f~Qt`Z>*XyetpUkqxPpy&orO&iAi?(KJpDS@Z7sM{l!FQp<=(Mzq~1~ zji-r)NJ`Jk9xJL>_Q>}kc$Q{A^9vlTPTLc6zWJWZjcc1TZ?r_M&%=qNUegVE@7qLZ z7k$?>Bj_`??b5^1M}ys2h@(Pbls!59yegGfx@SFKYQie%1 zw7hTdUZ#BBVFSM9L)(69VcV!%Z0iT2uiZLb{r|LUGwmy7-XVqrDlQGQFipuEQB+L1 zlP?sN;icboVrDLjEDFFHhF{sBk)sxiIP(txt_NmFCT zcCLQ?V{=kdfWE9ow5Yx(Yb5U6-Gdcx10Job|1g&(=KX{5E`0@B*Ot+w_0C^JqHI3X z^5C3_o!Y$Bp>Z#p28Z^Lqr+zAZb~u*>w?QSuq}7j*c&Dr^J88!ZvG+?i+wD0aBEM@ z*L6b6w7bQ+H=c$Q{i5~+!P@gS8!`poQUAT3{mf-9__+U@DfA_?ZWLo4hs<|vc;E@c ziV3_HL>D;rsB@$H{_E&k_ri=>6Azj Date: Wed, 21 Oct 2015 12:48:35 -0500 Subject: [PATCH 04/47] Correct a typo in controller.bro documentation --- scripts/policy/frameworks/control/controller.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.bro index cc94767370..edef4149f9 100644 --- a/scripts/policy/frameworks/control/controller.bro +++ b/scripts/policy/frameworks/control/controller.bro @@ -4,7 +4,7 @@ ##! ##! It's intended to be used from the command line like this:: ##! -##! bro frameworks/control/controller Control::host= Control::port= Control::cmd= [Control::arg=] +##! bro frameworks/control/controller Control::host= Control::host_port= Control::cmd= [Control::arg=] @load base/frameworks/control @load base/frameworks/communication From 551a7d7394468823aa0c6139f03176524e5b28a9 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 22 Oct 2015 13:08:47 -0700 Subject: [PATCH 05/47] Make join_string_vec work with vectors containing empty elements. Without this patch, this scenario results in a segmentation fault. I opted to keep the separator present for non-existing elements. Hence, a vector a, [empty], b with separator "|" will result in a||b --- src/strings.bif | 8 +++++++- testing/btest/Baseline/bifs.join_string/out | 1 + testing/btest/bifs/join_string.bro | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/strings.bif b/src/strings.bif index 80b60a57d0..ebee7d9cf7 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -216,7 +216,13 @@ function join_string_vec%(vec: string_vec, sep: string%): string if ( i > 0 ) d.Add(sep->CheckString(), 0); - v->Lookup(i)->Describe(&d); + Val* e = v->Lookup(i); + + // If the element is empty, skip it. + if ( ! e ) + continue; + + e->Describe(&d); } BroString* s = new BroString(1, d.TakeBytes(), d.Len()); diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out index f1640a57ee..e916fc304a 100644 --- a/testing/btest/Baseline/bifs.join_string/out +++ b/testing/btest/Baseline/bifs.join_string/out @@ -4,3 +4,4 @@ mytest this__is__another__test thisisanothertest Test +...hi..there diff --git a/testing/btest/bifs/join_string.bro b/testing/btest/bifs/join_string.bro index 83917ef322..0b2d94029a 100644 --- a/testing/btest/bifs/join_string.bro +++ b/testing/btest/bifs/join_string.bro @@ -10,6 +10,9 @@ event bro_init() local b: string_array = { [1] = "mytest" }; local c: string_vec = vector( "this", "is", "another", "test" ); local d: string_vec = vector( "Test" ); + local e: string_vec = vector(); + e[3] = "hi"; + e[5] = "there"; print join_string_array(" * ", a); print join_string_array("", a); @@ -18,4 +21,5 @@ event bro_init() print join_string_vec(c, "__"); print join_string_vec(c, ""); print join_string_vec(d, "-"); + print join_string_vec(e, "."); } From 401e6c91028add3590b700fd742dee21f626513e Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 22 Oct 2015 13:36:21 -0700 Subject: [PATCH 06/47] Extend ssl dpd signature to allow alert before server_hello. The alert in this case is caused by the server name in the SNI not being recognized by the server, which triggers an alert. Since the server is an apache, and this might happen reasonably often, the new signature allows one TLS alert before the server hello is expected. --- scripts/base/protocols/ssl/dpd.sig | 2 +- testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout | 2 ++ testing/btest/scripts/base/protocols/ssl/dpd.test | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssl/dpd.sig b/scripts/base/protocols/ssl/dpd.sig index e238575568..2ebe1cc634 100644 --- a/scripts/base/protocols/ssl/dpd.sig +++ b/scripts/base/protocols/ssl/dpd.sig @@ -1,7 +1,7 @@ signature dpd_ssl_server { ip-proto == tcp # Server hello. - payload /^(\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/ + payload /^((\x15\x03[\x00\x01\x02\x03]....)?\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/ requires-reverse-signature dpd_ssl_client enable "ssl" tcp-state responder diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout index b59ed28b18..7b2d255900 100644 --- a/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout @@ -6,3 +6,5 @@ Client hello, 192.150.187.164, 194.127.84.106, 769 Client hello, 192.150.187.164, 194.127.84.106, 769 Start test run Client hello, 10.0.0.80, 68.233.76.12, 771 +Start test run +Client hello, 192.168.6.217, 67.207.128.99, 771 diff --git a/testing/btest/scripts/base/protocols/ssl/dpd.test b/testing/btest/scripts/base/protocols/ssl/dpd.test index ff1f6385ec..dc514ff9d4 100644 --- a/testing/btest/scripts/base/protocols/ssl/dpd.test +++ b/testing/btest/scripts/base/protocols/ssl/dpd.test @@ -1,6 +1,7 @@ # @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT # @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT # @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT +# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT # @TEST-EXEC: btest-diff .stdout @load base/frameworks/dpd From c151a258438d62a0aa5202192d84deb62d53f4bd Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 23 Oct 2015 13:10:33 -0700 Subject: [PATCH 07/47] Fix support for HTTP connect when server adds headers to response. Patch by Eric Karasuda. I slightly tweaked the patch to not need a new member variable. Also turned the provided trace into a test case. --- src/analyzer/protocol/http/HTTP.cc | 49 ++++++++++-------- .../conn.log | 10 ++++ .../http.log | 10 ++++ .../tunnel.log | 10 ++++ .../Traces/http/connect-with-header.trace | Bin 0 -> 64527 bytes .../http/http-connect-with-header.bro | 12 +++++ 6 files changed, 69 insertions(+), 22 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log create mode 100644 testing/btest/Traces/http/connect-with-header.trace create mode 100644 testing/btest/scripts/base/protocols/http/http-connect-with-header.bro diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index b477f939ec..e5b1b63e4c 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -995,28 +995,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) HTTP_Reply(); - if ( connect_request && reply_code == 200 ) - { - pia = new pia::PIA_TCP(Conn()); - - if ( AddChildAnalyzer(pia) ) - { - pia->FirstPacket(true, 0); - pia->FirstPacket(false, 0); - - // This connection has transitioned to no longer - // being http and the content line support analyzers - // need to be removed. - RemoveSupportAnalyzer(content_line_orig); - RemoveSupportAnalyzer(content_line_resp); - - return; - } - - else - // AddChildAnalyzer() will have deleted PIA. - pia = 0; - } + if ( connect_request && reply_code != 200 ) + // Request failed, do not set up tunnel. + connect_request = false; InitHTTPMessage(content_line, reply_message, is_orig, @@ -1036,6 +1017,30 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) case EXPECT_REPLY_MESSAGE: reply_message->Deliver(len, line, 1); + + if ( connect_request && len == 0 ) + { + // End of message header reached, set up + // tunnel decapsulation. + pia = new pia::PIA_TCP(Conn()); + + if ( AddChildAnalyzer(pia) ) + { + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); + + // This connection has transitioned to no longer + // being http and the content line support analyzers + // need to be removed. + RemoveSupportAnalyzer(content_line_orig); + RemoveSupportAnalyzer(content_line_resp); + } + + else + // AddChildAnalyzer() will have deleted PIA. + pia = 0; + } + break; case EXPECT_REPLY_TRAILER: diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log new file mode 100644 index 0000000000..7adb1bd2e8 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open 2015-10-23-20-09-31 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +1443732977.727740 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 (empty) +#close 2015-10-23-20-09-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log new file mode 100644 index 0000000000..e7d3078204 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2015-10-23-20-09-31 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1443732977.728092 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 1 CONNECT secure.newegg.com secure.newegg.com:443 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0 0 0 200 Connection Established - - - (empty) - - PROXY-CONNECTION -> keep-alive - - - - +#close 2015-10-23-20-09-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log new file mode 100644 index 0000000000..95dfd233d2 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path tunnel +#open 2015-10-23-20-09-55 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action +#types time string addr port addr port enum enum +1443732977.848660 - ::1 0 ::1 80 Tunnel::HTTP Tunnel::DISCOVER +#close 2015-10-23-20-09-55 diff --git a/testing/btest/Traces/http/connect-with-header.trace b/testing/btest/Traces/http/connect-with-header.trace new file mode 100644 index 0000000000000000000000000000000000000000..740b5ffce8752a28714484a28d9bb96fd2a4b731 GIT binary patch literal 64527 zcmbrl1yChjvMqdYcWB(5#@*fB9U6CccXw^v-D#Z0-QC?AryFa0cn@5lKZ>#uPzKgN;%823~DVGqH-ZBOUNSpI&9 z3_}2l4`xp14ebB2!T-~S{}(n64h(?ugXK^8hu*LMOT94|hJe8S zRc|3VSy>SwWdcWILuUtLS{q|mV^dRFLtAT3W@aV=ab;zBItE$>IA|3|V+R@mQ)3$^ zP68QQ4|6LkeL5CedIAa=eM55_CtF7|E&>S~Cu1vuj|&8HN(AZz4D_@N^jriEE}YB^ zwDgn&V#bD+wseg24D=s=3VB*t)sX2-(`$7#lj7+uCpvSQ;DK z(db*5yBNbk|G%z_+d6*e^WW+Y2Mq`P=@kAC;{L_q|7)ixWqdfL`@eHI>NPCj`$r&s z%HN#wiEZ&eJLUg4`~w@~1KZ&rPI>tZrvIXyo`8{_p5Xu3P9Wmwq;Ftl?r3Ig^cQ3L ze|L$1oxY)&F&!fBj1mhb;F1OI}J!7u;>@h=R#d;tLhtbSlFf`AnACDPU8pbGO9 z8q;cWSnGuJ6%43nIBomBQA7=T0wxFqny|D>2KX~v8MLKy{lJ&_Pe51(*Alsf$aSY- zFl_;VFWq0e>AIo2p}JAJQ2|T<4gej11pxg4@A~1mF91{k0O|i1L+?OF`S_VinCnvkl$pQcafPMV%yR zp zUT@Z@IAp^OTH#AUn41fDyb|JS#jL{f66w4o&H)^27M+-%3e9~e^dB0l{jZrR^iv_3 zPwaYTctGffp`Y@Pd8ze38~gWp`8Oi9|CX5y|HW9Dzq{&hCI=6aqeji7h^-_j%rR(V z;nq2Xg4&qaAv}kQ4m4!jC(+0h%Zh;K%5?ASOzIa1`hTi*`k~gpnEbzrc?IncA2fcL z-11NU{fEf{obZ5nSis-pFOy-7|80{SKVs)^Cc|3)!(`b{I?+KuVEK>8lrMJa#DqWt zwEUC(?h=cZ(@+NXpB)kx`??bP?X6E?<&b42?^7hagG5u_ruXSmfx`!1YVyh6GpGi} z){nv_F}H?&j7>S(aTa7UvRZ|6+x`0Kb^D#Z!~PgIi}2x-OJ z9lU&Xkdv0}(b+ZN2@gVE3VwGS&}H!Gk77m=Y%WQD!Ez{Q`5izqi-7CUGx=>lx-VXo zQzbdl%q0kcygB<$ZITT9i9g0jv8F?X%63g4HKKS)4q}zy)tuOZM|hnHS)H0%XvBg7 zm-LF3dV}P#$=tmDpfD@6OBan|MxrkV(n=sfdWRp;k9_LBm>Sd6x<#cMEOJyMw408Y zmPO58a9T>OH6fS^N_x@z$s=C*E@DQ#BQ2S+Z*87Xe9Gj2Ar%5#{12tEuJozSuVeYZ zwkyxjzSHXfHf<3`N;EGjfiGXi(zGc@18mgRHx|Tic~MUqanX$d=6)a#zek}Rv%6b3 zi_Ls@y`{ie)4P?@z4I}CE;4b=cVGh3r!X!k2-R_ehZnc%ZM5(tj3C@Z)N+7cjqH)7 zC2;G7QgS;X;=Cqm2j=y@`n}Ao; z6Sx#MXfyRDW$~f4SFiB!7EHaDAFr=~1D{mV-I(~>!vejOy}Hvd;?r!A0Sg#Jro}-& zunVgtF3K12Z{;Y}GKT3ftZ>)Puguxqb(+o#3WZHQX7vr795q~9qfwSi^XFDXLceU+ z8`4lqztS&&P@gK#x=t4VA~%zDQgaT(Sc&YWWo@08&hJZdzcg|SnPhY|jx4&hp~(Lo=IdH~MyBy}hp*}x*Olia%L9qk!1e}3^8BvSkB zA4ROU>g^LWZjE0V%FqZ6Q4T2Mi;n^c*+TWWrnbFDPcu?G>KwqY!n_c73CMK^RM)bS zw}dy=nl$5DOgsNR-8;2()T?EV827ZAzr5Ov8K^tn?IGk3vg<}C4A9xiz|u$j)jnW5 zZ-;2i&40_&^p>rZBpLE*I@`YU5&o@-%={Q<5m`q`Q-Ufc>~aONV}9N%!@nR8TZrn7C8gZY;XMC* z?aQOh+%8*@dIZB%?4t zxfH7Yh`&`>zHu%5@k{0eG%ClgQQns#0&_5DyB?Q3le1#UpAEaaHN8=;N)8;>-IZtc z@wqiOO4Q9%Ddtx%gmIGyNmJE)aE;btTDm>NIdyC<8HuPaN>W&0%C}pQ*BNfI40108!y7@ukNi$Lcx2#_AEe zD1VXJSxBj4U7mkVUnb%tA+P1j-c2XbWki1QnV4f=a#F_&Ektp#=2RD3t&|HCkP28q z>=baa@!AQm+djkBR0Q@KaCH2M=I#)7{x+I2O#^u!&Ku&D1*v9V{K(liWey!ZFXccPN^_TUhmy8Az@hju+l*LD!DLZ@;!bD*4L4 z4dq1S%gnNwxrh|SQ-6;ata8U!gDb!_8IuHu#qp5IjojXXW~|nI<8`*TUUpDb^8CA` zF$63=xDqE#WQMznaCQ%4M{wv;P+emTt94Am;*C*-gSH`FmF9>!jD@kN=f+OkO`$R$LpbC{8_30o?`qPKl1 zFw$_z@4d0o{j9TYDZb?j{(O!ZN%EylR>y(GVcsWM z_x1d1mJh?iknfmg?fGE-iCuW)0Wj2%9^R6xmzHfS!$T?hlM}3-YxC(a7Ff=PKmoG2 zu;FnzM@{Ow3g_51k{6}S*PiwLZHd*UnSvU$MLj#3Osr0tutP@mQ((>Rnq!)z?{B%O z`kGN8%;wzEZ8*77KpQ8l+ZV|*OKk@vK+J#2Oc>$9E!xK_k zZ{@ea6_wNMJeFIPG_6$weHLGjLX0D{qQLYYN7)sctyzai;cBRe-0%Ks7ehw5Lg*M1 zJ_cqoIuxlF9HsTtKt*#DNF@$6(4)eltW>+R*a}fwvwQH{QgI=0o&@_5mbp0cagPpA&av{mQ9O&$w)0ZJq?Fp3AYonh%pNNf+?A_cg z?Szn6n23VEz3h_mcGsV0^@s=L7>rZLyW@|XZS^mRCd|l<Q+5$T;T7>&3br>d__*R{BXi;AyB zZ)RT;3%=qwX<@+q_JdYM<9BlAO~3Rn?1L_j{=txvJArjHnDOlTrb^cGJ-{MGvrX0< zbudVfvj0+PlKByC?8e8?%`t*)dH*K%NuKA=l`S`2=_bf77>>@e?HL2cg!py`&3SVQ z_jl&tOg0p~!E@0OA0Wq+NN^JC)B;XNNdhC$+rS84uL1UAg}qrk^T5?^x<98pcZDXu z*?pG9N@2JKH@hI=WYbxauIcVxYs)K!_%_%6>eBHOgT~+NE1FUL=nI-Z*at zd};j;#cOZ9=IFslUH$r1P_2ahy9v7%L-F?naDngzX`P;_RZ)R3&Nn21-JDWwn+|u% zaxnJOUkn1Wi6;^<$8~(aPZVPv`v2jf&&s2X@GO$))j@(Z&kvAAh`&5A`hMniFEFLiZ2Vv8REpXTtuGhE`fdd z@>5qgTes1G!%zj8E}3o2TRQdYYKim|E$~UA#dhqyHXDCYrs18McM*eMtc2!y4^yvy zmdgSN=lrZ1p3C2~IYHDBawT>Qv{7S3gD(lR^4y64d8$RUluzr+trChHYPj>|a}Jd) zJbe?a4QxV8Ig%%Qke|(u@kfL5pEW;vPan;X%0D$fpACxa)d#kQ1TY};V`=YG{%UT) z?EdHG=kE>wXJhq&jlrM-=Jr?f6Gr-p{n7m3FQ0Wyt!ay1MgeC_2bJU>o&3@iZ#N}_ zrFJZrlulb*h@|X`gDxRw-E8Y5z)%NrY5?U8u(jS_)ZvA3HLTMW1XDM1%zWLwx4q0g zs6*$}`vy{=&!2cK{ZcDd?lF6h7cBy&SJ0EoAm~+-M-5$j=>K9pm(FR67AYI^S(WDu?gcVT@#cC3& zfjduorZ!Yn>$BCGB?GS214}G0Le`BG9t;Ux+LAd%j8XfTEB{#F7@`OrEaA&C$vnNI zScB{LQTG_LYBTV*l*wC-r5eEwiP65j>_qHdu?+dpKIOu+lWztv+RKv{8}))~G7KFf z;W^N&7~>?*DQ7e&*5#x}Ue$Z!Xph=mhh_SuhU zm#!bUMUA3TZ&hCItR_x_oiEWEs@ z5TpSLT(!UZGuaIDhViPH*1%6Nwo&KioD_p!1g4vNP{M6(Og|ttlmgAOo?eR6y>q*}B^p zfGmZixOY+*8er|4I)Xm?C=xzY1_C_0>!kyILcjLaDVkuc)n$5lJ-(gtiU!294A5Y~hRCK__#0gC$ktmVruvFIot`yMU$2Nj`p;#g&u zc;`wd?gpeSNNl!Jh)H+nEaafM?u{Iw4<~+PN|>!pHOs`u(h=5AK%9aqDW zT-*d15P$ENtOffInqqR1^W}N!qVfv7k~`hjTW5Nk^;g$5LpkHGgOcvTF(={Ea@EF# zI^`24A9g$CtOx4~ki6z{r!V9!X?v4wphbx200x1}U~jVk5_`(*O|Kv`L$~2Z@wu}Q zS6oz6I<}R5^SJMN9Fo1uQ)E)Kqxj zC`%$fn+S9-p7{JP=cV$dEMNexy6|PPp=*L7PG0yq!iOFY=XubA9FDGbQLGm!g!os9 zJeTs|(R^XEFSLH9z&P9+M zz%Kl`f7DdOUkOXL7wGQi@4)k9g_?JgY&}_I5x0m+2%(CA*Da=B&u~MBqrLsew zDu{dyYI)noDioHi(<|o`d5?>IH8oo-q?@&eKUWVVO~d}o)jl7&`d{k6|7wv_@2Qwo zweq75eE&an;4@c;k$z&o%l;>IK(+F}sRLx6*i`*+1zGK$sHwTKyDGAf0$jj!*iAqE z;I7?YU}awDknlqEV(bslsm?Jo`l8)`N^fXIG?S$EZ;lNkdR@O5|B4y3V1=LxDr4)2 z2}Mp7zTJ+5@}pw`JM);KL3$kE${T0$ez*;0+2}W0?z9&bDt;dD9aU6tGCeo07er8zw4ggDfH@Pz$w;qQtCZJQ5acbzX*)Nj?&#QPIG zW=>xjAz-yUhgATcHJvAT3znw5ar^>D9mq#kxr%3NBa(3E~vjMa|Gklgrq=Ogd3 z;dE{A0tWc;ffQ ztpYNvZqBZXvu#SZnyNKQP|dAjp8nkVaE{?XX8pLGNz&C)e#8Tmrv=9aLa5(A{4E1Y z7WF6&J+t>-&|-~&P&UzP(Q>{{#Mv%|FABGM-pIHHO^Sh<&)2>U;1W>S&}V^({ecn? zB8OZs+0yKEoi=^U9!kPnTs)zWxi2RChG1PR+VF-P>F!f*f2M13CDxC$gmy4o5XEV~x`x zrfEPNy;{3MEW2*aCuHxXf$phaX9F_Hf>D3RXP=EmC1$1;d0W+YqOkd`w~F3?&ngEa z`0Ro9EZ03*9D^+(77QVOH$ua-5G?|;y|`urf;CFB_6`q!=fsR(qnKzx`uaWG-8Zjj zk7VfFJET|NDJB@JK%ZK*b&mI8Yfi$Eg5OdBbKnn=)sd1$R=UTq4TzMtasO5^k~XKe z`TeY*Z2b%RHCMGD;`qaXwT3sD9S?j6Eg9uMHNxH%^Ai{VqRS z*h-axdl{6c*lPTP2EINn`GylyLiVZakE`$qg~2kxzY3SWwU716mN4^nc#M33JQ`MlM_d=>Wt*>!&b-P|sQF7wiCttA?kr2ow zZcm7Ds}~$yRj3{^I|IaAi_O~>fxfq2c-MrY<>D8obl$NOCAT^mt$yZeOgUgcI2zz@ z^4C2(n$Ev_&#v|ISFT1g{>MH0-*a`~Gf+tSTk1=PF>hkPa4;LkpYs)vO`)2RtC?T^t9>6wmvVu{cl^y`Xg>5+leF_Q4@I#vWw_mTLlZB;y$_3IT`RpLC1jQwH%Ik zfPZpL`1VC1C`PD1KUB83@Pz>j!{{roBhfjzDNW{6;YLF*dk93K`F$_^+J1--5A2X% zqRQsZTABdVYK&n2pq>>4*vultxWu?8Q36SKkIuJd4mO>9s4%+AbzUm%0qr}2Qvbx( zERsuqYO}tDSTK~37U!0T=RD9tDDP|eCK4Y6{I5ZINusjN?|8@GhuN+oqG{hVn%Q&- z?pn^hid;Q4woV&6%Pkcmnb9-r`OrG?3;cL`_MGnSTVP&WQ66%Q-~^n-o~-Sqpi6)i zL8*U+s4#s0Ik1aAspZ!Bu9&sy*x@_6`a}Q~aC;9Ts%{$3@8kqaM+BEnQb;4?qo-Pd zDvp>U49*s749|=xL!z2tOBIS`p62|M>$yqbw|>Cp>ZT$7AF*%?3s+pL`Q3FWt64_d z%iGEr@~S#kAX-Z=9!3&sC)8Ef!enOY(Anp=>vq?Qt16RP2gB|`7*>vW$j;@YToGEU=tkVjufk7B}Vv3_RavTTevId}1PBM47z&*2ZgSt7xc?P0j(v zfvDcwnNPqQHD2Sy7249ci+hvWaX9u}^B~Mq?vWDjIV)Nf`2)AJ>fmhaZh{_oXPn^GzW?f_cH5^`6Ht92`<(nFgFt%X3yR<4Cl zW^96KyYq_@qee$e-hdVW2I|BJ*;cgBtE=iXmr~_o{Y)5N#|i^N^eVz7kAK{Pyu-TF zp%|~ik?|YjFD!-WJ_spFFP>58XBcR~-krX^D8?O%D#`K89?m7sV*{0|0eM7q_5-!C z=}-tAIqh(A7g_;ln6eI#{tycx$@!@hOHT3x@<8&#OlkSD9y!k-C8xyf3J-gnTHfU5 zel+-}=q~!S-kN4!E9_f6^T95{Nhb=!cXZG^5qdX8eHXBf`{iEo<*D zTTp$kZDOr{xJ8sklCHQqmd6E=*z+*b>&_hgx7WG`4Xj_n#LQ@zr=uJ7KxFo1gq?dC z6DcuPvaHGlRQX0hJ9&pVxzyiE&<0XbeR@sjV#Q0p5nl2F7JL z`f)yyhonW6dx%m;w1c+|e7Jw(USX6mHCta1>+gas+~0GZr;U`nck2X0 zknpBxlDvy@YdQ61Qu)2>3Jg?t9EuMOuG6uDj=}$!CK^%}RCS}xwMreOn|dtWp<{iQ z&G2(n30|Fl(zH(or&-{&Q`i>pStA+U+wsY8`39vo)Eo;Xyey6WI%l)B6|Q$u(vDOS z1X=OZin&Fyk!yla+)}&9{!UT;G9;aujwUP2r}cfeli@;&rs-9tob-O5*_Bu08&5PB zGLtzLSw*=^=Lpdw?~te|i55r=SA4^>1{L#Y(-{osj?=EF)yXnR$o|Ty$Ma!1^9o|> z8I?Yq+n&-(<%9aqZ>$;~GN=r{u(iO=Q+dWrl|g>~vgW<*+c!ik>BvGnPvX#FQ!@9- zMGowGTg^I+ybg}Y6W1BklN(XuOchQPx^n!L%eMJt6bnr1WrDF@*^IOeRJzg%XouQ! zSLp)N*`NM$i!2PbrOSy_q(ywq&z2!_z=;D!Rt#JRXn^@wDRR`@lmHwFjz;0d%k4Yn zUaSl$0pHE=isrMZf=3SYj|5sIa65^k6WCcws=oXXmdK`{y5Ne5UzHoAL{iQoXZj>mBsckc%*M)-z+GDNW_-yghq$VbSWdnWC;fWqN?=;NtQ^ox)}_EI1Y+fpsVZsoN!gDKIC{}pibYq*P%C<@epQj4_mi-G$)t) zeotlioAON;{Y+S(xBg|QGmL_^)7r{7rF{2P+tN0**@2nTN!pb$t0J58Cp5zdnf?GJ zXOJCz*z(Ffu0aYqhO?4PQyAESGus9}N~<=t)B5Oqh!l#_iB!DqcWD73(F}>m#LuTj zbMOXPL`|R9X0|pwc!Y?zLpzqP=lz`%bTvOobMh$h<%I0xNRgM)3pMa8g^Ref`wgzL z{0AfIY%ESb5McF^6lbC_5Ve^@ixWU%*B8wP&>{UJ0aILZQKxZnC|e-k;`f8u?x!?a z_{pp#b`-i=A59)2nTd3wfI_~LWKoZ(yEPvC9Q`&}EIyCNGH@K6g)v)i-D*ezy8DBy zewCn7L7^7x5)_Qh<48kuW-!dW%_}U=QI7tH=un4sx`^b~PEbonown#~zqOk+|6+~x zG6RVNON!iS`F&Nj3FIROKi8CRQ@2y4@UODyvqRhL-{PW1*Wj_i=0abf=6{{Hs!h;=(+h`+yvoX5~bz%3W;rbj~)7Qs&-QfdDdf6_N3F1FLz zmn<@D@EZfJW3STW@XQ(eF=4di+si_5P#a9D?K=j`KAE96w~e~^#vo%uS~^fRGv|3P zB8!<-?HmFiLv$+6NxW-xPCZWPY7i~%a8o9XFs?$!-`RVy9KOz6Y4l~z?g}k$0x8-8 z3-xeV%$q_4ZAP>sPZNuTp52V$^qK+hQM7VhbrczQNoMcXfieYsnSzE@RPH)B77Ofx z=cv=C`>P>&3p^Bx(5V}xVg~&%2`itGIT?2%Pr&7n9s8@2?qdN?sHBcKkI1XyP3 zW{A4oyIYdO(~tlVZbk`ZC|%po!#=SD4g7!vp|^Y9C?Su`{*-OqqaQfB(Sp4sc1)Yi zbCG4M8dYD;Om1rx{X6QTw|$GD_j7(ZO)BkbL2f5=VvQ@1H6;=Uewou-xUG$|hg7|( zygnXulFxqYj5%&O%r2x&PI7Np7@ z6=XuM^P+7z{jPCbj;$U>&=a2XyBhol?|?K&d2*b)ChhDZv7U9fu^#r%$_s7HPGHL0 zlQoTF3(Nps{6%F}jF4D`y zwRK>Xl6(2^_)H!3=b??&S}NWm#5FU7`#?#L%C_na!{WITh>1Wfl`;;N_f1wCML7;X z6d$y$cLnPL@d&6q^Ec9cP)y@$67ln~pV7rcr|yy4k{HJ6Uv!Wvgo%+L`PpOPnN2zY z<@0-x>iII0z?L3KVbi@{4X!P3h_Nd$MpS`y7$FFyj#krWIQZ>|Bd-=&1ZH~~6y@J> zVPBu`w^mC+H8>ZbDCJWi5cD((!Fz5&*AJAX(TlqaD3es?+z#KXxN+@4rBq{Y)4yEA zDk1A;{)XWw@j@M5IRKnyW8dIT;?ch1Vu;(C?knF$O%wr%+o0$`H@@i-GS9g|GWm=V zEH`mt#IIB*xB37}=IQjCMkNDs!h|`Sr+|D^!_@gErbDj!qGi+1=U#}ng}b=hZM{Q+ z5>Uo!?=I?B1KZ<&zWD~eEwk;zTinKoe__UFVI=^^0 zyRnibr=I!bwPe{S_BV-dH#Uy`DbNCoF0BGk1`mg@gn?r1PQS~FM;(-c?SVA0RkH^e z0*-+*5d^j>HTh3@WF~Wci}4hsDDKPuh>78go5Y|{pHhme-cxsB=274v3D4$3mdChv zwrKc9A$#bgziKc9>XMVv1T^EY&pS{-Lpp~WR#?qBkmOfUfa#;_HN6) zKGqWjUjQjxjyF@oV>A>;R*0)BVaLfS_S&B2YuShz`;7q}v-4zMhW@@3SA3%`K|FmT z0Y|fg*-zWj*xO#thL%{{-EOt13zK)S#n2q|Eh=w2{rw7t1b1^OvO``(6GXhSEW}=2 zWcNj=V?-Vnr3j~*_hl|L50eAG~ddO^>;oMS?kiiGbT+cL{ZEn<{ilp_+n*kPXL7mWgn@l=rN-zh z2|x5mgr%35NT59IH;BMH;;lIO`E>G?cK1R<)#;oghx)oKoV^t>;j7?JR<~l{m8`e$ zC;IMmKXs-Xz%v!11<5ndvQKgo(RNsApMx-bKf!t0;d;UV!l(C@1|1d1vXg zLY}?IJOWWiKxm~V>C7wvo2j~VzZw);14PA0mgg9Eggdm9T|*~voxAk@#4Z0SW>)_A z+XloDl1=)Q#34Hw`RRpt{Yk0>W%Zxpn-PLf^6a4CZc zIY(ptYqZMs%fuVIa@`O0X~@>=;=R5H0e4(FN-B!Rm>vOker!JDHELfWH6Nynpg-2E}~aEV2Y8qEf~{*)8+8+QUBl}olKZvF23Me2Ayp*AX(qr zRYlodjRTmH>=UJJ8>v|@cteC6qik)uYlxdC<|t6HDK-c|+Pv63^mwIcL{P@d)?*Ax zbjX3Bmpl(AoL(Vp)>}nEv2d4((3xkM1xYR~a%SL_a>1O379%-xAzev1tC_V4;hB*9 z2D{0Sh>SBa+kM-0Y$*8p;>hKa;)}>g*caw`z7X%4bF^1`|$P2zm3HLIZa8e4;Jq@5|u3Sgd|Hl5&P%zCTm6o zqA0Ay4BB}MuU1D!IB+acjj+$^)mhV+Y{x(!sRjme;dn<9F?#Y82| ze&y4tbQK2P^`wmG?pDKg(-);k&Q)ySyYiAAIeIkTyV((k22tPkjdDRrrKaDJ=c$Xz zX)O(0d22&7;K| zM)bLv0Ke zu0d0F>QESaZmz?UmI;PKX;|jH4Xo`cmXlIiNiP>3y196fJHXh3LHIDpavt5OhZCZw zv2zy>z2P>MPd&oer{hb>p9`}j9}Bbp*#@1~%f|+tv)LH>h>KxOA=fCEt=*^ZNW8W zPR>dUG3{YHm0!?|ndLIdhT%e%@a?GRd-ES4xE0ba&wLX6P&dD|I$VRM@(mN(EAC0X zc%%H~KlhtwCG2LMUW5~w-PYCW@3#{EW#1|!-?Xmw64EnUmZy?dqV(w=ThJ^a?+^C7 zDybgE1?+bU985F|qA=Z+{)BW`3fP!p%~5j|owyYa*iE<0V*Zh%j^njJ>- zt*<}6i#SUw%LZbaWfSHEqdv>j%AZKgE5xA}5n%u33zOc=sqaC}Z+px{$6NrZSqB$M zH2W<>67~S(ZrZ#g%Qs@OHZU`$5^Gl4VcnS9YVO=U>+kmR+$(x4%;`J53PU*-0YW9i zr0IGv?pP=9)+*~8;ne>WLT+MW7}vcJU5wTe)+!0_Ge2zTHcSp{KL zS58)T0>Y45&PyXuyYnaxVisy-m)ieXt!*9@}qq#5J)F#ZvYUV;+Ho*$MMV87fRj zoLO(vQiQNpDQc7>;6n$0M(eXQ%aJr;O`oX(eSOi%kuEPF~AP# zrdfNbxFyNk=gN9pJEvkyH7BS&CedxD;9R`LP&cQmJln;jP4H0}rO1Z^m&t#pAm>0z zt)w9kgf1eo%XT<}(i^e#g|y|`mIOxes%&GY{3p?FWiMe#1$p{xm#|YdOeUb*91+~m z`i(>VRZy~zgj&^Opntu2m6mEJK>||w>q`AI#p*91yp-#=0ri`%)@BSQ(cUV;bv=(s zIS-v)s?bE@;Z})x`QI2htaqvptmVM&T68>HIN2b-O1W(ZG-AG&Dxe848KQk>wJ2J% zFIUTv61|zC%9gNd&VLzu4D(FK^XfY0<(#iMmG^^~rD^E_kH3EsHx>#^Bs?uix#-4m z#o>>LdN#TJGa4~W!3kX%2XDYYg}-%`I*ue`X=C{i7e9YLM~p@@2{)VQd>8VJ zEp8e=e$zu~9$n3V6PC~8+-e)8Tz~ML6k>lZvzvz0b=G}@dh@7}H?W)u?B}*&SWB9; z3qA48CjR318Fv9iV6-0@M{c)t=hsWM$CubjuwRawNO==pS_GU zYPi|+y4k@Jf$F^rPKB7y)W5)hO&H(;?diBA{yTX2E4E?83hY}uE3q^ zZYHr=aMBZE5vZe(b(6GzkQ3t+1bHHwh328YYF{i|K7am{_T*A&rqJ8n1)R{161Y?)OcraJIf)?1c63MM(@Qx>fi1RTtXfC<9*eL z+ttGg@vC5aG@tOk$CtowZ(p-H-`KU2FhPW~UZ(dGN6-jIa`!hVC+j)PO4@5C)F_KM z1KlSl^py{<%nT-%?yjw7t4Mqcj=F$5IwWpl^4l8NLu=d;yZUwt4P5)YXFHKEW<@G5 zbajFF+Dds;Vxq))Q|uiVhz51>lZ=_}eqN&RyAUp%cPOJ9!A$|m?Aw{V8(*Y9ElHbsb_zy;S zjdz!~4v*R^dQ3fd7cEcd9f_ ztiDWBb1zRQw0=MaB2Z(+*ik5cGKE0Ab7jepjH+{lKs3y;l{YRf{bG7RH}Z<}T4cxC zkSfUw2xqg)HW?uE4M|!_Sn_Ms-6Y9lFw=smRcbP~-`yD2#X>7uK{l#V=Ye8I@YlwM zD8}OAQxsy*yLBaEO?q2n#E`&$HiTc~bG6&IO;b8j;%jpC)aa9~Uv5Z_2uVe=&j0G( z3vD@4O4bHUKPbD{4F5hWdqT*D`@&@|-{2{GVyC&DkCQWH>F)p}`*VP;X5f@&V^FBC z_z7d~l#)&zJgb$SyKL>7ns#Obu98>*kv1yfMon-XX>`l>YaQxJS$K9`?o_n(1~6)$ zJskdlXMKXz*@d^eZf(6Z<>s@?6Gt zoydcDDtcN$Ne|-Vvj`RksyO}v|@6M;G zQ2M--zzND6wt01jvwicfrp~-+b zNY>we5l;WqnRY<&##yBdqr~vkF`DEe@T1u*xKkzZJo0$ccI-E?6|w6R8-&hVb#amK zYY4-v_0ixDgWj4z8<#90Z5^%qWL1kfQLlnqthxrx^?0;8(^9N2W_-AwS5Nhv2tR5R zn=B4x5gLMpR_P9t>*?p%79Zu*RPn&-lQ$$lp?^l2* zFxsm6Om>l`^Qq3LWAMS)^4pAIOpOQElv--qK2C48`v#6O@|j)7{!TuQ)qwhOSq0}I zyUq@zCG6d5$AFryY-HwN+RYWyU)0--NAxNVyHlu)NiI4orIGL7prfLp&1C>FQs9h^ z$mUvuBCB$C3p2AXj(+T|K`xenqUr$WRJ1uA=1@`Ol0kT@jzZ#p#^vi*E&^ywge)Wh zlfRSFY|Y`^v|F(T$(iCvF>0LVn16OWv#u)QWiG=&yK~JJS54=7!J9#EOhdrk?nNL7 zATmjO!rfzp^e@7pQOz4w(17>*A(|#&T~7)j)rC4Zn9ws&!uD;^YVo-Ywaff<&VtWG z^g&r4_c0nHJ=0bTR+l|FdM1F%?kU)mz?rG1k)w)=SDlV#LUvzf77HpQZ;RH49c1sfkrNmE0?~8zHl$MU{ zu=>j5CSZGKk>gJW+_0FTW)a{uT&bZie!t(CEpux7)p3F=U5|zqR3k9;hj3d39ME7S zrN9=PdL(Worqfddno@yi-y_S{dmT|SZNe>{X!>hhJ21gNy1U*B3Za7d9X*gB#>ob8mJ%cj9a<`#xft*vQbCcE`#o5YKKK6e3e1UbQUMEeCm-;}sKCMlY5uoyYf7}b zsAk32S^TAJNBK74r0qwvJkf~h*Nzjxi+NKAEJj(~Bt=d{J%%qpE<9dUx_(ohZY^71 zF}f+;wZu1hF+AnYguTVQH_@i!a~r=+um4zhBzn=vpxLmnwY%a;ON!q79<`gafw*ge zYM)er#_~|?S(Y0jA_t8MD61@wz zKuk1^NkNwhiBhKb^apz1*b^2DC1Wfgtt_b&F?25PV*L)jeolw$?mTeO~v-AD*34Q2{236GS|-Em{`5Xbw1m?WNV6sT8hozREw4K1!t9*gWnKNm?m z?@OwSv^b2jm*KB@6M_9m7F4i~5RXluA9hK?k7y8HE{d|t>!$TeKP|=UE^2tfjsmaC z7x8rkIM{hwM4u(Z_px2Ea7O*e0BryqH*!qhD|rbEzeqOu5Bu>96AtFj+7+ow+>A}( zt+?Xcz6#ObxWR+#x;txBzsFpD;2x4xbZdSwLN|y|(|pZ|aUB{nFHFy5nPFSZ58TEh zYAI;fnfLF4ij^IX}vLL}VO} zDQ)9$Y!=QTVXDq;b@%?)w;$mDA8GFtWNEuDig zjgtZa6EaOW&>WvS>jy`vdo^}a)`J|aCH|QtP7kT_rc&9)G!J{D6OT1u;wKM}Ff3pg z%>bmb(Kf{L%T|=w_)ew^2WVZ{7s^>dC6-a$j39%(*=E2SFF0x%k1# z@6zN~ilxj)mGd8cH%pu#|LtVsiI`(;-pddcvSvVwey8PN3xg1MIs?rH9j6DE_UxctAu2?-ce2XQUtfS;@o@VJ~S7v~DY_HHbhew(^s>3Id>lXb80= z!JQn2FVh9LW_!NA#M~cG57u-B$yxQO3<_DYzqccoU>oXFfLoG9FLL3dt`0n@#|NqA zN)=~0L1c^mH_o6qgG_m6ldW=ja4Xc{(mn6e9T?9N@LNs+6@u&Vc z35jPA6%(E_#deSI11WGp>>s~?9zdUcH)}o|2eH5fgrE^T<9&JZ>Ldk`^dfrlg*H9d zamudRODOXP>10z)Ax1e`gh-PuGbq$nnFWOzJ04ZbmMty28@!)8y*mSmP-Lb@PRGl~ zV?=Wf)3|)DKCTqq_yGyHDpVYyW)|+sJFPJDfR#o2D5CffIWfmS5XSUP>@7Xme8tjMGq5IwwRoW%RvQ@lAXp(Ar>sWPFG-dP3&|lzd<4%wJW6 zChVLw=V3r=2KUH7RQIA``%kzE{4<&rw2e5(&NTg)*%=r!TIBp^n|bfz^3gzY{w%$@ z{~5fOdyK>v(u130`pCQ$v({X2fqe31qxn544JN@DOan~!8#? zb|^1wOZ$GO)<+<~=yE}+1$)iaU-D_08T*@Uaq@9i{2F~O=SO1p6EmA0wHVMmNTi-Q z^`RhBUIwj(O$oV*XsG=A>(VZrJMe6+5V^z=k4mJeX4sd8MBUhkyhO9&6h1Kmz#MCD zsLX*e&8+j_3pq~Xk9vi8S`TE;8|dfK-}VR-yA7@gB`kS7dSt(u=_ZKrng{yJ7MyM= zxU6BFr2TbOexh@qV_aR$7m{@1*1)IE%W12dx{3aBCayILVW>*MKu1V1nL;QjQmL!` z-jEu?;Q3etuw_?Eg~q0(P{IFFcChz7sBTi&uOCGbyIX>O9yjjep-}q6N&!KwZ4S(} z1UiOW5HIurDW^J)4n7;wB}c?*&fJ5~jCaXpJRn*dzQH8gb<3B`Ch z7Inu=H&e5X8i}`1VHKhCp6E8)x^6z3xF)#^=jx2($)hy&8vtEMF3`S#G&@?PEo1S6 z3`*CxnE4NXL?Ob$xs2gb-394(k~EFL1eyh)ufC7Y6(8kp1f{|0I@yyE#(grtC+3eR z*xXAC0?+4I$jSFF5qjg3XMN;w>yEGh6#i;)|7(&8@S6mbXwwlt{yk`VC#|wDW90RW z6Cn=BwBIjXrgg{bNxjc5n}<3=&E#Y#?*w!J78imnSHUR?LC#xJ9k!~6hTFI5MBdnR zDQ!d9^Hgq$E^I|R&|-o zcYROS54DX$xyFT~?g4^hLfj_VsKSPDr*xnKuw@h;P{oA!YYL1f&(Of zzx_%76-Ww(W$6uM&)n3xAL5h3J>^QW>#}VSxk+N+kaDrNdb*j*igQu}*6ZD5@3WMS z&Zv9_0CR9i^H_U_|4ll#e?*P5C~`N$jDIW7xpZ65l=0R?pmuTBICw1qYRj%3Qi{af zaunt;2a}i@)~gmp%V8oGwW~YQjYy}G5fsNhGe)ZS>Zr1!$w0P+nu~%NSBrzeTUP%P zi%?x$!D#fhsZt#46MCUuAe2$kR9vD@_o`9;m5}a}30Vl}Pfy%ah4)*oRm>!a)KqJw zMglR7K|Wh!3epuxJ~d}Xc9okz)3&0?J)$xWY|(r>8Y3M>n@0E?BQo9jbC12cl}$|b zW69~H{L)&8#dS#jxqj1@x3R-3mNIenmTNvU)M0&`H1Z)B%5)ZiG4T!*F#XBXzUwhx zaS|vA`f|Nt3+TbY^I}m^r^Xlx|F4y?hv~zpSqE>GWEH*DJr|Zx2Igt@kJB}mHO+#n zIi@fUEH7xe2n8M``&&kw9ntZ@JbkWnaGU?Tb0ZS4(FyGaOJgwo=?SF&NQmHb=sfZ| zfR`I@f1R$tZIMJCA3fT{ATo&am2$cI#USE4ldvZu=_3$J9TE_KWO)J}b)}`JUN!n? zFj*A0qe`IcXncLWo!X4S-mW5nKfG9pWcE!nE(T|XG_@$MQmPJ+f2K^zVAkckOLHIgn3@%ixL_Yu)zK@rwgHp6l8mAW8y%mr*E_9xFBW$ zb5Jgo;0co0%fo_;;4CCp-{T8Ya3C-hum3h<{101=evWYf4{+$vOe8`byy#FNdGz?^ zA6~_GX5l1$3*WNru*);ok`a%J?nVuo8&BSmki)PW$HlOSu7a29-%nP}W|hQHxws7v zRY78FKEitCG8b3#gSoAH-N57Mo=?G+dmTO_h0C|ic|YULlSIf!h&ZtB7R8oYDJrog z>aXPm#mCmO?QF4BRJM}(vllxq!--^b!5sAFq%|p^4AdO(9xs`!1CGC*_U3zWX+u0@*>dh#H-uS9#q zUVj5>n)v{F`!pZWtETA5fQgopzpHUJ^HUUY;L6bd%j($c=FmT)vl(y5n~3H0&%1gE ze?+W=y=>hQl5WE=9l?_|^Vyk94`sOrFe&+Nk++CVRJRy3s_VRWvo|I>4;CtRaKn># z$rlmt;mPs0w1{M=*rB?qN>w!5U7;7eZB}oIbmX=6L=s^!y3ft;LxurUNZ@A8Xq1+l zcCsa~*UVkbybIk2hIye>k&PVT2c+6q&o81sokA#XUt&QN+^713++`rXb#(!6<4eCM zZJE&Yd%lij1_(hFYHer%FRe5|dKcmuWK|GZ;Z5vB<3#X&F4;A2A> z>sWCcA;oP5>=LEA8LS^JFTNNu;-G>WkqCJxV#2 z_}%wxRct-G+k?#Yo^m_B9H;4E$4^wB+^Qi?XH=F(+v zPctW`1jHPiP$MSNAe?N4{CRaD2JT3dLGW!}OJu~+k{Bk%&sVJtw9mWQB5Zgqu7ATD z7@2v5al4}YLt}To%H6sSn80^nYJ!-oE7O>=El`+e(` zfksCF;titQ{Nzv*z%F>?d)@M79J8t6x`34}vop$UR)JqNBZ`A=Pypj~w1_1`e{64H z2Uw?yZ-{IoZB8bBPH0&KO2(Zgx?jKxzD#}7yqTB3)WP=-TQZo`;d{aS5FM>}HwC8%VU-u}wutu2 zG+1qboCkR4MNCXk2s)S?Mq2eGV;`b6zTg7Fh@7$0ogFrgZ_Hqb6k#KlyWY#P^3!AG zlKU26WJG#<8|9-|7<=$6VMrm&!-1&7ZP5d~^kB&QUKC0l=orX7l_t_%#VfKY-o4P^i)Y)Rn4MYPzeEWl$ZLb) znfsW#R}J-Gxie!ZEv8kkZVsUJWvfV+yhuN#)|M61AIAxsSmy;<5LDPzG(XZ)>p;1| zUh9fQl$g;}GEs_*s>0{O_-{=evKQWza-uv<<|?IVpJ1-l6+e4y{KUz)Hf-^}t0v@H zy7Taew(6wCPw#C3?*j9`^rvm##8+`lg`JUj0SC{a^KS3Aj=>=1bPaH50%LV)tY%cn zg!$JG{4!GS`sbg|kcsl58p-K)T()`maZ13&q_lSH3jurzG`AClZBphSPjRD?cc(wX z+^>phbuY~2s^I%pZS*lYX)+uxn!s zMUH@816Fu~$nC{{X@XmgBPLOCbfOiFy9^Uc`{ruyz~3%u9BzRPoLQDCh%pbLmb)|c zPGh0lPZ4ZdH*M1z$~m-kLL}!fSZ!!h}9?yn{!(y^2b@Uz~DBlBYYw17ZsDa z7iHSVBFYlCov-owQpaf;Pn26!B}b_R*nOl;0Kh}T4OZiwq%GzE878h8mml0>9EZD_ zD=}FZo%?p0?y=9dGe~Rh*9mI%8Z%&-m3m&8-@ytG=!BG0p?P*ywzeQ_;m*;k2(VEX3*=AXvA- zO+d(VcVO~M3ukkCWru?aJ&|S98|keyHzy&=vLt>bKDl;bMGG8TS7ww8?y47<2*klr z1d1ts@26SHrFv)!8^K|_GH@!|v)Ti;}XT2bsg_O|+Jp=6{9~8e0^HB+L9^pr;j=I zz|4~_i(HHr+K}C>2rSkFr2U%{+6W1p)V}_8B_oU0bxhi|o92ARl)E7*`N%UC5$89` zU$&+4cI+@ha_>2bO$iufxuUf&jbgH|@4hc_!_%VIzD{9-2@IWiGXoZ^j?)L~_satG zx7Qc3ZAfeC0JSvv0BHg$>^Ov=ElQJhMSVcpGPk2}^ZNg23&0A20Wc8&{`LN?Er7rJ z-@I zi9l_I+NY|URABFT&|KRdgy@^@c(xgG&A`~&VwKOQOrSDKB@j0vE1R&%ED~777#73A zS0o%@*n7=7n=9iV@ESF+60=VSB69zEo%=*QgK({Xe=L8+>@buMpKU2WdGvY8G__2F5?EbA^-NzKO7$#6yd68o_|#h!2TZ z)MocU{Guc9L2t2nC%--&n&2IK2e0R_`h{}bF_=`lBnIeiZcOoEB0djm9%7%yU3q+I z>^@gG&vw05<`^PAZ^l<*I9PI1B##_iv#|?41-4HMY}0y3+YI4>@t`#;-wZD@O(V;vd7YiO1=%Z!utuI3fPkHYQrn$3` zr=Rb}!AF(e6fmh!x31lePM6i#pVg{12u66yV)zFS*b~Y>u06PB0gqOI_e^rkg2N)p zTuc*3j`Iu9*9JID+4PpgCqMgqvG&$_j8Ab2h1qK;(ST<}%n~h*x0#PwgZQ`s*n*%Q zyf1Pqsl?Y^TkU_%p=hyR0x3(ivusCz-x?7v8X&k7CNo9QCDN>YKzZEVkTp1OOv`$7 zhOhO#+!=)qj~&st{c~+SCQe;6 z!}#3W=*NWwgE>G%mlyCirHWV@xT>rXrZi5rH-=TG$_()$wid2sk|&GaQtZ1eVkL`< z&MP|77=PI|*Nxj9DX)0Q34peX08`g_&YFOTZrQfJXH-DrTbGiQ%YxTw;YsOwp; zGRSGXizG)uGvZdDecUL`#j@stUY2hg7a=g`f!?-6DKUNu&_&xNO8HWiveMg&k@Ni8 zJ;g0IGgqUZ3=q<2U)i*z|TC86*zgEITgJb<^MU*;F z+wT@!HPRnVFY5`3g4Le*WfOtJ*scTA?<0=3N*{0AwE~Gx?kvN+%>bk_%_pPqeicb_9z zEGL#6bOT_u5qu+r`j(y4Qu?xrl%^vjznhY>;oo;sp<7LuFM?n@z4^ltKCPT3Ve;%5 z3>w7R{_$$GSikV3>`6jZQHD~f@KVY1AD(F}W*bc{*pe^joCc*NL=Io8|Nfr4l+alb zR+Bm?<9;g|&Z?~n;gzUF0jxGQ*Ql+^4z2E$%3!V6R#yMC&*h0&9^1-;%9@8C>ToOW zuxK0m=HWGm7_&6ea#F?tyhO;dxZTj4CMbN!MKw^kuF$Noi%&LsJ6kKtCaOR%D zVj``KK)rZ(TOb#1BdvEc@Ftp3k=7<9tEnYKL${8FI*O zFEUxH4U>Hyb0B9eaDe;;J#7TBPVVq=B}+x2$$Yp5y8_aDm*oE6f(_H;hmfzm%{m%1rIX(r~Ut^zGDc4vFvn@mP+r#R%O0Ogr<_AH8 z&o|N-Hq5JvMkh{d;i%B7O)llxedyZiE+yQ~x6lPImF5>xxjvsTpKkX^oqk8xxJZ@b z2aV~QE!^VV-|msS-#kN>I5}GGf29!YzFK*O{@m_1bu9L7F5xkHc_2z)ruE^1b)>c9 zm{Vz{!LTSkl`MI(^Gc#+hWi=_&I+IqrKDBY4s<^5XY*Y+hL8yqQWBM?ZPrp_E^HLh zv*?pjS0Pl-7{VQ2i`zQ87-Y`+qA$tmfnx$ejWfJ>{!GhICEyOh z*AAO|fJHmKD^2G9GlWCFFQ_sItM=J)3UR}_jr}kX@f*iBQfO6_@aMPO@t|;qAHtu+ zvZ)C%HxCR8YkqCXKoZjm;sG2GQ-7-*Wj2Xcg)C<%`*W^bL18sl(L$`)Bl@Rz9?K@I zKbd6M(cX+{u&`E<(>&mwWR&6hm_M|j=6MZNwp1G%z{qsn$^#)$^+PE!6~P4KwzYDc zR2d0B-+b=WLBF6O>w)VLH#+vRwYJHrj z5W^>JmPRqD&+n&LslpOQhtL!em2L!0s&rKh)&9@hxi7 z2g5qs#)2N3?%pYS|82aZK%Iyg9;AFHFWp;zx4#`#9Z(vPAKAD&5Q^=u*W-MEXpPzv zb++E0(~UM44@LcRg2C2+{*3@fHfJ;abgp8s1N9KjEgB(G8{x zftq=tMqFM_0y^Jb^qsLyz-5&;Y=QIIZsCgdCD=80hnWTKYz%}gseMx2kUB#}firVn z$bpz$Pl8Vjmwp)OYn#C)9%e9N+l@0J7i4%zg?wgdR-|t4%byX`Lw~?Gm2=f26e^T8 zwuL)P_6-4%2IzG;&CP#0^d^6T(RM`8J(9-(j(gm{NZ;Igazhcy`UjBBOV}}^HnGDA z`R;7EdcGd+#`~mh#o~B(V$tfh=DPg1v7+yUTD0kqdtatA;*9~G1mMwR0jXM^blS?U zGj!4NeE{tOm#1?#U$uZFgKUvN?hcbD9nM7-6)`PSM9O85PW99vw`og7 zHBGgJn$`(4F0Ei!(~Ht3@czgJbWyF2U^4dShDSP!^s4R0Nt-U2#!L`1)vs7b@dIYe z9N%n4={l1A{9N&@CA5}6eeM-jM}C8m^GCf}Gw(-D`@+vzGLS5|k%467q+fL=ProBY zrsqoup22-lIsL{er*T%kAj+9|(XZeLA}o>{ z>3w78c+E)fTWz2;`Si$um=dQn^DUnrUx>TbOM(?mD{ctP_p;W&i$ZW`KD;J6()oB7J7CdFkvi!!y?5hmdhhqccm`;-Ro^(Ny8%5y44?c z{eeMuAtSmJM63-I(9!Q%x4yNN9mx_`*^RSQ0;y&jA5RL>lp>hfB4ZG3bL_<8>Jm$B z_VpKe{4hv;;()$iUd1IQe}05w?&KP(Ta~hDjpK@q6RBT_p{xkmfQN56jznNMqbpYI z^i5>6m7khuAjEB#(czjwSg7lY%Cg5Y&69!s~NxA&UCS5R)`=k0G`&DOH(2OUPFz zlvB#kKU5}#ej6Aw=Q8<}K@~;xfX{dee`O{O`39YC)P!=Yj*7zvam)%h&mPwl_+Bgo z13{+wp#OQYhXwVGh#n(ObGl}NRoxJgc;9tI_r6y~w&|o!RB(dAmUgvPG^B_dO`ALL z-K|}5;t9H046t6$94}_#0OKB>t>slQ6=g|q^xn?#g7$RE8S2gS3$cw}L$1FUQpO*Z zij5{aiUvTSo6bmI#1GALzoBnV;P^-^7Co5mw}HC~ zltog~TpwLHJj{=C$RR^6@Mlm3x<)mw-n~ z`0VUqNV%0644;G=<+E{R<>Mv*V-D;fHO4H=KA%}w?)ohr9DG4^)A6O!h@)bhBF6SP z{P9z!mnjUPZ`iz8N6ZGiX$1K@VZr>Nu|xQxwn`LLoG@1^Swvk)d#KuIQ6BT|g&JhZ zN!uJ^jPvgP%vr(ZTY>SGc_*BsQj#iBK$81bnbBjlQ9u724}SY2e(tH8h2K1 z$n=Mx32j!&Lj*Js?5VIM(PzO#AtqVa>P2A)_VZ`=)NKgY2D#Fc*RL#Do@Tpwi}IG9 z8Oc>K1l)h}S@-#Ulf=?KhmjVGZnBSVKFh(H@fh|7#6mG#B1|Uc%Vdm@;apTP ztEE17$gev(Up%~4V6Z613&h^hB_0ocYeRES3y%6YL<`w!oEH8r3OsXMm321ERPI=Q zvS(92|5n{HD%IFelD2GsOXU=me&H;&JF6C-6@Qml{0KsKH-UnR#G#Mk3i))6y{P@s zX)TL4|BX;k?8A+T%{LBZ>o9`H4GD6?iHZ?gh3+)u z4MOl!gRflR8QOX*0xI1n3tw`-T{c0d8_PZjC2#E^Knrc&&6%{KQ+E?UHW06{nt^?F zaD{3MP7>yz)44iN;%p{?DJC zV!qRx{$4pQ02B7Cc#O28;`}gLV++%twvm@1lw>M*zHohVnFD!#1}qfSN(JBS>l0>k z{P##=3m)!^R|235I|tiz6vU++MKighKxy_Cb%$Cr_h;b2dH8pAoLIKXV8NckP^R_T zn8HlH?uV+yg$ZF>e1KTZTjdA=x)!s4>cHJ!uKw?8OhvIj0^Rlhs006Sb^kxuz1tuF z>3`Go|9Ssjbc5RbZx`Ja#s8@TF8^6{{|kFKq^EHlUPm%O^!8rSpx`yA)P<+suPRbl z1s>sz7LxNT+BL1p%6K_o2hw|&5{Lnl-QPm8Iwq2Z_5+5rVj3qtLH-0goLv{Iz+8W|*iZ~1^|i2; zH!qRu#rPZ{+1TKuleQ=C3SWgkKDVFPTR64qH)-D4{dhFUp@f)%svWjxnV{{32SilD zrU5Fio|QIk*K}$jn~WD=1q_e(ogvjHRv3`gde@h1z&ELvqp%+KU`du8>c`644d+$J z79QP6G|tWm(r+QgQpkRf;nq<7+GgZEzSD8b z9`o>docJo|j{HE_ScW0GhQ#j$@&jZzgs8)0gDgK(_$9*J+(chCy28kLY6zeIMAeD< zd@xYz_Ru6xMbd*UfU0DA`l9k~u$U55Gzy70HK0Dp(=G2kma~cclE<@z@dz6J85Sp> zQh2+aE|#0n{6r!=>?i*->kg+K^CpK1a?*XApJ(!DR)ZEAb*ZYS2J!xf@2>*%RhtD>H+ z7>3{jL5Li|l2~IJ280o@Iyi~-^hM^?KjW2a-bf;jA;@L+00ehTXkt1O-#b5tMsqB% z5^+_3po5kQP7w7FnNH*E$MfM?{k%1v5Bj*s%5C_VJ@!FuA!fLTl`~&M0UihuY@XE@ z*g&ckNqg*|d+@NL>l?CEv>SV}&W<^!b7>l`3okY1rUoBse;?<&59>L9P02}AF;I5C zYRjtbXheFY+#p0atbt_mN28C`el%yZ{!PK{vxM5VFqJH_dLD>ZZuWpo&@VwNIT-^! z2gi<9cWrF~L}%ksx!jX|P-BSJiQ~|&-wW45=q#- z>Ths*!Q==@iBmeUWa>2vx9R}1qEMTSR?A;R-4;pdBFnnI{V6exc?&>ngaGH$lfR29 z&161#6}Xk~9D-m7**>Kay|hRd+9?dJ&hysY-%;BQA0icH2rC66aPreBI((}39gDKu zPcIU&xW$>P9-G4}CJu<2RGdS)ES`;G{JD*Vmr@WE%=$P4jufE7c2P77@(x8>yC3U% zW*uC?;}Kb4ruI7hejBftr)d=jlfAksU`t3EA=m!({0~u2{3YuD_tPh}5C0+R|Nr#K zzli!@0+ZWL-8MWiZ3F4B6t1v8;W{cWt#Bz{Meap!eUm*~gqOAB2PlugPD$T$<5`50 zYhY!Mys+Los@6+3M||Q|bAb0)Eg~RMt{9hsR3*1GrPLFy#08gfZ5qc!;We7c6GEml zjSsF7bcZWv3vof3R_0FKJH^Q2_dwf{n*-5zfRcx^ zm8+JRPr8kBnjmYYMiyE`ohk;*s1-)>-6#u~QIT6j6tXzbiqWxn+mA!R(-^pOPLIqN=_GKZC(4tB4T!bg-W29hl)Z zDXc-#`uDf`oYB42xn6czo2KlB$dCbL-E?LL@E0`X}D-ND|ohVQrz*Psb0sE zn`Y|H>8XDgNn>bmpU0>)%v4)_e6}sX8)LWqhW3~EL*mQOlRW2WWn6fikGgQ?A|$vxT-kB>0^aO9+GyL)1;3a| znzj-5o`PWL*+yc%N!7W?J;1(~hof$NaM#%X$}1>slCa%ZLx`9$5{%lV#+z#Kvg36} zmvo~wo|yjWcEnKyR#n!F(D7}FPAaIeFEnF95sR!KghgWJXoZ4( zchwB&+g1zb3q8<{fImKZSD`|*gA&oaBFHUm#~r!nI$UR692>_HT@s=BZO=S&laelF zu^U0u7bF(Y)=QlVW?3spGiX3hi>IXtD7S|s`~@KTNn139diS%R-;ohUrhz?pFK@AU zF2kT#CjbTy9+?Y@%$Bg$cxWf4tHFzHIJMBzGkbpt>9sv%&eFO|B3aeI}U$U?KCaHK{seM=Tvyj<~_1a(uk?~+A4LJo88NH z3rJxX-725hfF~s7n*(hf#a0Pc`IrzKuwd3?Ob7I5j!ss_9Fd?Dk;8zag01@--?gD3 zGGxg0!9K8n;L1N-z5bW0|GS30_Tg{CKKOrY*mwSG>}KJ=*y;Z_Y`7y30Ls5<8vne1 z4+HpL|Jz}pS@_>IhT!io0SE{I^>@e^{AbWWV&w^a+w-?&TAcse=!Dunpd5 zUiQot*^nPHIF0LOC6AL{E??2c*0orlny)thEP_U~G|@^U=Ngcq=V)ri*vR*NSV^d) zQa<~8LFX3SL$!Tntm4P807J;HR$(K-WEalExC6x-lC37UV7i}j9d^^qj}Y+D8L9gW z-+Y6;sqqi>l(|^YwzkZNR?{- zR~-A+BO!>*hy;)`%XJrui6>h3yM{yN*BR${X_E1sDfGZQPFdRo&e|n8MruyzGa}K9SmlcxRP&E^RvnY_!@5cWmtJ0ocyz;*~H{J%O?>H_zugf@}gMBEaJf@>j**?}fjI1s0 zx~q-o+{c>w!Qe4DMm?|0|C!&A{@PyE9Czz1zUHxmfl$*f@rbn)S=`KAK!FV3Tv%ax zJd*hv<5$gV88n&XCUO4)-0Dp#x$^MkQTvWZq*UHX!q!6W9ZQR~&}tkF46*<`mkN01ldS#o%CGKRB>zA9Z3hG%ujD5ZQ;47@?qXgR3uKv;&2Muir0SC!$%w>?PyVpdY; z+Ido?eP(`)@Bsyv9seM}kt%V};yLP3H$6;YCrMi4kE2##)Tpr82SEPs<$6vS6$*oH z8@r)GFM`SvO2A6X=1!vDXZCv;BfH9){i*F+XyZW7+8tG;t|DPz=x z;9cGV{FPBeBq5&TX?gjB?(9c)yBX#5TH0@i$=jGSL{Gb-6;g!2ekBa=t1e&7==@Ap2TK=0=_>`cN*k2|rb(M{=# zS9E+*#R?`fV|;)!9;gR+e}2Yg`_v8-I7Q_}~6Bj66QiAR!s5(`!S`z>WxygW$Lx225MEtJNvl6~!=uf*nfddJ2CK zZ6=#^^z>LtZaYkOtmVR9ZXWNR^NFP0&w=Ul+pOKvKHT-uP`|> z;YHv`<;S3g-%aV0^O7}n>IcO_vkZ;MUc+-ZV9DjFw{J#DUDfbu(#OX5sl3k`t(xUf zp)D+Z%{&+#%v2`w(I_-Q$oA6g? zVb)3=LYmw93|=zgeAj4SU2AE}KrJGPY)}Sy{BNWUTHivyXZ!Wgtgl^S^pT@E2?er* zk!%FJaKj#on=c!917U#s&^jXH@El0n(jnI?gW`dkiz&!>t@JOSaudE`r`1_EyH*q{ zMh%>GctANaLUO(XzQ=7+>~x0;;TW4B)6P$@I;P`pKz0=v$<$NPLKb&FCSQM;bkx}t zr=mw&_7&>9cM>=CNBePLZ|>kma4lOL1?%d_BRY5XOb$JP_20y`8dEj?vjdWWQK4tq z)4iK3ZB?O!Wa((yb3hxr2}Q%t47JBqBTte-jg6EFP>c{?^JF-9ZDA1=u_HZV$_GT- zs2$Oi661HVBX#e&Kn=knzVxSzrVJFRiB4?cmt2(3JFngtH2!;&D=KD_%$T^FOxqcYjN zY~ckX2-tP?&>^2oUq@-jN5{IRpGhN!} z9K4}Y!dT6VYEvDs__BY6xbWxTqz^|AS;O`$zhoe<-SJk!wpUDYVBl^D3auY9Gv)nU zIN4vNL^O|A>8$@AxD0p?CKzz&am?Zrf2S?vucl-rQP@?}`$1)6whrSrB~H&m_idbG zH6PDW43Xc9LFu6SO7@!nfq`6eUgEF_UD~I?>EYk)aC`rf`gQQc0xyT(*$d3VKL{N- z)}g%0H%2grq_x7A^r580dWA}jG05MDhPsQW#Q>B-c}%-_`>XY_ekgaOVt>z48q2`o zHNHgW`q6TA!KkXCgbj)~-+WJdWh(`|?7K~`QEaS0YP<&W`MvSQ!&=LhLvzug_Q^hP zgeN64Cz!zC2<)MAyqqTRtF46N!RPa0Q(tiST%hP-6&7#DptL;?M5R_<{Fe-+^On{# zz6`<_lAefdw$)vi;J&g<56J^oGy$JSKb!*$eq-=h-F$$W46OQ*u)*tSMmj4}2X)^s zE^kN0+WIhYeP75_2xs(*Nuvu*BmA6P_aLntXHXZHN8%I{c^+!s+6!y!Sc?_tTR(D! z)O6@LwuT7mPG)LOV`7b`KmIB{(91(j{I{-j8wh^ zu~}f&Armp{iNf(>v@eb(NjPE6*%1h=f)@@K&GEn<;On=M1hk99D*BBnAe zU0+t?^A6>_%i#M}ucSvDq=)$L2TUO{SiOWFhY)n^8BEFP&>edmp%g1xe6)3uK_N=eTDaub z1~F^-#5xnC%j{MPeR4?HCK3@fRoiM3iY&u|p=g^@&TtgB9Bwda&i9u>B!; zwkbp}-~p%c!M%J=uTRwacF^XZ14|F5ZQr8Jj!{&C#;$SUYDf&hLN<~DSz_4V zH}P?Ms0cUHKexsB{FlHL=MXh^EhENhMiD(PMC@__0#!yhaY{Fre7M{CoZK9C)tzsc zP{N&1jYFv|osZtPO-Eu`NZ=@mKh^p*8GQKrxQEexH-&*|Y+c8I!3A$-HazoM;fUJ9 zQ2Jsk`s?TY4->f!n4H_x%#lTaez)z?+=ABokah~>31;hruY2ji5@Y{tBa z(KJrH2V|&w(rP&;OcIDOF762M_HBeE`R@8Yj@R}R%JXGG(mpN~)KQphs(EEnM8Qe+ z@*9b+U0jS6hFZ3!V@@KzrcbtL&_*QbMA{;@C{?JxMrbPEkD@1FYQ#ftYHwi*j1=`f zck;5R;pz!a3gkWaq*E83xcX{1mTC1mt2&0vV?^Kce-XBK5BvgQcjWMCGS-~niCvG} zP6i|k4}2KBd=w6%pR3Rfq1WTF0!zABuCs7~e=( zN0xJ1{{of~?4vX%XJ*3b5c;jODgps1-U!*EG8d*AQiA)gn7DBnQXBH1A_2@)P$a-9 zLy#DBn(%?pbOd8FhtyMGwxlmmMRya^HK#Iit$C@t-LnuX+Mgi+h-8Hq0onEX5O|H> zOnj|=HVo0ea!TvkFi;yhHiM2+st?dFNj`Ry1_^)9r=wz~QeCpyKfEUE6*ry?^Pmqt<5Z3Y2{D8P?j5T0+~f$2AbZK4x} zaS~O*Yk$g@CB=vf#qP;{UeI17iQ)=4B~T;C`HG=HG)%=kp9SoBuXeUSJf?9quc_R* zU}bh#z>EZ}M9e;QQ%f)M*YijlC?r?4PtK9 zqd#7OmD;kuBIU(?7Vfg@vA)gl%L2o36;~XFG$mFMuO4p4w+nNFr*T6p(;wZ}>^R@a zzor_+ZEo=39CnGv>f}o{2EOEszPW;?0%6i%8s_)6cn-43onqj<*G?4wK~JT*Pmq~! zQndo9(gQ^UYz>s97>6Qw_G=+bH%gbF`NN?-p|i0?>2D3@T`NAyC^$gCYxt#imsI($ z{Om-VS9XmVj1?5I>683Q(BV<8@X&J~c{Lq-rQg`FAKPvvv@$?DekO?D`r(tlLnxw|Q8{yVkHl`+B>!KGq3y{Fzh&!L=?j5Cl# zBuvK__Y$U8lT8DoWLXa;(3j~FXQ1LdIpgXH>~YW2kJ}*!5t&r<3{1?M=fH9SY58wB z-G$FMu7S_tv-@9=ZTkKq?%BWl+=HYioaGZrBOfXukY3BgCcKMY%_D0?dRa^)q3x4? zgjd5RSf7h>#VtELtC%UBEx_vAu0WQkM=-!C;xTM1e4Xu~#9(X*p0}{~os>QOaEW>S z*f{+gZ-wb5GWPc|kvZ7u>9qmxe(4Fk(73r{QDM(WYjMYLyVl!Be2m}-pUOUNZS?)plA%e?S;D4EbEl+?cRq39^^)@X=aOF?skV^Q_u2-XeIPj0g-HD!jG z>H{*x-z9CqDHx@=NMzS7Z#!BNL-;i33Jo{A6=#p8=!Y~b5r-+Q51IK9i)x7hdE+}X z8wJZpZ-PBJzhUSn8UyDdg(dQYCWVh#Z&3?y3wn+*TJF7S z`h6TN*J7kaAq=BaJt8M|{*zLy3rkw2*>`s;z%u#+zGfIRX5v2f)u?t|2N9$x;?0WJ z>zLb44ytc*pzP$g`a!bw%N5ghwfJotQ_+1d}4t7 zmz5f0UJMrudq{-Twy^1khUc+M|51tqZu4n2ZFh9_(9}t*woPd{rFRz04BdTGaoYX| zb_~(V^6QRL_aT&}OvZZtGAW@1Y}y_e@3T>EgTBQios-JiW)NI;^@{RFgsqGir+3vX zAG9}yFd$_ixciw~jS`_0`csqml^roauz8fZ+0f`FKNLFjmB69>yfqWY=DVcPvOw?OP`?VK%NG_!48m zvnOAx^4HUu{a#o>38+9cFO?Dk`5hSOgO*Q@jh2~j_J$#eu=r{fmXWZa^=*`ta^xu1 zB6D68Gqu;t2jZf8;g1@b4-ccfB1tc<9uwexMG-eb^Ac5he2XU7oDL}+OA}38vac4< z$9kItLAEJYHz{BTKDMhPxW_eBao{dTeRexyL?_w%wtZ-ZJC9xq_5;b;K@U%~?z838 zMl!ZabI>y_J`gEarqDq(EAFZN<-j3;mU;Ebi&aF zO#vAqM7q~5W4gr5f1bip-0~Nz+U+erN0@zJ-m6#4Pl1ip`{w~a>oK>3VqcAQ9cSTw z$|z<}+hroa9T>4FNpFa12)y^BFtneX^6c-N!^Q009UYt^;);=CfIL^h1#_B_u0wy5 z82=zW5!WuPz~I9e<%vDvM|4R^^jIlM@Ol3xk%mHG(5fadQF%WNSATF;Xa6~YL5fHU zYd3;s@Y5WDs?wf{S#@Ty6B+v+QkCAMYD8V?6s=xycMwtZl2{3$K^gYNz!tM$he#u) z;xOcN7Bx*y2P5^U!0ZC-lj#Y0+F4YEE5FA?*K31j_i@+Um zAoV8YHUq>8|Lrthu=)k5p58+7L?Ldjw>Y2#`!GH})QF!V-1v6`l~`Vj+Ot{I#d`Z4xm*ksI&PCe3A?McMu;wFk2vM8V>}B7`E6_l|$+8 z*c=8Jv1T0;{)bn6-|EvxMj*wrHsotw{pVe)t~1-0E`$R9`gEmfY!LKOGe{s|Ogktn#B`NK=dk`Xj0h`X&R6=6yBF6SlPK3d57VAmAm#81Jbry1 zIjW8;AOrRZ-qUeqclOl$`ZbyM;WJwf;xQ{dp>22Wd42N7=5)}ka>K!D6cU89CC%JH z*)V7E>l<=7j(G(=+KGY+Zr|r4sv}Yc^@v=hthFWhEr#bngi2g5#}Xpid#|PNRDcc^j*GJBcdu zk{OSP_l9f$%NEQD6Oe~?AA$b@9wv5+2u27=t4uSLv7t&#cp>jL}g-D za)(D}KV7aXkq%aO>&6poR~=hF!&LunHQdCfCA!t>yKZ?F-U)&TCrJBzEMqqk)AHnZ zseiq@1V$dR*n#QRbjVPioT02F^Na;izw@NwLBDr7hBaL^B9D*~^!vR{Rye{gan9^{vfQ>i-F-vE~tzmilHT7`sX?zjwR9#^m23TZbov z{I^l6O}}777P59L$6pkSI3W{pI*uEy=uDKl2J$zT)`3QQ@J1^Mk1J926mkVjNAmsV z87P`w(eZaOC3Y+THB)8}kwsxzggm z&;NtY42zxjgS!m|GI$Y;wijWu(NskfW)B#dj}%0}LjAd9#Z!@OOha*I3dK9L7&?eg zrnJ&+OyY~-{nC#7MyPnW8X1UB!6%*~mgIZY=sx#|Hh>OmisX0TfD4vdIFB)bmTZmo ztK~T-bjy=bcjBEwhs=Aqtm@n3cOT;s(Q(+=7+9&@sCC6BM}O+B-pKV#m8xRXX5s@~ zEqQ(su%NwFQ&03lry68i z@^XX)2tK$sDTOmSNvECr>P<#*L2G`?_;nhIVe%Gs_7msORo3|)Lt4)DlK!!9XTnN0 zYad4q>Z&)eDHo@%PX;lyseP5&`b(`fDm_`Vnf#{$@JXxXlO+hJCLnpnnprkMVR4CH zbIVkIml9lC3Y9FCH~e|tjsNqFIARVEtq}8L4DV1yCkrzb84+W=pp0iqeF~)i-j681 zH9ffjbur5{tp2N~+8MyM-P?aKKA2Q))}ls3(6CyzChbGiZM)Rh56LmIK>VrKuOkfw zV}$$TiNc6V>?i`PsHXIv*P#oCK)P5a{$W_)3n^Jg-xw`!%wP%wb37A+l3kHlH&rhG ziQ@0N+XOJB_$G_r1H%BJ8Z@j@&GQr^DV0$oOTb4bL8u1kPCTlgc}1b(F^}3sRFMqC zCPtwi8>A|WyLhoR()T&!_6msEOzpkOCr!`SsMm+qEGqrxy1VjYll4?}bvKSIQfEg8 zqr4=fI4Y86Eh(qZU*nWk@*}Cpi$>D7<8#!HlW1I(J5s7K1x?{Z)I43ILK2N69T8ub zi6KryS3~Bi=L`QQLP{vfssb8NFdVYY6P*C!!+><-(%neQ0)%+;gR4)>uqRme6jmWX zQzgD0z7QOdF2$WtCEm`@dzC(1=CbR$HST)67iA!wx9bF1ov~hUx`BBhdyhrPp+K|s zqs+D9=|Y-dcxbBo6-FE~SSP(=0e4YsDzMLd@M zY0xxoECkq6v^(Z%A?hTMLI)ccq?aF+O@wEN*A_;Wnz571Z-YbW=>Su;8`;S5SfwFo4}M-Qo)^kOOxHFjly1)VfYn&N<{>qBPqM=RPG9%*mgH z^a9UDu(I!B8K|SL+DhtmCo)e2|;q51N6{L1=)y?G}vJ6==UDjJOc9 zIej(!`NKt{rObEhwo@zDb?KESp_O63&{{_`%2UTW{v=;gZEE6Rmf;GIuFcO-)^PU6 zVei^;5#1kT?;759_mgrxXOQ6p6~ovpUmDeuK!R=#xGL0R4*%z(G$y-%bG=B+_gXt- zp=|Ydjzjm(CJ97PoXN(k(n>rnF#m=^)qcEdo9<*}ER?)lL~$R10Zmf5V+PvSxB`qU z-J1|t*v0i31G8P0O+oDdqJ+K0NosfS{qIibME6c>P<3|zT2T(VqJ^vj9RRqBY34@J z{N>=w$g!R!yBxMTALr9SrT}rsM~~;nYs8$7NbYu9aJX9&GWnQWoFXwNm?G>O1>9YC z8ZCe$LC`dR$%CRD;F=%HN-Lm&DhLU%Xhd{b%kPN@m;(+;yT`o5UjnZ=5+h%5qQo|` z-lH%OSD>KSI0WJTX))N|R>L9)Pg8xkhU4o?HLz0{%4^4*@lMHcIC%wqJvg1h-J$W|T)7-fTH(Qvg_7k{_fQnmHlUh$c5ES^Lkbg9sBrv|_nRhXa zhvS!DfM!HBo!xT--_C7W?ee2>bO-#@sM;8CfRWn-R`#aNl;SNVdT$1x&&EA;J!IFo zL)X}Z(*gV4?5bykA$!BGKacNB@<{s5ul|8sf@150H-@|~@2KGz&EY<0DiGVxvs4E~ z2x;d&DqI`)TBu^-uV)f43Yhn8M!_&)NELayGh>T~P0KBf@xT~sA-QT$D=VzIy6i#z zHPQNTow1vTzq8*Vl9}V*W9l=b0k2s8c(DopLXK8WJ^2MD>&lXMWfI*^wY+7VAB#zq z_5I2`-fF)Y6oX*-f>v_zbB17>DGrz-EXBhVl6F%jG8il-(1CA?6M$D|dhGYMbTWbkV>b7*A5r|~a(EYd}LV!OY zpVlQlW~(~Tm?PZUi4x2)z)O$l9Vo*;>ko!gU>g<1n#?c?_|3UC5`{p19YNDuRIzj)exu za(xGaw=&}+NN}4>hgpGBtBkB@CkC;=^2spng?VCYC4~_CC)m(AB$~(tm!cq+lZ>bbix0`gYwvh59)E(X!u|0z?S|0 zpAOVlgKLBbf~i$_xu(*2Acm7GZfyJK<&-HK$nou~-nbi`iYyLi_5FEkSJbHa^!xs( zp3ttDd`x}Veuk#%%P80KZNgX9I`7WidRHnU#Uncw{q?eE>pA5v*x{=F%&lx70_vbyzg19SkX{upK)6j*i;)_{@K45v3p~LHHq;n zB;Qy_meAsmQLF+bE8lg%{65j#JeoVcw{jwKPVM<~7sat1bm90ECk-o2yDHwT2Ko+y zvkd=}YvTa%kJ1q|3Bu!Ak+&4`OAE+N-hyhSL+!O{Sn$MdniKl2B{oes)h0xU#n$|o zw>Kj~HyRv4?6~uTc7##@{{d&`2hp)S{cBh$US%ELp@Ak4$gqYjn~iLa@nEIn)452f zfh*GLD`Pb|8*ospz_M;@w_!I?614Nu00yN%gTq11yhruGHTW_)h3DCo3e2Yy3^S=2 z2COJK50Zm5?U95mL;LECU>wSL`no&gUcYsAk_PLf|x>S0YnUHg+ zMRlxr)>8UhyN;t8;zYL+I%{#$sfo|1lloFV)o`AnQKlkoa7>>hg`BBtK5CZO$r zbzvc>M!RcWn$R__C&+*Jq>WfF2S9%p;dHam}yt9Y77WzXCMIX4Zc zuM~5G56*?D1;T6N$%p5XbcorM3?hN=7;$LS*|iP7quE_o-_#i6Bf8UCgP0;f1+;9 zp|?~ozu%xbY`%jC8Hku9C*xIM$=8L=H2lTd&+KA2l9u90V`0#g#80}#R3RdwYND7A z6gxjcgDU937U`U{ud#APy zXn>X1s2?xvmx7FDlfR?A11%-`0y9pVZ@KhW1)f6}Ae6LiA%kuUmIx9W(_W=M2h4%` zT2w${aGl^OXZvsgF4&dXrEedKA{PD&5L+@qGqW}^4B0RS_IApZ8tL~Wf@xp*KipiI zaASw$*G~LfurA-gTdoK}e9};#mWYE3Igo9T&oVR}ap(ZFF|gz^gK<`PdYcj?&yjt( zGDgq*)J9o<>%>L!pErB=|5^w3`~T^H=>JUzq%J`KIR91i{pb8Qq>KRj{|YJZ_y4yJ zAfWz#kn+fX{u*R@r|j|6I`i{)rqrxQo%UR8V1<~39}X5UQ^V!%X4cZ6Vp}*tgD02? zmdm#ktkkvEYI@7=;0OS%$}X(jR0~MeLfNqF^jw|-%XpZeHg6QYmJ$NF$42|JWh*1~nbz~mhNtb3l0#R9G9hZm_}P@{35YEbGsdv1K%?|)Jf z?rPpv$bH}CC?b9to5s%jt)MxwOk=!jV1l|C$CY_PSr0j+ai~-PgznNnR;oj#8()r% zy4Ub%qNtjg_2#yEeancp)iPW69v#>4q74ltViumA;(KZ)-4DssUj!O?79AzAY-Z@7 zS!|c+0Gml$_xz~x)H}s9Frlgps!%o2gbOP}AV(jxx;Z3O`HO@^P@pYD{05Wk3f>}*F-h0P;bPa z)2%6>3Nw;4K1olqIz(nEe4*9L8-_MloNaV6a|oo_X?iy{=2Dn{y7D(^aa^yEfmn^N zD~v-IJAEO&^>PW>2}gw=spNux6B-LtLi@RKo- z(c()q7~IT@i2=(PuH)B6N(CY?SE&F8Ksxv*5op8hsvk0a0CGgmp?Ac!#n_>TwP^9z zbJmGjOUqCdBZ56}6i~!jk)4g9vK^j<){*e3fZ{eNuWlc5h1M2=U=YvS&h;Eor@S7r z<*2)r74kXZF!(0yS*LqtUoF~hy9+bp7BRlTIoYn^cxs53(j3 zqgLXPYg;xL1_G;{(WKg3yRe-y4E~6ss3Q;QU*2Q)An6$7!)x%RT+r5XgL!i-Go8On z$WNV@>uD4yMdS4KL&)D>LUNIJG3BShpW>}?7}bK)rgy@!-C02dxC!+xrK-As21xwN znwoG7-UC|mbysgXi9dBPre$63$7YbQb|WZ6i<+{zqA`T5avNp;7TaeWnC(uY<8`GS zKii6XM>t~=-e`fk*GTa4lj5{zPdz^hA#nA=!BiH!@QnOzplZk?H66MUK-0^x$PVf# zs=|%i{MnK%JV7W3;kz1~IFa>zgE)->Bxh}4g7>(mx~MOC?XW;TdX3=4YXP9xg{ROc zmkI&o{n$`l*eOsdC;p@0JF|4P6@~`!-A;QWr(X{%FX|(>Nt7u<9kMWMs?R}JnLSlC zS6q0dQ8ZUScL=g-yk^O7b3#ITn(E|ax0W$WIo6xWWSnv-EACkG^G?~CI)f1w0`k)M z-DhqVRA@~%U&^^S2r4!5?C2_`qS4Aj_$n-1Y=E2fQb(Wrfkv)gBjT#^D8?a5%d&n< z3gW-S@~W@5b6nviEx-8yz71dSM!nb*M-p^S-D`tv^bmX2{i)eCxn~*opDl2etJ(=1Mu&<*5l;PjTjV8M!@x)bJ zE_0N9^BjD*M|}jvb*~}`)AT}`l8#s$5k@$ai}lxx#|yz}6~y;r9E)@(u?_IZ3tBsY3g6^^ZFo#aDG}>+UoadsIJEGIe_0TFb~T8IZM( zxp*(rZE~+w3L3@NLk@;NVO7aQigQvOvJIf#u5`WUX6ZnH@WWi8x2e~V?_w%YdwgJPf#X3^cnEE^I6(FrQ}@CsUW3<=B6mGdS20H~47Ak7O~ z%gt-*F7B>;4aW>gTKr*Ud{L)Ba@;Bp(bn5G6kOWfy?0_%s1CBZLW>qBXP-&*@}`j1 zXK8fxX{?LRFhjaD#x>#QL&bH=xM@)}=hzr6PW8yksra>9gkWzC;2AK%J^qagiy}_< z4lK~AJ6N17dmzFs)pZQu+MIpsIM*4HuETXdkFLWTR~M0aq96?Un|!5^Fj)jJUXr76LF=pMK`&Kg{MKHbfa>VfqPhuL56`%OH7=}K%X8Ljqk_P7&uBIT|a|$a4 zDvJ<}8H22L;AmFZN4GnJ5Y&!i6@QB99h_b_g^=)p<6@8!Hmgw6O7n|3$qKDOV|l2V zJV>==m&0%5-}lZ2sMNFv8UDCggu`2=yP#~^z<=pP+<+Pvhko~Kjw3`WXFe#VlHqY@ zFju#%grO=Pa3qqYp1kk!0v75tTMxM`Ga}+EK&v4oPY}X;qTsMQGHWULbt=@PPLU!I z6uoNIV7X15UlP$((-&Ijb%(t-R&?%M(ipPO4;AP;ht{kT&a(;J4g#<|0G_J3Maoqu zVJ=v+A@T^Vlp1RLS8yi#Q zP>Xc79+QT+??#FF(RLR-S~PlfR}tA$$>!bsV9KNsvU&uc3YN35D?dUt2PzHLH;W|& z;iBP*_mXv&MwX?*7>a&R;qXKy#K6p#vw+G15vCkh$?XJy|r}wxW=`F0C z4ghHRY}c&ySS$)k`y}71F%fYhU0H^H?J9_54;ht6g8Te<3nQJb$0?AiTa>z#^_vlH zI48Pg4z#7EnhNQcvIRv{P6s(C9Hm!?;dSWs%wuBG1>LnlcuKcRP#9Ei+L?LX2HbCv z2n7vJb&wm_ZmI_DdNp}ELMkR$sq0qGI{ZkDNf%44TrK^O2319NvlGHTRMX^!+)_B6 za6|tJ+;K5)8WtIGT{A<~i{TCqg}Om?ntJOdPCHY zCWvtbj3jDqIZ`T56!SZe@9Y`uF4`txUE%j93zZylAOor+_=w*y`*Hb#>~F&~_0 znWazbL{^;TDY^uPR}4laEJT}kW8%@llB#0Wr(5)}gdMHY@!Wttsbm#>+0Y`|*2k`0 zd7aal5j-m4l~$d>{yKOaT$C26*rg58}Kt3;#lTfyhs1WHlgP`(*ryAE$y= z#gMA|{W?wh=)99Xv*izL^_C@bw7J5}#c@B4w&A>OV8L(Ve2d7b#AG97O*x|=S@l;l zqa`THn42Y##w1oF?G{(&Sq?`seB~&iD0A%vPXJPgV;aSw`i;5az;_@fs{`dO4_+mi zIb2BbGwZx_(Q1nLIsPfQ$WIzGW!~Ye6>1fHCCkM*?Qbp(HRfiP!Hw>XCOjaAg9DRk zCjb(%>Q^w;4u+i2&Hy9DB1{K+7xxwLUy4CX6f^I$5F>$mV|t{)!D()|RRy4bwbJhE zf30pS+ZZ-P5-oj|RMFSaB-Gx^W7#zzHL(>ZPlgDh4|15$V%pC#4PjR|E|XT9No}$` zPZ|M2^4G}p9?n;vF>?j|zVda7LoC`^0-a>#pdR41&0b7N3$PpVYH`7FLPx9iUw9xl z`pP}29qqT5rR$EvRB^M@{2?#iZ6|Uu>n!;m&64(J)u13tUiQwH)zOho+ko^4z5rY! zVYc^fx)gfTLQt$ln68@OoZ{bgTM$o$0EhwPzUy&9FBD9XP6BU{=**|=&s+;UJvxoA z3TSQ>Xj^ywxC20yn-&=+Ys{f8x4!lL+0Z>bB24NbI<$pjre!Y%(md*MIbmY0OuOE> zA)3LJs2;s|lzfiLwuO58E7@l_I&v=@aeJjYTRSs04}a}#u`ABIu1LuUS;S#>5FdlW zEo1Kb;CZTh9wluO6P16RMS_`VBhwncaVl=UkXt3+@!p)5*pM@ETHASEu`sPhk^6g% zzS0x9$aws!4kWjH^WiXbd1&KqV}rWDBtPj5C=D)$y^3zM*ZwH#k#b!dNsNA$KztXTMPBldSGwaz-eAd zKFNm8OsDw7tB7Oz$m+^8!!$L7Ow0L9U{h0uLqU;J3`lbNW~-K*&`#=m^6L@^G&Q-n z0S^bj)CdXV{5pvQ-e4+=`8%(j2t8MlWSEZXGDO5^9&Pv^lS1pCk?_AWtM6<45okvL zhe`1tBVpt}vp>ke04k6G{_Fg=NrB|^|7ud)*Zj9hffVxJCPf7De`f!KSCBNgfzqoB z%VlmFaAS&FGOXToK?~L0&TSAy_qy-jF9sZ`W6t0|JBpQhP~jG&nS!S>aA#?VmRNnM zX9SAJexTj&L{&@gL{sNXN*xRTJP-8J%{U~FhEE7uYs`WVhe)sRQ}3$Q4MI^pUkZD( zU-RoXi9Rc&gj@`ZqNOUeCEn#wM7gc#ph@e3ts(Fl-&bXZ5s9Ft-{eMqE>NuQu$E(- z47b;&urc8dv${U?=B$=Ic@yp%zKr7^SEXXS%`!N&(Paa+gNSl{T`E!Gfu*__TK7^0 zkgpqvWYvNZB`4*t4G~uN=w!Z1rJ&oa9J}jDnTOmOa;OC`fyf0Q~>fb5x>b&LW~_R zlQ_Vp_bxG^RHrBG67R!I)~?Ia$-(R!K=EheWt@FCrL;d3K$<8CN9njhge37cpj?bT zqfKMCSs$#RMS<)w)@{S*D%0OuyW^ynPZ|x_$$aH)H}z?;B+$Ihtcdwt#Vd9~40DUmlX3yWtck%vx#}_?9Vo+;^_FWmR*m-w*U%5?_bEtM>m&&jm2W z|AI*b^&0I``2a5y;W34tj^OOuqv6e-`Az5!lBWaYHRzndIVH(gWSfBjALe7U)WVtQr`=#ub*j*lJx2mh9&{@16T#HE&v3- zd!9xu%fg8hKo~+24?N3iwf=q7tW~bGnf4Qg_Q+U~d=^`K|Kkh=68k4k5Ceweq!%Hh z{z7t^tPoAU4)qeGA-YA&rHac}Y{S2aH9A^wb&sl<(BS~L5Epl(b9yPhxXG|)4fK7~W`m}ab$$O%DbWM#cwAhgB zY8Kx#t+CZQ(HBW&;<#5t`x~%4bx$*fT37je^f|9hDR;jXh300h&l~DpfZ?vG?-#i7 zNmj#+a|c8Wko5Oqwald4PqUzax=SN{2#PpBTp^Nh>geTCqRW0{EdC2-)YDiKPt8lF?N%*Tn!iTp*HG z(FHHD71hX|AMqNG^OX*B6Iq0wcf#We5o|lrv*e z2kpC+y2-rwbr5L)&=$o){1Ayqz7Yhg$ll%gT`v~)2AQB4^#kFPSm-_cg=t&Z%3P@D z^3&=PS%OAu;KYb~&xg~Qv~wH1NB3D{`iuB-%3b)|J!sMFX+r2<@i@6%=Lz(;8hixT zw%|oA&DPSeoMSwAyq3i6PP{yjckC7n!-Tc3X&-C$;{d|@VOE2umyVmL93Kb)6cxTb z$=hb%85&a63KLVR7OQx{o}ig&0>zy4EB3-MUSnl~OonB2C2nVndoRm+Tncm)D@VJR zdx(Bt|J;g0y$I+qZcq8&9W8D5d09x&y4g*R9YrKYz8mrRoSiZQ504aemvK#0Un1k@bf3eSE z{(@7Roy5)WTc)+ey1(8pE+8k@-LGiMmcZq@0=+yATV`C>1Yf--CgxuY&c|d0v4nm^ zOWX9Wec19H<@h$@cS5BtIPH^Z*BoY;M$%I^S@j$(fHeCe+tEmIL@V6l=Qel((HWISGJVYQ>8ScO=5WRVy$d;#XoDlDMbTXabc6u8( z9h=Sc@{)K>SGRX9w*Z84b4+uiV)Qi8qmo2jDsey(Gv}I7e9t~%*`)GKn;e+jQl z{oi;7rPdQ{v_2SL=Btw?i?!06+=1EpdwQt^xYe4W|7iMTTzR^HCjpwTq~olL5Yadqh`W;tmiEX-j0 z8A@3sXR9_Fa#kznHBoKl{SmJ~GX0kl#v%H^i~?)zntS|fMVdvLV9QfP;+qn$ z*P;LH`Bd=!qBbCGMn}5_Prxyf4ejj%?&N0%*DEOx#LfmMMr(-TS+4DKmYm?M@43`9 z6d~-80}!Y{?A!$ZUJH|gW*0?GK5l2KYR3R&dZ{RkPEgnwq+vNsaaycnUyy*`LNh1g z_Qq3#zxo+SNjj2f*r65-?u0TdSiO^0Ad?MxGbmh0S~Sf$;!&`yCQ9lxGA|D&%r-K1 zUve;=I#5UFcU{Y^o#fAEH`YnrvzqQrWk_LUi!a$Y!32>LE`{$omN>nMHRNec0zbdA zrT>=5u9CHx9cr-$YM1U|7J}bM5bOV&STKlMUgzU||DkTO13GPc0KNCqD?!-$#=B1Q zkHcOVq$^L@1DBA6rZdM4g<|Pw>SHsM`MNC;?5Zgf3~IuwHwb5w$>+V%x^vf;%g)|0jNM6>;@jVgbB0Y@!;x+)v&G!E{3E zmx~xu9jteqED%ThRxOCAH_{`pk>_MgHRyZ!NuPwTldk(AbW0tZ(nF10WHfL@JPVn8 zx3guzQd#Z^^6*8Zy7{^*2FQE&;pu3lYP}F@XsD$>?vidw8F*CZ)@j7dl2vL?8L+z0 z8$H^;$k2&4eE^Jquds@Ww7zzR4?(5q=;-%`M{QJVu|6K;ixa9V?58_nXJ8c*+M~Co z;W&`Hqnmsb40>LqKL&_(m za2V}HA1a$H%kSS-OzFuX!M?ky!+gBeeLpKj?{VmOyO+tTD!NHR^-fLtoNhE=bKs~@ z>qUI=y=LPO1QRGz7Nl{4&E|cCcsL-C*z^0yI*njJZeW9F%mdMIj|E?(xitevusrm) zW!z;go%QaeP5WR#0Xp|`%ZtEVds;ieku9o_1i{?)Rix7i4iyEb>8)~eAdN}>9&-G=IP zFO$K0r#>VXfJHd{rXDXip}8Zbky;NYWABBZH0LIC2R~l!QDi&JzD_Z_e8juSC~^1s z9spqXu1qhVafC;ImF&gjLpsp<=oO*gm$2c%(zv^&0S0}_yxHm2GCAS70MrU8YgCID zr9?XmPhGG?xrF*}1qNpc5q(627zT~8J%Xj$rmYCt{_+etw#k{zNH|>7Xt|1| z=ZENXdxvYMy(*XOcn{WmZF0Z)d3!r-Qq91y2n!>)t-Mqnd6w*!yL(Yu0G@X!<8^#z zJD3t|d}SuukShbNCn+%rV4enEztT}4a2w&5yoNWu4fb)WlZh9!SKso%re!1)zmDqD zr6khrGkAe}gSqZmM3`(XX^jI0$hgWA?kil_+3k5mL749!Ni3tPm>NK^Vkt^>31h63 zTiNtG{l1>d%UR_m4Fv;!)Nqv)#?B|zo`!Qrj^6B^^B6}Gl)ds0N3wG+08d3ofHU;S zBvDzDTmP=+RA`TWjNhe zD$haxpkMra1dUF)BOh5!{^T%z9xn%)7ity8O$+UH{;>5bh-5)~qg@gP8q~p}WG*+m zVJgBl=5thL6|r^GcZm;-Owj3` zCEvA9Iv33)j9(TqiaiFC9#E1%D0aD3iPWIeykAMyw5s>qA5Q zv{5-jCBEB?TN8_V4cjnXuqWL{t6<7G2z=GVoo3ky0G=l~usI2qpH_$u7B}mX2y7yO z5_mHUpsA_TYrdTq5Sdsl$}l}e{zuwFV?#gh17z$prsUiTs^r1KA!0Q{Kwkd5TT8El zlk!n$Bo5%zt!RA5uFmV|wpoW4PP>@ z3Qbq9#rR8W@?TQ!v`x>$DmHjCehi|yTtIFV)_`Dk!h z zQo(nUKWfo+cM%pGTjGp{yx9GGCgO4V?wJ`YT9c=%YG=Lp_>KFb*Ih2CgP;Tg90AP_ z&m>yF#oflB%GQD(sr?Smy!la~!nQ@^?jWaStel$8Nv5^lOg-9yV)(nG;RvPN)oR=b zFipAVbxp<3R@k@$S9z$37T4}eOHnYLfgXelOh}$nwVDS9;-gXMEXg$+Y!Xgf3U=3+ z(pblsIU|Gk~VO9tILgin4O7 z{o$nUKo5Gx7>x{dsi{ptEkd8BNY;h2o6j{MT?HquRapr4&Qz~)!|G@jWA>L;FQ|;$ zbf0Q7F8qh)9V*mWMe1g{KrnKR^E4nNW`MhkPa~!6ZdMsBS&-w&S`WHv`BZN+sAKM- zJDqEmnSE;2x8#w3s^uj2=#=FP;nrGY{%(+v>udy$U;z13q1!7o7W7#0=)p`dJ&}>VaNRz~6q4B2-y>1E8@v zbx4FQS(jqhIpxKBmp3^&&I}c~M{FxZ#$RYo5^u$q}`ajjJ_=onQqm=sA7xISQ+^&N)em zZHqsDsY%%U%OM!