spicy-redis: Add synchronization and pipeline support

Also adds some command support

testing/btest/scripts/base/protocols/redis/bulk.zeek

@@ -0,0 +1,13 @@
+# @TEST-DOC: Test Zeek parsing a trace file made with bulk-created SET commands
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/bulk-loading.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+# The bulk-loading functionality just sends the serialized form from some ruby
+# code directly to the server, but it's useful to see if that trace might come
+# up with something different. See:
+# https://redis.io/docs/latest/develop/use/patterns/bulk-loading/
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
+    {
+    print fmt("SET: %s %s", command$key, command$value);
+    }

testing/btest/scripts/base/protocols/redis/django-cloud.zeek

@@ -0,0 +1,15 @@
+# @TEST-DOC: Test Redis traffic from a django app using Redis (in the cloud) as a cache
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cloud.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff resp.log
+
+redef RESP::ports += {
+    10625/tcp,
+};
+
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
+    {
+    # Print the whole command because these have extra data that's worth capturing.
+    print fmt("SET: %s %s expires in %d milliseconds", command$key, command$value, command$px);
+    }

testing/btest/scripts/base/protocols/redis/django.zeek

@@ -0,0 +1,11 @@
+# @TEST-DOC: Test Redis traffic from a django app using Redis as a cache
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/django-cache.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff resp.log
+
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
+    {
+    # Print the whole command because these have extra data that's worth capturing.
+    print fmt("SET: %s %s expires in %d milliseconds", command$key, command$value, command$px);
+    }

testing/btest/scripts/base/protocols/redis/pipelined-with-commands.zeek

@@ -0,0 +1,18 @@
+# @TEST-DOC: Test Zeek parsing "pipelined" data responses
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/pipeline-with-commands.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff resp.log
+
+# Sometimes commands aren't serialized, like when pipelining. This still works! So we
+# should handle this. This particular example has a few commands, amongst them a SET and
+# a GET.
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
+    {
+    print fmt("SET: %s %s", command$key, command$value);
+    }
+
+event RESP::get_command(c: connection, is_orig: bool, command: RESP::GetCommand)
+    {
+    print fmt("GET: %s", command);
+    }

testing/btest/scripts/base/protocols/redis/pipelined.zeek

@@ -0,0 +1,12 @@
+# @TEST-DOC: Test Zeek parsing "pipelined" data responses
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/pipelining-example.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff resp.log
+
+# Testing the example of "pipelining" in REDIS docs:
+# https://redis.io/docs/latest/develop/use/pipelining/
+# Namely sending three PINGs. This does not get sent as RESP data, but we should
+# be able to skip it and get the responses, which are properly encoded.
+#
+# Also, you can send serialized data this way - that's kinda what the bulk test does.

testing/btest/scripts/base/protocols/redis/pubsub.zeek

@@ -0,0 +1,9 @@
+# @TEST-DOC: Test Zeek parsing pubsub commands
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/pubsub.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff resp.log
+
+# Testing the example of pub sub in REDIS docs:
+# https://redis.io/docs/latest/develop/interact/pubsub/
+# These are just commands between two different clients, one PUBLISH and one SUBSCRIBE.

testing/btest/scripts/base/protocols/redis/set.zeek

@@ -0,0 +1,9 @@
+# @TEST-DOC: Test Zeek parsing SET commands
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/set.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
+    {
+    print fmt("Key: %s Value: %s", command$key, command$value);
+    }

testing/btest/scripts/base/protocols/redis/tls.zeek

@@ -0,0 +1,6 @@
+# @TEST-DOC: Test Zeek with RESP over TLS so it doesn't get gibberish
+#
+# @TEST-EXEC: zeek -Cr $TRACES/redis/tls.trace base/protocols/redis %INPUT >output
+# @TEST-EXEC-FAIL: test -f resp.log
+
+# The logs should probably be empty since it's all encrypted

testing/btest/scripts/base/protocols/redis/trace.zeek

@@ -4,7 +4,12 @@
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff resp.log
 
-event RESP::data(c: connection, payload: RESP::RESPData)
+event RESP::set_command(c: connection, is_orig: bool, command: RESP::SetCommand)
     {
-    print fmt("Testing RESP: %s", payload);
+    print fmt("SET: %s %s", command$key, command$value);
+    }
+
+event RESP::get_command(c: connection, is_orig: bool, command: RESP::GetCommand)
+    {
+    print fmt("GET: %s", command);
     }