From faa89913dee1e6fbc09ca5feaab724c0dfb8222c Mon Sep 17 00:00:00 2001
From: Daniel Thayer <dnthayer@ncsa.illinois.edu>
Date: Thu, 19 Apr 2012 13:45:20 -0500
Subject: [PATCH 1/2] Don't print the various "weird" events to stderr

Fixes #805.
---
 src/Reporter.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/Reporter.cc b/src/Reporter.cc
index 37470cd690..18f39ce4af 100644
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@@ -149,7 +149,7 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add
 
 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", event, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);
 
 	delete vl;
@@ -163,7 +163,7 @@ void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const cha
 
 	va_list ap;
 	va_start(ap, fmt_name);
-	DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap);
+	DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap);
 	va_end(ap);
 
 	delete vl;
@@ -326,7 +326,8 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
 		s += buffer;
 		s += "\n";
 
-		fprintf(out, "%s", s.c_str());
+		if ( out )
+			fprintf(out, "%s", s.c_str());
 
 		if ( addl )
 			{

From 508d39457a7b9ea1c63acb71f753520c0b01eac6 Mon Sep 17 00:00:00 2001
From: Daniel Thayer <dnthayer@ncsa.illinois.edu>
Date: Fri, 11 May 2012 17:09:01 -0500
Subject: [PATCH 2/2] Update tests (use weird.log instead of stderr)

---
 testing/btest/Baseline/core.checksums/bad.out | 96 ++++++++++++++++---
 .../btest/Baseline/core.checksums/good.out    | 59 +++++++++++-
 .../Baseline/core.disable-mobile-ipv6/output  |  1 -
 .../core.disable-mobile-ipv6/weird.log        |  8 ++
 testing/btest/Baseline/core.truncation/output | 27 +++++-
 testing/btest/core/checksums.test             | 57 +++++++----
 testing/btest/core/disable-mobile-ipv6.test   |  4 +-
 testing/btest/core/truncation.test            |  9 +-
 8 files changed, 217 insertions(+), 44 deletions(-)
 delete mode 100644 testing/btest/Baseline/core.disable-mobile-ipv6/output
 create mode 100644 testing/btest/Baseline/core.disable-mobile-ipv6/weird.log

diff --git a/testing/btest/Baseline/core.checksums/bad.out b/testing/btest/Baseline/core.checksums/bad.out
index 57089a72a6..44a27f7f0f 100644
--- a/testing/btest/Baseline/core.checksums/bad.out
+++ b/testing/btest/Baseline/core.checksums/bad.out
@@ -1,13 +1,83 @@
-1332784981.078396 weird: bad_IP_checksum
-1332784885.686428 weird: bad_TCP_checksum
-1332784933.501023 weird: bad_UDP_checksum
-1334075363.536871 weird: bad_ICMP_checksum
-1332785210.013051 weird: routing0_hdr
-1332785210.013051 weird: bad_TCP_checksum
-1332782580.798420 weird: routing0_hdr
-1332782580.798420 weird: bad_UDP_checksum
-1334075111.800086 weird: routing0_hdr
-1334075111.800086 weird: bad_ICMP_checksum
-1332785250.469132 weird: bad_TCP_checksum
-1332781342.923813 weird: bad_UDP_checksum
-1334074939.467194 weird: bad_ICMP_checksum
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784885.686428	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784933.501023	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075363.536871	UWkUyAuUGXf	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785210.013051	-	-	-	-	-	routing0_hdr	-	F	bro
+1332785210.013051	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782580.798420	-	-	-	-	-	routing0_hdr	-	F	bro
+1332782580.798420	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075111.800086	-	-	-	-	-	routing0_hdr	-	F	bro
+1334075111.800086	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785250.469132	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332781342.923813	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
diff --git a/testing/btest/Baseline/core.checksums/good.out b/testing/btest/Baseline/core.checksums/good.out
index 4330967d8d..0010974b7f 100644
--- a/testing/btest/Baseline/core.checksums/good.out
+++ b/testing/btest/Baseline/core.checksums/good.out
@@ -1,3 +1,56 @@
-1332785125.596793 weird: routing0_hdr
-1332782508.592037 weird: routing0_hdr
-1334075027.053380 weird: routing0_hdr
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785125.596793	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782508.592037	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/output b/testing/btest/Baseline/core.disable-mobile-ipv6/output
deleted file mode 100644
index b156353f74..0000000000
--- a/testing/btest/Baseline/core.disable-mobile-ipv6/output
+++ /dev/null
@@ -1 +0,0 @@
-1333663011.602839 weird: unknown_protocol_135
diff --git a/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
new file mode 100644
index 0000000000..478cfe8667
--- /dev/null
+++ b/testing/btest/Baseline/core.disable-mobile-ipv6/weird.log
@@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro
diff --git a/testing/btest/Baseline/core.truncation/output b/testing/btest/Baseline/core.truncation/output
index ba8d3eedee..f3d64b8b28 100644
--- a/testing/btest/Baseline/core.truncation/output
+++ b/testing/btest/Baseline/core.truncation/output
@@ -1,3 +1,24 @@
-1334160095.895421 weird: truncated_IP
-1334156241.519125 weird: truncated_IP
-1334094648.590126 weird: truncated_IP
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro
diff --git a/testing/btest/core/checksums.test b/testing/btest/core/checksums.test
index f5b3230686..77fe2a62d3 100644
--- a/testing/btest/core/checksums.test
+++ b/testing/btest/core/checksums.test
@@ -1,23 +1,42 @@
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
+# @TEST-EXEC: mv weird.log bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
 
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
+# @TEST-EXEC: mv weird.log good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
 
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
 # @TEST-EXEC: btest-diff bad.out
 # @TEST-EXEC: btest-diff good.out
diff --git a/testing/btest/core/disable-mobile-ipv6.test b/testing/btest/core/disable-mobile-ipv6.test
index 84dc43dae8..5151a12b38 100644
--- a/testing/btest/core/disable-mobile-ipv6.test
+++ b/testing/btest/core/disable-mobile-ipv6.test
@@ -1,6 +1,6 @@
 # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
-# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
+# @TEST-EXEC: btest-diff weird.log
 
 event mobile_ipv6_message(p: pkt_hdr)
 	{
diff --git a/testing/btest/core/truncation.test b/testing/btest/core/truncation.test
index 16a60fe6db..ee8bdd5bf9 100644
--- a/testing/btest/core/truncation.test
+++ b/testing/btest/core/truncation.test
@@ -1,6 +1,9 @@
 # Truncated IP packet's should not be analyzed, and generate truncated_IP weird
 
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
+# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
+# @TEST-EXEC: mv weird.log output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
 # @TEST-EXEC: btest-diff output