-irV?W&gJ3b7Q0oi(&2$g=x`gHn;4e05hq1C$0? zr4`-!QBAjONl>Vx>Y%`GUv}?`caFCHHOML4(mieU9a@&Ql$mb(?r671EuOC{wIi#y z`9aLZ7Co%9l~DN$LMbVacVP%4htXq|$TKzJpJNaKLd1+>tP8tpw|hdAnl>{8C_6-3~QJ3+}9yg=3% z2&fkg&>vEnOTNW&-4aDARW8MI+d{lqTuB>yWU(^dj_;tIb51J0+(7yeiuhqK+3Xv9%R+aS2OQ@rBm?P$rk zxj{=s25es;k7GW+8izz|H&e8IJD{mkNNK7;HSo`>*g&hHk> z2X5jJz%O9lyoW($+zcTKmrR0M`XLEX&75lQj#|JRIlZ<>J0vq#+FG-ZhO><`kBM^g z*YRbz8n-RNkBEofGMb}J>za|c;|j9FTWf}a33Hl@^g`$NKeSI7LgGX*qp_vv<(-vzon1tqr-9X&=L! z?|3U@KvVr_pk);ym&RqhdrL`p&!=z;*6!m%QS+-cjKm#2Y_Hjb*k-_)gxx%gkgM@j z#ErZkx>#K5`(*+Q%jJOlmrTW2<3!PxguzmS&OLiS_?&06fBXy+R~B7S;?&vzV}y@@sQ^Han= z$)|pm*hQ4IG#_HOo16o?ueA*q9ZpjIa%*Lv;`kH9zS_vEEvACd5Sfp|OSjNRnJ9!h zp<8%6{DCt9qo|A$Iq?R50#GoKhIRaYPSf8jcmcvO%r)#5+(PX?K^qV@rTIA~&Ld|f zN0}z5t+=YF)kD6FUhSoU^)uXS^q^t|6^*annmXcfjkb!}EwhC{0%S#BRUDnwP6OyC zkREcmi6TyjYWDiiN5D6zvil#;48+zn>1{@ME$&>hEx{p-Z@G5URsxWEZJ`}onybC6 z*x)L=*7k9T-s-)76``%KqdS>ZzB0e8n-N3+Wmgbr?v% zotPLfY|kGIxaWAgaR^!UDgHi9Eq05v!+CeV+5j&ywHRPXA8n2Sj?Pit>iygf8Ba4l z3X4{{X5<{&^{Zw9Bn8k})EG4=yN)v=S$WfC?1n{DM7X-U?`y$Rko~gpF5;go6=4fU zImj~X_y8b~@OX+g2vP5Hi(00)CBBt;iduK3l%48g36!z8QBD2~*+hr*#yX znS(7O$4tHWdRf$JhMxVUpVYSt0*G z+ZPJlF0))Jf8>Na!Q=)KLIkk{c8NR5>+(()hV*Fy41n3ikq~mN=z2k2vo*uo#TV8m zD1u;YC~I6*j{YSNvaE^2gEdW}&F>gOS;+1ws7KOkO{#KpU=f){A#De{jU!qp0nB%- z0{s#E_E%p^60JRfu{8+n2%+3mtdkt;fXX_2s87=WG2 zIEk2(}lh+fN>k8evl}E@1p_<)bulw}Y>}Zzm@IaLVxgV-Z zgSW1=k#=AJJ)WXW<%6Ruil2lAG+c0YTxv)gmH8g^p}}3>Jq3jb<*>2_oQ>=o??;s} zRZ`j?y=(}1_SjS%G0ssl`WUfR@BnhW%8XjEB_*up*KelfCZouawk|!wI}uK<_(-mN9}4LGiPu_ zuXg-uRhzjK0p_o}bcL;|O1pn3-;;E(o2Sx~`7i_7H7Q}2GPwoV&JXiLhh3wS=Ttn3 zymC;ut&8C=M~EY$tbCA_(T-59&mf>)zaQo>J|}-QrV5^C*+O8>O$-D7k?*f|Z;$}( zJYUixF=JsfCikW(^HS>MNPxRwN<)1+%OVxr1n{acHT%qUTb=*?a%<)LzNRpbu7RAf z5n6Tl%wNX%e|z;mV+?GCKLYjkf8szJ*FWI^Y{h@z0Qz5kh2Q4O*Kv7tQB;{I zK{mGs?U-4wBm+!92=C3wOdlhGLomcUDzHDRo)bZZhChm33Ey5FdP=Wu_i1V$z4g@K zOcteQsre%#eQ;T}Z3}s)50;f5zbI#ewnJ{&k2vd#!i|1AmA;Q64kTF7M4_1c zk9^{Dc^B;1bA86Ofs)ZazxYahI2SQ7`0g~D)#|bD4WuEkE6@>Q67V0%0IPFSaOEXS zJHjUJ0=cUam`sB)N2|d@T`GC`WfQjYDkTwQ@T#2&C2$lr7cUnybC@ViT6JI4rBfTy_j*uK!$v!E;Z zW6-@56f4jYQiqGv6y3ipP`-e;-m3DU-3h_0T>v$c5ZHS7GXQB_a4NlgZn2k-v$#)O zxqTlJP{NDZf_2F~2~KK}0PTai=IEZJKnhS_bD8690WUW{V2fFJ94im3rV(=lMnTS+ z2_tsmXvB~NC3}*K*0})UbCtclH(r*>lL(nRdbr#H4(N!IuKk4oQVDgn# zPmWF(#IrKI#i&^lPIPJH#Ol35zU6p>y@<|Zm*+?8v3VfAC-8BmGTu6vPO#{X3~S<+i4`;nlj~xMb3t;wZc{y_V$NQ!FDq+ zFV5%Xd`*wJ-n)yoWCOg6oE7&g7FPn! zukO4M?6@huz}r`UrsIAWxJ%`iW;3%)7;yo)X9(x6NWx*prAG7(uYdYq*Ch`t@MnQ* zYON^&ziND>>)pdhf21B0_|_D(AZwg4BxhE$a$=#mP?bcEX2h=U51Z){8|>d5x8=K0 z^_=h2Dp->G9p9(WVGX_Es#G1uWZCwa8g_U;k*%4MO~^-JE_=}~_G{9e=%Ns=*mIFf z9F_}#)cA$Wb@uXuC7r<6@$`~aTh}UM_PD8>?Mj%qm+W?vrGhgK>()A4`h!Wy4z0s= z-;&W2KD@T80hba7)RcjC)`F_zO?ti{iBabHV0Z)>6a99pcv@YC=pwaEm_>dl!EuIA za6l!8Oq<6anawmrd`j2K2$=^@S-ae8eP|3os~4>d&#-|m|ylbv~#4(@J&eNt>D=J+4flt9BFDY2&-CCgu zkgZ%YNU)ef9+SeCfoFN{tQ@&-cfGy{J~LrM3ET4hQ#Q6M^?0%DQ?HJ^YmATJ?Borc z!bhU)#}}7tiK1#xuV2j)TxT@~#N@jaSdl3cqntrNKTE!Os^o>~rC}WYhbh^<8&W}L zqlN4bh9Dyn6T=&}eKJ`cYo_1J4!#=>(kbV{!kqAmq6>*=Oh3DtY;F3p2xN7i$}ac^C`3q*f)q)wTg(HbV`|h}y+k>14L@(=(D`xu#hkv}aL78E@#Qt-vJ!#r#!?Q3u;Gwk`Z|ghMaN zuTD?eW0+`Cq{n@LOO5%;!4m_4Zr?rNgHxEpYtFFR0_!mh0X_$a;bJ=#yxD%0QaiF( z>UztoRrrWUvM;l``kJap4q-U>gH5qC+cmlwXlr+hpfr6^dy2C>Xbu;0?fd+&VP^HP zVz|1RkzbUn(B5P&0-^=QA{H=EIT)T+MzW6RKq!+vptaT>1n{0FPEPdcf#TBbXUCa$ z9<<(DnFRgW!V;%ZuWGU4%N$8yHTeOx#!_>1^DKRA!K(M}=M(EOdzDDn{MOCmFY#jneW! zH-wtFDq-${!RuqjRhGkke3INA4Ba+zTCER=QXBlh`-po%^HvVP5AT3pY-4~Yy5x)b zI-u+Q6e*hqf=iahQUZmsOp%_67(6Mb8A@^Lw-6^JIjr{Fn?aP5zV7)zNta+L1r>c9 z0pcCGsyrs(&wmsc9dFst^ zBV!vYwpg11N3GU&Eq&3U?7ilxvqlZeP9#%fxTHh}P_!omleHCH&7)m>w1YRXbts5w zpZQT3xdQQGfyc^Tf%6JSA!p=!jaR-GAASHwp5RIE@Q5|C$4ZJdA)zLRmI$}m0zy?Y za8VzID`^W1hS22{m4EUpF&%37(#(U8Vxt{2mc_Qc(v3EQ)&MS188&GG;cYMHwip~Q zawb9ZbYNWGI_<<}8V;to%MtQ&XC>(2X{wOu@auB|%3s zk)l_z4)*09hgI513)irE!2rd8)*Qq-8u$6wsXm%r{DP((f*_q6MXa&cqBPJSDk7aI}iQ;NQ5_ z%DUKkk=1#FbUCMvHFVAyr9*8YV38CkYChAq&iiB0EfB2}r+(y>V{n;5tsQEp|A$hcG&mv~G^}Tl78PWShG>}h_KJ2yY53hCGi1V_$OUd}OyInHlxCsT z8aT1I9jDW8B79C*tEdeq?fZ{YS2F6_U~sr%@BU19TA9F{-?&9eP4*;7qSwimHZJcL z#mde{Tpo{-@*uSYvGUG4sRHgn5>F8nLoV=059Id_vI8W1cY#Fdj#-6@i=;Viq6L+% z_?nvl(2U1*O`F*T8Xc|V+#4me)K#4M0 zCET~b?P2T4id^M<w$EOt&7)a4W(Oj5$_?ZjDYMU;q<9=_cBm1D6wcVQcL(wvBNE` zHl;49twX^TqXU2aU3ul-1S<9bP6HXou)-L0_n0=tVk;swNsuej@866QD&yPC44 z_0eF5D8RF3|{3wD&u2#!VaR zW}x?3%r%V47O%;Lf@+$zyL&iY&_YsO8a1d0ZC93<@M`)=mHd89*7C@zyfTi%8MbKe zLiS;DS9ce8Tnky61jWJiNazhP)2?+8AORrvEfR?z9Vy0k1ZjcnNwQ8BUz zW;zt>d$t@4l7xHTKva5^>_&7u(Mo&MbS2_2ROx9+7IV~jN|aa_H)PCUP_%!Mni6xR zxT=G*j0I?&VqJSn=&2xRU)5K9pc_ag%ThJF{W(A9>`*h+3{f3YMF)-xVLPPSj{|bB z;d0&_`@|6FDXv{D#kE{u>{_3jmioBs?k+OrIA@TVc+UP}bqzJnT95dHu+CJxPsL5S zu^oGAj7Ocy)mA~bSUz$XGD~KtA^qX(Uo`?kqId)VE5&c6S(FWB1{wA z*KrgYJ&E%9YpCQyZx#2zNPu{uv6d+=ON#yk#%YNt1DRfRFYzLL*fn~+djl#Z-)p^l%|{7Z;Ds~Y0W_@TF> zi+o};Gw5>y-_lUp)6^O_9+Z9QZu5 z{+p{5vJ|_Og}VXF2kU$Q;J@6?Nzk19O_fAFDZtq~<+{8D|aGU5sPscxy=cIar*F|d8` zCf81rtz#YpV+4rl>uzp2mhn>?^HChFPI0GB>SUz^j4E&cgb0ofjE5hRjg5SQ zQ|Ar`5jyf6=mfjfOLfK1&i;%DNyX*J-j2ftRKftHZhT^x7rP@pmoYncAODpEjlGn#=sw!_k1!k%^YXwZd&Z zG#Md>;X;-;d**bJjQkzp#J*M-n8-$;i28eYh+JIcRqioWt>7mtNc<*x!s`#pOsOyN z^?fvmp-{_^mnQ46aEX(~&s*nz29R?3zAQVvu#k}=#944c2o`I#>nR-)vvz(6(2DI% zI&#m&9>b!|O|pAcR&X#`7)^?rJw*U>fuq#!ei13WX{W)6fCYP;q36>BWlw}3hD*L< ziLVD%?KnFhiaUgZtK-FK!BA_m>S2-Klvv#;&UiMXN*a}iqoKbLnk$EhOMYtUDHl($ zVHk`=@Mkv;#BxWBJokeq%KBPb!c~86x~?m~{mJUZ3~waP(yA+WNg|AqEY@ZCAfa@4 zQTaWxT0S<-_{>OYq_?%!u*7n#aH-I*7{oygFGxuXPk6Z|#NIovnJBpu!)-RvUfXK7 zJR)R9cEpHs++!K?o4gLU7EPp}nZz1`^zS~G(3!? z0C-DKurn{5xpB|l@lT|O)yYUfTQ6RK}tnskhU{Ol6WKWf)gE=+I-+P!IbRKPL zWUN4$>)7fr34epH%y;npXQ7(t_&Zdy{EtxmH~13#)s8U+1E>cB_}BOEPz@IHzYWzy z$Nvu1U@`w!s3!Q{L<7_J;DoI3#rWYVthq>Vh2Zp&$-o$9M4gWsl9Di`Lgh=Aw=uy- zS+65bM6C#<@)%UiJuy=&TyF*$%zolbzOq28V!42N-vKVK31u+;OLV9e=-G;Iz(LAD z3fn+|I_n9NRz>UNBf(qniy4tEZUc*k{NYf;TNN$(H)sDd9?~w`4|4FYT(Pbi5x>2g zEHf^IR*QIgT6Ppx8{WMe9jgzv%eTnzR4M-7m~ZozA!EVd8D=@{zzV~gG!nrL35ybo z6MLQqCfLL6ytU#5pSqg?c}0BJ%(zz(P>YtBL$L5P;jF(+CyX)Gb- zJwi~LuJRf!;@np{I1Z9*V~2F{X=%Kwbvu6^yOK=h>Ae!t1{VS1Hz4KcJOqqq>>=AQ zps<;(@$i9`^WRoZPq5(KhQMxSxk8rG=8FzAJ#oIb&elB?y>m2B=Ba^&xRPn!=7x9; zo?{$;kA+!?pA*a8pc*!>H4#vRl|WjB$dX{sYTME|DW9Ic?un&b zl4SMsl;yA`j&~W=$urGM!<_s1wHu^}Tg_k!GkXG(K}mX1Th1S1HKQuJO$p!hVt9MN zK(r>w?T^A~E0LevY)dCk5d2TjkrCS9yzxw`{!Rr9e3hezSBOlX+EZ}ZQ=Pp%Q4&co?ef$}w`|#3CXNFr9(=nURmte;dHzMa;o%a+T7*qIbPj;D zXGRI44`C)ngy-2tSug{(!v?BAz~a-9l*)8Dg!RT)N-&`u4^dDrOYo_uTKAHYK&kE# z6NOY~Dj&Zxb7K}wAgU`@Xuf`x_XNFg6m%VvZtge z{b%KOalTN$m;op=d_}(dPm10j+oQi zc`OD|3a5}W+z*W{>$R{lrKP5@nF1u4g4|CX+YQpl*FvqDzE>I%Ixtfc4 zM~ex)~=TtdGF&T zC5 Date: Fri, 23 Oct 2015 15:04:26 -0700 Subject: [PATCH 08/47] Add missing pcap file for tls dpd test. --- testing/btest/Traces/tls/tls-early-alert.trace | Bin 0 -> 8209 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testing/btest/Traces/tls/tls-early-alert.trace diff --git a/testing/btest/Traces/tls/tls-early-alert.trace b/testing/btest/Traces/tls/tls-early-alert.trace new file mode 100644 index 0000000000000000000000000000000000000000..b91b50691d17ffd3b17b50c9b80e1dbfbd133fb7 GIT binary patch literal 8209 zcmds62{@G9+ka*?#y(@szC~quX6&->JCPz=*%d}(gf_<7hA1V;u1FH1h3rLmBMBAS zETw26QQ>pn>Jj;vxVb zph|-Ax-BFz9AE`~hYPUw&{#rL7^&fob|Vfj1OS~Gln$VSy#dr0Vjt;uMtU@Peu=RP z>nVgAUqLP|aw7o%iN;(-pimeD0*BX~p&G&O(9m-jokyP$FoWuF`HuU2j3smpXaE4j z*5P1ec!V!8O`dIw`$V7-in0l+$6MZhM@J)Z`0W;vOfWh$5*9{210m}{sBrnqycNgG z;CVN@u9|ldgf1G%&dw$D2C~5S`6j~1Fk*@UBOnBs1um-*5$r@y7%{!;w}`y#T&IUu zB66b;Kp%wk0EMcUJZg2T!A9unmxS}_$3L@qr|7mSsPnuoIy>phY%5nLVktcO81XiA zU8%@L!zAM}tyZ%&!$F2#Ux|FX>PFvp#{=B;8|vlj@%4=L#ClFZ0Z;?v0VMzr!PB6* z5&;eXVBP8E?d?tt5A>qSc~Alt5wM5x01m(cJOD4i2QUFh=!rN0D8PN#p{HC(UotK@ z$TM7CL5_s;rO|@qNpd6r17M(r(1!)!1~}0O3<8TlBG4!d3X4Lb&`2Z_w$^1={7?J; z#j}cEmpt3dw#u`jR$&igBiVr|S^n?Vf^07ec{LG6Orzj|aSX6jRwH5tz9L|*)O!CN zVq@M}dJoQ23mrSbzoGu$q^^e;P*6IU$ zz=>X`qp@31CU0@X2E*phJAdw7cDb%P) z%}tO6%eX$yBUhj2U+0?j>w=(_1jAc+(9CO9Pkqc zBHqq}LZbzH?(p{_tpR!Ahj=1~F~wkqr)N0qP8ku?Ko2>R0!V`2F%j3p-cpyB_wb_9 z{Ji}x{^UY@R*4HS4)fQ;VKz zDn*u2V64-mCT&NF(bc5WD(AWeW|_V@JEkVQH;Md~>hoZq?U!>Tx|3`X$NCRr?t==r zJ?>T5g{i>31#$H@w;K!6u@|>E=$#tu;aKa$75GPs96{7y$fHu%mbK<)duL353cvh& zbI;T!E|xCgc;lXO_OH_#<~|>3j3*@KJ&Uh=sOcEp-Y#>D7|SSm$6N7CkN-JAT~9$t zKT&!z^Jx>DZ|l{MIww-Dv|B}?Um_v3LF7dt>LH8NEO}3mh(Ii&F(3-E4k!p2Ur-Xw z4RT^}8?X>N8BmCy-;hhZ6l8o~>p|)4wb>GJV#{=+`mbP_k7qDR zmZT!*LG=gi;7%fF3(yQS!7^=+GeN}72Ot=D5TF{UvOE|P!M$M_>nHjCmb&sFJ#x7x z0)eK1R8V5M4kF@se;`pjf`e8}3pD%L3K^&M561KHbn^?Oc~JwrJpCY2LhGU}5m!(g z%?olza?W4cK|bMc*!yBK)-CuPOqU+pm43%6G zMI;(?k9X#5)SSDn-auz|=?ocp-`-MTmd-V&ZGUL{IjZ$(R~fPJ`jffnu?B}{*@8`3 zx@LxlntRWZ4~y6AII&nJ;C$-IMDsYq%$W0}W$^Y`=c@3Xy7$Z_*rMWb9;wB7g(XL- zHr(WU^tS2NNh7*%EA8tEuHr_S9)=h4FB=LU4zN=|)Zf z{Q}bOAutMc=eveO`)8HqL64Q{{X@a7H={G3o*8746cQcsT6a*X zuxRs}na^akp0)O=CGWm2IK=g3P6G+Y)-&JIL*Kigjh>l|{CM%5ZH}M!7Q8D!`Y=7=--p9(OsT+Hf8!n7W%4HNz5WE6+ z&JYajg22?Kj13MOG;uVukF}ew)WvsMNIC4PRJwhxl!r9Slr&jFSH>L1rFE*8O2*fl zj$fGf`D~bYx`R{gg>r1=!8I!L+%vm5(rF;~0`X*?b_|R4vWSx*5tsW#Cw{9sa6Da> zrS9e{-N`)`9J?!av}@)p3>NO}c?lBW21`Kz2Vx;@hq6CN*nh}Bq^44!Bq+XIht!nk zZ`2etf`Nq5+Mp)5FeVbk>MXC zH7i3F0=sJSF3DzhT>aZyb2(K$lip0ZSaq~bA{X_N87 znbVL}U77OOu);7`_ij(0ftA(`+Mb8GM0=S#@p+YJE@5NhBSNs>>NqV}I|7@ZYF;Dk zo__UVla83Q=`%s|_(H`FZ0;ao+x<9YPm~gc5*qmCW2{Y@Yca~MBw5@;m^wLiyob3{DA`lQK9dwDO{b zQmDH~JRld`3QuHRZuLX-l$NpuNc3cuUx+M=o(;v{&m;U-v_Df!NKRqp*9`je6tViu z1t{JC;WO8#rz_7~4`bUF<90`~vsDwWe^-7e-|vS`5@ImoW9q*=MWB{qiRa2#61RIf zmefHfANX7dqrs;Lc+Du{a-snzwtFBW!C5z)mCKVvK%t*WKO=&h!!OXAqVsE$C52Z6 zmC0%(73ePrEBvq3|C=xqg%J7G^WW2F7C3#zEv3&x=laIC@|xy2z3Fo^i5ssSTpWJq zBQWjdTd{R_wrgnh#97nVL6MqUcs+2G#~(Yov?Gw4#Wu6|m(zRdLp04JT0)z&!iv|R zDn)k5@7z#!`_RGWYN0C){f1JMiz*JEToa}$Tb<|8_DV~6vOdrycj3@8 zrlE+D1g__A+SMPvAmkEd`x8su2%6bA46e$#z)KZvct$91`*zxG-2$pRzx!=rirX5! zTI43L!pq{kJHLgYiYy}{o4yop`SYxK4meCFzjH9A~hoB8tPo7*oP4kx8#Z7tj_V{)Hf9xi+dtHgK3iq(Oi zvm%XtA1&0%a5p+D%mB~Jls2$uuNMnTKx8u$LZH3GSZjA}sCfrAv}=0HE@5+GI_Hr? z;)R>uM_Uvt)fpXB8wkn2{A%6TcWO!2_C5ge4H$(SgNh9j^2F*pg#VyE|J%%hwNFhA zQaxo5B&jJW!j}fWR{t0G4Xpe_kn$U%fTgnf{s^V=6%8wY!>YT+V|+`>&kIbk&{rz| zKaXeszP;#Kzxp3mX?g;5k8~Ib@${bh?zWNQR>u_kzT$ow>)hm{8GB<#FJo4W{lJ?v zWesOLmj_^{>f2kohbJWU7$tV$T`Tqv+R9pt_Vgau=2+y_V@i~juoSSNR5rwJ-ng)P z_<^(DT;#LlHFzgAWuGZ+`~CddSKT~=6<=N@)Wv(wJ|--xNHtXGSHIgADChTiDLMUh zdhqEKn%Bk%8w$nd3QDKE*G-j`7}>^Px7Q#qceH(0^%JGZYo?lGzsCM8 zcDG)u%jSggbDAU`)#B;Jv*J87IO{MGuNoKSiJqI1C)?=!JF-ZD3?V{|MOJDe$t)xb zv)MXLwbXR@$`s8CU4z1#N-X$aC1@%3aDpaK{nrF7NdQXFZsH-BAJ^$2=PCrVEACnHiTc0?V*-k)z{#?}&v>_6YSN7a0^$f=eK_L(@ zpfo%+_+!`S*l)5+)emLF+;MI`)7Y|oF@*f$*^~Wqx7@8_*E_)$>NtuAG~pX&sH|QO zQoefvUe9BxmFww6wJkyxg4WY(@^d{y@OpS4I?pVP4L#qodF$lk=(L1;F@GGLp1bbA z6_b*dBf&d^ySnYt`j88%;d9$7;~MvS**3}Zm0ibub@{Q^NWvgs=6bV}0Bt_u^Kd;3GNmrMvwPpM}y z<*Xyv66FYMxv^tc+MmtEU)wAg8DMFQ-D$MNLRDzQOM;7>{p~otjtrdRQ{1Lkz)=a?^X+ZT;}@W{oZ^ z>q$3EZU4xoFSjm@}EQ)xtd}9J~11O6^H}6jQ_NgSsYmhbwcxos}HD+Cm+1SubF(GFAGeM4Pt+g`Il-S@xPYzpGE# zRO$K6yqZ2yHwA9XY3sF&8~3j_^ZTe{CRIvDH~0!kRCzER*B2U1jf;ONINB05e(Jz@ z1S?12yoyQZfjjh`=S}AimYO?W?khU-y2)b8G=ZUm>)L)&@~6&e_QmzKzEty)wF&zE zJ45>PB-t`KKl+K~c?)?upMlAglg$KdhRz^xSslX=Mqe>-3~QWSd3s3_unOx%MM5#G ziTgX5AR?(lrY5}>sW$rnBwetxPqj=;HoEeg=9UM~& zU0$<1%o62!qC%YFYm!NzZFC}Eu)LhLAw}Az8bOhYdml8!q%X`h@Ek~p{;2Dw{O0cG z@C9#yneK$j`~(44p3aDxc%ucYqKu679Bd|q#V&m*u>uk2vE_co~=WmJ* z&lH{@Po-7z`0++;Jnm$%v&`mN${$@FwYB3XF2W@}2to9nx@GEvH^H}Az<8oGEeG8Gi2=x7pE4(%YNdWNT$AZ4P z<(vxQdza|r#JfK*&_%$o%K79(B|@UMK>V5Y13>{=8o9VQ*!d12GNy$ zZlBZHYK^CXuA6K~nbM@hm``F}l`l?`T!BSGa#xT@!F=7+(LC+mhWBrC?s}h_zb)%* zd`NzR$=ooX=XgfdQCR6De=PIcW2UtpqFt?{A}w#s>x_-`w3=T5Lf7vcti8;^=bE=k zxW8gJ2@Ht{ZxQDFf{EZBbSQkNnslap?o?4r%(n%5ON*!vF9uSE*D~##Hy`c_3mbQ} zE>|uu$m?xHN1J5l84d8w7&Z9_89Y;5RH(kAB=vg8m7U|B{@_{7b=L)iO)A&*minO$ z=tI`+@>Rlr;Eft~Uls2(4{UJ$yyx)qMp?nEP^r@4Yi$7$%q`Dy_?xT?BZ`P^G6qPk z5c)0OGS^oXdrSDr=10`o>#c^#y0>CqQ8TJdr53WbqR*QLa$E8@Ww_^v2DG1>kJmfm zSa^n4d3KsV#iV}V(i2kT_R)_ Date: Fri, 23 Oct 2015 14:29:58 -0700 Subject: [PATCH 09/47] Removing pcap options for AF_PACKET support. Turns out that's not working. Addresses BIT-1363. --- CHANGES | 25 +++++++++++++++++++++++++ CMakeLists.txt | 1 - NEWS | 4 ---- VERSION | 2 +- bro-config.h.in | 3 --- scripts/base/init-bare.bro | 13 +------------ src/iosource/pcap/Source.cc | 22 ---------------------- src/iosource/pcap/const.bif | 5 ----- 8 files changed, 27 insertions(+), 48 deletions(-) diff --git a/CHANGES b/CHANGES index 77b404540f..2c02956e6b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,29 @@ +2.4-184 | 2015-10-23 14:33:11 -0700 + + * Removing pcap options for AF_PACKET support. Addresses BIT-1363. + (Robin Sommer) + + * Correct a typo in controller.bro documentation. (Daniel Thayer) + + * Extend SSL DPD signature to allow alert before server_hello. + (Johanna Amann) + + * Make join_string_vec work with vectors containing empty elements. + (Johanna Amann) + + * Fix support for HTTP CONNECT when server adds headers to response. + (Eric Karasuda). + + * Load static CA list for validation tests too. (Johanna Amann) + + * Remove cluster certificate validation script. (Johanna Amann) + + * Fix a bug in diff-remove-x509-names canonifier. (Daniel Thayer) + + * Fix test canonifiers in scripts/policy/protocols/ssl. (Daniel + Thayer) + 2.4-169 | 2015-10-01 17:21:21 -0700 * Fixed parsing of V_ASN1_GENERALIZEDTIME timestamps in x509 diff --git a/CMakeLists.txt b/CMakeLists.txt index 846f2b484a..b96923aa56 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -155,7 +155,6 @@ include(TestBigEndian) test_big_endian(WORDS_BIGENDIAN) include(CheckSymbolExists) check_symbol_exists(htonll arpa/inet.h HAVE_BYTEORDER_64) -check_symbol_exists(PACKET_FANOUT linux/if_packet.h HAVE_PACKET_FANOUT) include(OSSpecific) include(CheckTypes) diff --git a/NEWS b/NEWS index 0ef4c4bbe5..8633d7aaf1 100644 --- a/NEWS +++ b/NEWS @@ -20,10 +20,6 @@ New Dependencies - The pcap buffer size can set through the new option Pcap::bufsize. -- Bro can now leverage packet fanout mode on Linux through the new - options Pcap::packet_fanout_enable, Pcap::packet_fanout_id, and - Pcap::packet_fanout_defrag. - New Functionality ----------------- diff --git a/VERSION b/VERSION index 622ec2383c..208274b761 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-169 +2.4-184 diff --git a/bro-config.h.in b/bro-config.h.in index fd24a1fe30..755a9eee98 100644 --- a/bro-config.h.in +++ b/bro-config.h.in @@ -213,9 +213,6 @@ /* Common IPv6 extension structure */ #cmakedefine HAVE_IP6_EXT -/* Linux packet fanout */ -#cmakedefine HAVE_PACKET_FANOUT - /* String with host architecture (e.g., "linux-x86_64") */ #define HOST_ARCHITECTURE "@HOST_ARCHITECTURE@" diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 2d8a20e7a3..94b6ed33e5 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -3707,19 +3707,8 @@ export { const snaplen = 8192 &redef; ## Number of Mbytes to provide as buffer space when capturing from live - ## interfaces. + ## interfaces. const bufsize = 128 &redef; - - ## Toggle whether to do packet fanout (Linux-only). - const packet_fanout_enable = F &redef; - - ## If packet fanout is enabled, the id to sue for it. This should be shared amongst - ## worker processes processing the same socket. - const packet_fanout_id = 0 &redef; - - ## If packet fanout is enabled, whether packets are to be defragmented before - ## fanout is applied. - const packet_fanout_defrag = T &redef; } # end export module GLOBAL; diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index 98be670e7a..8158266f1c 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -13,10 +13,6 @@ #include #endif -#ifdef HAVE_PACKET_FANOUT -#include -#endif - using namespace iosource::pcap; PcapSource::~PcapSource() @@ -156,24 +152,6 @@ void PcapSource::OpenLive() // Was closed, couldn't get header size. return; -#ifdef HAVE_PACKET_FANOUT - // Turn on cluster mode for the device. - if ( BifConst::Pcap::packet_fanout_enable ) - { - uint32_t packet_fanout_arg = (PACKET_FANOUT_HASH << 16) - | (BifConst::Pcap::packet_fanout_id & 0xffff); - - if ( BifConst::Pcap::packet_fanout_defrag ) - packet_fanout_arg |= (PACKET_FANOUT_FLAG_DEFRAG << 16); - - if ( setsockopt(props.selectable_fd, SOL_PACKET, PACKET_FANOUT, &packet_fanout_arg, sizeof(packet_fanout_arg)) == -1 ) - { - Error(fmt("packet fanout: %s", strerror(errno))); - return; - } - } -#endif - props.is_live = true; Opened(props); diff --git a/src/iosource/pcap/const.bif b/src/iosource/pcap/const.bif index 8b6d0b9017..877dccef74 100644 --- a/src/iosource/pcap/const.bif +++ b/src/iosource/pcap/const.bif @@ -2,8 +2,3 @@ const Pcap::snaplen: count; const Pcap::bufsize: count; - -const Pcap::packet_fanout_enable: bool; -const Pcap::packet_fanout_id: count; -const Pcap::packet_fanout_defrag: bool; - From 88a4683d226ebfb208470f6237668ae8f151b42b Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 26 Oct 2015 13:43:32 -0700 Subject: [PATCH 10/47] Updating NEWS for new plugins. --- CHANGES | 4 ++++ NEWS | 4 +++- VERSION | 2 +- aux/plugins | 2 +- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index aba78139e0..fd9ecb4d42 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-187 | 2015-10-26 13:43:32 -0700 + + * Updating NEWS for new plugins. (Robin Sommer) + 2.4-186 | 2015-10-23 15:07:06 -0700 * Removing pcap options for AF_PACKET support. Addresses BIT-1363. diff --git a/NEWS b/NEWS index 8633d7aaf1..cdb76383a1 100644 --- a/NEWS +++ b/NEWS @@ -38,8 +38,10 @@ New Functionality - New Bro plugins in aux/plugins: + - af_packet: Native AF_PACKET support. + - myricom: Native Myricom SNF v3 support. - pf_ring: Native PF_RING support. - - redis: An experimental log writer for Redis. + - redis: An experimental log writer for Redis. Changed Functionality --------------------- diff --git a/VERSION b/VERSION index 916fed7c3c..17778c1f5c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-186 +2.4-187 diff --git a/aux/plugins b/aux/plugins index 9b7943e1a6..4354b330d9 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 9b7943e1a61062005f01b48eaad11bbb3b7ae757 +Subproject commit 4354b330d914a50f99da05cc78f830b5e86bd64e From a83d97937e2a201065e80374138ab4222f132b36 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 26 Oct 2015 14:11:21 -0700 Subject: [PATCH 11/47] Extending rexmit_inconsistency() event to receive an additional parameter with the packet's TCP flags, if available. --- CHANGES | 6 ++++++ VERSION | 2 +- scripts/policy/protocols/conn/weirds.bro | 6 +++--- src/analyzer/protocol/pia/PIA.cc | 13 +++++++++---- src/analyzer/protocol/tcp/TCP.cc | 14 +------------- src/analyzer/protocol/tcp/TCP.h | 16 +--------------- src/analyzer/protocol/tcp/TCP_Endpoint.cc | 2 +- src/analyzer/protocol/tcp/TCP_Reassembler.cc | 13 ++++++++++--- src/analyzer/protocol/tcp/TCP_Reassembler.h | 4 +++- src/event.bif | 8 +++++++- testing/btest/Baseline/core.reassembly/output | 12 ++++++------ .../Baseline/core.tcp.quantum-insert/.stdout | 1 + testing/btest/core/reassembly.bro | 4 ++-- testing/btest/core/tcp/quantum-insert.bro | 3 ++- 14 files changed, 53 insertions(+), 51 deletions(-) diff --git a/CHANGES b/CHANGES index fd9ecb4d42..de80e73dca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.4-188 | 2015-10-26 14:11:21 -0700 + + * Extending rexmit_inconsistency() event to receive an additional + parameter with the packet's TCP flags, if available. (Robin + Sommer) + 2.4-187 | 2015-10-26 13:43:32 -0700 * Updating NEWS for new plugins. (Robin Sommer) diff --git a/VERSION b/VERSION index 17778c1f5c..64502bd1aa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-187 +2.4-188 diff --git a/scripts/policy/protocols/conn/weirds.bro b/scripts/policy/protocols/conn/weirds.bro index 9d6730819c..8710635418 100644 --- a/scripts/policy/protocols/conn/weirds.bro +++ b/scripts/policy/protocols/conn/weirds.bro @@ -19,12 +19,12 @@ export { }; } -event rexmit_inconsistency(c: connection, t1: string, t2: string) +event rexmit_inconsistency(c: connection, t1: string, t2: string, tcp_flags: string) { NOTICE([$note=Retransmission_Inconsistency, $conn=c, - $msg=fmt("%s rexmit inconsistency (%s) (%s)", - id_string(c$id), t1, t2), + $msg=fmt("%s rexmit inconsistency (%s) (%s) [%s]", + id_string(c$id), t1, t2, tcp_flags), $identifier=fmt("%s", c$id)]); } diff --git a/src/analyzer/protocol/pia/PIA.cc b/src/analyzer/protocol/pia/PIA.cc index 1adeb54a2d..7d73624dd0 100644 --- a/src/analyzer/protocol/pia/PIA.cc +++ b/src/analyzer/protocol/pia/PIA.cc @@ -1,5 +1,6 @@ #include "PIA.h" #include "RuleMatcher.h" +#include "analyzer/protocol/tcp/TCP_Flags.h" #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "events.bif.h" @@ -348,12 +349,16 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) for ( DataBlock* b = pkt_buffer.head; b; b = b->next ) { + // We don't have the TCP flags here during replay. We could + // funnel them through, but it's non-trivial and doesn't seem + // worth the effort. + if ( b->is_orig ) reass_orig->DataSent(network_time, orig_seq = b->seq, - b->len, b->data, true); + b->len, b->data, tcp::TCP_Flags(), true); else reass_resp->DataSent(network_time, resp_seq = b->seq, - b->len, b->data, true); + b->len, b->data, tcp::TCP_Flags(), true); } // We also need to pass the current packet on. @@ -363,11 +368,11 @@ void PIA_TCP::ActivateAnalyzer(analyzer::Tag tag, const Rule* rule) if ( current->is_orig ) reass_orig->DataSent(network_time, orig_seq = current->seq, - current->len, current->data, true); + current->len, current->data, analyzer::tcp::TCP_Flags(), true); else reass_resp->DataSent(network_time, resp_seq = current->seq, - current->len, current->data, true); + current->len, current->data, analyzer::tcp::TCP_Flags(), true); } ClearBuffer(&pkt_buffer); diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index 258fdfcf58..8b3876c7ce 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -946,23 +946,11 @@ void TCP_Analyzer::GeneratePacketEvent( const u_char* data, int len, int caplen, int is_orig, TCP_Flags flags) { - char tcp_flags[256]; - int tcp_flag_len = 0; - - if ( flags.SYN() ) tcp_flags[tcp_flag_len++] = 'S'; - if ( flags.FIN() ) tcp_flags[tcp_flag_len++] = 'F'; - if ( flags.RST() ) tcp_flags[tcp_flag_len++] = 'R'; - if ( flags.ACK() ) tcp_flags[tcp_flag_len++] = 'A'; - if ( flags.PUSH() ) tcp_flags[tcp_flag_len++] = 'P'; - if ( flags.URG() ) tcp_flags[tcp_flag_len++] = 'U'; - - tcp_flags[tcp_flag_len] = '\0'; - val_list* vl = new val_list(); vl->append(BuildConnVal()); vl->append(new Val(is_orig, TYPE_BOOL)); - vl->append(new StringVal(tcp_flags)); + vl->append(new StringVal(flags.AsString())); vl->append(new Val(rel_seq, TYPE_COUNT)); vl->append(new Val(flags.ACK() ? rel_ack : 0, TYPE_COUNT)); vl->append(new Val(len, TYPE_COUNT)); diff --git a/src/analyzer/protocol/tcp/TCP.h b/src/analyzer/protocol/tcp/TCP.h index 608c06a5aa..e5589b01a3 100644 --- a/src/analyzer/protocol/tcp/TCP.h +++ b/src/analyzer/protocol/tcp/TCP.h @@ -8,6 +8,7 @@ #include "PacketDumper.h" #include "IPAddr.h" #include "TCP_Endpoint.h" +#include "TCP_Flags.h" #include "Conn.h" // We define two classes here: @@ -23,21 +24,6 @@ class TCP_Endpoint; class TCP_ApplicationAnalyzer; class TCP_Reassembler; -class TCP_Flags { -public: - TCP_Flags(const struct tcphdr* tp) { flags = tp->th_flags; } - - bool SYN() { return flags & TH_SYN; } - bool FIN() { return flags & TH_FIN; } - bool RST() { return flags & TH_RST; } - bool ACK() { return flags & TH_ACK; } - bool URG() { return flags & TH_URG; } - bool PUSH() { return flags & TH_PUSH; } - -protected: - u_char flags; -}; - class TCP_Analyzer : public analyzer::TransportLayerAnalyzer { public: TCP_Analyzer(Connection* conn); diff --git a/src/analyzer/protocol/tcp/TCP_Endpoint.cc b/src/analyzer/protocol/tcp/TCP_Endpoint.cc index 846eb6d9d1..7c359623f3 100644 --- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc +++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc @@ -204,7 +204,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen, if ( contents_processor ) { if ( caplen >= len ) - status = contents_processor->DataSent(t, seq, len, data); + status = contents_processor->DataSent(t, seq, len, data, TCP_Flags(tp)); else TCP()->Weird("truncated_tcp_payload"); } diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index bbcd9cb43a..5b88d2dafb 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -433,8 +433,13 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) { BroString* b1_s = new BroString((const u_char*) b1, n, 0); BroString* b2_s = new BroString((const u_char*) b2, n, 0); - tcp_analyzer->Event(rexmit_inconsistency, - new StringVal(b1_s), new StringVal(b2_s)); + + val_list* vl = new val_list(3); + vl->append(tcp_analyzer->BuildConnVal()); + vl->append(new StringVal(b1_s)); + vl->append(new StringVal(b2_s)); + vl->append(new StringVal(flags.AsString())); + tcp_analyzer->ConnectionEvent(rexmit_inconsistency, vl); } } @@ -461,7 +466,7 @@ void TCP_Reassembler::Deliver(uint64 seq, int len, const u_char* data) } int TCP_Reassembler::DataSent(double t, uint64 seq, int len, - const u_char* data, bool replaying) + const u_char* data, TCP_Flags arg_flags, bool replaying) { uint64 ack = endp->ToRelativeSeqSpace(endp->AckSeq(), endp->AckWraps()); uint64 upper_seq = seq + len; @@ -492,7 +497,9 @@ int TCP_Reassembler::DataSent(double t, uint64 seq, int len, len -= amount_acked; } + flags = arg_flags; NewBlock(t, seq, len, data); + flags = TCP_Flags(); if ( Endpoint()->NoDataAcked() && tcp_max_above_hole_without_any_acks && NumUndeliveredBytes() > static_cast(tcp_max_above_hole_without_any_acks) ) diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.h b/src/analyzer/protocol/tcp/TCP_Reassembler.h index c2ed0175ca..2bd8a5eb5d 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.h +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.h @@ -3,6 +3,7 @@ #include "Reassem.h" #include "TCP_Endpoint.h" +#include "TCP_Flags.h" class BroFile; class Connection; @@ -61,7 +62,7 @@ public: void SkipToSeq(uint64 seq); int DataSent(double t, uint64 seq, int len, const u_char* data, - bool replaying=true); + analyzer::tcp::TCP_Flags flags, bool replaying=true); void AckReceived(uint64 seq); // Checks if we have delivered all contents that we can possibly @@ -110,6 +111,7 @@ private: uint64 seq_to_skip; bool in_delivery; + analyzer::tcp::TCP_Flags flags; BroFile* record_contents_file; // file on which to reassemble contents diff --git a/src/event.bif b/src/event.bif index 456de20b3a..ff6ec059fb 100644 --- a/src/event.bif +++ b/src/event.bif @@ -305,8 +305,14 @@ event packet_contents%(c: connection, contents: string%); ## ## t2: The new payload. ## +## tcp_flags: A string with the TCP flags of the packet triggering the +## inconsistency. In the string, each character corresponds to one set flag, +## as follows: ``S`` -> SYN; ``F`` -> FIN; ``R`` -> RST; ``A`` -> ACK; ``P`` -> +## PUSH. This string will not always be set, only if the information is available; +## it's "best effort". +## ## .. bro:see:: tcp_rexmit tcp_contents -event rexmit_inconsistency%(c: connection, t1: string, t2: string%); +event rexmit_inconsistency%(c: connection, t1: string, t2: string, tcp_flags: string%); ## Generated when a TCP endpoint acknowledges payload that Bro never saw. ## diff --git a/testing/btest/Baseline/core.reassembly/output b/testing/btest/Baseline/core.reassembly/output index 79922b43c4..5e0ef35929 100644 --- a/testing/btest/Baseline/core.reassembly/output +++ b/testing/btest/Baseline/core.reassembly/output @@ -23,10 +23,10 @@ net_weird, truncated_IP net_weird, truncated_IP net_weird, truncated_IP net_weird, truncated_IP -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr, A +rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml, A net_weird, truncated_IP -rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO\x0d\x0a\x0d\x0a Date: Mon, 26 Oct 2015 17:55:01 -0400 Subject: [PATCH 12/47] Fix for JSON formatter In the event that the first entry in a record is optional AND not present, the serializer will incorrectly add a leading comma. This leading common is invalid JSON and will, more often than not, cause parser failures downstream. --- src/threading/formatters/JSON.cc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 1a2fd84c4a..3e5bfe9391 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -35,8 +35,14 @@ bool JSON::Describe(ODesc* desc, int num_fields, const Field* const * fields, const u_char* bytes = desc->Bytes(); int len = desc->Len(); - if ( i > 0 && len > 0 && bytes[len-1] != ',' && vals[i]->present ) - desc->AddRaw(","); + if ( i > 0 && len > 0 && bytes[len-1] != ',' && vals[i]->present ) { + // Issue if the first value of a record is optional AND not present + // then an empty json field will be produced, which is invalid. + // - ANE - 10/26/2015 + if (len > 1 && bytes[len-1] != '{') { + desc->AddRaw(","); + } + } if ( ! Describe(desc, vals[i], fields[i]->name) ) return false; From 1b09734b31c767c70d7e909ca203d4d99caf74f3 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Mon, 26 Oct 2015 18:06:41 -0400 Subject: [PATCH 13/47] Remove. --- src/Reporter.cc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/Reporter.cc b/src/Reporter.cc index 02dd11adf1..6020b6569c 100644 --- a/src/Reporter.cc +++ b/src/Reporter.cc @@ -88,11 +88,7 @@ void Reporter::FatalError(const char* fmt, ...) va_end(ap); set_processing_status("TERMINATED", "fatal_error"); -#ifdef DEBUG - abort(); -#else exit(1); -#endif // DEBUG } void Reporter::FatalErrorWithCore(const char* fmt, ...) From 053aa40335f881e358c8e76b7494e30ec4432fa2 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Mon, 26 Oct 2015 18:09:38 -0400 Subject: [PATCH 14/47] Remove --- src/Dict.cc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/Dict.cc b/src/Dict.cc index b773fc54f3..4bf9840b3a 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -416,19 +416,17 @@ void* Dictionary::Insert(DictEntry* new_entry, int copy_key) { DictEntry* entry = (*chain)[i]; - if ( entry ) { - if ( entry->hash == new_entry->hash && - entry->len == n && - ! memcmp(entry->key, new_entry->key, n) ) - { - void* old_value = entry->value; - entry->value = new_entry->value; - return old_value; - } + if ( entry->hash == new_entry->hash && + entry->len == n && + ! memcmp(entry->key, new_entry->key, n) ) + { + void* old_value = entry->value; + entry->value = new_entry->value; + return old_value; } } } - else + else // Create new chain. chain = ttbl[h] = new PList(DictEntry); From 3b027fdebbdd48db385227059edb01bfe6f2e653 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Mon, 26 Oct 2015 18:10:26 -0400 Subject: [PATCH 15/47] Whitespace --- src/Dict.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Dict.cc b/src/Dict.cc index 4bf9840b3a..1d32eccde3 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -426,7 +426,7 @@ void* Dictionary::Insert(DictEntry* new_entry, int copy_key) } } } - else + else // Create new chain. chain = ttbl[h] = new PList(DictEntry); From cae66721e6ef9ec6d4dd378aad24582e24fa4d52 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 26 Oct 2015 16:57:39 -0700 Subject: [PATCH 16/47] Adding missing file. --- CHANGES | 4 ++ VERSION | 2 +- src/analyzer/protocol/tcp/TCP_Flags.h | 55 +++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 src/analyzer/protocol/tcp/TCP_Flags.h diff --git a/CHANGES b/CHANGES index 908a36659c..f6588959ca 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-200 | 2015-10-26 16:57:39 -0700 + + * Adding missing file. (Robin Sommer) + 2.4-199 | 2015-10-26 16:51:47 -0700 * Fix problem with the JSON Serialization code. (Aaron Eppert) diff --git a/VERSION b/VERSION index d704d5aca4..7411de569f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-199 +2.4-200 diff --git a/src/analyzer/protocol/tcp/TCP_Flags.h b/src/analyzer/protocol/tcp/TCP_Flags.h new file mode 100644 index 0000000000..cc3c1f5915 --- /dev/null +++ b/src/analyzer/protocol/tcp/TCP_Flags.h @@ -0,0 +1,55 @@ +#ifndef ANALYZER_PROTOCOL_TCP_TCP_FLAGS_H +#define ANALYZER_PROTOCOL_TCP_TCP_FLAGS_H + +namespace analyzer { namespace tcp { + +class TCP_Flags { +public: + TCP_Flags(const struct tcphdr* tp) { flags = tp->th_flags; } + TCP_Flags() { flags = 0; } + + bool SYN() const { return flags & TH_SYN; } + bool FIN() const { return flags & TH_FIN; } + bool RST() const { return flags & TH_RST; } + bool ACK() const { return flags & TH_ACK; } + bool URG() const { return flags & TH_URG; } + bool PUSH() const { return flags & TH_PUSH; } + + string AsString() const; + +protected: + u_char flags; +}; + +inline string TCP_Flags::AsString() const + { + char tcp_flags[10]; + char* p = tcp_flags; + + if ( SYN() ) + *p++ = 'S'; + + if ( FIN() ) + *p++ = 'F'; + + if ( RST() ) + *p++ = 'R'; + + if ( ACK() ) + *p++ = 'A'; + + if ( PUSH() ) + *p++ = 'P'; + + if ( URG() ) + *p++ = 'U'; + + *p++ = '\0'; + return tcp_flags; + } +} + + +} + +#endif From 329594e8a2ac54e9f43df7445550a78e71af8e44 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 27 Oct 2015 16:11:15 -0700 Subject: [PATCH 17/47] Updating NEWS. --- CHANGES | 4 ++++ NEWS | 1 + VERSION | 2 +- aux/plugins | 2 +- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f6588959ca..de6f6851d9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-201 | 2015-10-27 16:11:15 -0700 + + * Updating NEWS. (Robin Sommer) + 2.4-200 | 2015-10-26 16:57:39 -0700 * Adding missing file. (Robin Sommer) diff --git a/NEWS b/NEWS index cdb76383a1..10593236dc 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,7 @@ New Functionality - myricom: Native Myricom SNF v3 support. - pf_ring: Native PF_RING support. - redis: An experimental log writer for Redis. + - tcprs: An TCP-level analyzer detecting retransmissions, reordering, and more. Changed Functionality --------------------- diff --git a/VERSION b/VERSION index 7411de569f..443f1a802b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-200 +2.4-201 diff --git a/aux/plugins b/aux/plugins index 4354b330d9..35007df097 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 4354b330d914a50f99da05cc78f830b5e86bd64e +Subproject commit 35007df0974b566f75d7c82af5b4d5a022333d87 From 1119ca8792ecdec81949227678f7f0222a878198 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 28 Oct 2015 07:09:03 -0700 Subject: [PATCH 18/47] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 921b0abcb9..1299fab8f6 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 921b0abcb967666d8349c0c6c2bb8e41e1300579 +Subproject commit 1299fab8f6e98c8b0b88d01c60bb6b21329e19e5 From 28f4d45d3398cde2965f18876fb72c8f149279fe Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 5 Nov 2015 12:13:52 -0600 Subject: [PATCH 19/47] Fix potential race condition when logging VLAN info to conn.log Lowered priority of a connection_state_remove event handler to ensure that the "conn" field is initialized in the connection record before attempting to add the VLAN tags. --- scripts/policy/protocols/conn/vlan-logging.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.bro index c4408bcf59..e0692c5ab5 100644 --- a/scripts/policy/protocols/conn/vlan-logging.bro +++ b/scripts/policy/protocols/conn/vlan-logging.bro @@ -15,7 +15,7 @@ redef record Info += { # Add the VLAN information to the Conn::Info structure after the connection # has been removed. This ensures it's only done once, and is done before the # connection information is written to the log. -event connection_state_remove(c: connection) &priority=5 +event connection_state_remove(c: connection) { if ( c?$vlan ) c$conn$vlan = c$vlan; From 1da6f4a430f9d272cfc3ebf4e2049d4941a30d42 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 10 Nov 2015 13:30:53 -0800 Subject: [PATCH 20/47] Fix to compile with OpenSSL that has SSLv3 disalbed. Patch by Christoph Pietsch. --- aux/broccoli | 2 +- aux/broker | 2 +- src/ChunkedIO.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aux/broccoli b/aux/broccoli index 8046800085..2bc51aedb6 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 80468000859bcb7c3784c69280888fcfe89d8922 +Subproject commit 2bc51aedb64d6db350bc5d7c64f2f7227f0e4e34 diff --git a/aux/broker b/aux/broker index c7cc866b9e..34c5845629 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit c7cc866b9e2f5ecc181f69090958236500c79381 +Subproject commit 34c5845629d1fef453b80fdaf97bea44ee19e0c3 diff --git a/src/ChunkedIO.cc b/src/ChunkedIO.cc index 4c43ea5bfa..0c402dc2af 100644 --- a/src/ChunkedIO.cc +++ b/src/ChunkedIO.cc @@ -709,7 +709,7 @@ bool ChunkedIOSSL::Init() { SSL_load_error_strings(); - ctx = SSL_CTX_new(SSLv3_method()); + ctx = SSL_CTX_new(SSLv23_method()); if ( ! ctx ) { Log("can't create SSL context"); From 037285555fc33635531242d5ba8180a14ab2d577 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 10 Nov 2015 13:31:51 -0800 Subject: [PATCH 21/47] Updating submodule(s). [nomail] --- CHANGES | 8 ++++++++ VERSION | 2 +- aux/broccoli | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index de6f6851d9..6df83452bc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.4-206 | 2015-11-10 13:31:51 -0800 + + * Fix to compile with OpenSSL that has SSLv3 disalbed. (Christoph + Pietsch) + + * Fix potential race condition when logging VLAN info to conn.log. + (Daniel Thayer) + 2.4-201 | 2015-10-27 16:11:15 -0700 * Updating NEWS. (Robin Sommer) diff --git a/VERSION b/VERSION index 443f1a802b..bf4e0166b5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-201 +2.4-206 diff --git a/aux/broccoli b/aux/broccoli index 2bc51aedb6..22bbbd31ac 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 2bc51aedb64d6db350bc5d7c64f2f7227f0e4e34 +Subproject commit 22bbbd31acc20a37e45a3f567f07c6f4ee5f518a From 39a5325ea037b4b1dc3d8b0b4956d8742a8f948f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 10 Nov 2015 13:34:42 -0800 Subject: [PATCH 22/47] Updating submodule(s). [nomail] --- CHANGES | 2 +- VERSION | 2 +- aux/broccoli | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 6df83452bc..483da6bfff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.4-206 | 2015-11-10 13:31:51 -0800 +2.4-207 | 2015-11-10 13:34:42 -0800 * Fix to compile with OpenSSL that has SSLv3 disalbed. (Christoph Pietsch) diff --git a/VERSION b/VERSION index bf4e0166b5..235a8db76f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-206 +2.4-207 diff --git a/aux/broccoli b/aux/broccoli index 22bbbd31ac..959cc0a818 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 22bbbd31acc20a37e45a3f567f07c6f4ee5f518a +Subproject commit 959cc0a8181e7f4b07559a6aecca2a0d7d3d445c From 21c6b52c28d28cb68de25d38ff131a2136af40a0 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 11 Nov 2015 09:24:16 -0600 Subject: [PATCH 23/47] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 34c5845629..675542feb2 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 34c5845629d1fef453b80fdaf97bea44ee19e0c3 +Subproject commit 675542feb281405db8f4adac6339b285afb14fd9 From eb6e8c75b91e192140e9b19847834dbd0986f597 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 16 Nov 2015 07:31:22 -0800 Subject: [PATCH 24/47] Updating submodule(s). [nomail] --- CHANGES | 4 ++++ VERSION | 2 +- aux/btest | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 483da6bfff..f6006ffffb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-209 | 2015-11-16 07:31:22 -0800 + + * Updating submodule(s). + 2.4-207 | 2015-11-10 13:34:42 -0800 * Fix to compile with OpenSSL that has SSLv3 disalbed. (Christoph diff --git a/VERSION b/VERSION index 235a8db76f..9f44806f55 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-207 +2.4-209 diff --git a/aux/btest b/aux/btest index ce1d474859..71a1e3efc4 160000 --- a/aux/btest +++ b/aux/btest @@ -1 +1 @@ -Subproject commit ce1d474859cc8a0f39d5eaf69fb1bb56eb1a5161 +Subproject commit 71a1e3efc437aa9f981be71affa1c4615e8d98a5 From 931837c5a27b93881b932df771c77fa5dd03dab6 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Nov 2015 13:27:49 -0800 Subject: [PATCH 25/47] Bugfix for communication child loop. It could end up blocking indefinitly in cases where it shouldn't. --- src/RemoteSerializer.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 5113670e78..16add7c9c5 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -3459,7 +3459,11 @@ void SocketComm::Run() if ( io->CanWrite() ) ++canwrites; - int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, 0); + struct timeval timeout; + timeout.tv_sec = 1; + timeout.tv_usec = 0; + + int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &timeout); if ( selects % 100000 == 0 ) Log(fmt("selects=%ld canwrites=%ld pending=%lu", From 17bc61546755aa58839a054624cf5fd5686b87b0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Nov 2015 13:28:29 -0800 Subject: [PATCH 26/47] Making cluster reconnect timeout configurable. --- CHANGES | 6 +++ VERSION | 2 +- scripts/base/frameworks/cluster/main.bro | 43 ++++++++------- .../frameworks/cluster/setup-connections.bro | 54 +++++++++---------- 4 files changed, 57 insertions(+), 48 deletions(-) diff --git a/CHANGES b/CHANGES index f6006ffffb..d507490c47 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.4-211 | 2015-11-17 13:28:29 -0800 + + * Making cluster reconnect timeout configurable. (Robin Sommer) + + * Bugfix for child process' communication loop. (Robin Sommer) + 2.4-209 | 2015-11-16 07:31:22 -0800 * Updating submodule(s). diff --git a/VERSION b/VERSION index 9f44806f55..d332944371 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-209 +2.4-211 diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 218e309bad..3451cb4169 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -43,35 +43,35 @@ export { ## software. TIME_MACHINE, }; - + ## Events raised by a manager and handled by the workers. const manager2worker_events = /Drop::.*/ &redef; - + ## Events raised by a manager and handled by proxies. const manager2proxy_events = /EMPTY/ &redef; - + ## Events raised by proxies and handled by a manager. const proxy2manager_events = /EMPTY/ &redef; - + ## Events raised by proxies and handled by workers. const proxy2worker_events = /EMPTY/ &redef; - + ## Events raised by workers and handled by a manager. const worker2manager_events = /(TimeMachine::command|Drop::.*)/ &redef; - + ## Events raised by workers and handled by proxies. const worker2proxy_events = /EMPTY/ &redef; - + ## Events raised by TimeMachine instances and handled by a manager. const tm2manager_events = /EMPTY/ &redef; - + ## Events raised by TimeMachine instances and handled by workers. const tm2worker_events = /EMPTY/ &redef; - - ## Events sent by the control host (i.e. BroControl) when dynamically + + ## Events sent by the control host (i.e. BroControl) when dynamically ## connecting to a running instance to update settings or request data. const control_events = Control::controller_events &redef; - + ## Record type to indicate a node in a cluster. type Node: record { ## Identifies the type of cluster node in this node's configuration. @@ -96,13 +96,13 @@ export { ## Name of a time machine node with which this node connects. time_machine: string &optional; }; - + ## This function can be called at any time to determine if the cluster ## framework is being enabled for this run. ## ## Returns: True if :bro:id:`Cluster::node` has been set. global is_enabled: function(): bool; - + ## This function can be called at any time to determine what type of ## cluster node the current Bro instance is going to be acting as. ## If :bro:id:`Cluster::is_enabled` returns false, then @@ -110,22 +110,25 @@ export { ## ## Returns: The :bro:type:`Cluster::NodeType` the calling node acts as. global local_node_type: function(): NodeType; - + ## This gives the value for the number of workers currently connected to, - ## and it's maintained internally by the cluster framework. It's - ## primarily intended for use by managers to find out how many workers + ## and it's maintained internally by the cluster framework. It's + ## primarily intended for use by managers to find out how many workers ## should be responding to requests. global worker_count: count = 0; - + ## The cluster layout definition. This should be placed into a filter - ## named cluster-layout.bro somewhere in the BROPATH. It will be + ## named cluster-layout.bro somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. ## Note that BroControl handles all of this automatically. const nodes: table[string] of Node = {} &redef; - + ## This is usually supplied on the command line for each instance ## of the cluster that is started up. const node = getenv("CLUSTER_NODE") &redef; + + ## Interval for retrying failed connections between cluster nodes. + const retry_interval = 1min &redef; } function is_enabled(): bool @@ -158,6 +161,6 @@ event bro_init() &priority=5 Reporter::error(fmt("'%s' is not a valid node in the Cluster::nodes configuration", node)); terminate(); } - + Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster"]); } diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.bro index 4576f5b913..95aff64a6c 100644 --- a/scripts/base/frameworks/cluster/setup-connections.bro +++ b/scripts/base/frameworks/cluster/setup-connections.bro @@ -11,7 +11,7 @@ module Cluster; event bro_init() &priority=9 { local me = nodes[node]; - + for ( i in Cluster::nodes ) { local n = nodes[i]; @@ -22,35 +22,35 @@ event bro_init() &priority=9 Communication::nodes["control"] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class="control", $events=control_events]; - + if ( me$node_type == MANAGER ) { if ( n$node_type == WORKER && n$manager == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $events=worker2manager_events, $request_logs=T]; - + if ( n$node_type == PROXY && n$manager == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $events=proxy2manager_events, $request_logs=T]; - + if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i ) Communication::nodes["time-machine"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1min, + $connect=T, $retry=retry_interval, $events=tm2manager_events]; } - + else if ( me$node_type == PROXY ) { if ( n$node_type == WORKER && n$proxy == node ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $connect=F, $class=i, $sync=T, $auth=T, $events=worker2proxy_events]; - - # accepts connections from the previous one. + + # accepts connections from the previous one. # (This is not ideal for setups with many proxies) # FIXME: Once we're using multiple proxies, we should also figure out some $class scheme ... if ( n$node_type == PROXY ) @@ -58,49 +58,49 @@ event bro_init() &priority=9 if ( n?$proxy ) Communication::nodes[i] = [$host=n$ip, $zone_id=n$zone_id, $p=n$p, - $connect=T, $auth=F, $sync=T, $retry=1mins]; + $connect=T, $auth=F, $sync=T, $retry=retry_interval]; else if ( me?$proxy && me$proxy == i ) Communication::nodes[me$proxy] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $connect=F, $auth=T, $sync=T]; } - + # Finally the manager, to send it status updates. if ( n$node_type == MANAGER && me$manager == i ) - Communication::nodes["manager"] = [$host=nodes[i]$ip, - $zone_id=nodes[i]$zone_id, - $p=nodes[i]$p, - $connect=T, $retry=1mins, + Communication::nodes["manager"] = [$host=nodes[i]$ip, + $zone_id=nodes[i]$zone_id, + $p=nodes[i]$p, + $connect=T, $retry=retry_interval, $class=node, $events=manager2proxy_events]; } else if ( me$node_type == WORKER ) { if ( n$node_type == MANAGER && me$manager == i ) - Communication::nodes["manager"] = [$host=nodes[i]$ip, + Communication::nodes["manager"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1mins, - $class=node, + $connect=T, $retry=retry_interval, + $class=node, $events=manager2worker_events]; - + if ( n$node_type == PROXY && me$proxy == i ) - Communication::nodes["proxy"] = [$host=nodes[i]$ip, + Communication::nodes["proxy"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, $retry=1mins, - $sync=T, $class=node, + $connect=T, $retry=retry_interval, + $sync=T, $class=node, $events=proxy2worker_events]; - - if ( n$node_type == TIME_MACHINE && + + if ( n$node_type == TIME_MACHINE && me?$time_machine && me$time_machine == i ) - Communication::nodes["time-machine"] = [$host=nodes[i]$ip, + Communication::nodes["time-machine"] = [$host=nodes[i]$ip, $zone_id=nodes[i]$zone_id, $p=nodes[i]$p, - $connect=T, - $retry=1min, + $connect=T, + $retry=retry_interval, $events=tm2worker_events]; - + } } } From c22a6f67d23847150707da2f11bf3320f20381ba Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Nov 2015 19:55:02 -0800 Subject: [PATCH 27/47] Use better data structure for storing BPF filters. --- src/iosource/PktSrc.cc | 25 ++++++++++--------------- src/iosource/PktSrc.h | 4 +++- src/iosource/pcap/functions.bif | 9 +++++++++ 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index e4cbfe31e9..8db9db6ef1 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -36,9 +36,7 @@ PktSrc::PktSrc() PktSrc::~PktSrc() { - BPF_Program* code; - IterCookie* cookie = filters.InitForIteration(); - while ( (code = filters.NextEntry(cookie)) ) + for ( auto code : filters ) delete code; } @@ -335,16 +333,16 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) return 0; } - // Store it in hash. - HashKey* hash = new HashKey(HashKey(bro_int_t(index))); - BPF_Program* oldcode = filters.Lookup(hash); - if ( oldcode ) - delete oldcode; + // Store it in vector. + if ( index >= static_cast(filters.size()) ) + filters.resize(index + 1); - filters.Insert(hash, code); - delete hash; + if ( auto old = filters[index] ) + delete old; - return 1; + filters[index] = code; + + return true; } BPF_Program* PktSrc::GetBPFFilter(int index) @@ -352,10 +350,7 @@ BPF_Program* PktSrc::GetBPFFilter(int index) if ( index < 0 ) return 0; - HashKey* hash = new HashKey(HashKey(bro_int_t(index))); - BPF_Program* code = filters.Lookup(hash); - delete hash; - return code; + return (static_cast(filters.size()) > index ? filters[index] : 0); } bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_char *pkt) diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h index 7d05a5583f..25a743dc53 100644 --- a/src/iosource/PktSrc.h +++ b/src/iosource/PktSrc.h @@ -3,6 +3,8 @@ #ifndef IOSOURCE_PKTSRC_PKTSRC_H #define IOSOURCE_PKTSRC_PKTSRC_H +#include + #include "IOSource.h" #include "BPF_Program.h" #include "Dict.h" @@ -362,7 +364,7 @@ private: Packet current_packet; // For BPF filtering support. - PDict(BPF_Program) filters; + std::vector filters; // Only set in pseudo-realtime mode. double first_timestamp; diff --git a/src/iosource/pcap/functions.bif b/src/iosource/pcap/functions.bif index e36c374a3c..6ba880c3b1 100644 --- a/src/iosource/pcap/functions.bif +++ b/src/iosource/pcap/functions.bif @@ -21,6 +21,15 @@ module Pcap; ## pcap_error function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool %{ + if ( id->AsEnum() >= 100 ) + { + // We use a vector as underlying data structure for fast + // lookups and limit the ID space so that that doesn't grow too + // large. + builtin_error(fmt("PCAP filter ids must remain below 100 (is %ld)", id->AsInt())); + return new Val(false, TYPE_BOOL); + } + bool success = true; const iosource::Manager::PktSrcList& pkt_srcs(iosource_mgr->GetPktSrcs()); From 4e4dece70a114b6e6dc8e499bca694f8616eae2f Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Sun, 29 Nov 2015 00:24:53 -0500 Subject: [PATCH 28/47] SIP scripts code cleanup. - Daniel Guerra pointed out a type issue for SIP request and response code length fields which is now corrected. - Some redundant code was removed. - if/else tree modified to use switch instead. --- scripts/base/protocols/sip/main.bro | 91 ++++++++++++------- .../sip.log | 6 +- 2 files changed, 63 insertions(+), 34 deletions(-) diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.bro index 0f396b8f74..60a8d7a9dd 100644 --- a/scripts/base/protocols/sip/main.bro +++ b/scripts/base/protocols/sip/main.bro @@ -60,9 +60,9 @@ export { ## Contents of the Warning: header warning: string &log &optional; ## Contents of the Content-Length: header from the client - request_body_len: string &log &optional; + request_body_len: count &log &optional; ## Contents of the Content-Length: header from the server - response_body_len: string &log &optional; + response_body_len: count &log &optional; ## Contents of the Content-Type: header from the server content_type: string &log &optional; }; @@ -127,17 +127,6 @@ function set_state(c: connection, is_request: bool) c$sip_state = s; } - # These deal with new requests and responses. - if ( is_request && c$sip_state$current_request !in c$sip_state$pending ) - c$sip_state$pending[c$sip_state$current_request] = new_sip_session(c); - if ( ! is_request && c$sip_state$current_response !in c$sip_state$pending ) - c$sip_state$pending[c$sip_state$current_response] = new_sip_session(c); - - if ( is_request ) - c$sip = c$sip_state$pending[c$sip_state$current_request]; - else - c$sip = c$sip_state$pending[c$sip_state$current_response]; - if ( is_request ) { if ( c$sip_state$current_request !in c$sip_state$pending ) @@ -152,7 +141,6 @@ function set_state(c: connection, is_request: bool) c$sip = c$sip_state$pending[c$sip_state$current_response]; } - } function flush_pending(c: connection) @@ -163,7 +151,9 @@ function flush_pending(c: connection) for ( r in c$sip_state$pending ) { # We don't use pending elements at index 0. - if ( r == 0 ) next; + if ( r == 0 ) + next; + Log::write(SIP::LOG, c$sip_state$pending[r]); } } @@ -205,16 +195,39 @@ event sip_header(c: connection, is_request: bool, name: string, value: string) & if ( c$sip_state$current_request !in c$sip_state$pending ) ++c$sip_state$current_request; set_state(c, is_request); - if ( name == "CALL-ID" ) c$sip$call_id = value; - else if ( name == "CONTENT-LENGTH" || name == "L" ) c$sip$request_body_len = value; - else if ( name == "CSEQ" ) c$sip$seq = value; - else if ( name == "DATE" ) c$sip$date = value; - else if ( name == "FROM" || name == "F" ) c$sip$request_from = split_string1(value, /;[ ]?tag=/)[0]; - else if ( name == "REPLY-TO" ) c$sip$reply_to = value; - else if ( name == "SUBJECT" || name == "S" ) c$sip$subject = value; - else if ( name == "TO" || name == "T" ) c$sip$request_to = value; - else if ( name == "USER-AGENT" ) c$sip$user_agent = value; - else if ( name == "VIA" || name == "V" ) c$sip$request_path[|c$sip$request_path|] = split_string1(value, /;[ ]?branch/)[0]; + switch ( name ) + { + case "CALL-ID": + c$sip$call_id = value; + break; + case "CONTENT-LENGTH", "L": + c$sip$request_body_len = to_count(value); + break; + case "CSEQ": + c$sip$seq = value; + break; + case "DATE": + c$sip$date = value; + break; + case "FROM", "F": + c$sip$request_from = split_string1(value, /;[ ]?tag=/)[0]; + break; + case "REPLY-TO": + c$sip$reply_to = value; + break; + case "SUBJECT", "S": + c$sip$subject = value; + break; + case "TO", "T": + c$sip$request_to = value; + break; + case "USER-AGENT": + c$sip$user_agent = value; + break; + case "VIA", "V": + c$sip$request_path[|c$sip$request_path|] = split_string1(value, /;[ ]?branch/)[0]; + break; + } c$sip_state$pending[c$sip_state$current_request] = c$sip; } @@ -222,13 +235,29 @@ event sip_header(c: connection, is_request: bool, name: string, value: string) & { if ( c$sip_state$current_response !in c$sip_state$pending ) ++c$sip_state$current_response; + set_state(c, is_request); - if ( name == "CONTENT-LENGTH" || name == "L" ) c$sip$response_body_len = value; - else if ( name == "CONTENT-TYPE" || name == "C" ) c$sip$content_type = value; - else if ( name == "WARNING" ) c$sip$warning = value; - else if ( name == "FROM" || name == "F" ) c$sip$response_from = split_string1(value, /;[ ]?tag=/)[0]; - else if ( name == "TO" || name == "T" ) c$sip$response_to = value; - else if ( name == "VIA" || name == "V" ) c$sip$response_path[|c$sip$response_path|] = split_string1(value, /;[ ]?branch/)[0]; + switch ( name ) + { + case "CONTENT-LENGTH", "L": + c$sip$response_body_len = to_count(value); + break; + case "CONTENT-TYPE", "C": + c$sip$content_type = value; + break; + case "WARNING": + c$sip$warning = value; + break; + case "FROM", "F": + c$sip$response_from = split_string1(value, /;[ ]?tag=/)[0]; + break; + case "TO", "T": + c$sip$response_to = value; + break; + case "VIA", "V": + c$sip$response_path[|c$sip$response_path|] = split_string1(value, /;[ ]?branch/)[0]; + break; + } c$sip_state$pending[c$sip_state$current_response] = c$sip; } diff --git a/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log index 047fa4e2d1..d78eb61ef7 100644 --- a/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log +++ b/testing/btest/Baseline/scripts.base.protocols.sip.wireshark/sip.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path sip -#open 2015-09-03-21-02-33 +#open 2015-11-29-05-05-42 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method uri date request_from request_to response_from response_to reply_to call_id seq subject request_path response_path user_agent status_code status_msg warning request_body_len response_body_len content_type -#types time string addr port addr port count string string string string string string string string string string string vector[string] vector[string] string count string string string string string +#types time string addr port addr port count string string string string string string string string string string string vector[string] vector[string] string count string string count count string 1120469572.844249 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04092-1701af62-120c67172 - 578222729-4665d775@578222732-4665d772 68 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 - 1120469590.259876 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - - 578222729-4665d775@578222732-4665d772 69 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 0 0 - 1120469590.259876 CXWv6p3arKYeMETxOg 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04085-1701af98-51a65b340 - 578222729-4665d775@578222732-4665d772 69 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 403 Wrong password - 0 0 - @@ -42,4 +42,4 @@ 1120470984.353086 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04074-1701bac9-1daa0b4c5 - 29858147-465b0752@29858051-465b07b2 5 REGISTER - SIP/2.0/UDP 192.168.1.2,SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 401 Unauthorized - 0 0 - 1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 100 Trying - 0 0 - 1120471018.723316 C7XEbhP654jzLoe3a 192.168.1.2 5060 212.242.33.35 5060 0 REGISTER sip:sip.cybercity.dk - ;tag=00-04087-1701bae7-76fb74995 - 29858147-465b0752@29858051-465b07b2 6 REGISTER - SIP/2.0/UDP 192.168.1.2 SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060,SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060 Nero SIPPS IP Phone Version 2.0.51.16 200 OK - 0 0 - -#close 2015-09-03-21-02-33 +#close 2015-11-29-05-05-42 From cf97d1e99170f41251fc1e46ad0b9165aa2ca7b9 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 1 Dec 2015 13:13:48 -0800 Subject: [PATCH 29/47] Update installation instructions to add os-x openssl dependency. Also remove blob about binary mac packages, which we no longer provide. --- doc/install/install.rst | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/doc/install/install.rst b/doc/install/install.rst index ca1ea7f26a..d12fcfc446 100644 --- a/doc/install/install.rst +++ b/doc/install/install.rst @@ -82,10 +82,12 @@ To install the required dependencies, you can use: "Preferences..." -> "Downloads" menus to install the "Command Line Tools" component). - OS X comes with all required dependencies except for CMake_, SWIG_, and CAF. + OS X comes with all required dependencies except for CMake_, SWIG_, OpenSSL, + and CAF. (OpenSSL is part of OS X and does not have to be installed for system + versions 10.10 and older; it was removed in OS X 10.11). Distributions of these dependencies can likely be obtained from your preferred Mac OS X package management system (e.g. Homebrew_, MacPorts_, - or Fink_). Specifically for Homebrew, the ``cmake``, ``swig``, + or Fink_). Specifically for Homebrew, the ``cmake``, ``swig``, ``openssl`` and ``caf`` packages provide the required dependencies. @@ -127,13 +129,7 @@ platforms for binary releases and for installation instructions. Linux based binary installations are usually performed by adding information about the Bro packages to the respective system packaging tool. Then the usual system utilities such as ``apt``, ``yum`` - or ``zypper`` are used to perform the installation. By default, - installations of binary packages will go into ``/opt/bro``. - -* MacOS Disk Image with Installer - - Just open the ``Bro-*.dmg`` and then run the ``.pkg`` installer. - Everything installed by the package will go into ``/opt/bro``. + or ``zypper`` are used to perform the installation. The primary install prefix for binary packages is ``/opt/bro``. From 5d1ed9c13465c0e99032fa140ea408242d623480 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Fri, 4 Dec 2015 09:46:14 -0500 Subject: [PATCH 30/47] Update windows-version-detection.bro mscrl.microsoft.com is the proper hostname, however to be safe, let's use regex to identify it. --- .../policy/frameworks/software/windows-version-detection.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/policy/frameworks/software/windows-version-detection.bro b/scripts/policy/frameworks/software/windows-version-detection.bro index 0162dddf75..7ed1ab359e 100644 --- a/scripts/policy/frameworks/software/windows-version-detection.bro +++ b/scripts/policy/frameworks/software/windows-version-detection.bro @@ -53,7 +53,7 @@ export { event HTTP::log_http(rec: HTTP::Info) &priority=5 { - if ( rec?$host && rec?$user_agent && rec$host == "crl.microsoft.com" && + if ( rec?$host && rec?$user_agent && /crl.microsoft.com/ in rec$host && /Microsoft-CryptoAPI\// in rec$user_agent ) { if ( rec$user_agent !in crypto_api_mapping ) From 952c64a7930501a3f3fc5fdd1f6e69ee231bb019 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 4 Dec 2015 16:40:15 -0800 Subject: [PATCH 31/47] Delaying BinPAC initializaton until afte plugins have been activated. --- CHANGES | 5 +++++ VERSION | 2 +- src/main.cc | 7 ++++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 0050cc82e2..a98becb4bc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.4-214 | 2015-12-04 16:40:15 -0800 + + * Delaying BinPAC initializaton until afte plugins have been + activated. (Robin Sommer) + 2.4-213 | 2015-12-04 15:25:48 -0800 * Use better data structure for storing BPF filters. (Robin Sommer) diff --git a/VERSION b/VERSION index f02659e601..bde3fa597f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-213 +2.4-214 diff --git a/src/main.cc b/src/main.cc index 67b53f222e..73181c82f2 100644 --- a/src/main.cc +++ b/src/main.cc @@ -761,9 +761,6 @@ int main(int argc, char** argv) // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); init_hash_function(); - // Must come after hash initialization. - binpac::init(); - ERR_load_crypto_strings(); OPENSSL_add_all_algorithms_conf(); SSL_library_init(); @@ -863,6 +860,10 @@ int main(int argc, char** argv) if ( events_file ) event_player = new EventPlayer(events_file); + // Must come after plugin activation (and also after hash + // initialization). + binpac::init(); + init_event_handlers(); md5_type = new OpaqueType("md5"); From f0a28788ad7c421c57f8ebf6521095c638b1e2f0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 4 Dec 2015 16:50:46 -0800 Subject: [PATCH 32/47] Updating submodule(s). [nomail] --- CHANGES | 2 +- VERSION | 2 +- aux/broker | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 2e89e98832..e84ac4f79a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.4-216 | 2015-12-04 16:49:08 -0800 +2.4-217 | 2015-12-04 16:50:46 -0800 * SIP scripts code cleanup. (Seth Hall) diff --git a/VERSION b/VERSION index 26f7b3fdc5..0996be40a7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-216 +2.4-217 diff --git a/aux/broker b/aux/broker index 675542feb2..9a2e8ec7b3 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 675542feb281405db8f4adac6339b285afb14fd9 +Subproject commit 9a2e8ec7b365bde282edc7301c7936eed6b4fbbb From 25a8d87da998470ef95cf1de000260b17952f4cc Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 14 Dec 2015 15:58:16 -0800 Subject: [PATCH 33/47] Change one forgotten bro-ids.org to bro.org --- testing/external/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/external/Makefile b/testing/external/Makefile index 6c1ac97e60..bf384edd86 100644 --- a/testing/external/Makefile +++ b/testing/external/Makefile @@ -1,5 +1,5 @@ -PUBLIC_REPO=git://git.bro-ids.org/bro-testing +PUBLIC_REPO=git://git.bro.org/bro-testing REPOS=`./scripts/find-git-repos ` DIAG=diag.log From aee312b5d254ed1070485c4f9e1e7772b5f40d50 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 18 Dec 2015 12:58:36 -0800 Subject: [PATCH 34/47] Adding usage guard to canonifier script. --- CHANGES | 4 +++- VERSION | 2 +- testing/scripts/diff-canonifier-external | 5 +++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 2692730e66..f901074e55 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.4-225 | 2015-12-18 11:40:43 -0800 +2.4-226 | 2015-12-18 12:58:36 -0800 * Update host name in windows-version-detection.bro. (Aaron Eppert) @@ -10,6 +10,8 @@ * StartTLS support for IRC. (Johanna Amann) + * Adding usage guard to canonifier script. (Robin Sommer) + 2.4-217 | 2015-12-04 16:50:46 -0800 * SIP scripts code cleanup. (Seth Hall) diff --git a/VERSION b/VERSION index 112d5bcd65..0808996833 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-225 +2.4-226 diff --git a/testing/scripts/diff-canonifier-external b/testing/scripts/diff-canonifier-external index 611d7c7baf..bd91924d48 100755 --- a/testing/scripts/diff-canonifier-external +++ b/testing/scripts/diff-canonifier-external @@ -2,6 +2,11 @@ # # Default canonifier used with the trace-based tests in testing/external/*. +if [ $# != 1 ]; then + echo "usage: `basename $0` " + exit 1 +fi + filename=`basename $1` addl="cat" From 4218ab2dba1cb081834ea8b50753fae59684f3ca Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 18 Dec 2015 17:47:24 -0800 Subject: [PATCH 35/47] Updating submodule. --- CHANGES | 2 +- VERSION | 2 +- aux/broctl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index f901074e55..2fad4cff65 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.4-226 | 2015-12-18 12:58:36 -0800 +2.4-227 | 2015-12-18 17:47:24 -0800 * Update host name in windows-version-detection.bro. (Aaron Eppert) diff --git a/VERSION b/VERSION index 0808996833..25a1f4dba1 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-226 +2.4-227 diff --git a/aux/broctl b/aux/broctl index 20e60b036d..a56ee785db 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 20e60b036dbfb469006faa6c75f23ee317d9210b +Subproject commit a56ee785db5c5c34a4818bfd35f0934762d9d073 From 374e61ee203f211e92d1d8214e02f52cda616b9c Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sat, 19 Dec 2015 13:40:09 -0800 Subject: [PATCH 36/47] Updating submodule(s). [nomail] --- CHANGES | 4 ++++ VERSION | 2 +- aux/broctl | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 2fad4cff65..7bcf6a3ef4 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.4-228 | 2015-12-19 13:40:09 -0800 + + * Updating BroControl submodule. + 2.4-227 | 2015-12-18 17:47:24 -0800 * Update host name in windows-version-detection.bro. (Aaron Eppert) diff --git a/VERSION b/VERSION index 25a1f4dba1..dde094552f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-227 +2.4-228 diff --git a/aux/broctl b/aux/broctl index a56ee785db..1d0ca47534 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit a56ee785db5c5c34a4818bfd35f0934762d9d073 +Subproject commit 1d0ca4753471cf822f612dc0d0e9bf9a439a994b From 020b09faa08bf7188c47d3cc92a32e61f5ea9fc7 Mon Sep 17 00:00:00 2001 From: wglodek Date: Wed, 23 Dec 2015 13:37:06 -0500 Subject: [PATCH 37/47] update ParseRequest to handle missing uri --- src/analyzer/protocol/http/HTTP.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index e5b1b63e4c..de930f730a 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -1249,6 +1249,12 @@ int HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) break; } + if ( end_of_uri >= end_of_line ) + { + Weird("missing_HTTP_uri"); + return 0; + } + for ( version_start = end_of_uri; version_start < end_of_line; ++version_start ) { end_of_uri = version_start; From 47a5db230e00e47593807309e3bd6a4d8b00f600 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Fri, 8 Jan 2016 17:11:14 -0500 Subject: [PATCH 38/47] NOTIFY is a valid SIP message per RFC3265 Exists in newer Asterisk servers. --- scripts/base/protocols/sip/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.bro index 60a8d7a9dd..dbe3c54800 100644 --- a/scripts/base/protocols/sip/main.bro +++ b/scripts/base/protocols/sip/main.bro @@ -80,7 +80,7 @@ export { ## that the SIP analyzer will only accept methods consisting solely ## of letters ``[A-Za-z]``. const sip_methods: set[string] = { - "REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS" + "REGISTER", "INVITE", "ACK", "CANCEL", "BYE", "OPTIONS", "NOTIFY" } &redef; ## Event that can be handled to access the SIP record as it is sent on From ada2b0088b1173118c616b20e3c31a95f607ac76 Mon Sep 17 00:00:00 2001 From: Aaron Eppert Date: Tue, 12 Jan 2016 14:58:36 -0500 Subject: [PATCH 39/47] Add version to HTTP::Info --- scripts/base/protocols/http/main.bro | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index e74ffaa8d4..752e9bba10 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -41,6 +41,8 @@ export { ## misspelled like the standard declares, but the name used here ## is "referrer" spelled correctly. referrer: string &log &optional; + ## Value of the version portion of the request + version: string &log &optional; ## Value of the User-Agent header from the client. user_agent: string &log &optional; ## Actual uncompressed content size of the data transferred from @@ -222,6 +224,8 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p c$http$status_code = code; c$http$status_msg = reason; + c$http$version = version; + if ( code_in_range(code, 100, 199) ) { c$http$info_code = code; From 990726b514f98b1b52ead3ea2b5cf07c66810a9e Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 12 Jan 2016 15:01:45 -0800 Subject: [PATCH 40/47] Fix crash when deleting non existing record member. Addresses BIT-1519 --- src/Stmt.cc | 3 +++ .../language.undefined-delete-field/output | 2 ++ testing/btest/language/undefined-delete-field.bro | 15 +++++++++++++++ 3 files changed, 20 insertions(+) create mode 100644 testing/btest/Baseline/language.undefined-delete-field/output create mode 100644 testing/btest/language/undefined-delete-field.bro diff --git a/src/Stmt.cc b/src/Stmt.cc index 1cd1e2510a..d93e8ff14e 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -994,6 +994,9 @@ bool AddStmt::DoUnserialize(UnserialInfo* info) DelStmt::DelStmt(Expr* arg_e) : ExprStmt(STMT_DELETE, arg_e) { + if ( e->IsError() ) + return; + if ( ! e->CanDel() ) Error("illegal delete statement"); } diff --git a/testing/btest/Baseline/language.undefined-delete-field/output b/testing/btest/Baseline/language.undefined-delete-field/output new file mode 100644 index 0000000000..bd0fb99289 --- /dev/null +++ b/testing/btest/Baseline/language.undefined-delete-field/output @@ -0,0 +1,2 @@ +error in /Users/johanna/bro/master/testing/btest/.tmp/language.undefined-delete-field/undefined-delete-field.bro, line 14: no such field in record (x$c) +1 diff --git a/testing/btest/language/undefined-delete-field.bro b/testing/btest/language/undefined-delete-field.bro new file mode 100644 index 0000000000..8271f016fe --- /dev/null +++ b/testing/btest/language/undefined-delete-field.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -b %INPUT >output 2>&1 || echo $? >>output +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +type MyRecordType: record + { + a: count; + b: count; + }; + +event bro_init() + { + local x = MyRecordType($a=1, $b=2); + + delete x$c; + } From adb3fab019168923546bc4a0bc19d1834a2c9bea Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 15 Jan 2016 12:18:16 -0800 Subject: [PATCH 41/47] Updating test baselines for http.log now including version. --- .../Baseline/core.tunnels.ayiya/conn.log | 4 +- .../Baseline/core.tunnels.ayiya/http.log | 14 +-- .../Baseline/core.tunnels.ayiya/tunnel.log | 4 +- .../conn.log | 4 +- .../http.log | 12 +-- .../tunnel.log | 4 +- .../core.tunnels.gtp.outer_ip_frag/conn.log | 4 +- .../core.tunnels.gtp.outer_ip_frag/http.log | 10 +- .../core.tunnels.gtp.outer_ip_frag/tunnel.log | 4 +- .../Baseline/core.tunnels.teredo/conn.log | 4 +- .../Baseline/core.tunnels.teredo/http.log | 16 +-- .../Baseline/core.tunnels.teredo/tunnel.log | 4 +- .../conn.log | 4 +- .../http.log | 12 +-- .../tunnel.log | 4 +- .../weird.log | 4 +- .../btest-doc.sphinx.connection-record-02#1 | 2 +- .../istate.events-ssl/receiver.http.log | 10 +- .../istate.events-ssl/sender.http.log | 10 +- .../Baseline/istate.events/receiver.http.log | 10 +- .../Baseline/istate.events/sender.http.log | 10 +- .../language.init-in-anon-function/http.log | 36 +++---- testing/btest/Baseline/plugins.hooks/output | 30 +++--- testing/btest/Baseline/plugins.writer/output | 16 +-- .../http.log | 10 +- .../http.select | 28 +++--- .../http-2-2.log | 4 +- .../http-2.log | 4 +- .../http-3.log | 4 +- .../http.log | 36 +++---- .../reporter.log | 4 +- .../http.log | 10 +- .../conn.log | 4 +- .../http.log | 10 +- .../tunnel.log | 4 +- .../conn.log | 4 +- .../http.log | 10 +- .../smtp.log | 4 +- .../tunnel.log | 4 +- .../http.log | 97 +++++++++---------- .../weird.log | 23 ++++- .../http.log | 18 ++-- .../http.log | 12 +-- .../http.log | 10 +- .../http.log | 36 +++---- 45 files changed, 288 insertions(+), 280 deletions(-) diff --git a/testing/btest/Baseline/core.tunnels.ayiya/conn.log b/testing/btest/Baseline/core.tunnels.ayiya/conn.log index bf1e8888f7..81dc56f734 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/conn.