Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
Daniel Thayer 2019-04-14 01:35:50 -05:00
commit 9cbeb44986
78 changed files with 615 additions and 201 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/scripts/base/protocols/modbus/events.bro
View file

@ -7,6 +7,7 @@
# @TEST-EXEC: btest-diff coverage
# @TEST-EXEC: btest-diff conn.log
redef DPD::ignore_violations_after = 1;
event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
{

2
testing/btest/scripts/base/protocols/modbus/exception_handling.test
View file

@ -1,10 +1,8 @@
# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace
# @TEST-EXEC: btest-diff modbus.log
# @TEST-EXEC: btest-diff weird.log
# The pcap has a flow with some fuzzed modbus traffic in it that should cause
# the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound.
# This should be correctly caught as a type of binpac::Exception and the
# binpac::ModbusTCP::Exception type that's defined as part of the analyzer
# shouldn't interfere with that handling and definitely shouldn't crash bro.
# A weird is currently emitted for parsing exceptions.

1
testing/btest/scripts/base/protocols/modbus/length_mismatch.bro
View file

@ -12,4 +12,3 @@
# data buffer.
# @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap
# @TEST-EXEC: btest-diff weird.log

2
testing/btest/scripts/base/protocols/modbus/policy.bro
View file

@ -7,3 +7,5 @@
@load protocols/modbus/known-masters-slaves
@load protocols/modbus/track-memmap
redef DPD::ignore_violations_after = 1;

13
testing/btest/scripts/base/protocols/smb/smb2-write-response.test Normal file
View file

@ -0,0 +1,13 @@
# @TEST-EXEC: bro -C -r $TRACES/smb/smb2readwrite.pcap %INPUT
# @TEST-EXEC: btest-diff .stdout
@load base/protocols/smb
# A test for write response.
event smb2_write_response(c: connection, hdr: SMB2::Header, length: count)
{
print fmt("smb2_write_response %s -> %s:%d, length: %d", c$id$orig_h, c$id$resp_h, c$id$resp_p, length);
print (hdr);
}

15
testing/btest/scripts/base/protocols/ssl/dtls-no-dtls.test Normal file
View file

@ -0,0 +1,15 @@
# This tests checks that non-dtls connections to which we attach don't trigger tons of errors.
# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT
# @TEST-EXEC: btest-diff .stdout
event bro_init()
{
const add_ports = { 53/udp };
Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, add_ports);
}
event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string)
{
print c$id, atype, reason;
}

4
testing/btest/scripts/base/protocols/syslog/missing-pri.bro Normal file
View file

@ -0,0 +1,4 @@
# @TEST-EXEC: bro -r $TRACES/syslog-missing-pri.trace %INPUT
# @TEST-EXEC: btest-diff syslog.log
@load base/protocols/syslog