Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/christian/release-6.1-ci-updates' into release/6.1

Browse source 
* origin/topic/christian/release-6.1-ci-updates:
  CI: Remove unused openssl30_config
  ci: Remove ZEEK_CI_DISABLE_SCRIPT_PROFILING logic
  CI: Move Debian variations from 11 to 12
  CI: Bump Ubuntu 23.04 to 23.10
  CI: Drop openSUSE Leap 15.4, about to EOL.
  CI: FreeBSD 14 is out now, 12 is about to EOL.
  CI: distro EOL comment tweaks
  CI: drop Fedora 37, add Fedora 39
  CI: Install missing packages on opensuse
  CI: Use other base64 options on macOS Sonoma too
  CI: Add macOS Sonoma build, remove macOS Monterey build
  Fix tests so they work both with GNU and BSD tools
  Install libmaxminddb in macOS CI
  CI: Pass -A flag to btest for cluster-testing builds
This commit is contained in:
Tim Wojtulewicz 2024-01-18 16:25:51 -07:00
commit 920247a2cd
14 changed files with 179 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

94
.cirrus.yml
View file

@ -16,7 +16,6 @@ static_config: &STATIC_CONFIG --build-type=release --disable-broker-tests --enab
asan_sanitizer_config: &ASAN_SANITIZER_CONFIG --build-type=debug --disable-broker-tests --sanitizers=address --enable-fuzzers --enable-coverage --disable-spicy --ccache
ubsan_sanitizer_config: &UBSAN_SANITIZER_CONFIG --build-type=debug --disable-broker-tests --sanitizers=undefined --enable-fuzzers --disable-spicy --ccache
tsan_sanitizer_config: &TSAN_SANITIZER_CONFIG --build-type=debug --disable-broker-tests --sanitizers=thread --enable-fuzzers --disable-spicy --ccache
openssl30_config: &OPENSSL30_CONFIG --build-type=release --disable-broker-tests --with-openssl=/opt/openssl --prefix=$CIRRUS_WORKING_DIR/install --ccache
resources_template: &RESOURCES_TEMPLATE
cpu: *CPUS
@ -166,19 +165,19 @@ env:
# Linux EOL timelines: https://linuxlifecycle.com/
# Fedora (~13 months): https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle
fedora39_task:
container:
# Fedora 39 EOL: Around Nov 2024
dockerfile: ci/fedora-39/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
fedora38_task:
container:
# Fedora 38 EOL: Around May 2024
dockerfile: ci/fedora-38/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
fedora37_task:
container:
# Fedora 37 EOL: Around Dec 2024
dockerfile: ci/fedora-37/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
<< : *SKIP_TASK_ON_PR
centosstream9_task:
@ -208,11 +207,30 @@ centos7_task:
debian12_task:
container:
# Debian 12 (bookworm) EOL: (not yet released)
# Debian 12 (bookworm) EOL: TBD
dockerfile: ci/debian-12/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
arm_debian12_task:
arm_container:
# Debian 12 (bookworm) EOL: TBD
dockerfile: ci/debian-12/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
env:
ZEEK_CI_CONFIGURE_FLAGS: *NO_SPICY_CONFIG
debian12_static_task:
container:
# Just use a recent/common distro to run a static compile test.
# Debian 12 (bookworm) EOL: TBD
dockerfile: ci/debian-12/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
<< : *SKIP_TASK_ON_PR
env:
ZEEK_CI_CONFIGURE_FLAGS: *STATIC_CONFIG
debian11_task:
container:
@ -220,26 +238,7 @@ debian11_task:
dockerfile: ci/debian-11/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
arm_debian11_task:
arm_container:
# Debian 11 EOL: June 2026
dockerfile: ci/debian-11/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
env:
ZEEK_CI_CONFIGURE_FLAGS: *NO_SPICY_CONFIG
debian11_static_task:
container:
# Just use a recent/common distro to run a static compile test.
# Debian 11 EOL: June 2026
dockerfile: ci/debian-11/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
<< : *SKIP_TASK_ON_PR
env:
ZEEK_CI_CONFIGURE_FLAGS: *STATIC_CONFIG
debian10_task:
container:
@ -248,16 +247,6 @@ debian10_task:
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
opensuse_leap_15_4_task:
container:
# Opensuse Leap 15.4 EOL: ~Nov 2023
dockerfile: ci/opensuse-leap-15.4/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
<< : *SKIP_TASK_ON_PR
env:
ZEEK_CI_CONFIGURE_FLAGS: *NO_SPICY_CONFIG
opensuse_leap_15_5_task:
container:
# Opensuse Leap 15.5 EOL: ~Dec 2024
@ -276,8 +265,8 @@ opensuse_tumbleweed_task:
ubuntu23_task:
container:
# Ubuntu 23.04 EOL: January 2024
dockerfile: ci/ubuntu-23.04/Dockerfile
# Ubuntu 23.10 EOL: July 2024
dockerfile: ci/ubuntu-23.10/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
@ -350,6 +339,13 @@ alpine_task:
# Apple doesn't publish official long-term support timelines.
# We aim to support both the current and previous macOS release.
macos_sonoma_task:
macos_instance:
image: ghcr.io/cirruslabs/macos-sonoma-base:latest
prepare_script: ./ci/macos/prepare.sh
<< : *CI_TEMPLATE
<< : *MACOS_ENVIRONMENT
macos_ventura_task:
macos_instance:
image: ghcr.io/cirruslabs/macos-ventura-base:latest
@ -357,21 +353,11 @@ macos_ventura_task:
<< : *CI_TEMPLATE
<< : *MACOS_ENVIRONMENT
macos_monterey_task:
macos_instance:
image: ghcr.io/cirruslabs/macos-monterey-base:latest
prepare_script: ./ci/macos/prepare.sh
<< : *CI_TEMPLATE
<< : *MACOS_ENVIRONMENT
<< : *SKIP_TASK_ON_PR
# FreeBSD EOL timelines: https://www.freebsd.org/security/#sup
freebsd14_task:
freebsd_instance:
# We don't support FreeBSD 14 yet, this is a purely informative task
image_family: freebsd-14-0-snap
allow_failures: true
skip_notification: true
# FreeBSD 14 EOL: Nov 30 2028
image_family: freebsd-14-0
<< : *FREEBSD_RESOURCES_TEMPLATE
prepare_script: ./ci/freebsd/prepare.sh
@ -401,7 +387,6 @@ asan_sanitizer_task:
env:
CXXFLAGS: -DZEEK_DICT_DEBUG
ZEEK_CI_CONFIGURE_FLAGS: *ASAN_SANITIZER_CONFIG
ZEEK_CI_DISABLE_SCRIPT_PROFILING: 1
ASAN_OPTIONS: detect_leaks=1
ubsan_sanitizer_task:
@ -416,7 +401,6 @@ ubsan_sanitizer_task:
env:
CXXFLAGS: -DZEEK_DICT_DEBUG
ZEEK_CI_CONFIGURE_FLAGS: *UBSAN_SANITIZER_CONFIG
ZEEK_CI_DISABLE_SCRIPT_PROFILING: 1
ZEEK_TAILORED_UB_CHECKS: 1
UBSAN_OPTIONS: print_stacktrace=1
@ -683,7 +667,7 @@ cluster_testing_docker_builder:
test_script:
# Invoke btest directly here. This mirrors ci/test.sh, ensures we don't
# accidentally build a Docker image, and enables console-level output:
- cd testing/external/zeek-testing-cluster && ../../../auxil/btest/btest -d -b -j ${ZEEK_CI_BTEST_JOBS}
- cd testing/external/zeek-testing-cluster && ../../../auxil/btest/btest -A -d -b -j ${ZEEK_CI_BTEST_JOBS}
on_failure:
upload_cluster_testing_artifacts:
path: "testing/external/zeek-testing-cluster/.tmp/**"

87
CHANGES
View file

@ -1,3 +1,90 @@
6.1.0-31 | 2024-01-18 16:25:51 -0700
* CI: Remove unused openssl30_config (Tim Wojtulewicz, Corelight)
(cherry picked from commit 652ba502aab843574402ec53aa0a6561b21253f3)
* ci: Remove ZEEK_CI_DISABLE_SCRIPT_PROFILING logic (Arne Welzel, Corelight)
To my knowledge this doesn't make a huge difference anymore and locally
I'm only using ASAN builds. It's not actually too slow.
(cherry picked from commit 344369f169b872b8dcb569f089b02e026fe7cfc2)
* CI: Move Debian variations from 11 to 12 (Christian Kreibich, Corelight)
This switches the ARM and static builds from 11 to 12. x86 and ARM now build by
default, and 11 only with fullci. 10 remains as-is, because we like to torture
ourselves.
(cherry picked from commit 4f6c25bb91b935666b6748b95c2b6ee55c1491ad)
* CI: Bump Ubuntu 23.04 to 23.10 (Christian Kreibich, Corelight)
(cherry picked from commit 866d4b4127ccfd8904f8867b468babd330dd6d52)
* CI: Drop openSUSE Leap 15.4, about to EOL. (Christian Kreibich, Corelight)
(cherry picked from commit ddd56b9ad7171a9f8ee3de03bc362223f2fad0fc)
* CI: FreeBSD 14 is out now, 12 is about to EOL. (Christian Kreibich, Corelight)
(cherry picked from commit 18b8e6d6bceb4492d842d9bacbd3ad9dfbdd7702)
* CI: distro EOL comment tweaks (Christian Kreibich, Corelight)
(cherry picked from commit eb1c4bf019f6a39f1d76de717eee1b34cdc50378)
* CI: drop Fedora 37, add Fedora 39 (Christian Kreibich, Corelight)
This makes 39 the ony to run at all times, and 38 one to run only with fullci.
(cherry picked from commit ee8cc77050e39aea18f2da144dc8108110bb42dc)
* CI: Install missing packages on opensuse (Tim Wojtulewicz, Corelight)
(cherry picked from commit a3ad1a24f11770d5b8c39af1671beb5d2b4c65b2)
* CI: Use other base64 options on macOS Sonoma too (Tim Wojtulewicz, Corelight)
(cherry picked from commit b1e63ffd268cdb2cd28098a0a8578a3038be8fd4)
* CI: Add macOS Sonoma build, remove macOS Monterey build (Tim Wojtulewicz, Corelight)
(cherry picked from commit 35ca1e88c7f1398c37bcbc4e20700a2aff2c4169)
* Fix tests so they work both with GNU and BSD tools (Benjamin Bannier, Corelight)
The GNU and BSD versions of `touch` and `truncate` allow slightly
different arguments, change the tests so they work in both versions.
(cherry picked from commit caaffd0324ac0557ba4c5ce0290d07a4d013a735)
* Install libmaxminddb in macOS CI (Benjamin Bannier, Corelight)
(cherry picked from commit dfba2d6df707840cabf822d70354f9e2e635b863)
* CI: Pass -A flag to btest for cluster-testing builds (Tim Wojtulewicz, Corelight)
(cherry picked from commit ac7685c679cdb6d61768ac20449175eaaaacc34c)
* Run clang-format on the branch to fix some issues from patch merges (Tim Wojtulewicz, Corelight)
* Enable darwin builds for zeek-security repo (Tim Wojtulewicz, Corelight)
(cherry picked from commit c4edd8410e7bd863e5ff528dcc321758103f678d)
* OCSP: Open-code unknown revoke reason strings (Arne Welzel, Corelight)
OpenSSL 3.2.0 knows about more reasons. Add some backwards compatibility.
Reference: https://github.com/openssl/openssl/commit/1c8a7f5091e2c5aebc043be86bcbedc6947e1c6f
(cherry picked from commit 02d00a19849d15f472b32a98a8fee27b20f2cb14)
* CI: Remove EOL (and broken) FreeBSD 12 build (Tim Wojtulewicz, Corelight)
* Update broker, zeekctl, and cmake submodules [nomail] (Tim Wojtulewicz, Corelight)
6.1.0-8 | 2024-01-12 13:04:08 -0700
* GH-3540: Known: Keep &create_expire on local tables/sets valid (Arne Welzel, Corelight)

2
VERSION
View file

@ -1 +1 @@
6.1.0-8
6.1.0-31

4
ci/fedora-37/Dockerfile → ci/fedora-39/Dockerfile
View file

@ -1,8 +1,8 @@
FROM fedora:37
FROM fedora:39
# A version field to invalidate Cirrus's build cache when needed, as suggested in
# https://github.com/cirruslabs/cirrus-ci-docs/issues/544#issuecomment-566066822
ENV DOCKERFILE_VERSION 20230801
ENV DOCKERFILE_VERSION 20231208
RUN dnf -y install \
bison \