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-02 +#open 2016-01-15-18-40-13 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1257655301.595604 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 tcp http 2.101052 2981 4665 S1 - - 0 ShADad 10 3605 11 5329 CCvvfg3TEfuqmmG4bh @@ -14,4 +14,4 @@ 1257655296.585188 CPbrpk1qSsw6ESzHV4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff00:2 130 icmp - 0.919988 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585151 CRJuHdVW0XPVINV8a fe80::216:cbff:fe9a:4cb9 131 ff02::2:f901:d225 130 icmp - 0.719947 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh 1257655296.585034 CsRx2w45OKnoww6xl4 fe80::216:cbff:fe9a:4cb9 131 ff02::1:ff9a:4cb9 130 icmp - 4.922880 32 0 OTH - - 0 - 2 144 0 0 CCvvfg3TEfuqmmG4bh -#close 2015-02-23-21-33-02 +#close 2016-01-15-18-40-13 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/http.log b/testing/btest/Baseline/core.tunnels.ayiya/http.log index 8776a41295..4a61a29109 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/http.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/http.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-56-43 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1257655301.652206 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - - - FYAtjT24MvCBUs5K5f text/html -1257655302.514424 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - - -1257655303.603569 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - - -#close 2014-04-01-22-56-43 +#open 2016-01-15-18-40-13 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1257655301.652206 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 10102 200 OK - - - (empty) - - - - - FYAtjT24MvCBUs5K5f text/html +1257655302.514424 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 2 GET ipv6.google.com /csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - - +1257655303.603569 CIPOse170MGiRM1Qf4 2001:4978:f:4c::2 53382 2001:4860:b002::68 80 3 GET ipv6.google.com /gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600 http://ipv6.google.com/ 1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre) 0 0 204 No Content - - - (empty) - - - - - - - +#close 2016-01-15-18-40-13 diff --git a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log index 050192c32e..0878a89936 100644 --- a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-02-15 +#open 2016-01-15-18-40-13 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1257655293.629048 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER 1257655296.585034 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::DISCOVER 1257655317.464035 CCvvfg3TEfuqmmG4bh 192.168.3.101 53859 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE 1257655317.464035 CXWv6p3arKYeMETxOg 192.168.3.101 53796 216.14.98.22 5072 Tunnel::AYIYA Tunnel::CLOSE -#close 2013-08-26-19-02-15 +#close 2016-01-15-18-40-13 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log index 1ff9eac253..fc732cdad1 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-07 +#open 2016-01-15-18-40-14 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1333458850.321642 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 tcp http 0.257902 1138 63424 S3 - - 0 ShADadf 29 2310 49 65396 CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh 1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 udp gtpv1 0.251127 65788 0 S0 - - 0 D 49 67160 0 0 (empty) 1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 udp gtpv1 0.257902 2542 0 S0 - - 0 D 29 3354 0 0 (empty) -#close 2015-02-23-21-33-07 +#close 2016-01-15-18-40-14 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log index a21f888032..9abfc1cf1f 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-56-58 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1333458850.340368 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - FHKKd91EMHBEK0hbdg application/x-shockwave-flash -1333458850.399501 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - Fu64Vqjy6nBop9nRd application/x-shockwave-flash -#close 2014-04-01-22-56-58 +#open 2016-01-15-18-40-14 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1333458850.340368 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 1 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - FHKKd91EMHBEK0hbdg application/x-shockwave-flash +1333458850.399501 CjhGID4nQcgTWjvg4c 10.131.17.170 51803 173.199.115.168 80 2 GET cdn.epicgameads.com /ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881 http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207 1.1 Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 0 31461 200 OK - - - (empty) - - - - - Fu64Vqjy6nBop9nRd application/x-shockwave-flash +#close 2016-01-15-18-40-14 diff --git a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log index 4c3a5a89a4..fd68eb60ae 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-34-59 +#open 2016-01-15-18-40-14 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1333458850.321642 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::DISCOVER 1333458850.325787 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::DISCOVER 1333458850.579544 CCvvfg3TEfuqmmG4bh 207.233.125.40 2152 167.55.105.244 2152 Tunnel::GTPv1 Tunnel::CLOSE 1333458850.579544 CXWv6p3arKYeMETxOg 167.55.105.244 5906 207.233.125.40 2152 Tunnel::GTPv1 Tunnel::CLOSE -#close 2013-08-26-19-34-59 +#close 2016-01-15-18-40-14 diff --git a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log index f8fc05432a..7b8f749a1b 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log +++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-13 +#open 2016-01-15-18-40-15 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1333458850.364667 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 tcp http 0.069783 2100 56702 SF - - 0 ShADadfF 27 3204 41 52594 CXWv6p3arKYeMETxOg 1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 udp gtpv1 0.069813 3420 52922 SF - - 0 Dd 27 4176 41 54070 (empty) -#close 2015-02-23-21-33-14 +#close 2016-01-15-18-40-15 diff --git a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log index 60872407a4..b10f29db63 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log +++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2015-04-20-14-23-04 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1333458850.375568 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 1 GET o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com /videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1 http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11 0 56320 206 Partial Content - - - (empty) - - - - - FNJkBA1b8FSHt5N8jl - -#close 2015-04-20-14-23-04 +#open 2016-01-15-18-40-15 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1333458850.375568 CjhGID4nQcgTWjvg4c 10.131.47.185 1923 79.101.110.141 80 1 GET o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com /videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1 http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf 1.1 Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11 0 56320 206 Partial Content - - - (empty) - - - - - FNJkBA1b8FSHt5N8jl - +#close 2016-01-15-18-40-15 diff --git a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log index ba82f055ea..e6ebaca928 100644 --- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-35-01 +#open 2016-01-15-18-40-15 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1333458850.364667 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::DISCOVER 1333458850.434480 CXWv6p3arKYeMETxOg 239.114.155.111 2152 63.94.149.181 2152 Tunnel::GTPv1 Tunnel::CLOSE -#close 2013-08-26-19-35-01 +#close 2016-01-15-18-40-15 diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log index 779f42ed48..3004a2647c 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-18 +#open 2016-01-15-18-40-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1210953047.736921 CjhGID4nQcgTWjvg4c 192.168.2.16 1576 75.126.130.163 80 tcp - 0.000357 0 0 SHR - - 0 fA 1 40 1 40 (empty) @@ -27,4 +27,4 @@ 1210953052.324629 C6pKV8GSxOnSLghOa fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CPbrpk1qSsw6ESzHV4 1210953060.829303 CEle3f3zno26fFZkrh 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.463615 4 4 OTH - - 0 - 1 52 1 52 C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4 1210953052.202579 CRJuHdVW0XPVINV8a fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CsRx2w45OKnoww6xl4 -#close 2015-02-23-21-33-18 +#close 2016-01-15-18-40-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log index 72f673bd5c..66268903ea 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo/http.log @@ -3,11 +3,11 @@ #empty_field (empty) #unset_field - #path http -#open 2015-03-14-01-46-26 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1210953057.917183 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - Syncer/4.80 (av_pro-1169;f) 589 0 204 - - - (empty) - - - Fp32SIJztq0Szn5Qc text/plain - - -1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FNFYdH11h5iQcoD3a2 text/html -1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FHD5nv1iSVFZVM0aH7 text/html -1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - - - FS7lUf2cJFAVBCu6w6 text/html -#close 2015-03-14-01-46-26 +#open 2016-01-15-18-40-16 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1210953057.917183 C7XEbhP654jzLoe3a 192.168.2.16 1578 75.126.203.78 80 1 POST download913.avast.com /cgi-bin/iavs4stats.cgi - 1.1 Syncer/4.80 (av_pro-1169;f) 589 0 204 - - - (empty) - - - Fp32SIJztq0Szn5Qc text/plain - - +1210953061.585996 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FNFYdH11h5iQcoD3a2 text/html +1210953073.381474 CwSkQu4eWZCH7OONC1 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FHD5nv1iSVFZVM0aH7 text/html +1210953074.674817 Cab0vO1xNYSS2hJkle 192.168.2.16 1580 67.228.110.120 80 1 GET www.wireshark.org / http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 11845 200 OK - - - (empty) - - - - - FS7lUf2cJFAVBCu6w6 text/html +#close 2016-01-15-18-40-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log index e611eeb679..57ec542b6c 100644 --- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-02-19 +#open 2016-01-15-18-40-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1210953052.202579 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -12,4 +12,4 @@ 1210953076.058333 CsRx2w45OKnoww6xl4 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 C3SfNE4BWaU4aSuwkc 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1210953076.058333 CPbrpk1qSsw6ESzHV4 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE -#close 2013-08-26-19-02-19 +#close 2016-01-15-18-40-16 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log index 91bcfdf170..41177e178d 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-33-21 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1340127577.354166 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 tcp http 0.052829 1675 10467 S1 - - 0 ShADad 10 2279 12 11191 CRJuHdVW0XPVINV8a @@ -13,4 +13,4 @@ 1340127577.339015 CsRx2w45OKnoww6xl4 fe80::8000:f227:bec8:61af 134 fe80::8000:ffff:ffff:fffd 133 icmp - - - - OTH - - 0 - 1 88 0 0 CCvvfg3TEfuqmmG4bh 1340127577.343969 CPbrpk1qSsw6ESzHV4 2001:0:4137:9e50:8000:f12a:b9c8:2815 128 2001:4860:0:2001::68 129 icmp - 0.007778 4 4 OTH - - 0 - 1 52 1 52 CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a 1340127577.336558 CjhGID4nQcgTWjvg4c fe80::8000:ffff:ffff:fffd 133 ff02::2 134 icmp - - - - OTH - - 0 - 1 64 0 0 CXWv6p3arKYeMETxOg -#close 2015-02-23-21-33-21 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log index eff4b8ff36..00a710a5b0 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-57-27 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FWSTWv4EZLVlc2Zywi text/html -1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FGKV3B3jz083xhGO13 text/html -#close 2014-04-01-22-57-27 +#open 2016-01-15-18-40-17 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1340127577.361683 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 1 GET ipv6.google.com / - 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 6640 200 OK - - - (empty) - - - - - FWSTWv4EZLVlc2Zywi text/html +1340127577.379360 C6pKV8GSxOnSLghOa 2001:0:4137:9e50:8000:f12a:b9c8:2815 1286 2001:4860:0:2001::68 80 2 GET ipv6.google.com /search?hl=en&q=Wireshark+!&btnG=Google+Search http://ipv6.google.com/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 0 25119 200 OK - - - (empty) - - - - - FGKV3B3jz083xhGO13 text/html +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log index f988a996f8..2c041b6c59 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2013-08-26-19-02-20 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1340127577.336558 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::DISCOVER @@ -12,4 +12,4 @@ 1340127577.406995 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Tunnel::TEREDO Tunnel::CLOSE 1340127577.406995 CCvvfg3TEfuqmmG4bh 192.168.2.16 3797 65.55.158.81 3544 Tunnel::TEREDO Tunnel::CLOSE -#close 2013-08-26-19-02-20 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log index bec4732a8f..81c7bb0cf0 100644 --- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log +++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path weird -#open 2013-08-26-19-46-43 +#open 2016-01-15-18-40-17 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1340127577.341510 CRJuHdVW0XPVINV8a 192.168.2.16 3797 83.170.1.38 32900 Teredo_bubble_with_payload - F bro 1340127577.346849 CXWv6p3arKYeMETxOg 192.168.2.16 3797 65.55.158.80 3544 Teredo_bubble_with_payload - F bro -#close 2013-08-26-19-46-43 +#close 2016-01-15-18-40-17 diff --git a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 index 461c3411d1..398fe5db94 100644 --- a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 +++ b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1 @@ -9,7 +9,7 @@ }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={ - }], extract_orig=F, extract_resp=F, thresholds=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={ + }], extract_orig=F, extract_resp=F, thresholds=, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={ }, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=[text/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={ diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index b19aa4e229..ef4b7d5e14 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-00-17 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-19 +#open 2016-01-15-18-40-35 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883233.962989 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-36 diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index b19aa4e229..ef4b7d5e14 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-00-17 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393217.023534 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-19 +#open 2016-01-15-18-40-35 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883233.962989 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-36 diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 50de2e7aa5..829797e69a 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-59-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-00 +#open 2016-01-15-18-40-24 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883223.630311 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-26 diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 50de2e7aa5..bca3ed980f 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-22-59-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1396393198.822094 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - -#close 2014-04-01-23-00-00 +#open 2016-01-15-18-40-24 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1452883223.630311 CjhGID4nQcgTWjvg4c 141.42.64.125 56730 125.190.109.199 80 1 GET www.icir.org / - 1.1 Wget/1.10 0 9130 200 OK - - - (empty) - - - - - - - +#close 2016-01-15-18-40-25 diff --git a/testing/btest/Baseline/language.init-in-anon-function/http.log b/testing/btest/Baseline/language.init-in-anon-function/http.log index 2f4bbbb8e4..24ee094c15 100644 --- a/testing/btest/Baseline/language.init-in-anon-function/http.log +++ b/testing/btest/Baseline/language.init-in-anon-function/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-12-50 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.0.0 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916183 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952296 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.0.0 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.976436 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014593 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -#close 2014-04-01-23-12-50 +#open 2016-01-15-18-40-39 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.0.0 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916183 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952296 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.0.0 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.0.0 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.976436 C7XEbhP654jzLoe3a 141.142.0.0 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.0.0 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.0.0 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014593 CzA03V1VcgagLjnO92 141.142.0.0 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.0.0 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +#close 2016-01-15-18-40-39 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 94e0db8667..7a5718b1db 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -220,7 +220,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -326,7 +326,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -812,7 +812,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -918,7 +918,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -1403,7 +1403,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1509,7 +1509,7 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1440997649.720991, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) @@ -1605,14 +1605,14 @@ 1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> 1362692526.939527 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> @@ -1642,14 +1642,14 @@ 1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (-%s, HTTP)) 1362692526.939527 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) @@ -1680,14 +1680,14 @@ 1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, vlan=, inner_vlan=, dpd=, conn=, extract_orig=F, extract_resp=F, thresholds=, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0, trans_depth=0], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692526.939527 | HookCallFunction fmt(-%s, HTTP) 1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, version=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0, trans_depth=1], irc=, krb=, modbus=, mysql=, radius=, rdp=, sip=, sip_state=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) diff --git a/testing/btest/Baseline/plugins.writer/output b/testing/btest/Baseline/plugins.writer/output index 26fac65662..a8d6f439e2 100644 --- a/testing/btest/Baseline/plugins.writer/output +++ b/testing/btest/Baseline/plugins.writer/output @@ -10,13 +10,13 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0) [conn] 1340213226.561757|CPbrpk1qSsw6ESzHV4|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0| [conn] 1340213290.981995|C6pKV8GSxOnSLghOa|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0| [files] 1340213020.732547|FBtZ7y1ppK8iIeY622|60.190.189.214|10.0.0.55|CjhGID4nQcgTWjvg4c|HTTP|0||image/gif|-|0.000034|-|F|1368|1368|0|0|F|-|-|-|-|- -[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213019.580162|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|3|GET|www.osnews.com|/images/icons/9.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213020.155861|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|4|GET|www.osnews.com|/images/icons/26.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|1368|200|OK|-|-|-||-|-|-|-|-|FBtZ7y1ppK8iIeY622|image/gif -[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- -[packet_filter] 1424736260.256998|bro|ip or not ip|T|T +[http] 1340213019.013158|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|1|GET|www.osnews.com|/images/printer2.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213019.013426|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|2|GET|www.osnews.com|/img2/shorturl.jpg|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213019.580162|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|3|GET|www.osnews.com|/images/icons/9.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213020.155861|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|4|GET|www.osnews.com|/images/icons/26.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|1368|200|OK|-|-|-||-|-|-|-|-|FBtZ7y1ppK8iIeY622|image/gif +[http] 1340213020.732963|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213021.300269|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[http] 1340213021.861584|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|0|0|304|Not Modified|-|-|-||-|-|-|-|-|-|- +[packet_filter] 1452883255.997547|bro|ip or not ip|T|T [socks] 1340213015.276495|CjhGID4nQcgTWjvg4c|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688 [tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log index 4786a6f8b9..5fb6e1672a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-14-58 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1315799856.264750 CXWv6p3arKYeMETxOg 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - - - FGNm7b3eXjhJLfvOWl text/html -#close 2014-04-01-23-14-58 +#open 2016-01-15-18-40-57 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1315799856.264750 CXWv6p3arKYeMETxOg 10.0.1.104 64216 193.40.5.162 80 1 GET lepo.it.da.ut.ee /~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf - 1.1 Wget/1.12 (darwin10.8.0) 0 346 404 Not Found - - - (empty) - - - - - FGNm7b3eXjhJLfvOWl text/html +#close 2016-01-15-18-40-57 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select index 5c584af41b..a715425ded 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.sqlite.wikipedia/http.select @@ -1,14 +1,14 @@ -1300475168.78402|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|1|GET|bits.wikimedia.org|/skins-1.5/monobook/main.css|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91602|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/6/63/Wikipedia-logo.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91618|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.91836|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/b/bd/Bookshelf-40x201_6.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.9523|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.95231|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.95482|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.96269|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|1|GET|meta.wikimedia.org|/images/wikimedia-button.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97593|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97644|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475168.97926|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01459|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01462|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| -1300475169.01493|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png|http://www.wikipedia.org/|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.78402|CRJuHdVW0XPVINV8a|141.142.220.118|48649|208.80.152.118|80|1|GET|bits.wikimedia.org|/skins-1.5/monobook/main.css|http://www.wikipedia.org/|1.1|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91602|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/6/63/Wikipedia-logo.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91618|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.91836|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/b/bd/Bookshelf-40x201_6.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.9523|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.95231|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.95482|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|1|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.96269|Cn78a440HlxuyZKs6f|141.142.220.118|35642|208.80.152.2|80|1|GET|meta.wikimedia.org|/images/wikimedia-button.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97593|CJ3xTn1c4Zw9TmAE05|141.142.220.118|49997|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97644|C7XEbhP654jzLoe3a|141.142.220.118|49996|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475168.97926|C3SfNE4BWaU4aSuwkc|141.142.220.118|49998|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01459|CzA03V1VcgagLjnO92|141.142.220.118|49999|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01462|CyAhVIzHqb7t7kv28|141.142.220.118|50000|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| +1300475169.01493|CkDsfG2YIeWJmXWNWj|141.142.220.118|50001|208.80.152.3|80|2|GET|upload.wikimedia.org|/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png|http://www.wikipedia.org/|1.0|Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15|0|0|304|Not Modified||||(empty)||||||| diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log index cbc90d9926..ab4979f69d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-2-2 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields status_code #types count 304 @@ -20,4 +20,4 @@ 304 304 304 -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log index 8f66184146..30ffbac472 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-2.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-2 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields host #types string bits.wikimedia.org @@ -20,4 +20,4 @@ upload.wikimedia.org upload.wikimedia.org upload.wikimedia.org upload.wikimedia.org -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log index d64b9aa128..d0ef6e21ce 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http-3.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path http-3 -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields uri #types string /skins-1.5/monobook/main.css @@ -20,4 +20,4 @@ /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log index 0f1c694c8b..5fb44c25ee 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-23 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - -#close 2014-04-01-23-15-23 +#open 2016-01-15-18-40-59 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log index 35e9134583..1e0ff1b11d 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log +++ b/testing/btest/Baseline/scripts.base.frameworks.logging.writer-path-conflict/reporter.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path reporter -#open 2011-03-18-19-06-08 +#open 2016-01-15-18-40-59 #fields ts level message location #types time enum string string 1300475168.843894 Reporter::WARNING Write using filter 'host-only' on path 'http' changed to use new path 'http-2' to avoid conflict with filter 'default' (empty) 1300475168.843894 Reporter::WARNING Write using filter 'uri-only' on path 'http' changed to use new path 'http-3' to avoid conflict with filter 'default' (empty) 1300475168.843894 Reporter::WARNING Write using filter 'status-only' on path 'http-2' changed to use new path 'http-2-2' to avoid conflict with filter 'host-only' (empty) -#close 2011-03-18-19-06-13 +#close 2016-01-15-18-40-59 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log index 0418b88b69..774163695e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-57 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1237440095.634312 CXWv6p3arKYeMETxOg 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - F7Wq2D1IW7Cp2nfZMa text/plain FFhC1T3ieHHQqVBLpc text/html -#close 2014-04-01-23-15-57 +#open 2016-01-15-18-41-00 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1237440095.634312 CXWv6p3arKYeMETxOg 192.168.3.103 54102 128.146.216.51 80 1 POST www.osu.edu / - 1.1 curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3 2001 60731 200 OK 100 Continue - (empty) - - - F7Wq2D1IW7Cp2nfZMa text/plain FFhC1T3ieHHQqVBLpc text/html +#close 2016-01-15-18-41-00 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log index 7adb1bd2e8..0a578fc3d7 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/conn.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-10-23-20-09-31 +#open 2016-01-15-18-41-02 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1443732977.727740 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 tcp ssl,http 0.691241 3644 55499 S1 - - 0 ShAaDd 29 5744 29 57599 (empty) -#close 2015-10-23-20-09-32 +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log index e7d3078204..121c1499dc 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2015-10-23-20-09-31 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1443732977.728092 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 1 CONNECT secure.newegg.com secure.newegg.com:443 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0 0 0 200 Connection Established - - - (empty) - - PROXY-CONNECTION -> keep-alive - - - - -#close 2015-10-23-20-09-32 +#open 2016-01-15-18-41-02 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1443732977.728092 CXWv6p3arKYeMETxOg ::1 52522 ::1 80 1 CONNECT secure.newegg.com secure.newegg.com:443 - 1.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0 0 0 200 Connection Established - - - (empty) - - PROXY-CONNECTION -> keep-alive - - - - +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log index 95dfd233d2..87789e66f2 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect-with-header/tunnel.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2015-10-23-20-09-55 +#open 2016-01-15-18-41-02 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1443732977.848660 - ::1 0 ::1 80 Tunnel::HTTP Tunnel::DISCOVER -#close 2015-10-23-20-09-55 +#close 2016-01-15-18-41-02 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log index ab5cd0d9bf..b255e8cb3f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/conn.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path conn -#open 2015-02-23-21-43-52 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] 1078232251.833846 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 tcp http,smtp 6.722274 1685 223 SF - - 0 ShADadfF 14 2257 16 944 (empty) -#close 2015-02-23-21-43-52 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log index 6fd4a5a937..0c2d648a7b 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-15-59 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1078232252.284420 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 CONNECT - mailin03.sul.t-online.de:25 / - - 0 0 200 Connection established - - - (empty) - - - - - - - -#close 2014-04-01-23-15-59 +#open 2016-01-15-18-41-01 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1078232252.284420 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 CONNECT - mailin03.sul.t-online.de:25 / - 1.0 - 0 0 200 Connection established - - - (empty) - - - - - - - +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log index 99850b35a2..f7c07eb9dd 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/smtp.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path smtp -#open 2015-07-26-18-33-18 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to cc reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent tls fuids #types time string addr port addr port count string string set[string] string string set[string] set[string] string string string string addr string string string vector[addr] string bool vector[string] 1078232255.642953 CXWv6p3arKYeMETxOg 79.26.245.236 3378 254.228.86.79 8240 1 208.191.73.21 Tue, 2 Mar 2004 13:57:49 +0100 Sybille Ostermann thenightwatch@t-online.de - - - - Hier sind die dicken Girls hemmungloser denn je.. grcu - from mail.iosphere.net (mail.iosphere.net [216.58.97.33]) by mail.netsync.net with esmtp; Mrz, 02 2004 12:55:34 -0700 - 250 Message accepted. 254.228.86.79,79.26.245.236,216.58.97.33 Microsoft Outlook Build 10.0.2616 F FVS9k93PUgScEUCOjd -#close 2015-07-26-18-33-18 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log index 9e18e38e03..2b3c719e2c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-connect/tunnel.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path tunnel -#open 2014-02-13-03-37-02 +#open 2016-01-15-18-41-01 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum 1078232252.284420 - 79.26.245.236 0 254.228.86.79 8240 Tunnel::HTTP Tunnel::DISCOVER -#close 2014-02-13-03-37-02 +#close 2016-01-15-18-41-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log index d8a78a38b1..8078cc471a 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log @@ -3,56 +3,47 @@ #empty_field (empty) #unset_field - #path http -#open 2015-04-20-12-36-37 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html -1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FWUdF12OgqGLhf3NPl text/html -1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FrYoRN2EwpZyXbyvF8 text/html -1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FJPouz1lbXUsa4Ef1 text/html -1354328874.364020 CRJuHdVW0XPVINV8a 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - - 0 43911 200 OK - - - (empty) - - - - - FbONWS332vB7QP1sDi text/html -1354328878.470424 CPbrpk1qSsw6ESzHV4 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - - 0 43983 200 OK - - - (empty) - - - - - Fw8xGD2taqNAOVvI88 text/html -1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 1 GET www.google.com /HTTP/1.1 - - 0 1207 403 Forbidden - - - (empty) - - - - - FdEQPY3H4Z608y5yq1 text/html -1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FcNjaW3kDUju84cG3 text/html -1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fe8v8c49yLvORp3zva text/html -1354328882.990373 CJ3xTn1c4Zw9TmAE05 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - - 0 43913 200 OK - - - (empty) - - - - - FAbDo7c8yz5wducYb text/html -1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 1 - - - - - 0 961 405 Method Not Allowed - - - (empty) - - - - - F7zifu3d5nGrdGffO4 text/html -1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FNf9mc2b0BWWP1UxWe text/html -1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FG2K813sKEZvZ2TNY4 text/html -1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FOOeqs4Vg0Zs3rcVYi text/html -1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - F2wfYn1yFdeOeHFYA8 text/html -1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 1 CCM_POST www.google.com / - - 0 963 405 Method Not Allowed - - - (empty) - - - - - F1d9bG11AdUoYIAPna text/html -1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 1 CCM_POST www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - F73Xpt400aDAjp1tOj text/html -1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FANgwp2fEJblWfGtqk text/html -1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FUelQv4zC3B2JEWwQ6 text/html -1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 1 CCM_POST www.google.com / - - 0 963 405 Method Not Allowed - - - (empty) - - - - - FodlEg40uUijFetJb9 text/html -1354328899.526682 Cx2FqO23omNawSNrxj 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - - - FgQlB81dSyLHN5T8Q4 text/html -1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 1 CONNECT www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FW2UCD2e0jxAndsTK3 text/html -1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FKANAL2sLvMgJdaEKa text/html -1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FNRuYy4eahAmiehFvd text/html -1354328903.697693 CRrfvP2lalMAYOCLhj 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - - - FAVGIL2N6x9nLyfGHh text/html -1354328907.743696 Cn78a440HlxuyZKs6f 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - - - FKbiICMAvCsO6CFjk text/html -1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 1 TRACE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FD5riIpYe5BLR0aok text/html -1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FUzHwP1gT2UJYnUpUi text/html -1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FfLe59279TLFl2hHKc text/html -1354328911.918511 ClAbxY1nmdjCuo0Le2 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - - - FQrvtP3qpKeKPxn5Gf text/html -1354328915.964678 CwG0BF1VXE0gWgs78 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - - - Fs5qiV3XoBOExKLdi4 text/html -1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 1 DELETE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - - - FpkucFbcGcM4CNkZf text/html -1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FBu6A04t7ZjbY0dCi8 text/html -1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fk7Se84fbLvbZEfBCd text/html -1354328920.136714 Cktvtw2VqwbTG0OgWk 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - - - FNb8ZY2Zvw0MpF1qU4 text/html -1354328924.183211 CKfF8L3XSsgT2WYDN 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - Fo23U03XCMamm7QQWe text/html -1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 1 PUT www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - - - FqyVeZqSV8Tz7hfT1 text/html -1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Ft15j5I9xSpfcA7Fh text/html -1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FyF5ac1kxwCDvXZKz7 text/html -1354328924.350343 CUqYZc2XzbfnZKbgT 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - FuGiTK15gnR7f8Uti2 text/html -1354328924.391728 CVdnYXVEtNT1lQVL6 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - - 0 934 411 Length Required - - - (empty) - - - - - F93zuy2MGUDDPwg0xl text/html -1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 1 POST www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - - - FRJvy31aqXlFemaBfc text/html -1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - Fcnnrf1A8AgOFzLHM text/html -1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FI3I73110YtFWCuaG3 text/html -1354328924.559704 CZTTFm2GrMAs8leAyl 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - - -1354328928.625437 CV23rC3tBHfPhMUPtf 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - - -1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - - 0 0 400 Bad Request - - - (empty) - - - - - - - -1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FaVAsywxxOtGAzel8 text/html -1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 1 - - - - - 0 925 400 Bad Request - - - (empty) - - - - - FmzgEKnyfPnyZqmh text/html -#close 2015-04-20-12-36-37 +#open 2016-01-15-18-41-03 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - 1.1 - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html +1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FrYoRN2EwpZyXbyvF8 text/html +1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FJPouz1lbXUsa4Ef1 text/html +1354328874.364020 CRJuHdVW0XPVINV8a 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43911 200 OK - - - (empty) - - - - - FbONWS332vB7QP1sDi text/html +1354328878.470424 CPbrpk1qSsw6ESzHV4 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43983 200 OK - - - (empty) - - - - - Fw8xGD2taqNAOVvI88 text/html +1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FcNjaW3kDUju84cG3 text/html +1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fe8v8c49yLvORp3zva text/html +1354328882.990373 CJ3xTn1c4Zw9TmAE05 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43913 200 OK - - - (empty) - - - - - FAbDo7c8yz5wducYb text/html +1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 1 - - - - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - F7zifu3d5nGrdGffO4 text/html +1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FNf9mc2b0BWWP1UxWe text/html +1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FG2K813sKEZvZ2TNY4 text/html +1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FOOeqs4Vg0Zs3rcVYi text/html +1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - F2wfYn1yFdeOeHFYA8 text/html +1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - F1d9bG11AdUoYIAPna text/html +1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FANgwp2fEJblWfGtqk text/html +1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUelQv4zC3B2JEWwQ6 text/html +1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - FodlEg40uUijFetJb9 text/html +1354328899.526682 Cx2FqO23omNawSNrxj 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FgQlB81dSyLHN5T8Q4 text/html +1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FKANAL2sLvMgJdaEKa text/html +1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FNRuYy4eahAmiehFvd text/html +1354328903.697693 CRrfvP2lalMAYOCLhj 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FAVGIL2N6x9nLyfGHh text/html +1354328907.743696 Cn78a440HlxuyZKs6f 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FKbiICMAvCsO6CFjk text/html +1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUzHwP1gT2UJYnUpUi text/html +1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FfLe59279TLFl2hHKc text/html +1354328911.918511 ClAbxY1nmdjCuo0Le2 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FQrvtP3qpKeKPxn5Gf text/html +1354328915.964678 CwG0BF1VXE0gWgs78 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - Fs5qiV3XoBOExKLdi4 text/html +1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FBu6A04t7ZjbY0dCi8 text/html +1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fk7Se84fbLvbZEfBCd text/html +1354328920.136714 Cktvtw2VqwbTG0OgWk 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - FNb8ZY2Zvw0MpF1qU4 text/html +1354328924.183211 CKfF8L3XSsgT2WYDN 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - Fo23U03XCMamm7QQWe text/html +1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Ft15j5I9xSpfcA7Fh text/html +1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FyF5ac1kxwCDvXZKz7 text/html +1354328924.350343 CUqYZc2XzbfnZKbgT 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FuGiTK15gnR7f8Uti2 text/html +1354328924.391728 CVdnYXVEtNT1lQVL6 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - F93zuy2MGUDDPwg0xl text/html +1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fcnnrf1A8AgOFzLHM text/html +1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FI3I73110YtFWCuaG3 text/html +1354328924.559704 CZTTFm2GrMAs8leAyl 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - +1354328928.625437 CV23rC3tBHfPhMUPtf 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - +1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FaVAsywxxOtGAzel8 text/html +1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FmzgEKnyfPnyZqmh text/html +#close 2016-01-15-18-41-03 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log index 1721f8f79f..7411f969b6 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log @@ -3,11 +3,15 @@ #empty_field (empty) #unset_field - #path weird -#open 2015-03-20-16-03-02 +#open 2016-01-15-18-41-03 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string +1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F bro +1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro +1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 missing_HTTP_uri - F bro +1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.949510 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro 1354328887.094494 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro @@ -16,20 +20,33 @@ 1354328891.226199 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.267625 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro -1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro +1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 missing_HTTP_uri - F bro +1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.396634 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.438812 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro +1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 missing_HTTP_uri - F bro +1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.614145 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.656369 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro +1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 missing_HTTP_uri - F bro +1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.832856 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.876341 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro +1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 missing_HTTP_uri - F bro +1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.052085 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.094072 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 missing_HTTP_uri - F bro +1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.266693 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.308714 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 missing_HTTP_uri - F bro +1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.476011 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro +1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 missing_HTTP_uri - F bro +1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro -#close 2015-03-20-16-03-02 +#close 2016-01-15-18-41-03 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log index 09cc270c2a..d02f2a9bcc 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log @@ -3,12 +3,12 @@ #empty_field (empty) #unset_field - #path http -#open 2014-04-01-23-16-13 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1258577884.844956 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - Fa7DPI2ItmEOoVqyYj text/plain -1258577884.960135 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - - FnBh5P1KP0SnMzl3Qj text/plain -1258577885.317160 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - F2TV5w2Kwn3G7doSk5 image/gif -1258577885.349639 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - F4kk4T3Unyqtkczzue image/png -1258577885.394612 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - FcB26G4nL7jRheOyA8 image/png -#close 2014-04-01-23-16-13 +#open 2016-01-15-18-41-04 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1258577884.844956 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 1 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2675 200 OK - - - (empty) - - - - - Fa7DPI2ItmEOoVqyYj text/plain +1258577884.960135 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 2 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 21421 200 OK - - - (empty) - - - - - FnBh5P1KP0SnMzl3Qj text/plain +1258577885.317160 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 3 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 94 200 OK - - - (empty) - - - - - F2TV5w2Kwn3G7doSk5 image/gif +1258577885.349639 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 4 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 2349 200 OK - - - (empty) - - - - - F4kk4T3Unyqtkczzue image/png +1258577885.394612 CXWv6p3arKYeMETxOg 192.168.1.104 1673 63.245.209.11 80 5 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css 1.1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 0 27579 200 OK - - - (empty) - - - - - FcB26G4nL7jRheOyA8 image/png +#close 2016-01-15-18-41-04 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log index c4c96b7fb9..059d4a6a28 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.missing-zlib-header/http.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path http -#open 2015-05-12-16-26-53 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1232039472.314927 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 1 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FBcNS3RwceOxW15xg text/plain -1232039472.446194 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 2 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FDWU85N0DpedJPh93 text/plain -#close 2015-05-12-16-26-53 +#open 2016-01-15-18-41-05 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1232039472.314927 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 1 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm 1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FBcNS3RwceOxW15xg text/plain +1232039472.446194 CXWv6p3arKYeMETxOg 237.244.174.255 1905 79.218.110.244 80 2 GET ads1.msn.com /library/dap.js http://zone.msn.com/en/root/default.htm 1.1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) 0 13249 200 OK - - - (empty) - - - - - FDWU85N0DpedJPh93 text/plain +#close 2016-01-15-18-41-05 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log index a9cf1ccfaf..db69de700e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.multipart-extract/http.