Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/fastpath' into topic/bernhard/reader-info

Browse source 
Conflicts:
	src/logging/WriterBackend.cc
	src/logging/WriterBackend.h
	src/logging/WriterFrontend.cc
	testing/btest/Baseline/scripts.base.frameworks.input.event/out
	testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.raw/out
	testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
This commit is contained in:
Bernhard Amann 2012-07-02 15:33:12 -07:00
commit 86826770ab
49 changed files with 1159 additions and 710 deletions
Download patch file Download diff file Expand all files Collapse all files

14
NEWS
View file

@ -38,14 +38,14 @@ New Functionality
- Bro now decapsulates tunnels via its new tunnel framework located in - Bro now decapsulates tunnels via its new tunnel framework located in
scripts/base/frameworks/tunnels. It currently supports Teredo, scripts/base/frameworks/tunnels. It currently supports Teredo,
AYIYA, IP-in-IP (both IPv4 and IPv6), and SOCKS. For all these, it AYIYA, IP-in-IP (both IPv4 and IPv6), and SOCKS. For all these, it
logs the outher tunnel connections in both conn.log and tunnel.log, logs the outer tunnel connections in both conn.log and tunnel.log,
and then proceeds to analyze the inner payload as if it were not and then proceeds to analyze the inner payload as if it were not
tunneled, including also logging that session in conn.log. For tunneled, including also logging that session in conn.log. For
SOCKS, it generates a new socks.log in addition with more SOCKS, it generates a new socks.log in addition with more
information. information.
- Bro now features a flexible input framework that allows users to - Bro now features a flexible input framework that allows users to
integrate external information in real-time into Bro while it integrate external information in real-time into Bro while it's
processing network traffic. The most direct use-case at the moment processing network traffic. The most direct use-case at the moment
is reading data from ASCII files into Bro tables, with updates is reading data from ASCII files into Bro tables, with updates
picked up automatically when the file changes during runtime. See picked up automatically when the file changes during runtime. See
@ -57,7 +57,7 @@ New Functionality
- Bro's default ASCII log format is not exactly the most efficient way - Bro's default ASCII log format is not exactly the most efficient way
for storing and searching large volumes of data. An an alternative, for storing and searching large volumes of data. An an alternative,
Bro nows comes with experimental support for DataSeries output, an Bro now comes with experimental support for DataSeries output, an
efficient binary format for recording structured bulk data. efficient binary format for recording structured bulk data.
DataSeries is developed and maintained at HP Labs. See DataSeries is developed and maintained at HP Labs. See
doc/logging-dataseries for more information. doc/logging-dataseries for more information.
@ -66,7 +66,7 @@ New Functionality
Changed Functionality Changed Functionality
~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
The following summarized the most important differences in existing The following summarizes the most important differences in existing
functionality. Note that this list is not complete, see CHANGES for functionality. Note that this list is not complete, see CHANGES for
the full set. the full set.
@ -100,7 +100,7 @@ the full set.
a bunch of Bro threads. a bunch of Bro threads.
- We renamed the configure option --enable-perftools to - We renamed the configure option --enable-perftools to
--enable-perftool-debug to indicate that the switch is only relevant --enable-perftools-debug to indicate that the switch is only relevant
for debugging the heap. for debugging the heap.
- Bro's ICMP analyzer now handles both IPv4 and IPv6 messages with a - Bro's ICMP analyzer now handles both IPv4 and IPv6 messages with a
@ -110,8 +110,8 @@ the full set.
- Log postprocessor scripts get an additional argument indicating the - Log postprocessor scripts get an additional argument indicating the
type of the log writer in use (e.g., "ascii"). type of the log writer in use (e.g., "ascii").
- BroControl's make-archive-name scripts also receives the writer - BroControl's make-archive-name script also receives the writer
type, but as it's 2nd(!) argument. If you're using a custom version type, but as its 2nd(!) argument. If you're using a custom version
of that script, you need to adapt it. See the shipped version for of that script, you need to adapt it. See the shipped version for
details. details.

27
src/RemoteSerializer.cc
View file

@ -4208,32 +4208,37 @@ bool SocketComm::Listen()
bool SocketComm::AcceptConnection(int fd) bool SocketComm::AcceptConnection(int fd)
{ {
sockaddr_storage client; union {
socklen_t len = sizeof(client); sockaddr_storage ss;
sockaddr_in s4;
sockaddr_in6 s6;
} client;
socklen_t len = sizeof(client.ss);
int clientfd = accept(fd, (sockaddr*) &client, &len); int clientfd = accept(fd, (sockaddr*) &client.ss, &len);
if ( clientfd < 0 ) if ( clientfd < 0 )
{ {
Error(fmt("accept failed, %s %d", strerror(errno), errno)); Error(fmt("accept failed, %s %d", strerror(errno), errno));
return false; return false;
} }
if ( client.ss_family != AF_INET && client.ss_family != AF_INET6 ) if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 )
{ {
Error(fmt("accept fail, unknown address family %d", client.ss_family)); Error(fmt("accept fail, unknown address family %d",
client.ss.ss_family));
close(clientfd); close(clientfd);
return false; return false;
} }
Peer* peer = new Peer; Peer* peer = new Peer;
peer->id = id_counter++; peer->id = id_counter++;
peer->ip = client.ss_family == AF_INET ? peer->ip = client.ss.ss_family == AF_INET ?
IPAddr(((sockaddr_in*)&client)->sin_addr) : IPAddr(client.s4.sin_addr) :
IPAddr(((sockaddr_in6*)&client)->sin6_addr); IPAddr(client.s6.sin6_addr);
peer->port = client.ss_family == AF_INET ? peer->port = client.ss.ss_family == AF_INET ?
ntohs(((sockaddr_in*)&client)->sin_port) : ntohs(client.s4.sin_port) :
ntohs(((sockaddr_in6*)&client)->sin6_port); ntohs(client.s6.sin6_port);
peer->connected = true; peer->connected = true;
peer->ssl = listen_ssl; peer->ssl = listen_ssl;

12
src/bro.bif
View file

@ -972,12 +972,12 @@ function sha256_hash_finish%(index: any%): string
## ##
## .. note:: ## .. note::
## ##
## This function is a wrapper about the function ``rand`` provided by ## This function is a wrapper about the function ``random``
## the OS. ## provided by the OS.
function rand%(max: count%): count function rand%(max: count%): count
%{ %{
int result; int result;
result = bro_uint_t(double(max) * double(rand()) / (RAND_MAX + 1.0)); result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0));
return new Val(result, TYPE_COUNT); return new Val(result, TYPE_COUNT);
%} %}
@ -989,11 +989,11 @@ function rand%(max: count%): count
## ##
## .. note:: ## .. note::
## ##
## This function is a wrapper about the function ``srand`` provided ## This function is a wrapper about the function ``srandom``
## by the OS. ## provided by the OS.
function srand%(seed: count%): any function srand%(seed: count%): any
%{ %{
srand(seed); bro_srandom(seed);
return 0; return 0;
%} %}

41
src/event.bif
View file

@ -157,7 +157,7 @@ event new_connection%(c: connection%);
## e: The new encapsulation. ## e: The new encapsulation.
event tunnel_changed%(c: connection, e: EncapsulatingConnVector%); event tunnel_changed%(c: connection, e: EncapsulatingConnVector%);
## Generated when reassembly starts for a TCP connection. The event is raised ## Generated when reassembly starts for a TCP connection. This event is raised
## at the moment when Bro's TCP analyzer enables stream reassembly for a ## at the moment when Bro's TCP analyzer enables stream reassembly for a
## connection. ## connection.
## ##
@ -522,7 +522,7 @@ event esp_packet%(p: pkt_hdr%);
## .. bro:see:: new_packet tcp_packet ipv6_ext_headers ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
event mobile_ipv6_message%(p: pkt_hdr%); event mobile_ipv6_message%(p: pkt_hdr%);
## Genereated for any IPv6 packet encapsulated in a Teredo tunnel. ## Generated for any IPv6 packet encapsulated in a Teredo tunnel.
## See :rfc:`4380` for more information about the Teredo protocol. ## See :rfc:`4380` for more information about the Teredo protocol.
## ##
## outer: The Teredo tunnel connection. ## outer: The Teredo tunnel connection.
@ -532,10 +532,10 @@ event mobile_ipv6_message%(p: pkt_hdr%);
## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble ## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble
## ##
## .. note:: Since this event may be raised on a per-packet basis, handling ## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis. ## it may become particularly expensive for real-time analysis.
event teredo_packet%(outer: connection, inner: teredo_hdr%); event teredo_packet%(outer: connection, inner: teredo_hdr%);
## Genereated for IPv6 packets encapsulated in a Teredo tunnel that ## Generated for IPv6 packets encapsulated in a Teredo tunnel that
## use the Teredo authentication encapsulation method. ## use the Teredo authentication encapsulation method.
## See :rfc:`4380` for more information about the Teredo protocol. ## See :rfc:`4380` for more information about the Teredo protocol.
## ##
@ -546,10 +546,10 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble ## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble
## ##
## .. note:: Since this event may be raised on a per-packet basis, handling ## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis. ## it may become particularly expensive for real-time analysis.
event teredo_authentication%(outer: connection, inner: teredo_hdr%); event teredo_authentication%(outer: connection, inner: teredo_hdr%);
## Genereated for IPv6 packets encapsulated in a Teredo tunnel that ## Generated for IPv6 packets encapsulated in a Teredo tunnel that
## use the Teredo origin indication encapsulation method. ## use the Teredo origin indication encapsulation method.
## See :rfc:`4380` for more information about the Teredo protocol. ## See :rfc:`4380` for more information about the Teredo protocol.
## ##
@ -560,10 +560,10 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_authentication teredo_bubble ## .. bro:see:: teredo_packet teredo_authentication teredo_bubble
## ##
## .. note:: Since this event may be raised on a per-packet basis, handling ## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis. ## it may become particularly expensive for real-time analysis.
event teredo_origin_indication%(outer: connection, inner: teredo_hdr%); event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
## Genereated for Teredo bubble packets. That is, IPv6 packets encapsulated ## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated
## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`. ## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`.
## See :rfc:`4380` for more information about the Teredo protocol. ## See :rfc:`4380` for more information about the Teredo protocol.
## ##
@ -574,15 +574,15 @@ event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication ## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication
## ##
## .. note:: Since this event may be raised on a per-packet basis, handling ## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis. ## it may become particularly expensive for real-time analysis.
event teredo_bubble%(outer: connection, inner: teredo_hdr%); event teredo_bubble%(outer: connection, inner: teredo_hdr%);
## Generated for every packet that has non-empty transport-layer payload. This is a ## Generated for every packet that has a non-empty transport-layer payload.
## very low-level and expensive event that should be avoided when at all possible. ## This is a very low-level and expensive event that should be avoided when
## It's usually infeasible to handle when processing even medium volumes of ## at all possible. It's usually infeasible to handle when processing even
## traffic in real-time. It's even worse than :bro:id:`new_packet`. That said, if ## medium volumes of traffic in real-time. It's even worse than
## you work from a trace and want to do some packet-level analysis, it may come in ## :bro:id:`new_packet`. That said, if you work from a trace and want to
## handy. ## do some packet-level analysis, it may come in handy.
## ##
## c: The connection the packet is part of. ## c: The connection the packet is part of.
## ##
@ -6216,13 +6216,12 @@ event signature_match%(state: signature_state, msg: string, data: string%);
## ##
## request_type: The type of the request. ## request_type: The type of the request.
## ##
## dstaddr: Address that the tunneled traffic should be sent to. ## sa: Address that the tunneled traffic should be sent to.
##
## dstname: DNS name of the host that the tunneled traffic should be sent to.
## ##
## p: The destination port for the proxied traffic. ## p: The destination port for the proxied traffic.
## ##
## user: Username given for the SOCKS connection. This is not yet implemented for SOCKSv5. ## user: Username given for the SOCKS connection. This is not yet implemented
## for SOCKSv5.
event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%); event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%);
## Generated when a SOCKS reply is analyzed. ## Generated when a SOCKS reply is analyzed.
@ -6233,9 +6232,7 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC
## ##
## reply: The status reply from the server. ## reply: The status reply from the server.
## ##
## dstaddr: The address that the server sent the traffic to. ## sa: The address that the server sent the traffic to.
##
## dstname: The name the server sent the traffic to. Only applicable for SOCKSv5.
## ##
## p: The destination port for the proxied traffic. ## p: The destination port for the proxied traffic.
event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%); event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%);

