mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 20:18:20 +00:00
Merge remote-tracking branch 'origin/topic/dnthayer/bug805'
* origin/topic/dnthayer/bug805: Update tests (use weird.log instead of stderr) Don't print the various "weird" events to stderr Closes #805.
This commit is contained in:
commit
87c68e8ce7
11 changed files with 234 additions and 48 deletions
|
@ -1,13 +1,83 @@
|
|||
1332784981.078396 weird: bad_IP_checksum
|
||||
1332784885.686428 weird: bad_TCP_checksum
|
||||
1332784933.501023 weird: bad_UDP_checksum
|
||||
1334075363.536871 weird: bad_ICMP_checksum
|
||||
1332785210.013051 weird: routing0_hdr
|
||||
1332785210.013051 weird: bad_TCP_checksum
|
||||
1332782580.798420 weird: routing0_hdr
|
||||
1332782580.798420 weird: bad_UDP_checksum
|
||||
1334075111.800086 weird: routing0_hdr
|
||||
1334075111.800086 weird: bad_ICMP_checksum
|
||||
1332785250.469132 weird: bad_TCP_checksum
|
||||
1332781342.923813 weird: bad_UDP_checksum
|
||||
1334074939.467194 weird: bad_ICMP_checksum
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784981.078396 - - - - - bad_IP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784885.686428 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784933.501023 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075363.536871 UWkUyAuUGXf 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785210.013051 - - - - - routing0_hdr - F bro
|
||||
1332785210.013051 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782580.798420 - - - - - routing0_hdr - F bro
|
||||
1332782580.798420 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075111.800086 - - - - - routing0_hdr - F bro
|
||||
1334075111.800086 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785250.469132 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332781342.923813 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
|
|
|
@ -1,3 +1,56 @@
|
|||
1332785125.596793 weird: routing0_hdr
|
||||
1332782508.592037 weird: routing0_hdr
|
||||
1334075027.053380 weird: routing0_hdr
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785125.596793 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782508.592037 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
1333663011.602839 weird: unknown_protocol_135
|
|
@ -0,0 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1333663011.602839 - - - - - unknown_protocol_135 - F bro
|
|
@ -1,3 +1,24 @@
|
|||
1334160095.895421 weird: truncated_IP
|
||||
1334156241.519125 weird: truncated_IP
|
||||
1334094648.590126 weird: truncated_IP
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334160095.895421 - - - - - truncated_IP - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334156241.519125 - - - - - truncated_IP - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334094648.590126 - - - - - truncated_IP - F bro
|
||||
|
|
|
@ -1,23 +1,42 @@
|
|||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
|
||||
# @TEST-EXEC: mv weird.log bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: mv weird.log good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: test ! -e weird.log
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
|
||||
# @TEST-EXEC: test ! -e weird.log
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: btest-diff bad.out
|
||||
# @TEST-EXEC: btest-diff good.out
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
|
||||
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
|
||||
event mobile_ipv6_message(p: pkt_hdr)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
# Truncated IP packet's should not be analyzed, and generate truncated_IP weird
|
||||
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
|
||||
# @TEST-EXEC: mv weird.log output
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
|
||||
# @TEST-EXEC: cat weird.log >> output
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
|
||||
# @TEST-EXEC: cat weird.log >> output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue