mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
spicy-redis: Add dpd signature and clean pcaps
This commit is contained in:
Evan Typanski
parent
f0e9f46c7c
commit
7f28ec8bc5
66 changed files with 572 additions and 554 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test 2 commands that look like RESP, then server responses don't
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/almost-resp.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/almost-resp.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
#
|
||||
# Really, the first 2 ARE Redis. The later ones should not be logged because we
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek with AUTH commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/auth.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/auth.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
event Redis::auth_command(c: connection, is_orig: bool,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing a trace file made with bulk-created SET commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/bulk-loading.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/bulk-loading.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
# The bulk-loading functionality just sends the serialized form from some ruby
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF, but turns on with new connection
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on-2conn.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on-2conn.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/reply-off-on.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/client-skip-while-off.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/client-skip-while-off.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Redis traffic from a django app using Redis (in the cloud) as a cache
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cloud.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cloud.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Redis traffic from a django app using Redis as a cache
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cache.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cache.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/excessive-pipelining.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/excessive-pipelining.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-quotes.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-quotes.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
# TODO: Make it so weird.log exists again with `zeek::weird` for inline commands
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-with-commands.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-with-commands.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing "pipelined" data responses
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipelining-example.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pipelining-example.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing pubsub commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pubsub.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/pubsub.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing SET commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/set.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/set.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
event Redis::set_command(c: connection, is_orig: bool,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing pubsub commands
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/stream.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/stream.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
# Streams like with XRANGE return arrays of bulk strings. We shouldn't count the
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek with RESP over TLS so it doesn't get gibberish
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/tls.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/tls.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC-FAIL: test -f redis.log
|
||||
|
||||
# The logs should probably be empty since it's all encrypted
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-DOC: Test Zeek parsing a trace file through the Redis analyzer.
|
||||
#
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/loop-redis.trace base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: zeek -Cr $TRACES/redis/loop-redis.pcap base/protocols/redis %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff redis.log
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue