Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/fastpath' into topic/bernhard/reader-info

Browse source 
Conflicts:
	src/logging/WriterBackend.cc
	src/logging/WriterBackend.h
	src/logging/WriterFrontend.cc
	testing/btest/Baseline/scripts.base.frameworks.input.event/out
	testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.raw/out
	testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
	testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
This commit is contained in:
Bernhard Amann 2012-07-02 15:33:12 -07:00
commit 86826770ab
49 changed files with 1159 additions and 710 deletions
Download patch file Download diff file Expand all files Collapse all files

14
NEWS
View file

@ -38,14 +38,14 @@ New Functionality
- Bro now decapsulates tunnels via its new tunnel framework located in
scripts/base/frameworks/tunnels. It currently supports Teredo,
AYIYA, IP-in-IP (both IPv4 and IPv6), and SOCKS. For all these, it
logs the outher tunnel connections in both conn.log and tunnel.log,
logs the outer tunnel connections in both conn.log and tunnel.log,
and then proceeds to analyze the inner payload as if it were not
tunneled, including also logging that session in conn.log. For
SOCKS, it generates a new socks.log in addition with more
information.
- Bro now features a flexible input framework that allows users to
integrate external information in real-time into Bro while it
integrate external information in real-time into Bro while it's
processing network traffic. The most direct use-case at the moment
is reading data from ASCII files into Bro tables, with updates
picked up automatically when the file changes during runtime. See
@ -57,7 +57,7 @@ New Functionality
- Bro's default ASCII log format is not exactly the most efficient way
for storing and searching large volumes of data. An an alternative,
Bro nows comes with experimental support for DataSeries output, an
Bro now comes with experimental support for DataSeries output, an
efficient binary format for recording structured bulk data.
DataSeries is developed and maintained at HP Labs. See
doc/logging-dataseries for more information.
@ -66,7 +66,7 @@ New Functionality
Changed Functionality
~~~~~~~~~~~~~~~~~~~~~
The following summarized the most important differences in existing
The following summarizes the most important differences in existing
functionality. Note that this list is not complete, see CHANGES for
the full set.
@ -100,7 +100,7 @@ the full set.
a bunch of Bro threads.
- We renamed the configure option --enable-perftools to
--enable-perftool-debug to indicate that the switch is only relevant
--enable-perftools-debug to indicate that the switch is only relevant
for debugging the heap.
- Bro's ICMP analyzer now handles both IPv4 and IPv6 messages with a
@ -110,8 +110,8 @@ the full set.
- Log postprocessor scripts get an additional argument indicating the
type of the log writer in use (e.g., "ascii").
- BroControl's make-archive-name scripts also receives the writer
type, but as it's 2nd(!) argument. If you're using a custom version
- BroControl's make-archive-name script also receives the writer
type, but as its 2nd(!) argument. If you're using a custom version
of that script, you need to adapt it. See the shipped version for
details.

27
src/RemoteSerializer.cc
View file

@ -4208,32 +4208,37 @@ bool SocketComm::Listen()
bool SocketComm::AcceptConnection(int fd)
{
sockaddr_storage client;
socklen_t len = sizeof(client);
union {
sockaddr_storage ss;
sockaddr_in s4;
sockaddr_in6 s6;
} client;
socklen_t len = sizeof(client.ss);
int clientfd = accept(fd, (sockaddr*) &client, &len);
int clientfd = accept(fd, (sockaddr*) &client.ss, &len);
if ( clientfd < 0 )
{
Error(fmt("accept failed, %s %d", strerror(errno), errno));
return false;
}
if ( client.ss_family != AF_INET && client.ss_family != AF_INET6 )
if ( client.ss.ss_family != AF_INET && client.ss.ss_family != AF_INET6 )
{
Error(fmt("accept fail, unknown address family %d", client.ss_family));
Error(fmt("accept fail, unknown address family %d",
client.ss.ss_family));
close(clientfd);
return false;
}
Peer* peer = new Peer;
peer->id = id_counter++;
peer->ip = client.ss_family == AF_INET ?
IPAddr(((sockaddr_in*)&client)->sin_addr) :
IPAddr(((sockaddr_in6*)&client)->sin6_addr);
peer->ip = client.ss.ss_family == AF_INET ?
IPAddr(client.s4.sin_addr) :
IPAddr(client.s6.sin6_addr);
peer->port = client.ss_family == AF_INET ?
ntohs(((sockaddr_in*)&client)->sin_port) :
ntohs(((sockaddr_in6*)&client)->sin6_port);
peer->port = client.ss.ss_family == AF_INET ?
ntohs(client.s4.sin_port) :
ntohs(client.s6.sin6_port);
peer->connected = true;
peer->ssl = listen_ssl;

12
src/bro.bif
View file

@ -972,12 +972,12 @@ function sha256_hash_finish%(index: any%): string
##
## .. note::
##
## This function is a wrapper about the function ``rand`` provided by
## the OS.
## This function is a wrapper about the function ``random``
## provided by the OS.
function rand%(max: count%): count
%{
int result;
result = bro_uint_t(double(max) * double(rand()) / (RAND_MAX + 1.0));
result = bro_uint_t(double(max) * double(bro_random()) / (RAND_MAX + 1.0));
return new Val(result, TYPE_COUNT);
%}
@ -989,11 +989,11 @@ function rand%(max: count%): count
##
## .. note::
##
## This function is a wrapper about the function ``srand`` provided
## by the OS.
## This function is a wrapper about the function ``srandom``
## provided by the OS.
function srand%(seed: count%): any
%{
srand(seed);
bro_srandom(seed);
return 0;
%}

41
src/event.bif
View file

@ -157,7 +157,7 @@ event new_connection%(c: connection%);
## e: The new encapsulation.
event tunnel_changed%(c: connection, e: EncapsulatingConnVector%);
## Generated when reassembly starts for a TCP connection. The event is raised
## Generated when reassembly starts for a TCP connection. This event is raised
## at the moment when Bro's TCP analyzer enables stream reassembly for a
## connection.
##
@ -522,7 +522,7 @@ event esp_packet%(p: pkt_hdr%);
## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
event mobile_ipv6_message%(p: pkt_hdr%);
## Genereated for any IPv6 packet encapsulated in a Teredo tunnel.
## Generated for any IPv6 packet encapsulated in a Teredo tunnel.
## See :rfc:`4380` for more information about the Teredo protocol.
##
## outer: The Teredo tunnel connection.
@ -532,10 +532,10 @@ event mobile_ipv6_message%(p: pkt_hdr%);
## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble
##
## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis.
## it may become particularly expensive for real-time analysis.
event teredo_packet%(outer: connection, inner: teredo_hdr%);
## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
## Generated for IPv6 packets encapsulated in a Teredo tunnel that
## use the Teredo authentication encapsulation method.
## See :rfc:`4380` for more information about the Teredo protocol.
##
@ -546,10 +546,10 @@ event teredo_packet%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble
##
## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis.
## it may become particularly expensive for real-time analysis.
event teredo_authentication%(outer: connection, inner: teredo_hdr%);
## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
## Generated for IPv6 packets encapsulated in a Teredo tunnel that
## use the Teredo origin indication encapsulation method.
## See :rfc:`4380` for more information about the Teredo protocol.
##
@ -560,10 +560,10 @@ event teredo_authentication%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_authentication teredo_bubble
##
## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis.
## it may become particularly expensive for real-time analysis.
event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
## Genereated for Teredo bubble packets. That is, IPv6 packets encapsulated
## Generated for Teredo bubble packets. That is, IPv6 packets encapsulated
## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`.
## See :rfc:`4380` for more information about the Teredo protocol.
##
@ -574,15 +574,15 @@ event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication
##
## .. note:: Since this event may be raised on a per-packet basis, handling
## it may become particular expensive for real-time analysis.
## it may become particularly expensive for real-time analysis.
event teredo_bubble%(outer: connection, inner: teredo_hdr%);
## Generated for every packet that has non-empty transport-layer payload. This is a
## very low-level and expensive event that should be avoided when at all possible.
## It's usually infeasible to handle when processing even medium volumes of
## traffic in real-time. It's even worse than :bro:id:`new_packet`. That said, if
## you work from a trace and want to do some packet-level analysis, it may come in
## handy.
## Generated for every packet that has a non-empty transport-layer payload.
## This is a very low-level and expensive event that should be avoided when
## at all possible. It's usually infeasible to handle when processing even
## medium volumes of traffic in real-time. It's even worse than
## :bro:id:`new_packet`. That said, if you work from a trace and want to
## do some packet-level analysis, it may come in handy.
##
## c: The connection the packet is part of.
##
@ -6216,13 +6216,12 @@ event signature_match%(state: signature_state, msg: string, data: string%);
##
## request_type: The type of the request.
##
## dstaddr: Address that the tunneled traffic should be sent to.
##
## dstname: DNS name of the host that the tunneled traffic should be sent to.
## sa: Address that the tunneled traffic should be sent to.
##
## p: The destination port for the proxied traffic.
##
## user: Username given for the SOCKS connection. This is not yet implemented for SOCKSv5.
## user: Username given for the SOCKS connection. This is not yet implemented
## for SOCKSv5.
event socks_request%(c: connection, version: count, request_type: count, sa: SOCKS::Address, p: port, user: string%);
## Generated when a SOCKS reply is analyzed.
@ -6233,9 +6232,7 @@ event socks_request%(c: connection, version: count, request_type: count, sa: SOC
##
## reply: The status reply from the server.
##
## dstaddr: The address that the server sent the traffic to.
##
## dstname: The name the server sent the traffic to. Only applicable for SOCKSv5.
## sa: The address that the server sent the traffic to.
##
## p: The destination port for the proxied traffic.
event socks_reply%(c: connection, version: count, reply: count, sa: SOCKS::Address, p: port%);

10
src/input/readers/Benchmark.cc
View file

@ -59,7 +59,7 @@ string Benchmark::RandomString(const int len)
"abcdefghijklmnopqrstuvwxyz";
for (int i = 0; i < len; ++i)
s[i] = values[rand() / (RAND_MAX / sizeof(values))];
s[i] = values[random() / (RAND_MAX / sizeof(values))];
return s;
}
@ -134,7 +134,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
break;
case TYPE_INT:
val->val.int_val = rand();
val->val.int_val = random();
break;
case TYPE_TIME:
@ -148,11 +148,11 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
case TYPE_COUNT:
case TYPE_COUNTER:
val->val.uint_val = rand();
val->val.uint_val = random();
break;
case TYPE_PORT:
val->val.port_val.port = rand() / (RAND_MAX / 60000);
val->val.port_val.port = random() / (RAND_MAX / 60000);
val->val.port_val.proto = TRANSPORT_UNKNOWN;
break;
@ -175,7 +175,7 @@ threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
// Then - common stuff
{
// how many entries do we have...
unsigned int length = rand() / (RAND_MAX / 15);
unsigned int length = random() / (RAND_MAX / 15);
Value** lvals = new Value* [length];

2
src/logging/WriterBackend.h
View file

@ -91,6 +91,8 @@ public:
* @param fields An array of size \a num_fields with the log fields.
* The methods takes ownership of the array.
*
* @param frontend_name The name of the front-end writer implementation.
*
* @return False if an error occured.
*/
bool Init(const WriterInfo& info, int num_fields, const threading::Field* const* fields);

1
src/logging/WriterFrontend.cc
View file

@ -26,6 +26,7 @@ private:
WriterBackend::WriterInfo info;
const int num_fields;
const Field * const* fields;
const string frontend_name;
};
class RotateMessage : public threading::InputMessage<WriterBackend>

2
src/main.cc
View file

@ -313,6 +313,8 @@ void terminate_bro()
if ( remote_serializer )
remote_serializer->LogStats();
mgr.Drain();
log_mgr->Terminate();
thread_mgr->Terminate();

14
src/util.cc
View file

@ -633,12 +633,20 @@ static bool write_random_seeds(const char* write_file, uint32 seed,
static bool bro_rand_determistic = false;
static unsigned int bro_rand_state = 0;
static void bro_srand(unsigned int seed, bool deterministic)
static void bro_srandom(unsigned int seed, bool deterministic)
{
bro_rand_state = seed;
bro_rand_determistic = deterministic;
srand(seed);
srandom(seed);
}
void bro_srandom(unsigned int seed)
{
if ( bro_rand_determistic )
bro_rand_state = seed;
else
srandom(seed);
}
void init_random_seed(uint32 seed, const char* read_file, const char* write_file)
@ -705,7 +713,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
seeds_done = true;
}
bro_srand(seed, seeds_done);
bro_srandom(seed, seeds_done);
if ( ! hmac_key_set )
{

4
src/util.h
View file

@ -159,6 +159,10 @@ extern bool have_random_seed();
// predictable PRNG.
long int bro_random();
// Calls the system srandom() function with the given seed if not running
// in deterministic mode, else it updates the state of the deterministic PRNG
void bro_srandom(unsigned int seed);
extern uint64 rand64bit();
// Each event source that may generate events gets an internally unique ID.

12
testing/btest/Baseline/bifs.rand/out
View file

@ -1,6 +1,6 @@
185
236
805
47
996
498
985
474
738
4
634
473

6
testing/btest/Baseline/bifs.rand/out.2 Normal file
View file

@ -0,0 +1,6 @@
985
474
738
974
371
638

29
testing/btest/Baseline/scripts.base.frameworks.communication.communication_log_baseline/send.log
View file

@ -5,17 +5,18 @@
#path communication
#fields ts peer src_name connected_peer_desc connected_peer_addr connected_peer_port level message
#types time string string string addr port string string
1326492291.485390 bro parent - - - info [#1/127.0.0.1:47757] added peer
1326492291.491731 bro child - - - info [#1/127.0.0.1:47757] connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1326492291.492024 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1326492291.492740 bro script - - - info connection established
1326492291.492740 bro script - - - info requesting events matching /^?(NOTHING)$?/
1326492291.492740 bro script - - - info accepting state
1326492291.493800 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1326492291.493800 bro parent - - - info warning: no events to request
1326492291.494161 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] phase: running
1326492291.494404 bro parent - - - info terminating...