10
src/input/readers/Benchmark.cc
View file

@ -59,7 +59,7 @@ string Benchmark::RandomString(const int len)
"abcdefghijklmnopqrstuvwxyz"; "abcdefghijklmnopqrstuvwxyz";
for (int i = 0; i < len; ++i) for (int i = 0; i < len; ++i)
s[i] = values[rand() / (RAND_MAX / sizeof(values))]; s[i] = values[random() / (RAND_MAX / sizeof(values))];
return s; return s;
} }
@ -134,7 +134,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
break; break;
case TYPE_INT: case TYPE_INT:
val->val.int_val = rand(); val->val.int_val = random();
break; break;
case TYPE_TIME: case TYPE_TIME:
@ -148,11 +148,11 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
case TYPE_COUNT: case TYPE_COUNT:
case TYPE_COUNTER: case TYPE_COUNTER:
val->val.uint_val = rand(); val->val.uint_val = random();
break; break;
case TYPE_PORT: case TYPE_PORT:
val->val.port_val.port = rand() / (RAND_MAX / 60000); val->val.port_val.port = random() / (RAND_MAX / 60000);
val->val.port_val.proto = TRANSPORT_UNKNOWN; val->val.port_val.proto = TRANSPORT_UNKNOWN;
break; break;
@ -175,7 +175,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
// Then - common stuff // Then - common stuff
{ {
// how many entries do we have... // how many entries do we have...
unsigned int length = rand() / (RAND_MAX / 15); unsigned int length = random() / (RAND_MAX / 15);
Value** lvals = new Value* [length]; Value** lvals = new Value* [length];

2
src/logging/WriterBackend.h
View file

@ -91,6 +91,8 @@ public:
* @param fields An array of size \a num_fields with the log fields. * @param fields An array of size \a num_fields with the log fields.
* The methods takes ownership of the array. * The methods takes ownership of the array.
* *
* @param frontend_name The name of the front-end writer implementation.
*
* @return False if an error occured. * @return False if an error occured.
*/ */
bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields); bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields);

1
src/logging/WriterFrontend.cc
View file

@ -26,6 +26,7 @@ private:
WriterBackend::WriterInfo info; WriterBackend::WriterInfo info;
const int num_fields; const int num_fields;
const Field * const* fields; const Field * const* fields;
const string frontend_name;
}; };
class RotateMessage : public threading::InputMessage<WriterBackend> class RotateMessage : public threading::InputMessage<WriterBackend>

2
src/main.cc
View file

@ -313,6 +313,8 @@ void terminate_bro()
if ( remote_serializer ) if ( remote_serializer )
remote_serializer->LogStats(); remote_serializer->LogStats();
mgr.Drain();
log_mgr->Terminate(); log_mgr->Terminate();
thread_mgr->Terminate(); thread_mgr->Terminate();

14
src/util.cc
View file

@ -633,12 +633,20 @@ static bool write_random_seeds(const char* write_file, uint32 seed,
static bool bro_rand_determistic = false; static bool bro_rand_determistic = false;
static unsigned int bro_rand_state = 0; static unsigned int bro_rand_state = 0;
static void bro_srand(unsigned int seed, bool deterministic) static void bro_srandom(unsigned int seed, bool deterministic)
{ {
bro_rand_state = seed; bro_rand_state = seed;
bro_rand_determistic = deterministic; bro_rand_determistic = deterministic;
srand(seed); srandom(seed);
}
void bro_srandom(unsigned int seed)
{
if ( bro_rand_determistic )
bro_rand_state = seed;
else
srandom(seed);
} }
void init_random_seed(uint32 seed, const char* read_file, const char* write_file) void init_random_seed(uint32 seed, const char* read_file, const char* write_file)
@ -705,7 +713,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
seeds_done = true; seeds_done = true;
} }
bro_srand(seed, seeds_done); bro_srandom(seed, seeds_done);
if ( ! hmac_key_set ) if ( ! hmac_key_set )
{ {

4
src/util.h
View file

@ -159,6 +159,10 @@ extern bool have_random_seed();
// predictable PRNG. // predictable PRNG.
long int bro_random(); long int bro_random();
// Calls the system srandom() function with the given seed if not running
// in deterministic mode, else it updates the state of the deterministic PRNG
void bro_srandom(unsigned int seed);
extern uint64 rand64bit(); extern uint64 rand64bit();
// Each event source that may generate events gets an internally unique ID. // Each event source that may generate events gets an internally unique ID.

12
testing/btest/Baseline/bifs.rand/out
View file

@ -1,6 +1,6 @@
185 985
236 474
805 738
47 4
996 634
498 473

6
testing/btest/Baseline/bifs.rand/out.2 Normal file
View file

@ -0,0 +1,6 @@
985
474
738
974
371
638

29
testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
View file

@ -5,17 +5,18 @@
#path communication #path communication
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message #fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
#types time string string string addr port string string #types time string string string addr port string string
1326492291.485390 bro parent - - - info [#1/127.0.0.1:47757] added peer 1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer
1326492291.491731 bro child - - - info [#1/127.0.0.1:47757] connected 1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] peer connected 1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] phase: version 1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1326492291.492740 bro script - - - info connection established 1340904724.786168 bro script - - - info connection established
1326492291.492740 bro script - - - info requesting events matching /^?(NOTHING)$?/ 1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/
1326492291.492740 bro script - - - info accepting state 1340904724.786168 bro script - - - info accepting state
1326492291.493800 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake 1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1326492291.493800 bro parent - - - info warning: no events to request 1340904724.787645 bro parent - - - info warning: no events to request
1326492291.494161 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro 1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that 1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] phase: running 1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running
1326492291.494404 bro parent - - - info terminating... 1340904724.829480 bro parent - - - info terminating...
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] closing connection 1340904724.832952 bro child - - - info terminating
1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection

119
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,81 +1,130 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
1 1
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
2 2
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
3 3
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
4 4
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
5 5
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
6 6
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::i; print outfile, A::i;
print A::b; print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]

1
testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
View file

@ -4,6 +4,7 @@ print outfile, description;
print outfile, tpe; print outfile, tpe;
print outfile, s; print outfile, s;
close(outfile); close(outfile);
terminate();
}, config={ }, config={
}] }]

120
testing/btest/Baseline/scripts.base.frameworks.input.raw/out
View file

@ -1,78 +1,134 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]

64
testing/btest/Baseline/scripts.base.frameworks.input.repeat/out
View file

@ -1,160 +1,160 @@
input0 input0
input.log ../input.log
{ {
[1] = T [1] = T
} }
input1 input1
input.log ../input.log
{ {
[1] = T [1] = T
} }
input2 input2
input.log ../input.log
{ {
[1] = T [1] = T
} }
input3 input3
input.log ../input.log
{ {
[1] = T [1] = T
} }
input4 input4
input.log ../input.log
{ {
[1] = T [1] = T
} }
input5 input5
input.log ../input.log
{ {
[1] = T [1] = T
} }
input6 input6
input.log ../input.log
{ {
[1] = T [1] = T
} }
input7 input7
input.log ../input.log
{ {
[1] = T [1] = T
} }
input8 input8
input.log ../input.log
{ {
[1] = T [1] = T
} }
input9 input9
input.log ../input.log
{ {
[1] = T [1] = T
} }
input10 input10
input.log ../input.log
{ {
[1] = T [1] = T
} }
input11 input11
input.log ../input.log
{ {
[1] = T [1] = T
} }
input12 input12
input.log ../input.log
{ {
[1] = T [1] = T
} }
input13 input13
input.log ../input.log
{ {
[1] = T [1] = T
} }
input14 input14
input.log ../input.log
{ {
[1] = T [1] = T
} }
input15 input15
input.log ../input.log
{ {
[1] = T [1] = T
} }
input16 input16
input.log ../input.log
{ {
[1] = T [1] = T
} }
input17 input17
input.log ../input.log
{ {
[1] = T [1] = T
} }
input18 input18
input.log ../input.log
{ {
[1] = T [1] = T
} }
input19 input19
input.log ../input.log
{ {
[1] = T [1] = T
} }
input20 input20
input.log ../input.log
{ {
[1] = T [1] = T
} }
input21 input21
input.log ../input.log
{ {
[1] = T [1] = T
} }
input22 input22
input.log ../input.log
{ {
[1] = T [1] = T
} }
input23 input23
input.log ../input.log
{ {
[1] = T [1] = T
} }
input24 input24
input.log ../input.log
{ {
[1] = T [1] = T
} }
input25 input25
input.log ../input.log
{ {
[1] = T [1] = T
} }
input26 input26
input.log ../input.log
{ {
[1] = T [1] = T
} }
input27 input27
input.log ../input.log
{ {
[1] = T [1] = T
} }
input28 input28
input.log ../input.log
{ {
[1] = T [1] = T
} }
input29 input29
input.log ../input.log
{ {
[1] = T [1] = T
} }
input30 input30
input.log ../input.log
{ {
[1] = T [1] = T
} }
input31 input31
input.log ../input.log
{ {
[1] = T [1] = T
} }

240
testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
View file

@ -1,158 +1,270 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
q3r3057fdf q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdfs\d sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
dfsdf dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
sdf sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line [source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{ {
print A::description; print outfile, A::description;
print A::tpe; print outfile, A::tpe;
print A::s; print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={ }, config={
}] }]

33
testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out
View file

@ -3,11 +3,13 @@
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -20,11 +22,13 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -37,11 +41,13 @@ DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -54,11 +60,13 @@ q3r3057fdf
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -71,11 +79,13 @@ sdfs\d
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -88,11 +98,13 @@ Input::EVENT_NEW
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -105,11 +117,13 @@ dfsdf
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -122,11 +136,13 @@ sdf
print A::outfile, A::description; print A::outfile, A::description;
print A::outfile, A::tpe; print A::outfile, A::tpe;
print A::outfile, A::s; print A::outfile, A::s;
if (3 == A::try) A::try = A::try + 1;
if (8 == A::try)
{ {
print A::outfile, done; print A::outfile, done;
close(A::outfile); close(A::outfile);
Input::remove(input); Input::remove(input);
terminate();
} }
}, config={ }, config={
@ -134,3 +150,4 @@ Input::remove(input);
}] }]
Input::EVENT_NEW Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.
done

119
testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
View file

@ -1,4 +1,4 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -8,17 +8,24 @@
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=1] [i=1]
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -28,17 +35,24 @@ T
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=2] [i=2]
T T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -48,17 +62,24 @@ T
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=3] [i=3]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -68,17 +89,24 @@ F
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=4] [i=4]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -88,17 +116,24 @@ F
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=5] [i=5]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -108,17 +143,24 @@ F
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]
Input::EVENT_NEW Input::EVENT_NEW
[i=6] [i=6]
F F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={ [source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T, [2] = T,
[4] = F, [4] = F,
[6] = F, [6] = F,
@ -128,10 +170,17 @@ F
[3] = F [3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line }, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{ {
print description; print outfile, description;
print tpe; print outfile, tpe;
print left; print outfile, left;
print right; print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={ }, pred=<uninitialized>, config={
}] }]

4
testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out Normal file
View file

@ -0,0 +1,4 @@
============EVENT============
============EVENT============
============EVENT============
============EVENT============

30
testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out Normal file
View file

@ -0,0 +1,30 @@
==========SERVERS============
==========SERVERS============
==========SERVERS============
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

172
testing/btest/Baseline/scripts.base.frameworks.input.twotables/out
View file

@ -1,172 +0,0 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

45
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out Normal file
View file

@ -0,0 +1,45 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

15
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out Normal file
View file

@ -0,0 +1,15 @@
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

9
testing/btest/bifs/rand.bro
View file

@ -1,6 +1,10 @@
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff out.2
const do_seed = T &redef;
event bro_init() event bro_init()
{ {
@ -12,7 +16,8 @@ event bro_init()
print b; print b;
print c; print c;
srand(575); if ( do_seed )
srand(575);
local d = rand(1000); local d = rand(1000);
local e = rand(1000); local e = rand(1000);

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -5,6 +5,8 @@
# Commonly, this test may fail if one forgets to @load some base/ scripts # Commonly, this test may fail if one forgets to @load some base/ scripts
# when writing a new bro scripts. # when writing a new bro scripts.
# #
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: test -d $DIST/scripts # @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 # @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors

9
testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: btest-bg-wait -k 10 # @TEST-EXEC: btest-bg-wait -k 10
# #
# Don't diff the receiver log just because port is always going to change # Don't diff the receiver log just because port is always going to change
# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log # @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: btest-diff send.log # @TEST-EXEC: btest-diff send.log
@TEST-START-FILE sender.bro @TEST-START-FILE sender.bro
@ -19,6 +19,10 @@ redef Communication::nodes += {
event remote_connection_handshake_done(p: event_peer) event remote_connection_handshake_done(p: event_peer)
{ {
terminate_communication(); terminate_communication();
}
event remote_connection_closed(p: event_peer)
{
terminate(); terminate();
} }
@ -30,9 +34,8 @@ event remote_connection_handshake_done(p: event_peer)
@load frameworks/communication/listen @load frameworks/communication/listen
event remote_connection_handshake_done(p: event_peer) event remote_connection_closed(p: event_peer)
{ {
terminate_communication();
terminate(); terminate();
} }

1
testing/btest/scripts/base/frameworks/control/id_value.bro
View file

@ -22,4 +22,5 @@ redef test_var = "This is the value from the controllee";
event Control::id_value_response(id: string, val: string) event Control::id_value_response(id: string, val: string)
{ {
print fmt("Got an id_value_response(%s, %s) event", id, val); print fmt("Got an id_value_response(%s, %s) event", id, val);
terminate();
} }

26
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -10,6 +13,11 @@
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -39,12 +47,16 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
outfile = open("../out");
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh"); Input::remove("ssh");
} }
event Input::update_finished(name: string, source:string) { event Input::update_finished(name: string, source:string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/emptyvals.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -11,6 +14,10 @@ T 1
- 2 - 2
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -26,12 +33,16 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
outfile = open("../out");
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh"); Input::remove("ssh");
} }
event Input::update_finished(name: string, source:string) { event Input::update_finished(name: string, source:string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

36
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T 7 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A; module A;
@ -24,15 +31,24 @@ type Val: record {
b: bool; b: bool;
}; };
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) { event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool)
print description; {
print tpe; print outfile, description;
print i; print outfile, tpe;
print b; print outfile, i;
} print outfile, b;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init() event bro_init()
{ {
Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]); try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]);
Input::remove("input"); Input::remove("input");
} }

16
testing/btest/scripts/base/frameworks/input/executeraw.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 1 # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out # @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@ -23,16 +25,18 @@ type Val: record {
s: string; s: string;
}; };
event line(description: Input::EventDescription, tpe: Input::Event, s: string) { event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description; print outfile, description;
print outfile, tpe; print outfile, tpe;
print outfile, s; print outfile, s;
close(outfile); close(outfile);
} terminate();
}
event bro_init() event bro_init()
{ {
outfile = open ("../out.tmp"); outfile = open("../out.tmp");
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]); Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]);
Input::remove("input"); Input::remove("input");
} }

25
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42 T -42
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]); outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42 T -42
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]); outfile = open("../out");
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/optional.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T 7 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -32,14 +39,18 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
outfile = open("../out");
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; } $pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; }
]); ]);
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

39
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -9,6 +12,10 @@
1.2.3.6 30 unknown 1.2.3.6 30 unknown
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -24,17 +31,23 @@ type Val: record {
global servers: table[addr] of Val = table(); global servers: table[addr] of Val = table();
event bro_init() event bro_init()
{ {
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]); outfile = open("../out");
print servers[1.2.3.4]; Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
print servers[1.2.3.5]; if ( 1.2.3.4 in servers )
print servers[1.2.3.6]; print outfile, servers[1.2.3.4];
if ( 1.2.3.5 in servers )
print outfile, servers[1.2.3.5];
if ( 1.2.3.6 in servers )
print outfile, servers[1.2.3.6];
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) {
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers[1.2.3.4];
print outfile, servers[1.2.3.5];
print outfile, servers[1.2.3.6];
close(outfile);
terminate();
}

67
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -1,9 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# #
# only difference from predicate.bro is, that this one uses a stream source. # only difference from predicate.bro is, that this one uses a stream source.
# the reason is, that the code-paths are quite different, because then the ascii reader uses the put and not the sendevent interface # the reason is, that the code-paths are quite different, because then the
# ascii reader uses the put and not the sendevent interface
@TEST-START-FILE input.log @TEST-START-FILE input.log
#separator \x09 #separator \x09
@ -19,6 +23,10 @@
7 T 7 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -34,47 +42,38 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
global ct: int; global ct: int;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
{
ct = ct + 1; ct = ct + 1;
if ( ct < 3 ) { if ( ct < 3 )
return; return;
}
if ( ct > 3 ) {
print "Too many events";
return;
}
if ( 1 in servers ) { if ( 1 in servers )
print "VALID"; print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
} }
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}
event bro_init() event bro_init()
{ {
outfile = open("../out");
ct = 0; ct = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line, Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; } $pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]); ]);
Input::remove("input"); Input::remove("input");
}
}

56
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T 7 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -31,34 +38,31 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
event bro_init() event bro_init()
{ {
outfile = open("../out");
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; } $pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]); ]);
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
if ( 1 in servers ) { {
print "VALID"; if ( 1 in servers )
print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
} }
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}

37
testing/btest/scripts/base/frameworks/input/predicatemodify.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -11,6 +14,10 @@
2 T test2 idx2 2 T test2 idx2
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -28,23 +35,25 @@ type Val: record {
global servers: table[int, string] of Val = table(); global servers: table[int, string] of Val = table();
event bro_init() event bro_init()
{ {
# first read in the old stuff into the table... outfile = open("../out");
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) {
right$s = "testmodified";
}
if ( left$i == 2 ) { # first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 )
right$s = "testmodified";
if ( left$i == 2 )
left$ss = "idxmodified"; left$ss = "idxmodified";
}
return T; return T;
} }
]); ]);
Input::remove("input"); Input::remove("input");
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print servers; {
} print outfile, servers;
close(outfile);
terminate();
}

30
testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log # @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 3 # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# #
@ -77,31 +79,31 @@ global outfile: file;
global try: count; global try: count;
event bro_init() event bro_init()
{ {
try = 0; try = 0;
outfile = open ("../out"); outfile = open("../out");
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD, Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD,
$pred(typ: Input::Event, left: Idx, right: Val) = { $pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) { if ( left$i == 1 )
right$s = "testmodified"; right$s = "testmodified";
} if ( left$i == 2 )
if ( left$i == 2 ) {
left$ss = "idxmodified"; left$ss = "idxmodified";
}
return T; return T;
} }
]); ]);
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
{
try = try + 1; try = try + 1;
print outfile, fmt("Update_finished for %s, try %d", name, try); print outfile, fmt("Update_finished for %s, try %d", name, try);
print outfile, servers; print outfile, servers;
if ( try == 5 ) { if ( try == 5 )
close (outfile); {
close(outfile);
Input::remove("input"); Input::remove("input");
terminate();
}
} }
}

34
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A; module A;
@ -20,14 +27,23 @@ type Val: record {
s: string; s: string;
}; };
event line(description: Input::EventDescription, tpe: Input::Event, s: string) { event line(description: Input::EventDescription, tpe: Input::Event, s: string)
print description; {
print tpe; print outfile, description;
print s; print outfile, tpe;
} print outfile, s;
try = try + 1;
if ( try == 8 )
{
close(outfile);
terminate();
}
}
event bro_init() event bro_init()
{ {
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::remove("input"); Input::remove("input");
} }

40
testing/btest/scripts/base/frameworks/input/repeat.bro
View file

@ -1,6 +1,9 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
#separator \x09 #separator \x09
@ -10,6 +13,11 @@
1 T 1 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
module A; module A;
@ -27,15 +35,25 @@ global destination: table[int] of Val = table();
const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32}; const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32};
event bro_init() event bro_init()
{ {
for ( i in one_to_32 ) { try = 0;
Input::add_table([$source="input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]); outfile = open("../out");
for ( i in one_to_32 )
{
Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
Input::remove(fmt("input%d", i)); Input::remove(fmt("input%d", i));
}
} }
}
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print name; {
print source; print outfile, name;
print destination; print outfile, source;
} print outfile, destination;
try = try + 1;
if ( try == 32 )
{
close(outfile);
terminate();
}
}

27
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log # @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log # @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 2 # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log @TEST-START-FILE input1.log
@ -56,6 +58,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen @load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
@ -90,7 +93,8 @@ global outfile: file;
global try: count; global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============"; print outfile, "============EVENT============";
print outfile, "Description"; print outfile, "Description";
print outfile, description; print outfile, description;
@ -100,11 +104,11 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
print outfile, left; print outfile, left;
print outfile, "Right"; print outfile, "Right";
print outfile, right; print outfile, right;
} }
event bro_init() event bro_init()
{ {
outfile = open ("../out"); outfile = open("../out");
try = 0; try = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
@ -116,17 +120,20 @@ event bro_init()
return T; return T;
} }
]); ]);
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
{
print outfile, "==========SERVERS============"; print outfile, "==========SERVERS============";
print outfile, servers; print outfile, servers;
try = try + 1; try = try + 1;
if ( try == 5 ) { if ( try == 5 )
{
print outfile, "done"; print outfile, "done";
close(outfile); close(outfile);
Input::remove("input"); Input::remove("input");
terminate();
}
} }
}

34
testing/btest/scripts/base/frameworks/input/rereadraw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE. 3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A; module A;
@ -20,15 +27,24 @@ type Val: record {
s: string; s: string;
}; };
event line(description: Input::EventDescription, tpe: Input::Event, s: string) { event line(description: Input::EventDescription, tpe: Input::Event, s: string)
print description; {
print tpe; print outfile, description;
print s; print outfile, tpe;
} print outfile, s;
try = try + 1;
if ( try == 16 )
{
close(outfile);
terminate();
}
}
event bro_init() event bro_init()
{ {
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]); try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
Input::force_update("input"); Input::force_update("input");
Input::remove("input"); Input::remove("input");
} }

23
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -1,11 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 3 # @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3 # @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3 # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log @TEST-START-FILE input1.log
@ -22,6 +24,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen @load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
@ -56,7 +59,8 @@ global outfile: file;
global try: count; global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============"; print outfile, "============EVENT============";
print outfile, tpe; print outfile, tpe;
print outfile, left; print outfile, left;
@ -66,18 +70,19 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
try = try + 1; try = try + 1;
if ( try == 3 ) { if ( try == 3 )
{
print outfile, "done"; print outfile, "done";
close(outfile); close(outfile);
Input::remove("input"); Input::remove("input");
terminate();
}
} }
}
event bro_init() event bro_init()
{ {
outfile = open ("../out"); outfile = open("../out");
try = 0; try = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]); Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
} }

20
testing/btest/scripts/base/frameworks/input/streamraw.bro
View file

@ -1,3 +1,5 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
@ -5,7 +7,7 @@
# @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3 # @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log # @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3 # @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log @TEST-START-FILE input1.log
@ -36,21 +38,25 @@ type Val: record {
global try: count; global try: count;
global outfile: file; global outfile: file;
event line(description: Input::EventDescription, tpe: Input::Event, s: string) { event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description; print outfile, description;
print outfile, tpe; print outfile, tpe;
print outfile, s; print outfile, s;
if ( try == 3 ) { try = try + 1;
if ( try == 8 )
{
print outfile, "done"; print outfile, "done";
close(outfile); close(outfile);
Input::remove("input"); Input::remove("input");
terminate();
}
} }
}
event bro_init() event bro_init()
{ {
outfile = open ("../out"); outfile = open("../out");
try = 0; try = 0;
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]); Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
} }

37
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: bro -b %INPUT >out # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log @TEST-START-FILE input.log
@ -16,6 +19,11 @@
7 T 7 T
@TEST-END-FILE @TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
type Idx: record { type Idx: record {
@ -28,15 +36,24 @@ type Val: record {
global destination: table[int] of Val = table(); global destination: table[int] of Val = table();
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
print description; {
print tpe; print outfile, description;
print left; print outfile, tpe;
print right; print outfile, left;
} print outfile, right;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init() event bro_init()
{ {
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]); try = 0;
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::remove("input"); Input::remove("input");
} }

88
testing/btest/scripts/base/frameworks/input/twotables.bro
View file

@ -1,10 +1,15 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
# #
# @TEST-EXEC: cp input1.log input.log # @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2 # @TEST-EXEC: sleep 5
# @TEST-EXEC: cp input3.log input.log # @TEST-EXEC: cp input3.log input.log
# @TEST-EXEC: btest-bg-wait -k 2 # @TEST-EXEC: btest-bg-wait -k 10
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff event.out
# @TEST-EXEC: btest-diff pred1.out
# @TEST-EXEC: btest-diff pred2.out
# @TEST-EXEC: btest-diff fin.out
@TEST-START-FILE input1.log @TEST-START-FILE input1.log
#separator \x09 #separator \x09
@ -28,6 +33,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen @load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY"; redef InputAscii::empty_field = "EMPTY";
@ -58,59 +64,71 @@ type Val: record {
global servers: table[int] of Val = table(); global servers: table[int] of Val = table();
global outfile: file; global event_out: file;
global pred1_out: file;
global pred2_out: file;
global fin_out: file;
global try: count; global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) { event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
print outfile, "============EVENT============"; {
# print outfile, "Description"; print event_out, "============EVENT============";
# print outfile, description; # print event_out, "Description";
# print outfile, "Type"; # print event_out, description;
# print outfile, tpe; # print event_out, "Type";
# print outfile, "Left"; # print event_out, tpe;
# print outfile, left; # print event_out, "Left";
# print outfile, "Right"; # print event_out, left;
# print outfile, right; # print event_out, "Right";
} # print event_out, right;
}
event bro_init() event bro_init()
{ {
outfile = open ("../out"); event_out = open ("../event.out");
pred1_out = open ("../pred1.out");
pred2_out = open ("../pred2.out");
fin_out = open ("../fin.out");
try = 0; try = 0;
# first read in the old stuff into the table... # first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line, Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = { $pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE============"; print pred1_out, "============PREDICATE============";
print outfile, typ; print pred1_out, typ;
print outfile, left; print pred1_out, left;
print outfile, right; print pred1_out, right;
return T; return T;
} }
]); ]);
Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line, Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = { $pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE 2============"; print pred2_out, "============PREDICATE 2============";
print outfile, typ; print pred2_out, typ;
print outfile, left; print pred2_out, left;
print outfile, right; print pred2_out, right;
return T; return T;
} }
]); ]);
} }
event Input::update_finished(name: string, source: string) { event Input::update_finished(name: string, source: string)
print outfile, "==========SERVERS============"; {
print outfile, servers; print fin_out, "==========SERVERS============";
#print fin_out, servers;
try = try + 1; try = try + 1;
if ( try == 3 ) { if ( try == 3 )
print outfile, "done"; {
print outfile, servers; print fin_out, "done";
close(outfile); print fin_out, servers;
close(event_out);
close(pred1_out);
close(pred2_out);
close(fin_out);
Input::remove("input"); Input::remove("input");
Input::remove("input2"); Input::remove("input2");
terminate(); terminate();
}
} }
}