mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
Merge remote-tracking branch 'origin/topic/dnthayer/bug805'
* origin/topic/dnthayer/bug805: Update tests (use weird.log instead of stderr) Don't print the various "weird" events to stderr Closes #805.
This commit is contained in:
Robin Sommer
commit
87c68e8ce7
11 changed files with 234 additions and 48 deletions
12
CHANGES
12
CHANGES
|
|
@ -1,4 +1,16 @@
|
|||
|
||||
2.0-336 | 2012-05-14 17:15:44 -0700
|
||||
|
||||
* Don't print the various "weird" events to stderr. Address #805.
|
||||
(Daniel Thayer)
|
||||
|
||||
* Generate icmp_error_message event for ICMPv6 error msgs.
|
||||
Previously, icmp_sent was being generated, but icmp_error_message
|
||||
contains more info.
|
||||
|
||||
* Improved documentation comments for icmp-related events. (Daniel
|
||||
Thayer)
|
||||
|
||||
2.0-330 | 2012-05-14 17:05:56 -0700
|
||||
|
||||
* Add `addr_to_uri` script-level function that adds brackets to an
|
||||
|
|
|
|||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
2.0-330
|
||||
2.0-336
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ void Reporter::WeirdHelper(EventHandlerPtr event, Val* conn_val, const char* add
|
|||
|
||||
va_list ap;
|
||||
va_start(ap, fmt_name);
|
||||
DoLog("weird", event, stderr, 0, vl, false, false, 0, fmt_name, ap);
|
||||
DoLog("weird", event, 0, 0, vl, false, false, 0, fmt_name, ap);
|
||||
va_end(ap);
|
||||
|
||||
delete vl;
|
||||
|
|
@ -163,7 +163,7 @@ void Reporter::WeirdFlowHelper(const IPAddr& orig, const IPAddr& resp, const cha
|
|||
|
||||
va_list ap;
|
||||
va_start(ap, fmt_name);
|
||||
DoLog("weird", flow_weird, stderr, 0, vl, false, false, 0, fmt_name, ap);
|
||||
DoLog("weird", flow_weird, 0, 0, vl, false, false, 0, fmt_name, ap);
|
||||
va_end(ap);
|
||||
|
||||
delete vl;
|
||||
|
|
@ -326,6 +326,7 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out, Conne
|
|||
s += buffer;
|
||||
s += "\n";
|
||||
|
||||
if ( out )
|
||||
fprintf(out, "%s", s.c_str());
|
||||
|
||||
if ( addl )
|
||||
|
|
|
|||
|
|
@ -1,13 +1,83 @@
|
|||
1332784981.078396 weird: bad_IP_checksum
|
||||
1332784885.686428 weird: bad_TCP_checksum
|
||||
1332784933.501023 weird: bad_UDP_checksum
|
||||
1334075363.536871 weird: bad_ICMP_checksum
|
||||
1332785210.013051 weird: routing0_hdr
|
||||
1332785210.013051 weird: bad_TCP_checksum
|
||||
1332782580.798420 weird: routing0_hdr
|
||||
1332782580.798420 weird: bad_UDP_checksum
|
||||
1334075111.800086 weird: routing0_hdr
|
||||
1334075111.800086 weird: bad_ICMP_checksum
|
||||
1332785250.469132 weird: bad_TCP_checksum
|
||||
1332781342.923813 weird: bad_UDP_checksum
|
||||
1334074939.467194 weird: bad_ICMP_checksum
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784981.078396 - - - - - bad_IP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784885.686428 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332784933.501023 UWkUyAuUGXf 127.0.0.1 30000 127.0.0.1 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075363.536871 UWkUyAuUGXf 192.168.1.100 8 192.168.1.101 0 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785210.013051 - - - - - routing0_hdr - F bro
|
||||
1332785210.013051 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782580.798420 - - - - - routing0_hdr - F bro
|
||||
1332782580.798420 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:78:1:32::2 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075111.800086 - - - - - routing0_hdr - F bro
|
||||
1334075111.800086 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:78:1:32::1 129 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785250.469132 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 80 bad_TCP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332781342.923813 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 30000 2001:4f8:4:7:2e0:81ff:fe52:9a6b 13000 bad_UDP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
|
|
|
|||
|
|
@ -1,3 +1,56 @@
|
|||
1332785125.596793 weird: routing0_hdr
|
||||
1332782508.592037 weird: routing0_hdr
|
||||
1334075027.053380 weird: routing0_hdr
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334074939.467194 UWkUyAuUGXf 2001:4f8:4:7:2e0:81ff:fe52:ffff 128 2001:4f8:4:7:2e0:81ff:fe52:9a6b 129 bad_ICMP_checksum - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332785125.596793 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1332782508.592037 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334075027.053380 - - - - - routing0_hdr - F bro
|
||||
|
|
|
|||
|
|
@ -1 +0,0 @@
|
|||
1333663011.602839 weird: unknown_protocol_135
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1333663011.602839 - - - - - unknown_protocol_135 - F bro
|
||||
|
|
@ -1,3 +1,24 @@
|
|||
1334160095.895421 weird: truncated_IP
|
||||
1334156241.519125 weird: truncated_IP
|
||||
1334094648.590126 weird: truncated_IP
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334160095.895421 - - - - - truncated_IP - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334156241.519125 - - - - - truncated_IP - F bro
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path weird
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
|
||||
#types time string addr port addr port string string bool string
|
||||
1334094648.590126 - - - - - truncated_IP - F bro
|
||||
|
|
|
|||
|
|
@ -1,23 +1,42 @@
|
|||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
|
||||
# @TEST-EXEC: mv weird.log bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> bad.out
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: mv weird.log good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: test ! -e weird.log
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
|
||||
# @TEST-EXEC: test ! -e weird.log
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
|
||||
# @TEST-EXEC: cat weird.log >> good.out
|
||||
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
|
||||
# @TEST-EXEC: btest-diff bad.out
|
||||
# @TEST-EXEC: btest-diff good.out
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
|
||||
# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff weird.log
|
||||
|
||||
event mobile_ipv6_message(p: pkt_hdr)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
# Truncated IP packet's should not be analyzed, and generate truncated_IP weird
|
||||
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
|
||||
# @TEST-EXEC: mv weird.log output
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
|
||||
# @TEST-EXEC: cat weird.log >> output
|
||||
# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
|
||||
# @TEST-EXEC: cat weird.log >> output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue