mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 10:38:20 +00:00
Merge branch 'topic/policy-scripts-new' of ssh://git.bro-ids.org/bro into topic/policy-scripts-new
This commit is contained in:
Seth Hall
commit
aebc2ea030
25 changed files with 415 additions and 312 deletions
|
|
@ -94,7 +94,7 @@ macro(REST_TARGET srcDir broInput)
|
|||
set(group "")
|
||||
endif ()
|
||||
|
||||
if (${group} STREQUAL "default" OR ${group} STREQUAL "bifs")
|
||||
if ("${group}" STREQUAL "default" OR "${group}" STREQUAL "bifs")
|
||||
set(BRO_ARGS --doc-scripts --exec '')
|
||||
else ()
|
||||
set(BRO_ARGS --doc-scripts ${broInput})
|
||||
|
|
@ -127,117 +127,127 @@ macro(REST_TARGET srcDir broInput)
|
|||
endmacro(REST_TARGET)
|
||||
|
||||
# Schedule Bro scripts for which to generate documentation.
|
||||
# Note: the script may be located in a subdirectory off of one of the main
|
||||
# directories in BROPATH. In that case, just list the script as 'foo/bar.bro'
|
||||
rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal)
|
||||
#
|
||||
# Note: any path prefix of the script (2nd argument of rest_target macro)
|
||||
# will be used to derive what path under policy/ the generated documentation
|
||||
# will be placed.
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} conn.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} conn/base.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} conn/contents.bro user)
|
||||
rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} dns.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/auth-addl.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/base.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/consts.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/detect.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/passive-replication.bro policy/dns-index)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro)
|
||||
|
||||
# TODO: these don't currently work due to something that looks like a
|
||||
# circular dependency. They'll also change to the 'default' group once
|
||||
# loaded from bro.init.
|
||||
#rest_target(${POLICY_SRC_DIR} dpd.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/base.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/dyn-disable.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/packet-segment-logging.bro policy/dpd-index)
|
||||
set(psd ${POLICY_SRC_DIR})
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ftp.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/base.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/detect.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/file-extract.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/software.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/utils-commands.bro policy/ftp-index)
|
||||
rest_target(${psd} bro.init)
|
||||
rest_target(${psd} site.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} functions.bro user)
|
||||
rest_target(${psd} detectors/http-MHR.bro)
|
||||
|
||||
# TODO: hot.conn.bro currently won't load because hot.bro doesn't exist
|
||||
#rest_target(${POLICY_SRC_DIR} hot.conn.bro user)
|
||||
rest_target(${psd} frameworks/communication/base.bro)
|
||||
rest_target(${psd} frameworks/communication/listen-clear.bro)
|
||||
rest_target(${psd} frameworks/communication/listen-ssl.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} http.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/base-extended.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/base.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-intel.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-sqli.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-webapps.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-extract.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-hash.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-ident.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/headers.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/software.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/utils.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/var-extraction-cookies.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/var-extraction-uri.bro policy/http-index)
|
||||
rest_target(${psd} frameworks/dpd/base.bro)
|
||||
rest_target(${psd} frameworks/dpd/dyn-disable.bro)
|
||||
rest_target(${psd} frameworks/dpd/packet-segment-logging.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} irc.bro policy/irc-index)
|
||||
rest_target(${POLICY_SRC_DIR} irc/base.bro policy/irc-index)
|
||||
rest_target(${POLICY_SRC_DIR} irc/dcc-send.bro policy/irc-index)
|
||||
rest_target(${psd} frameworks/intel/base.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} known-services.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} known-hosts.bro user)
|
||||
rest_target(${psd} frameworks/logging/base.bro)
|
||||
rest_target(${psd} frameworks/logging/plugins/ascii.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} metrics.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/base.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/conn-example.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/http-example.bro policy/metrics-index)
|
||||
rest_target(${psd} frameworks/metrics/base.bro)
|
||||
rest_target(${psd} frameworks/metrics/conn-example.bro)
|
||||
rest_target(${psd} frameworks/metrics/http-example.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} mime.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/base.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-extract.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-hash.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-ident.bro policy/mime-index)
|
||||