1326492291.494404 bro parent - - - info [#1/127.0.0.1:47757] closing connection
1340904724.781527 bro parent - - - info [#1/127.0.0.1:47757] added peer
1340904724.784954 bro child - - - info [#1/127.0.0.1:47757] connected
1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] peer connected
1340904724.786168 bro parent - - - info [#1/127.0.0.1:47757] phase: version
1340904724.786168 bro script - - - info connection established
1340904724.786168 bro script - - - info requesting events matching /^?(NOTHING)$?/
1340904724.786168 bro script - - - info accepting state
1340904724.787645 bro parent - - - info [#1/127.0.0.1:47757] phase: handshake
1340904724.787645 bro parent - - - info warning: no events to request
1340904724.788857 bro parent - - - info [#1/127.0.0.1:47757] peer_description is bro
1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] peer supports keep-in-cache; using that
1340904724.829480 bro parent - - - info [#1/127.0.0.1:47757] phase: running
1340904724.829480 bro parent - - - info terminating...
1340904724.832952 bro child - - - info terminating
1340904724.834082 bro parent - - - info [#1/127.0.0.1:47757] closing connection

119
testing/btest/Baseline/scripts.base.frameworks.input.event/out
View file

@ -1,81 +1,130 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
1
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
2
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
3
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
4
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
5
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
6
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::i;
print A::b;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::i;
print outfile, A::b;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, config={
}]

1
testing/btest/Baseline/scripts.base.frameworks.input.executeraw/out
View file

@ -4,6 +4,7 @@ print outfile, description;
print outfile, tpe;
print outfile, s;
close(outfile);
terminate();
}, config={
}]

120
testing/btest/Baseline/scripts.base.frameworks.input.raw/out
View file

@ -1,78 +1,134 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::STREAM, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (8 == try)
{
close(outfile);
terminate();
}
}, config={
}]

64
testing/btest/Baseline/scripts.base.frameworks.input.repeat/out
View file

@ -1,160 +1,160 @@
input0
input.log
../input.log
{
[1] = T
}
input1
input.log
../input.log
{
[1] = T
}
input2
input.log
../input.log
{
[1] = T
}
input3
input.log
../input.log
{
[1] = T
}
input4
input.log
../input.log
{
[1] = T
}
input5
input.log
../input.log
{
[1] = T
}
input6
input.log
../input.log
{
[1] = T
}
input7
input.log
../input.log
{
[1] = T
}
input8
input.log
../input.log
{
[1] = T
}
input9
input.log
../input.log
{
[1] = T
}
input10
input.log
../input.log
{
[1] = T
}
input11
input.log
../input.log
{
[1] = T
}
input12
input.log
../input.log
{
[1] = T
}
input13
input.log
../input.log
{
[1] = T
}
input14
input.log
../input.log
{
[1] = T
}
input15
input.log
../input.log
{
[1] = T
}
input16
input.log
../input.log
{
[1] = T
}
input17
input.log
../input.log
{
[1] = T
}
input18
input.log
../input.log
{
[1] = T
}
input19
input.log
../input.log
{
[1] = T
}
input20
input.log
../input.log
{
[1] = T
}
input21
input.log
../input.log
{
[1] = T
}
input22
input.log
../input.log
{
[1] = T
}
input23
input.log
../input.log
{
[1] = T
}
input24
input.log
../input.log
{
[1] = T
}
input25
input.log
../input.log
{
[1] = T
}
input26
input.log
../input.log
{
[1] = T
}
input27
input.log
../input.log
{
[1] = T
}
input28
input.log
../input.log
{
[1] = T
}
input29
input.log
../input.log
{
[1] = T
}
input30
input.log
../input.log
{
[1] = T
}
input31
input.log
../input.log
{
[1] = T
}

240
testing/btest/Baseline/scripts.base.frameworks.input.rereadraw/out
View file

@ -1,158 +1,270 @@
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE.
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
q3r3057fdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdfs\d
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
dfsdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]
Input::EVENT_NEW
sdf
[source=input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=<no value description>, want_record=F, ev=line
{
print A::description;
print A::tpe;
print A::s;
print outfile, A::description;
print outfile, A::tpe;
print outfile, A::s;
try = try + 1;
if (16 == try)
{
close(outfile);
terminate();
}
}, config={
}]

33
testing/btest/Baseline/scripts.base.frameworks.input.streamraw/out
View file

@ -3,11 +3,13 @@
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -20,11 +22,13 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -37,11 +41,13 @@ DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -54,11 +60,13 @@ q3r3057fdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -71,11 +79,13 @@ sdfs\d
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -88,11 +98,13 @@ Input::EVENT_NEW
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -105,11 +117,13 @@ dfsdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -122,11 +136,13 @@ sdf
print A::outfile, A::description;
print A::outfile, A::tpe;
print A::outfile, A::s;
if (3 == A::try)
A::try = A::try + 1;
if (8 == A::try)
{
print A::outfile, done;
close(A::outfile);
Input::remove(input);
terminate();
}
}, config={
@ -134,3 +150,4 @@ Input::remove(input);
}]
Input::EVENT_NEW
3rw43wRRERLlL#RWERERERE.
done

119
testing/btest/Baseline/scripts.base.frameworks.input.tableevent/out
View file

@ -1,4 +1,4 @@
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -8,17 +8,24 @@
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=1]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -28,17 +35,24 @@ T
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=2]
T
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -48,17 +62,24 @@ T
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=3]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -68,17 +89,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=4]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -88,17 +116,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=5]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -108,17 +143,24 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]
Input::EVENT_NEW
[i=6]
F
[source=input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[source=../input.log, reader=Input::READER_ASCII, mode=Input::MANUAL, name=input, destination={
[2] = T,
[4] = F,
[6] = F,
@ -128,10 +170,17 @@ F
[3] = F
}, idx=<no value description>, val=<no value description>, want_record=F, ev=line
{
print description;
print tpe;
print left;
print right;
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if (7 == try)
{
close(outfile);
terminate();
}
}, pred=<uninitialized>, config={
}]

4
testing/btest/Baseline/scripts.base.frameworks.input.twotables/event.out Normal file
View file

@ -0,0 +1,4 @@
============EVENT============
============EVENT============
============EVENT============
============EVENT============

30
testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out Normal file
View file

@ -0,0 +1,30 @@
==========SERVERS============
==========SERVERS============
==========SERVERS============
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

172
testing/btest/Baseline/scripts.base.frameworks.input.twotables/out
View file

@ -1,172 +0,0 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============EVENT============
============EVENT============
==========SERVERS============
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}
done
{
[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]],
[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
}

45
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out Normal file
View file

@ -0,0 +1,45 @@
============PREDICATE============
Input::EVENT_NEW
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_NEW
[i=-44]
[b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]
============PREDICATE============
Input::EVENT_REMOVED
[i=-42]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

15
testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out Normal file
View file

@ -0,0 +1,15 @@
============PREDICATE 2============
Input::EVENT_NEW
[i=-43]
[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={
2,
4,
1,
3
}, ss={
CC,
AA,
BB
}, se={
}, vc=[10, 20, 30], ve=[]]

9
testing/btest/bifs/rand.bro
View file

@ -1,6 +1,10 @@
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: bro -b %INPUT do_seed=F >out.2
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff out.2
const do_seed = T &redef;
event bro_init()
{
@ -12,7 +16,8 @@ event bro_init()
print b;
print c;
srand(575);
if ( do_seed )
srand(575);
local d = rand(1000);
local e = rand(1000);

2
testing/btest/coverage/bare-mode-errors.test
View file

@ -5,6 +5,8 @@
# Commonly, this test may fail if one forgets to @load some base/ scripts
# when writing a new bro scripts.
#
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: test -d $DIST/scripts
# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
# @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors

9
testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: btest-bg-wait -k 10
#
# Don't diff the receiver log just because port is always going to change
# @TEST-EXEC: egrep -v 'pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log
# @TEST-EXEC: btest-diff send.log
@TEST-START-FILE sender.bro
@ -19,6 +19,10 @@ redef Communication::nodes += {
event remote_connection_handshake_done(p: event_peer)
{
terminate_communication();
}
event remote_connection_closed(p: event_peer)
{
terminate();
}
@ -30,9 +34,8 @@ event remote_connection_handshake_done(p: event_peer)
@load frameworks/communication/listen
event remote_connection_handshake_done(p: event_peer)
event remote_connection_closed(p: event_peer)
{
terminate_communication();
terminate();
}

1
testing/btest/scripts/base/frameworks/control/id_value.bro
View file

@ -22,4 +22,5 @@ redef test_var = "This is the value from the controllee";
event Control::id_value_response(id: string, val: string)
{
print fmt("Got an id_value_response(%s, %s) event", id, val);
terminate();
}

26
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,11 @@
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -39,12 +47,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
}
event Input::update_finished(name: string, source:string) {
print servers;
}
event Input::update_finished(name: string, source:string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/emptyvals.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -11,6 +14,10 @@ T 1
- 2
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -26,12 +33,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("ssh");
}
}
event Input::update_finished(name: string, source:string) {
print servers;
}
event Input::update_finished(name: string, source:string)
{
print outfile, servers;
close(outfile);
terminate();
}

36
testing/btest/scripts/base/frameworks/input/event.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -24,15 +31,24 @@ type Val: record {
b: bool;
};
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool) {
print description;
print tpe;
print i;
print b;
}
event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: bool)
{
print outfile, description;
print outfile, tpe;
print outfile, i;
print outfile, b;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

16
testing/btest/scripts/base/frameworks/input/executeraw.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 1
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: cat out.tmp | sed 's/^ *//g' >out
# @TEST-EXEC: btest-diff out
@ -23,16 +25,18 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
close(outfile);
}
terminate();
}
event bro_init()
{
outfile = open ("../out.tmp");
{
outfile = open("../out.tmp");
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

25
testing/btest/scripts/base/frameworks/input/onecolumn-norecord.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
{
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/onecolumn-record.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -10,6 +13,10 @@
T -42
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -25,12 +32,16 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
Input::add_table([$name="input", $source="input.log", $idx=Idx, $val=Val, $destination=servers]);
{
outfile = open("../out");
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

25
testing/btest/scripts/base/frameworks/input/optional.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -32,14 +39,18 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = { right$notb = !right$b; return T; }
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

39
testing/btest/scripts/base/frameworks/input/port.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -9,6 +12,10 @@
1.2.3.6 30 unknown
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -24,17 +31,23 @@ type Val: record {
global servers: table[addr] of Val = table();
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
{
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
if ( 1.2.3.4 in servers )
print outfile, servers[1.2.3.4];
if ( 1.2.3.5 in servers )
print outfile, servers[1.2.3.5];
if ( 1.2.3.6 in servers )
print outfile, servers[1.2.3.6];
Input::remove("input");
}
event Input::update_finished(name: string, source: string) {
print servers[1.2.3.4];
print servers[1.2.3.5];
print servers[1.2.3.6];
}
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers[1.2.3.4];
print outfile, servers[1.2.3.5];
print outfile, servers[1.2.3.6];
close(outfile);
terminate();
}

67
testing/btest/scripts/base/frameworks/input/predicate-stream.bro
View file

@ -1,9 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
#
# only difference from predicate.bro is, that this one uses a stream source.
# the reason is, that the code-paths are quite different, because then the ascii reader uses the put and not the sendevent interface
# the reason is, that the code-paths are quite different, because then the
# ascii reader uses the put and not the sendevent interface
@TEST-START-FILE input.log
#separator \x09
@ -19,6 +23,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -34,47 +42,38 @@ type Val: record {
global servers: table[int] of Val = table();
global ct: int;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
{
ct = ct + 1;
if ( ct < 3 ) {
if ( ct < 3 )
return;
}
if ( ct > 3 ) {
print "Too many events";
return;
}
if ( 1 in servers ) {
print "VALID";
if ( 1 in servers )
print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
}
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}
event bro_init()
{
{
outfile = open("../out");
ct = 0;
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F, $ev=line,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
}

56
testing/btest/scripts/base/frameworks/input/predicate.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,10 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -31,34 +38,31 @@ type Val: record {
global servers: table[int] of Val = table();
event bro_init()
{
{
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F,
$pred(typ: Input::Event, left: Idx, right: bool) = { return right; }
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
if ( 1 in servers ) {
print "VALID";
event Input::update_finished(name: string, source: string)
{
if ( 1 in servers )
print outfile, "VALID";
if ( 2 in servers )
print outfile, "VALID";
if ( !(3 in servers) )
print outfile, "VALID";
if ( !(4 in servers) )
print outfile, "VALID";
if ( !(5 in servers) )
print outfile, "VALID";
if ( !(6 in servers) )
print outfile, "VALID";
if ( 7 in servers )
print outfile, "VALID";
close(outfile);
terminate();
}
if ( 2 in servers ) {
print "VALID";
}
if ( !(3 in servers) ) {
print "VALID";
}
if ( !(4 in servers) ) {
print "VALID";
}
if ( !(5 in servers) ) {
print "VALID";
}
if ( !(6 in servers) ) {
print "VALID";
}
if ( 7 in servers ) {
print "VALID";
}
}

37
testing/btest/scripts/base/frameworks/input/predicatemodify.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -11,6 +14,10 @@
2 T test2 idx2
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -28,23 +35,25 @@ type Val: record {
global servers: table[int, string] of Val = table();
event bro_init()
{
# first read in the old stuff into the table...
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) {
right$s = "testmodified";
}
{
outfile = open("../out");
if ( left$i == 2 ) {
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 )
right$s = "testmodified";
if ( left$i == 2 )
left$ss = "idxmodified";
}
return T;
}
]);
Input::remove("input");
}
}
event Input::update_finished(name: string, source: string) {
print servers;
}
event Input::update_finished(name: string, source: string)
{
print outfile, servers;
close(outfile);
terminate();
}

30
testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
#
@ -77,31 +79,31 @@ global outfile: file;
global try: count;
event bro_init()
{
{
try = 0;
outfile = open ("../out");
outfile = open("../out");
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $mode=Input::REREAD,
$pred(typ: Input::Event, left: Idx, right: Val) = {
if ( left$i == 1 ) {
if ( left$i == 1 )
right$s = "testmodified";
}
if ( left$i == 2 ) {
if ( left$i == 2 )
left$ss = "idxmodified";
}
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
event Input::update_finished(name: string, source: string)
{
try = try + 1;
print outfile, fmt("Update_finished for %s, try %d", name, try);
print outfile, servers;
if ( try == 5 ) {
close (outfile);
if ( try == 5 )
{
close(outfile);
Input::remove("input");
terminate();
}
}
}

34
testing/btest/scripts/base/frameworks/input/raw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -20,14 +27,23 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description;
print tpe;
print s;
}
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
try = try + 1;
if ( try == 8 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
Input::remove("input");
}
}

40
testing/btest/scripts/base/frameworks/input/repeat.bro
View file

@ -1,6 +1,9 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
#separator \x09
@ -10,6 +13,11 @@
1 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY";
module A;
@ -27,15 +35,25 @@ global destination: table[int] of Val = table();
const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32};
event bro_init()
{
for ( i in one_to_32 ) {
Input::add_table([$source="input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
{
try = 0;
outfile = open("../out");
for ( i in one_to_32 )
{
Input::add_table([$source="../input.log", $name=fmt("input%d", i), $idx=Idx, $val=Val, $destination=destination, $want_record=F]);
Input::remove(fmt("input%d", i));
}
}
}
event Input::update_finished(name: string, source: string) {
print name;
print source;
print destination;
}
event Input::update_finished(name: string, source: string)
{
print outfile, name;
print outfile, source;
print outfile, destination;
try = try + 1;
if ( try == 32 )
{
close(outfile);
terminate();
}
}

27
testing/btest/scripts/base/frameworks/input/reread.bro
View file

@ -1,6 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input2.log input.log
# @TEST-EXEC: sleep 2
@ -9,7 +11,7 @@
# @TEST-EXEC: cp input4.log input.log
# @TEST-EXEC: sleep 2
# @TEST-EXEC: cp input5.log input.log
# @TEST-EXEC: btest-bg-wait -k 2
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -56,6 +58,7 @@ F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -48 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -90,7 +93,8 @@ global outfile: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============";
print outfile, "Description";
print outfile, description;
@ -100,11 +104,11 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
print outfile, left;
print outfile, "Right";
print outfile, right;
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
@ -116,17 +120,20 @@ event bro_init()
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
event Input::update_finished(name: string, source: string)
{
print outfile, "==========SERVERS============";
print outfile, servers;
try = try + 1;
if ( try == 5 ) {
if ( try == 5 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}

34
testing/btest/scripts/base/frameworks/input/rereadraw.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -13,6 +16,10 @@ sdf
3rw43wRRERLlL#RWERERERE.
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
module A;
@ -20,15 +27,24 @@ type Val: record {
s: string;
};
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
print description;
print tpe;
print s;
}
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
try = try + 1;
if ( try == 16 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_event([$source="input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::REREAD, $name="input", $fields=Val, $ev=line]);
Input::force_update("input");
Input::remove("input");
}
}

23
testing/btest/scripts/base/frameworks/input/stream.bro
View file

@ -1,11 +1,13 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -22,6 +24,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -56,7 +59,8 @@ global outfile: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print outfile, "============EVENT============";
print outfile, tpe;
print outfile, left;
@ -66,18 +70,19 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
try = try + 1;
if ( try == 3 ) {
if ( try == 3 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::STREAM, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line]);
}
}

20
testing/btest/scripts/base/frameworks/input/streamraw.bro
View file

@ -1,3 +1,5 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
@ -5,7 +7,7 @@
# @TEST-EXEC: cat input2.log >> input.log
# @TEST-EXEC: sleep 3
# @TEST-EXEC: cat input3.log >> input.log
# @TEST-EXEC: btest-bg-wait -k 3
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input1.log
@ -36,21 +38,25 @@ type Val: record {
global try: count;
global outfile: file;
event line(description: Input::EventDescription, tpe: Input::Event, s: string) {
event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, description;
print outfile, tpe;
print outfile, s;
if ( try == 3 ) {
try = try + 1;
if ( try == 8 )
{
print outfile, "done";
close(outfile);
Input::remove("input");
terminate();
}
}
}
event bro_init()
{
outfile = open ("../out");
{
outfile = open("../out");
try = 0;
Input::add_event([$source="../input.log", $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line]);
}
}

37
testing/btest/scripts/base/frameworks/input/tableevent.bro
View file

@ -1,5 +1,8 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: bro -b %INPUT >out
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait -k 5
# @TEST-EXEC: btest-diff out
@TEST-START-FILE input.log
@ -16,6 +19,11 @@
7 T
@TEST-END-FILE
@load frameworks/communication/listen
global outfile: file;
global try: count;
redef InputAscii::empty_field = "EMPTY";
type Idx: record {
@ -28,15 +36,24 @@ type Val: record {
global destination: table[int] of Val = table();
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool) {
print description;
print tpe;
print left;
print right;
}
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: bool)
{
print outfile, description;
print outfile, tpe;
print outfile, left;
print outfile, right;
try = try + 1;
if ( try == 7 )
{
close(outfile);
terminate();
}
}
event bro_init()
{
Input::add_table([$source="input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
{
try = 0;
outfile = open("../out");
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=destination, $want_record=F,$ev=line]);
Input::remove("input");
}
}

88
testing/btest/scripts/base/frameworks/input/twotables.bro
View file

@ -1,10 +1,15 @@
# (uses listen.bro just to ensure input sources are more reliably fully-read).
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: cp input1.log input.log
# @TEST-EXEC: btest-bg-run bro bro %INPUT
# @TEST-EXEC: sleep 2
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: sleep 5
# @TEST-EXEC: cp input3.log input.log
# @TEST-EXEC: btest-bg-wait -k 2
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-bg-wait -k 10
# @TEST-EXEC: btest-diff event.out
# @TEST-EXEC: btest-diff pred1.out
# @TEST-EXEC: btest-diff pred2.out
# @TEST-EXEC: btest-diff fin.out
@TEST-START-FILE input1.log
#separator \x09
@ -28,6 +33,7 @@ T -43 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz
F -44 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
@TEST-END-FILE
@load base/protocols/ssh
@load frameworks/communication/listen
redef InputAscii::empty_field = "EMPTY";
@ -58,59 +64,71 @@ type Val: record {
global servers: table[int] of Val = table();
global outfile: file;
global event_out: file;
global pred1_out: file;
global pred2_out: file;
global fin_out: file;
global try: count;
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val) {
print outfile, "============EVENT============";
# print outfile, "Description";
# print outfile, description;
# print outfile, "Type";
# print outfile, tpe;
# print outfile, "Left";
# print outfile, left;
# print outfile, "Right";
# print outfile, right;
}
event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
{
print event_out, "============EVENT============";
# print event_out, "Description";
# print event_out, description;
# print event_out, "Type";
# print event_out, tpe;
# print event_out, "Left";
# print event_out, left;
# print event_out, "Right";
# print event_out, right;
}
event bro_init()
{
outfile = open ("../out");
{
event_out = open ("../event.out");
pred1_out = open ("../pred1.out");
pred2_out = open ("../pred2.out");
fin_out = open ("../fin.out");
try = 0;
# first read in the old stuff into the table...
Input::add_table([$source="../input.log", $mode=Input::REREAD, $name="ssh", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE============";
print outfile, typ;
print outfile, left;
print outfile, right;
print pred1_out, "============PREDICATE============";
print pred1_out, typ;
print pred1_out, left;
print pred1_out, right;
return T;
}
]);
Input::add_table([$source="../input2.log", $mode=Input::REREAD, $name="ssh2", $idx=Idx, $val=Val, $destination=servers, $ev=line,
$pred(typ: Input::Event, left: Idx, right: Val) = {
print outfile, "============PREDICATE 2============";
print outfile, typ;
print outfile, left;
print outfile, right;
print pred2_out, "============PREDICATE 2============";
print pred2_out, typ;
print pred2_out, left;
print pred2_out, right;
return T;
}
]);
}
}
event Input::update_finished(name: string, source: string) {
print outfile, "==========SERVERS============";
print outfile, servers;
event Input::update_finished(name: string, source: string)
{
print fin_out, "==========SERVERS============";
#print fin_out, servers;
try = try + 1;
if ( try == 3 ) {
print outfile, "done";
print outfile, servers;
close(outfile);
if ( try == 3 )
{
print fin_out, "done";
print fin_out, servers;
close(event_out);
close(pred1_out);
close(pred2_out);
close(fin_out);
Input::remove("input");
Input::remove("input2");
terminate();
}
}
}