4
ci/init-external-repos.sh
View file

@ -51,8 +51,8 @@ if [[ -n "${CIRRUS_CI}" ]] && [[ "${CIRRUS_REPO_OWNER}" == "zeek" ]] && [[ ! -d
banner "Trying to clone zeek-testing-private git repo"
echo "${ZEEK_TESTING_PRIVATE_SSH_KEY}" >cirrus_key.b64
if [ "${CIRRUS_TASK_NAME}" == "macos_ventura" ]; then
# The base64 command provided with macOS Ventura requires an argument
if [ "${CIRRUS_TASK_NAME}" == "macos_ventura" -o "${CIRRUS_TASK_NAME}" == "macos_sonoma" ]; then
# The base64 command provided with macOS Ventura/Sonoma requires an argument
# to pass the input filename
base64 -d -i cirrus_key.b64 >cirrus_key
else

2
ci/macos/prepare.sh
View file

@ -7,7 +7,7 @@ set -x
brew update
brew upgrade cmake
brew install openssl@3 swig bison flex ccache
brew install openssl@3 swig bison flex ccache libmaxminddb
python3 -m pip install --user websockets
# Brew doesn't create the /opt/homebrew/opt/openssl symlink if you install

38
ci/opensuse-leap-15.4/Dockerfile
View file

@ -1,38 +0,0 @@
FROM opensuse/leap:15.4
# A version field to invalidate Cirrus's build cache when needed, as suggested in
# https://github.com/cirruslabs/cirrus-ci-docs/issues/544#issuecomment-566066822
ENV DOCKERFILE_VERSION 20230801
RUN zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.4:Update/standard/openSUSE:Leap:15.4:Update.repo \
&& zypper refresh \
&& zypper in -y \
bison \
ccache \
cmake \
curl \
flex \
gcc10 \
gcc10-c++ \
git \
gzip \
libopenssl-devel \
libpcap-devel \
make \
python39 \
python39-devel \
python39-pip \
swig \
tar \
which \
zlib-devel \
&& rm -rf /var/cache/zypp
RUN update-alternatives --install /usr/bin/pip3 pip3 /usr/bin/pip3.9 100
RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 100
RUN update-alternatives --install /usr/bin/python3-config python3-config /usr/bin/python3.9-config 100
RUN pip3 install websockets junit2html
RUN update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-10 100
RUN update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-10 100

1
ci/opensuse-leap-15.5/Dockerfile
View file

@ -19,6 +19,7 @@ RUN zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.5
libopenssl-devel \
libpcap-devel \
make \
openssh \
python311 \
python311-devel \
python311-pip \

5
ci/opensuse-tumbleweed/Dockerfile
View file

@ -10,6 +10,7 @@ RUN zypper modifyrepo --disable repo-openh264 || true
RUN zypper refresh \
&& zypper in -y \
awk \
bison \
ccache \
cmake \
@ -24,9 +25,11 @@ RUN zypper refresh \
libopenssl-devel \
libpcap-devel \
make \
openssh \
python3 \
python3-devel \
python3-pip \
python3-websockets \
swig \
tar \
util-linux \
@ -34,4 +37,4 @@ RUN zypper refresh \
zlib-devel \
&& rm -rf /var/cache/zypp
RUN pip3 install websockets junit2html
RUN pip3 install --break-system-packages junit2html

16
ci/test.sh
View file

@ -59,13 +59,6 @@ function run_btests {
pushd testing/btest
# Commenting out this line in btest.cfg causes the script profiling/coverage
# to be disabled. We do this for the sanitizer build right now because of a
# fairly significant performance bug when running tests.
if [ "${ZEEK_CI_DISABLE_SCRIPT_PROFILING}" = "1" ]; then
sed -i 's/^ZEEK_PROFILER_FILE/#ZEEK_PROFILER_FILE/g' btest.cfg
fi
${BTEST} -z ${ZEEK_CI_BTEST_RETRIES} -d -A -x btest-results.xml -j ${ZEEK_CI_BTEST_JOBS} || result=1
make coverage
prep_artifacts
@ -74,15 +67,6 @@ function run_btests {
}
function run_external_btests {
# Commenting out this line in btest.cfg causes the script profiling/coverage
# to be disabled. We do this for the sanitizer build right now because of a
# fairly significant performance bug when running tests.
if [ "${ZEEK_CI_DISABLE_SCRIPT_PROFILING}" = "1" ]; then
pushd testing/external
sed -i 's/^ZEEK_PROFILER_FILE/#ZEEK_PROFILER_FILE/g' subdir-btest.cfg
popd
fi
local zeek_testing_pid=""
local zeek_testing_pid_private=""
pushd testing/external/zeek-testing

2
ci/ubuntu-23.04/Dockerfile → ci/ubuntu-23.10/Dockerfile
View file

@ -1,4 +1,4 @@
FROM ubuntu:23.04
FROM ubuntu:23.10
ENV DEBIAN_FRONTEND="noninteractive" TZ="America/Los_Angeles"

8
testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
View file

@ -3,15 +3,15 @@ ts level message location
1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] <params>, line 1
1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] <params>, line 1
1299470395.000000 Reporter::INFO Failed to open MaxMind DB: .<...>/GeoLite2-ASN.mmdb [The MaxMind DB file contains invalid metadata] <params>, line 1
1299470395.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 83
1299470395.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 99
1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] <params>, line 1
1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] <params>, line 1
1299470395.000000 Reporter::INFO Failed to open MaxMind DB: .<...>/GeoLite2-City.mmdb [The MaxMind DB file contains invalid metadata] <params>, line 1
1299470395.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 84
1299470395.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 100
1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] <params>, line 1
1299473995.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 83
1299473995.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 99
1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] <params>, line 1
1299473995.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 84
1299473995.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 100
1299477595.000000 Reporter::INFO Inode change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] <params>, line 1
1299477595.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] <params>, line 1
1299477595.000000 Reporter::INFO Inode change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] <params>, line 1

13
testing/btest/core/mmdb/reopen.zeek
View file

@ -14,17 +14,24 @@ redef mmdb_dir = "./mmdb";
global pkt = 0;
function timestamp(n: count): string
{
assert n <= 60;
return fmt("2020-01-01T00:%s:00", n);
}
event new_packet(c: connection, p: pkt_hdr)
{
++pkt;
# Set MMDB's modification time to current network time.
# Increment MMDB's modification time.
local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), asn_fn), "") )
if ( ! piped_exec(fmt("touch -d %s %s", timestamp(pkt), asn_fn), "") )
exit(1);
if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), city_fn), "") )
if ( ! piped_exec(fmt("touch -d %s %s", timestamp(pkt), city_fn), "") )
exit(1);
print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);

38
testing/btest/core/mmdb/temporary-error.zeek
View file

@ -15,16 +15,32 @@ redef mmdb_dir = "./mmdb";
global pkt = 0;
global asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
global city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
global asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb");
global city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb");
function timestamp(n: count): string
{
assert n <= 60;
return fmt("2020-01-01T00:%s:00", n);
}
event zeek_init()
{
# Set the initial modification time for the MMDBs.
for ( db in vector(asn_fn, city_fn, asn_fn_backup, city_fn_backup) )
{
if ( ! piped_exec(fmt("test -f %s && touch -d %s %s", db, timestamp(pkt), db), "") )
exit(1);
}
}
event new_packet(c: connection, p: pkt_hdr)
{
++pkt;
local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
local asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb");
local city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb");
if ( pkt == 1 )
{
print "start";
@ -32,10 +48,10 @@ event new_packet(c: connection, p: pkt_hdr)
if ( pkt == 2 )
{
print "corrupting db";
if ( ! piped_exec(fmt("truncate --size=8 %s", asn_fn), "") )
if ( ! piped_exec(fmt("truncate -s 8 %s", asn_fn), "") )
exit(1);
if ( ! piped_exec(fmt("truncate --size=8 %s", city_fn), "") )
if ( ! piped_exec(fmt("truncate -s 8 %s", city_fn), "") )
exit(1);
}
else if ( pkt == 4 )
@ -73,11 +89,11 @@ event new_packet(c: connection, p: pkt_hdr)
exit(1);
}
# Set MMDB's modification time to current network time for predictability.
if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", asn_fn, network_time(), asn_fn), "") )
# Increment MMDB's modification time.
if ( ! piped_exec(fmt("test -f %s && touch -d %s %s", asn_fn, timestamp(pkt), asn_fn), "") )
exit(1);
if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", city_fn, network_time(), city_fn), "") )
if ( ! piped_exec(fmt("test -f %s && touch -d %s %s", city_fn, timestamp(pkt), city_fn), "") )
exit(1);
print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);