Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/fastpath' into topic/bernhard/reader-info

Browse source 
Conflicts:
	src/logging/WriterBackend.cc
	src/logging/WriterBackend.h
	src/logging/WriterFrontend.cc
	testing/btest/Baseline/scripts.base.frameworks.input.event/out
	testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.raw/out
	testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
This commit is contained in:
Bernhard Amann 2012-07-02 15:33:12 -07:00
commit 86826770ab
49 changed files with 1159 additions and 710 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/bifs.rand/out
View file

@ -1,6 +1,6 @@
185
236
805
47
996
498
985
474
738
4
634
473

6
testing/btest/Baseline/bifs.rand/out.2 Normal file
View file

@ -0,0 +1,6 @@
985
474
738
974
371
638

29
testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
View file

@ -5,17 +5,18 @@
#path communication
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
#types time string string string addr port string string
1326492291.485390 bro parent - - - info [#1/127.0.0.1:47757] added peer
1326492291.491731 bro child - - - info [#1/127.0.0.1:47757] connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1326492291.492740 bro script - - - info connection established
1326492291.492740 bro script - - - info requesting events matching /^?(NOTHING)$?/
1326492291.492740 bro script - - - info accepting state
1326492291.493800 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1326492291.493800 bro parent - - - info warning: no events to request
1326492291.494161 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] phase: running
1326492291.494404 bro parent - - - info terminating...
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] closing connection
1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer
1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected
1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1340904724.786168 bro script - - - info connection established
1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/
1340904724.786168 bro script - - - info accepting state
1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1340904724.787645 bro parent - - - info warning: no events to request
1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that
1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running
1340904724.829480 bro parent - - - info terminating...
1340904724.832952 bro child - - - info terminating
1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection

119
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,81 +1,130 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
1
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
2
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
3
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
4
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
5
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
6
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]

1
testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
View file

@ -4,6 +4,7 @@ print outfile, description;
print outfile, tpe;
print outfile, s;
close(outfile);
terminate();
}, config={
}]

120
testing/btest/Baseline/scripts.base.frameworks.input.raw/out
View file

@ -1,78 +1,134 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]

64
testing/btest/Baseline/scripts.base.frameworks.input.repeat/out
View file

@ -1,160 +1,160 @@
input0
input.log
../input.log
{
[1] = T
}
input1
input.log
../input.log
{
[1] = T
}
input2
input.log
../input.log
{
[1] = T
}
input3
input.log
../input.log
{
[1] = T
}
input4
input.log
../input.log
{
[1] = T
}
input5
input.log
../input.log
{
[1] = T
}
input6
input.log
../input.log
{
[1] = T
}
input7
input.log
../input.log
{
[1] = T
}
input8
input.log
../input.log
{
[1] = T
}
input9
input.log
../input.log
{
[1] = T
}
input10
input.log
../input.log
{
[1] = T
}
input11
input.log
../input.log
{
[1] = T
}
input12
input.log
../input.log
{
[1] = T
}
input13
input.log
../input.log
{
[1] = T
}
input14
input.log
../input.log
{
[1] = T
}
input15
input.log
../input.log
{
[1] = T
}
input16
input.log
../input.log
{
[1] = T
}
input17
input.log
../input.log
{
[1] = T
}
input18
input.log
../input.log
{
[1] = T
}
input19
input.log
../input.log
{
[1] = T
}
input20
input.log
../input.log
{
[1] = T
}
input21
input.log
../input.log
{
[1] = T
}
input22
input.log
../input.log
{
[1] = T
}
input23
input.log
../input.log
{
[1] = T
}
input24
input.log
../input.log
{
[1] = T
}
input25
input.log
../input.log
{
[1] = T
}
input26
input.log
../input.log
{
[1] = T
}
input27
input.log
../input.log
{
[1] = T
}
input28
input.log
../input.log
{
[1] = T
}
input29
input.log
../input.log
{
[1] = T
}
input30
input.log
../input.log
{
[1] = T
}
input31
input.log
../input.log
{
[1] = T
}

240
testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
View file

@ -1,158 +1,270 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE.
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]

33
testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out
View file

@ -3,11 +3,13 @@
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -20,11 +22,13 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -37,11 +41,13 @@ DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -54,11 +60,13 @@ q3r3057fdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -71,11 +79,13 @@ sdfs\d
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -88,11 +98,13 @@ Input::EVENT_NEW
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -105,11 +117,13 @@ dfsdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -122,11 +136,13 @@ sdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -134,3 +150,4 @@ Input::remove(input);
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE.
done

119
testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
View file

@ -1,4 +1,4 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -8,17 +8,24 @@
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=1]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -28,17 +35,24 @@ T
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=2]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -48,17 +62,24 @@ T
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=3]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -68,17 +89,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=4]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -88,17 +116,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=5]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -108,17 +143,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=6]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -128,10 +170,17 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]

4
testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out Normal file
View file

@ -0,0 +1,4 @@
============EVENT============
============EVENT============
============EVENT============
============EVENT============

30
testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out Normal file
View file

@ -0,0 +1,30 @@
==========SERVERS============
==========SERVERS============
==========SERVERS============
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

172
testing/btest/Baseline/scripts.base.frameworks.input.twotables/out
View file

@ -1,172 +0,0 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

45
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out Normal file
View file

@ -0,0 +1,45 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

15
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out Normal file
View file

@ -0,0 +1,15 @@
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

9
testing/btest/bifs/rand.bro
View file

@ -1,6 +1,10 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff out.2
const do_seed = T &redef;
event bro_init()
{
@ -12,7 +16,8 @@ event bro_init()
print b;
print c;
srand(575);
if ( do_seed )
srand(575);
local d = rand(1000);
local e = rand(1000);

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -5,6 +5,8 @@
# Commonly, this test may fail if one forgets to @load some base/ scripts
# when writing a new bro scripts.
#
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors

9
testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: btest-bg-wait -k 10
#
# Don't diff the receiver log just because port is always going to change
# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: btest-diff send.log
@TEST-START-FILE sender.bro
@ -19,6 +19,10 @@ redef Communication::nodes += {
event remote_connection_handshake_done(p: event_peer)
{
terminate_communication();
}
event remote_connection_closed(p: event_peer)
{
terminate();
}
@ -30,9 +34,8 @@ event remote_connection_handshake_done(p: event_peer)
@load frameworks/communication/listen
event remote_connection_handshake_done(p: event_peer)
event remote_connection_closed(p: event_peer)
{
terminate_communication();
terminate();
}

1
testing/btest/scripts/base/frameworks/control/id_value.bro
View file

@ -22,4 +22,5 @@ redef test_var = "This is the value from the controllee";
event Control::id_value_response(id: string, val: string)
{
print fmt("Got an id_value_response(%s, %s) event", id, val);
terminate();
}

26
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,11 @@
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -39,12 +47,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
}
event Input::update_finished(name: string, source:string) {
print servers;
}
event Input::update_finished(name: string, source:string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/emptyvals.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -11,6 +14,10 @@ T 1
- 2
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -26,12 +33,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
}
event Input::update_finished(name: string, source:string) {
print servers;
}
event Input::update_finished(name: string, source:string)
{
print outfile, servers;
close(outfile);
terminate();
}

36
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -24,15 +31,24 @@ type Val: record {
b: bool;
};
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) {
print description;
print tpe;
print i;
print b;
}
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool)
{
print outfile, description;
print outfile, tpe;
print outfile, i;
print outfile, b;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

16
testing/btest/scripts/base/frameworks/input/executeraw.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 1
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
# @TEST-EXEC: btest-diff out
@ -23,16 +25,18 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
close(outfile);
}
terminate();
}
event bro_init()
{
outfile = open ("../out.tmp");
{
outfile = open("../out.tmp");
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

25
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
{
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]);
{
outfile = open("../out");
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/optional.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -32,14 +39,18 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; }
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

39
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -9,6 +12,10 @@
1.2.3.6 30 unknown
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -24,17 +31,23 @@ type Val: record {
global servers: table[addr] of Val = table();
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
{
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
if ( 1.2.3.4 in servers )
print outfile, servers[1.2.3.4];
if ( 1.2.3.5 in servers )
print outfile, servers[1.2.3.5];
if ( 1.2.3.6 in servers )
print outfile, servers[1.2.3.6];
Input::remove("input");
}
event Input::update_finished(name: string, source: string) {
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
}
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers[1.2.3.4];
print outfile, servers[1.2.3.5];
print outfile, servers[1.2.3.6];
close(outfile);
terminate();
}

67
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -1,9 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
#
# only difference from predicate.bro is, that this one uses a stream source.
# the reason is, that the code-paths are quite different, because then the ascii reader uses the put and not the sendevent interface
# the reason is, that the code-paths are quite different, because then the
# ascii reader uses the put and not the sendevent interface
@TEST-START-FILE input.log
#separator \x09
@ -19,6 +23,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -34,47 +42,38 @@ type Val: record {
global servers: table[int] of Val = table();
global ct: int;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
{
ct = ct + 1;
if ( ct < 3 ) {
if ( ct < 3 )
return;
}
if ( ct > 3 ) {
print "Too many events";
return;
}
if ( 1 in servers ) {
print "VALID";
if ( 1 in servers )
print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
}
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}
event bro_init()
{
{
outfile = open("../out");
ct = 0;
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
}

56
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -31,34 +38,31 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
if ( 1 in servers ) {
print "VALID";
event Input::update_finished(name: string, source: string)
{
if ( 1 in servers )
print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
}
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}

37
testing/btest/scripts/base/frameworks/input/predicatemodify.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -11,6 +14,10 @@
2 T test2 idx2
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -28,23 +35,25 @@ type Val: record {
global servers: table[int, string] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) {
right$s = "testmodified";
}
{
outfile = open("../out");
if ( left$i == 2 ) {
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 )
right$s = "testmodified";
if ( left$i == 2 )
left$ss = "idxmodified";
}
return T;
}
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

30
testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
#
@ -77,31 +79,31 @@ global outfile: file;
global try: count;
event bro_init()
{
{
try = 0;
outfile = open ("../out");
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) {
if ( left$i == 1 )
right$s = "testmodified";
}
if ( left$i == 2 ) {
if ( left$i == 2 )
left$ss = "idxmodified";
}
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
event Input::update_finished(name: string, source: string)
{
try = try + 1;
print outfile, fmt("Update_finished for %s, try %d", name, try);
print outfile, servers;
if ( try == 5 ) {
close (outfile);
if ( try == 5 )
{
close(outfile);
Input::remove("input");
terminate();
}
}
}

34
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -20,14 +27,23 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description;
print tpe;
print s;
}
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
try = try + 1;
if ( try == 8 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

40
testing/btest/scripts/base/frameworks/input/repeat.bro
View file

@ -1,6 +1,9 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
#separator \x09
@ -10,6 +13,11 @@
1 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -27,15 +35,25 @@ global destination: table[int] of Val = table();
const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32};
event bro_init()
{
for ( i in one_to_32 ) {
Input::add_table([$source="input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
{
try = 0;
outfile = open("../out");
for ( i in one_to_32 )
{
Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
Input::remove(fmt("input%d", i));
}
}
}
event Input::update_finished(name: string, source: string) {
print name;
print source;
print destination;
}
event Input::update_finished(name: string, source: string)
{
print outfile, name;
print outfile, source;
print outfile, destination;
try = try + 1;
if ( try == 32 )
{
close(outfile);
terminate();
}
}

27
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 2
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -56,6 +58,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -90,7 +93,8 @@ global outfile: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============";
print outfile, "Description";
print outfile, description;
@ -100,11 +104,11 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
print outfile, left;
print outfile, "Right";
print outfile, right;
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
@ -116,17 +120,20 @@ event bro_init()
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
event Input::update_finished(name: string, source: string)
{
print outfile, "==========SERVERS============";
print outfile, servers;
try = try + 1;
if ( try == 5 ) {
if ( try == 5 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}

34
testing/btest/scripts/base/frameworks/input/rereadraw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -20,15 +27,24 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description;
print tpe;
print s;
}
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
try = try + 1;
if ( try == 16 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
Input::force_update("input");
Input::remove("input");
}
}

23
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -1,11 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -22,6 +24,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -56,7 +59,8 @@ global outfile: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============";
print outfile, tpe;
print outfile, left;
@ -66,18 +70,19 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
try = try + 1;
if ( try == 3 ) {
if ( try == 3 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
}
}

22
testing/btest/scripts/base/frameworks/input/streamraw.bro
View file

@ -1,3 +1,5 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
@ -5,7 +7,7 @@
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -36,21 +38,25 @@ type Val: record {
global try: count;
global outfile: file;
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
if ( try == 3 ) {
try = try + 1;
if ( try == 8 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
}
}

37
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,11 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY";
type Idx: record {
@ -28,15 +36,24 @@ type Val: record {
global destination: table[int] of Val = table();
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
print description;
print tpe;
print left;
print right;
}
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
{
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::remove("input");
}
}

88
testing/btest/scripts/base/frameworks/input/twotables.bro
View file

@ -1,10 +1,15 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 5
# @TEST-EXEC: cp input3.log input.log
# @TEST-EXEC: btest-bg-wait -k 2
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-bg-wait -k 10
# @TEST-EXEC: btest-diff event.out
# @TEST-EXEC: btest-diff pred1.out
# @TEST-EXEC: btest-diff pred2.out
# @TEST-EXEC: btest-diff fin.out
@TEST-START-FILE input1.log
#separator \x09
@ -28,6 +33,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -58,59 +64,71 @@ type Val: record {
global servers: table[int] of Val = table();
global outfile: file;
global event_out: file;
global pred1_out: file;
global pred2_out: file;
global fin_out: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============";
# print outfile, "Description";
# print outfile, description;
# print outfile, "Type";
# print outfile, tpe;
# print outfile, "Left";
# print outfile, left;
# print outfile, "Right";
# print outfile, right;
}
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print event_out, "============EVENT============";
# print event_out, "Description";
# print event_out, description;
# print event_out, "Type";
# print event_out, tpe;
# print event_out, "Left";
# print event_out, left;
# print event_out, "Right";
# print event_out, right;
}
event bro_init()
{
outfile = open ("../out");
{
event_out = open ("../event.out");
pred1_out = open ("../pred1.out");
pred2_out = open ("../pred2.out");
fin_out = open ("../fin.out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE============";
print outfile, typ;
print outfile, left;
print outfile, right;
print pred1_out, "============PREDICATE============";
print pred1_out, typ;
print pred1_out, left;
print pred1_out, right;
return T;
}
]);
Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE 2============";
print outfile, typ;
print outfile, left;
print outfile, right;
print pred2_out, "============PREDICATE 2============";
print pred2_out, typ;
print pred2_out, left;
print pred2_out, right;
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
print outfile, "==========SERVERS============";
print outfile, servers;
event Input::update_finished(name: string, source: string)
{
print fin_out, "==========SERVERS============";
#print fin_out, servers;
try = try + 1;
if ( try == 3 ) {
print outfile, "done";
print outfile, servers;
close(outfile);
if ( try == 3 )
{
print fin_out, "done";
print fin_out, servers;
close(event_out);
close(pred1_out);
close(pred2_out);
close(fin_out);
Input::remove("input");
Input::remove("input2");
terminate();
}
}
}