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path http -#open 2015-04-20-12-37-23 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] -1369159408.455878 CXWv6p3arKYeMETxOg 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - curl/7.30.0 370 465 200 OK - - - (empty) - - - F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg - FjeopJ2lRk9U1CNNb5 text/json -#close 2015-04-20-12-37-23 +#open 2016-01-15-18-41-06 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1369159408.455878 CXWv6p3arKYeMETxOg 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - 1.1 curl/7.30.0 370 465 200 OK - - - (empty) - - - F2yGNX2vGXLxfZeD12,Fq4rJh2kLHKa8YC1q1,F9sKY71Rb9megdy7sg - FjeopJ2lRk9U1CNNb5 text/json +#close 2016-01-15-18-41-06 diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log index ca510300c2..08ee00ffd0 100644 --- a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log +++ b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path http -#open 2015-03-16-20-10-52 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names -#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] -1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION -1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION -#close 2015-03-16-20-10-52 +#open 2016-01-15-18-41-07 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ 1.1 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ 1.0 Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +#close 2016-01-15-18-41-07 From 642ef5d3c1a4032a77a95314167682fdbbd6ca17 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 15 Jan 2016 12:45:19 -0800 Subject: [PATCH 42/47] Tweaking how HTTP requests without URIs are handled. The change from #49 made it an error to not have a URI. That however then led requests with an URI yet no version to abort as well. Instead, we now check if the token following the method is an "HTTP/" version identifier. If, so accept that the URI is empty (and trigger a weird) but otherwise keep processing. Adding test cases for both HTTP requests without URI and without version. --- CHANGES | 6 ++--- VERSION | 2 +- src/analyzer/protocol/http/HTTP.cc | 10 ++++---- .../http.log | 13 +++++++++-- .../weird.log | 22 +++--------------- .../http.log | 10 ++++++++ .../weird.log | 10 ++++++++ .../http.log | 10 ++++++++ testing/btest/Traces/http/no-uri.pcap | Bin 0 -> 6336 bytes testing/btest/Traces/http/no-version.pcap | Bin 0 -> 1268 bytes .../scripts/base/protocols/http/no-uri.bro | 4 ++++ .../base/protocols/http/no-version.bro | 3 +++ 12 files changed, 60 insertions(+), 30 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log create mode 100644 testing/btest/Traces/http/no-uri.pcap create mode 100644 testing/btest/Traces/http/no-version.pcap create mode 100644 testing/btest/scripts/base/protocols/http/no-uri.bro create mode 100644 testing/btest/scripts/base/protocols/http/no-version.bro diff --git a/CHANGES b/CHANGES index 6202e2c47a..64ca3e1776 100644 --- a/CHANGES +++ b/CHANGES @@ -1,12 +1,12 @@ -2.4-236 | 2016-01-15 10:35:21 -0800 +2.4-238 | 2016-01-15 12:56:33 -0800 * Add HTTP version information to HTTP log file. (Aaron Eppert) * Add NOTIFY as a valid SIP message, per RFC 3265. (Aaron Eppert) - * Let HTTP parser reject requests that don't have both URI and - version. (William Glodek) + * Improve HTTP parser's handling of requests that don't have a URI. + (William Glodek/Robin Sommer) * Fix crash when deleting non existing record member. Addresses BIT-1519. (Johanna Amann) diff --git a/VERSION b/VERSION index ac096732cd..1b16a39866 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-236 +2.4-238 diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index de930f730a..36c92ed6e6 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -1249,11 +1249,11 @@ int HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) break; } - if ( end_of_uri >= end_of_line ) - { - Weird("missing_HTTP_uri"); - return 0; - } + if ( end_of_uri >= end_of_line && PrefixMatch(line, end_of_line, "HTTP/") ) + { + Weird("missing_HTTP_uri"); + end_of_uri = line; // Leave URI empty. + } for ( version_start = end_of_uri; version_start < end_of_line; ++version_start ) { diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log index 8078cc471a..353348a40d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log @@ -3,14 +3,16 @@ #empty_field (empty) #unset_field - #path http -#open 2016-01-15-18-41-03 +#open 2016-01-15-20-54-31 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types #types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] 1354328870.191989 CXWv6p3arKYeMETxOg 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - 1.1 - 0 962 405 Method Not Allowed - - - (empty) - - - - - FKgccv1sOsIPuN3b73 text/html +1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com (empty) - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FWUdF12OgqGLhf3NPl text/html 1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FrYoRN2EwpZyXbyvF8 text/html 1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FJPouz1lbXUsa4Ef1 text/html 1354328874.364020 CRJuHdVW0XPVINV8a 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43911 200 OK - - - (empty) - - - - - FbONWS332vB7QP1sDi text/html 1354328878.470424 CPbrpk1qSsw6ESzHV4 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43983 200 OK - - - (empty) - - - - - Fw8xGD2taqNAOVvI88 text/html +1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 1 GET www.google.com /HTTP/1.1 - 1.0 - 0 1207 403 Forbidden - - - (empty) - - - - - FdEQPY3H4Z608y5yq1 text/html 1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FcNjaW3kDUju84cG3 text/html 1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fe8v8c49yLvORp3zva text/html 1354328882.990373 CJ3xTn1c4Zw9TmAE05 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - 1.1 - 0 43913 200 OK - - - (empty) - - - - - FAbDo7c8yz5wducYb text/html @@ -20,30 +22,37 @@ 1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FOOeqs4Vg0Zs3rcVYi text/html 1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - F2wfYn1yFdeOeHFYA8 text/html 1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - F1d9bG11AdUoYIAPna text/html +1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 1 CCM_POST www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - F73Xpt400aDAjp1tOj text/html 1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FANgwp2fEJblWfGtqk text/html 1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUelQv4zC3B2JEWwQ6 text/html 1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 1 CCM_POST www.google.com / - 1.1 - 0 963 405 Method Not Allowed - - - (empty) - - - - - FodlEg40uUijFetJb9 text/html 1354328899.526682 Cx2FqO23omNawSNrxj 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FgQlB81dSyLHN5T8Q4 text/html +1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 1 CONNECT www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FW2UCD2e0jxAndsTK3 text/html 1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FKANAL2sLvMgJdaEKa text/html 1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FNRuYy4eahAmiehFvd text/html 1354328903.697693 CRrfvP2lalMAYOCLhj 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - 1.1 - 0 925 400 Bad Request - - - (empty) - - - - - FAVGIL2N6x9nLyfGHh text/html 1354328907.743696 Cn78a440HlxuyZKs6f 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FKbiICMAvCsO6CFjk text/html +1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 1 TRACE www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FD5riIpYe5BLR0aok text/html 1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FUzHwP1gT2UJYnUpUi text/html 1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FfLe59279TLFl2hHKc text/html 1354328911.918511 ClAbxY1nmdjCuo0Le2 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - 1.1 - 0 960 405 Method Not Allowed - - - (empty) - - - - - FQrvtP3qpKeKPxn5Gf text/html 1354328915.964678 CwG0BF1VXE0gWgs78 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - Fs5qiV3XoBOExKLdi4 text/html +1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 1 DELETE www.google.com /HTTP/1.1 - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FpkucFbcGcM4CNkZf text/html 1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FBu6A04t7ZjbY0dCi8 text/html 1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fk7Se84fbLvbZEfBCd text/html 1354328920.136714 Cktvtw2VqwbTG0OgWk 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - 1.1 - 0 961 405 Method Not Allowed - - - (empty) - - - - - FNb8ZY2Zvw0MpF1qU4 text/html 1354328924.183211 CKfF8L3XSsgT2WYDN 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - Fo23U03XCMamm7QQWe text/html +1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 1 PUT www.google.com /HTTP/1.1 - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FqyVeZqSV8Tz7hfT1 text/html 1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Ft15j5I9xSpfcA7Fh text/html 1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FyF5ac1kxwCDvXZKz7 text/html 1354328924.350343 CUqYZc2XzbfnZKbgT 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FuGiTK15gnR7f8Uti2 text/html 1354328924.391728 CVdnYXVEtNT1lQVL6 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - F93zuy2MGUDDPwg0xl text/html +1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 1 POST www.google.com /HTTP/1.1 - 1.0 - 0 934 411 Length Required - - - (empty) - - - - - FRJvy31aqXlFemaBfc text/html 1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - Fcnnrf1A8AgOFzLHM text/html 1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FI3I73110YtFWCuaG3 text/html 1354328924.559704 CZTTFm2GrMAs8leAyl 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - 1354328928.625437 CV23rC3tBHfPhMUPtf 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - 1.1 - 0 0 200 OK - - - (empty) - - - - - - - +1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - 1.0 - 0 0 400 Bad Request - - - (empty) - - - - - - - 1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FaVAsywxxOtGAzel8 text/html 1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 1 - - - - 1.0 - 0 925 400 Bad Request - - - (empty) - - - - - FmzgEKnyfPnyZqmh text/html -#close 2016-01-15-18-41-03 +#close 2016-01-15-20-54-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log index 7411f969b6..e10847fe2d 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log @@ -3,15 +3,12 @@ #empty_field (empty) #unset_field - #path weird -#open 2016-01-15-18-41-03 +#open 2016-01-15-20-54-31 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 missing_HTTP_uri - F bro -1354328874.237327 CjhGID4nQcgTWjvg4c 128.2.6.136 46563 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro 1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro -1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 missing_HTTP_uri - F bro -1354328882.575456 C6pKV8GSxOnSLghOa 128.2.6.136 46568 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro 1354328882.949510 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro 1354328887.094494 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro @@ -20,33 +17,20 @@ 1354328891.226199 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.267625 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro 1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro -1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 missing_HTTP_uri - F bro -1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 bad_HTTP_request - F bro +1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328895.396634 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.438812 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro 1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro -1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 missing_HTTP_uri - F bro -1354328903.572533 Cx3C534wEyF3OvvcQe 128.2.6.136 46583 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.614145 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro 1354328903.656369 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro -1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 missing_HTTP_uri - F bro -1354328911.790590 CUof3F2yAIid8QS3dk 128.2.6.136 46588 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.832856 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro 1354328911.876341 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro -1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 missing_HTTP_uri - F bro -1354328920.010458 CisNaL1Cm73CiNOmcg 128.2.6.136 46593 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.052085 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro 1354328920.094072 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 missing_HTTP_uri - F bro -1354328924.224567 CHrnr1115j0JRSXjG6 128.2.6.136 46598 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.266693 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.308714 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 missing_HTTP_uri - F bro -1354328924.433150 CbNmy32YFt3gdIjV8 128.2.6.136 46603 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.476011 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro 1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro -1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 missing_HTTP_uri - F bro -1354328932.692706 CkaPGx2P0Y3W5aHVFk 128.2.6.136 46608 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro 1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro -#close 2016-01-15-18-41-03 +#close 2016-01-15-20-54-32 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log new file mode 100644 index 0000000000..bdcd4aae19 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2016-01-15-20-42-50 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1362692526.939527 CXWv6p3arKYeMETxOg 141.142.228.5 59856 192.150.187.43 80 1 GET bro.org (empty) - 1.1 - 0 4705 200 OK - - - (empty) - - - - - FakNcS1Jfe01uljb3 text/plain +#close 2016-01-15-20-42-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log new file mode 100644 index 0000000000..cd31c6030f --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-uri/weird.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open 2016-01-15-20-42-50 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1362692526.939527 CXWv6p3arKYeMETxOg 141.142.228.5 59856 192.150.187.43 80 missing_HTTP_uri - F bro +#close 2016-01-15-20-42-50 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log b/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log new file mode 100644 index 0000000000..a1ab36435b --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.no-version/http.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2016-01-15-20-44-15 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types +#types time string addr port addr port count string string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] +1036020209.801685 CXWv6p3arKYeMETxOg 131.243.1.23 1035 131.243.1.10 80 1 GET - /cgi-bin/formmail.pl?email=f2@aol.com&subject=www-nrg.ee/cgi-bin/formmail.pl&recipient=unknownz@buy2save.com&msg=w00t - - - 0 0 - - - - - (empty) - - - - - - - +#close 2016-01-15-20-44-15 diff --git a/testing/btest/Traces/http/no-uri.pcap b/testing/btest/Traces/http/no-uri.pcap new file mode 100644 index 0000000000000000000000000000000000000000..86c42097a147d7a6020a79a76da475fbf42f297b GIT binary patch literal 6336 zcma)AU2Ggz72dc>TNb&b2%$ceTel^S>)HSH&!lPV*l~VpC&pg4;)UjV=I-vTXJ>{x zGhT0mR6l|UEfP=(UiwEQ9#Df2Z}g#3i&Q~L|KK44R4O4=MM9POfW!lY@7$SL@1Fya zR$1Hko_p?hzVn@P?jPRx__|Ty{vtK^{7e;?OJQiDDsoj-1kDuui+l|lA)*r?Jnf&eFsFP(nA+z?$ zyH~GWe*`C-c=3yK-_NbZ)(?-}nazLa)Yr*6PP&8qR-1QaPQfaDhWxI){Q~*DcYVO` z6R`g1-cj~YbOH#({?^GdS-j(kyE4CpG5QQyeC_;C$l}<_NQ?KdhYs)cTRd~R#?IDi zYx!cXIG!z*%9ZNO?A&}|)VIw*C}W`^+|XoCHbh8!Ds0l`sx94ODObuBj*n*-EKB%U zF_oVh&z|)HeBDxB&Qp!??4swo!V0D5n(T2Qd}G0pJ7PRLp1p>foxCr`iLe@qLgmVf z6ovPGKM;jS5rsGQj%F_Z@ZR`l!0810EuoJ0**vp$h6S?WlKsF^(hrB1!^vuolZ7HHmd$F_ ztjxg4YLAn2Y+W`YB@$aK^qAO{A#2O9$z0DhE(_(cAmm{bFwbQ|DNnJ<^Z2?U+hQBe z;j~Kkv{@X$iY2pJ09|?^S?4kktR-F9idsyGZ$?rHn=P*LZNb2$0Qp0wmvS>irQQPw z(FNPyzcH<|g(E`2JV05G9H(OdsRj&gDei)j!AMlfMycy*(Ev!mrBpEi5Q5o@3#arp ztSC$_+!8^+8x)x(?n>bxKX^xn2DdNw*en9;l3AQF@ukORtu6R=Kz=Lu&4EN5JCMS6 zfGlUOXairt>VP+mFOeb0fl+LT5jeK@D#ZfBnH5lRe#Eh4^P(@@QyWVxhaceIOm#L#Nx+!F)`HbNBbo%nk01*T$C(gwGWZ zfo@{bSnl6mneT2-Bq3dBnSjRWuz+sS6x57gbXmHZoz8HNrrH$4;(8U1NKLi#~E zof%sGHMc|F7!CmW(Dk5Tpkx+j%?iY|+Ur3AXOh9k0v3^4u|&0W8gtc%TBws>S=5n&&(g4%Q+(oSudMme|jsgUX zGnlP5w!}V79$b=?E z;0ueoC@K*aT!796p{kQ3lgEu9>=5x{hwytH&;=(H%H<*S*Xc~h)PgI*-H~WDGzWIL zl6(tWPpw~kYH_pnRPEgA>E+cLvmgX$cr@^dSsrK;Z2^6VJCRV?7JA` z2eK4{RJW;#d2Mj&e$XAD3kW?81k!Owdgy+rJAgFEIx0&LNDwo}mXgd#GR6hI*gqNR zvgpBAqMJ73p`i(6D2}J`>hGJASgm@OrQ^T}MTxBAm4q*8JP|dqt790DIt0NN8;5DAmT=Bv#`A(Lqi)KaWu*VZ6z$xJSWN;q^&4(JP(a2V3i6(fI#=FHNqDP zbyPQmqkGZ+!39!dm`3|cZgO@kVb(E*iU)sm5Tz|JiPSqT7sev&3Dx&n#5<24eQn8xqGbu=u;Lb_N7HC$k_(dclu(?V*FCU~lEdKiQi z)TW^6wUK||3%Y(iIDr;%b)q$e!Ph7_aK{2qk+nEP=8p+VPHs`g~E(ctk9Dd zCWi_Q>fK%*QKk+c=0ACv772Kjln`Lj&NB8S02TMD6SzILAkEBSoM6fp0~I$70<#{UsBnNTg>&-3rnk~ zS(EF!>;XT-Ud0s@C)82?=qfE@;poIYGthpGRMB&;3?+Ir+0p?;jLg!JxMcB# zTUz|W+hplk49R&n`JJ&-nIB@>f>uC4s~xm znBJMnm8+EA@4eNZ-XC2@dcV1Mcjodl|L&&u$GG{cbnBIe_bm?NxbS20@$-Ki@bS&7 V*FJg&kMo&J<*tvP!N-rY{{?v1>fZnW literal 0 HcmV?d00001 diff --git a/testing/btest/Traces/http/no-version.pcap b/testing/btest/Traces/http/no-version.pcap new file mode 100644 index 0000000000000000000000000000000000000000..90906e934fc5f0cb7580ec69e3ac3bf2df2681fa GIT binary patch literal 1268 zcmbu9PiWIn9LL{k{X;fgr=Xi6J}PWGtj#E6;Fe@kmUH zjQ);~hY{+4n;*t2`9QaT#$e70)!u6Ns&IYref$X0B50^_EQykbN{`pJJ5E6f;ZBsR zZk*d@o99AF^z;Nmq42@yj3h?{B*8kXfD!P3gwT-wiILuKF$$xhT)1F3xuCr=xPsft}g|Xf}YsmsLdQ50+rf?~%NEt1qDpKKMA*(4P z!z1{z<>4u-LgythSd>J*MUc`n>Q$Vco}9_fx? z=%VM@W1(JC#-03yOwrAN@)9Wf{zV4$Z~R<8cgK{j!?|p(1t>w}e*>lYkLv&c literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/http/no-uri.bro b/testing/btest/scripts/base/protocols/http/no-uri.bro new file mode 100644 index 0000000000..9793b93c58 --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/no-uri.bro @@ -0,0 +1,4 @@ +# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT +# @TEST-EXEC: btest-diff http.log +# @TEST-EXEC: btest-diff weird.log + diff --git a/testing/btest/scripts/base/protocols/http/no-version.bro b/testing/btest/scripts/base/protocols/http/no-version.bro new file mode 100644 index 0000000000..3e861534bd --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/no-version.bro @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT +# @TEST-EXEC: btest-diff http.log + From a72626f01a2b3309dbd87e4a2c479e014bfb21b3 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 15 Jan 2016 15:06:17 -0800 Subject: [PATCH 43/47] Updating submodule(s). [nomail] --- aux/plugins | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/plugins b/aux/plugins index 35007df097..0f09dcd266 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 35007df0974b566f75d7c82af5b4d5a022333d87 +Subproject commit 0f09dcd266dccd7655013a00ed72dd313f9cfffb From 9423c325a632201b3eeda27b3085b63592fc2209 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 15 Jan 2016 15:08:20 -0800 Subject: [PATCH 44/47] Updating submodule(s). [nomail] --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- aux/broker | 2 +- aux/plugins | 2 +- cmake | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aux/binpac b/aux/binpac index 214294c502..83ecfd6d36 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 214294c502d377bb7bf511eac8c43608e54c875a +Subproject commit 83ecfd6d3618d66d585facf0afc12b0cfeba16a0 diff --git a/aux/bro-aux b/aux/bro-aux index 4e0d2bff4b..f5da34fb4f 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 4e0d2bff4b2c287f66186c3654ef784bb0748d11 +Subproject commit f5da34fb4fbe00a683697e9052cffdd7d804f8c1 diff --git a/aux/broccoli b/aux/broccoli index 959cc0a818..0880251535 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 959cc0a8181e7f4b07559a6aecca2a0d7d3d445c +Subproject commit 0880251535df5a3a16feb2b25c26a04aa52585f1 diff --git a/aux/broctl b/aux/broctl index 1d0ca47534..5d765dd9d9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 1d0ca4753471cf822f612dc0d0e9bf9a439a994b +Subproject commit 5d765dd9d94eb25b31d1ecf8df6561fc714694fc diff --git a/aux/broker b/aux/broker index 9a2e8ec7b3..5c90543dee 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 9a2e8ec7b365bde282edc7301c7936eed6b4fbbb +Subproject commit 5c90543dee9212121d08e6aa630fb81dd5133df7 diff --git a/aux/plugins b/aux/plugins index 0f09dcd266..4a357b7dc0 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 0f09dcd266dccd7655013a00ed72dd313f9cfffb +Subproject commit 4a357b7dc09b90ad574c91d283817454071a83c4 diff --git a/cmake b/cmake index 843cdf6a91..23773d7107 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit 843cdf6a91f06e5407bffbc79a343bff3cf4c81f +Subproject commit 23773d7107e8d51e2b1bb0fd2e2d85fda50df743 From 895a56c01956ad3ed97f52b4276517c424de3ebd Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 15 Jan 2016 17:21:39 -0800 Subject: [PATCH 45/47] Unbreak "make doc" after dataseries removal. --- doc/components/bro-plugins/dataseries/README.rst | 1 - 1 file changed, 1 deletion(-) delete mode 120000 doc/components/bro-plugins/dataseries/README.rst diff --git a/doc/components/bro-plugins/dataseries/README.rst b/doc/components/bro-plugins/dataseries/README.rst deleted file mode 120000 index 3362e911fc..0000000000 --- a/doc/components/bro-plugins/dataseries/README.rst +++ /dev/null @@ -1 +0,0 @@ -../../../../aux/plugins/dataseries/README \ No newline at end of file From 8d8a883e78be97736f804a5fa1cc57a940e63dbb Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 15 Jan 2016 19:23:28 -0800 Subject: [PATCH 46/47] Updating submodule. [nomail] --- aux/plugins | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/plugins b/aux/plugins index 4a357b7dc0..1021ca5f24 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 4a357b7dc09b90ad574c91d283817454071a83c4 +Subproject commit 1021ca5f248b9da01766e94d840896e029fb0e6e From ad61267ce67e54a86268cd3452dfac8b37715576 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Fri, 15 Jan 2016 19:23:51 -0800 Subject: [PATCH 47/47] add new plugins so they are picked up by sphinx. Also remove reference to dataseries. --- doc/components/bro-plugins/af_packet/README.rst | 1 + doc/components/bro-plugins/myricom/README.rst | 1 + doc/components/bro-plugins/tcprs/README.rst | 1 + doc/frameworks/logging.rst | 3 +-- 4 files changed, 4 insertions(+), 2 deletions(-) create mode 120000 doc/components/bro-plugins/af_packet/README.rst create mode 120000 doc/components/bro-plugins/myricom/README.rst create mode 120000 doc/components/bro-plugins/tcprs/README.rst diff --git a/doc/components/bro-plugins/af_packet/README.rst b/doc/components/bro-plugins/af_packet/README.rst new file mode 120000 index 0000000000..b8f745bed2 --- /dev/null +++ b/doc/components/bro-plugins/af_packet/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/af_packet/README \ No newline at end of file diff --git a/doc/components/bro-plugins/myricom/README.rst b/doc/components/bro-plugins/myricom/README.rst new file mode 120000 index 0000000000..3bfabcdae3 --- /dev/null +++ b/doc/components/bro-plugins/myricom/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/myricom/README \ No newline at end of file diff --git a/doc/components/bro-plugins/tcprs/README.rst b/doc/components/bro-plugins/tcprs/README.rst new file mode 120000 index 0000000000..c0e84fd579 --- /dev/null +++ b/doc/components/bro-plugins/tcprs/README.rst @@ -0,0 +1 @@ +../../../../aux/plugins/tcprs/README \ No newline at end of file diff --git a/doc/frameworks/logging.rst b/doc/frameworks/logging.rst index 9b6fef0c15..a5128da202 100644 --- a/doc/frameworks/logging.rst +++ b/doc/frameworks/logging.rst @@ -537,6 +537,5 @@ Additional writers are available as external plugins: .. toctree:: :maxdepth: 1 - ../components/bro-plugins/dataseries/README - ../components/bro-plugins/elasticsearch/README + ../components/bro-plugins/README