rest_target(${psd} frameworks/notice/action-filters.bro)
|
||||
rest_target(${psd} frameworks/notice/base.bro)
|
||||
rest_target(${psd} frameworks/notice/weird.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} notice-action-filters.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} notice.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} site.bro user)
|
||||
rest_target(${psd} frameworks/packet-filter/base.bro)
|
||||
rest_target(${psd} frameworks/packet-filter/netstats.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} signatures.bro policy/sig-index)
|
||||
rest_target(${POLICY_SRC_DIR} signatures/base.bro policy/sig-index)
|
||||
rest_target(${psd} frameworks/signatures/base.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} smtp.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/base-extended.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/base.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/detect.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/software.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/utils.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/webmail-ident.bro policy/smtp-index)
|
||||
rest_target(${psd} frameworks/software/base.bro)
|
||||
rest_target(${psd} frameworks/software/vulnerable.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} software.bro policy/software-index)
|
||||
rest_target(${POLICY_SRC_DIR} software/base.bro policy/software-index)
|
||||
rest_target(${POLICY_SRC_DIR} software/vulnerable.bro policy/software-index)
|
||||
rest_target(${psd} integration/barnyard2/base.bro)
|
||||
rest_target(${psd} integration/barnyard2/event.bro)
|
||||
rest_target(${psd} integration/barnyard2/types.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ssh.bro policy/ssh-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssh/base.bro policy/ssh-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssh/software.bro policy/ssh-index)
|
||||
rest_target(${psd} protocols/conn/base.bro)
|
||||
rest_target(${psd} protocols/conn/contents.bro)
|
||||
rest_target(${psd} protocols/conn/inactivity.bro)
|
||||
rest_target(${psd} protocols/conn/known-hosts.bro)
|
||||
rest_target(${psd} protocols/conn/known-services.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ssl-ciphers.bro policy/ssl-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssl-errors.bro policy/ssl-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssl.bro policy/ssl-index)
|
||||
rest_target(${psd} protocols/dns/auth-addl.bro)
|
||||
rest_target(${psd} protocols/dns/base.bro)
|
||||
rest_target(${psd} protocols/dns/consts.bro)
|
||||
rest_target(${psd} protocols/dns/detect.bro)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} utils/pattern.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} weird.bro user)
|
||||
rest_target(${psd} protocols/ftp/base.bro)
|
||||
rest_target(${psd} protocols/ftp/detect.bro)
|
||||
rest_target(${psd} protocols/ftp/file-extract.bro)
|
||||
rest_target(${psd} protocols/ftp/software.bro)
|
||||
rest_target(${psd} protocols/ftp/utils-commands.bro)
|
||||
|
||||
# Finding out what scripts bro will generate documentation for by default
|
||||
# can be done like: `bro --doc-scripts --exec ""`
|
||||
rest_target(${POLICY_SRC_DIR} bro.init default)
|
||||
rest_target(${POLICY_SRC_DIR} logging-ascii.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} logging.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} pcap.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} server-ports.bro default)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro bifs)
|
||||
rest_target(${psd} protocols/http/base.bro)
|
||||
rest_target(${psd} protocols/http/detect-intel.bro)
|
||||
rest_target(${psd} protocols/http/detect-sqli.bro)
|
||||
rest_target(${psd} protocols/http/detect-webapps.bro)
|
||||
rest_target(${psd} protocols/http/file-extract.bro)
|
||||
rest_target(${psd} protocols/http/file-hash.bro)
|
||||
rest_target(${psd} protocols/http/file-ident.bro)
|
||||
rest_target(${psd} protocols/http/headers.bro)
|
||||
rest_target(${psd} protocols/http/software.bro)
|
||||
rest_target(${psd} protocols/http/utils.bro)
|
||||
rest_target(${psd} protocols/http/var-extraction-cookies.bro)
|
||||
rest_target(${psd} protocols/http/var-extraction-uri.bro)
|
||||
|
||||
rest_target(${psd} protocols/irc/base.bro)
|
||||
rest_target(${psd} protocols/irc/dcc-send.bro)
|
||||
|
||||
rest_target(${psd} protocols/mime/base.bro)
|
||||
rest_target(${psd} protocols/mime/file-extract.bro)
|
||||
rest_target(${psd} protocols/mime/file-hash.bro)
|
||||
rest_target(${psd} protocols/mime/file-ident.bro)
|
||||
|
||||
rest_target(${psd} protocols/smtp/base.bro)
|
||||
rest_target(${psd} protocols/smtp/detect.bro)
|
||||
rest_target(${psd} protocols/smtp/software.bro)
|
||||
|
||||
rest_target(${psd} protocols/ssh/base.bro)
|
||||
rest_target(${psd} protocols/ssh/software.bro)
|
||||
|
||||
#rest_target(${psd} protocols/ssl/base.bro)
|
||||
#rest_target(${psd} protocols/ssl/ssl-ciphers.bro)
|
||||
#rest_target(${psd} protocols/ssl/ssl-errors.bro)
|
||||
#rest_target(${psd} protocols/ssl/ssl.bro)
|
||||
#rest_target(${psd} protocols/ssl/validate.bro)
|
||||
|
||||
rest_target(${psd} protocols/syslog/base.bro)
|
||||
rest_target(${psd} protocols/syslog/consts.bro)
|
||||
|
||||
rest_target(${psd} tuning/defaults/packet-fragments.bro)
|
||||
rest_target(${psd} tuning/defaults/remove-high-volume-notices.bro)
|
||||
rest_target(${psd} tuning/track-all-assets.bro)
|
||||
|
||||
rest_target(${psd} utils/addrs.bro)
|
||||
rest_target(${psd} utils/conn_ids.bro)
|
||||
rest_target(${psd} utils/directions-and-hosts.bro)
|
||||
rest_target(${psd} utils/files.bro)
|
||||
rest_target(${psd} utils/numbers.bro)
|
||||
rest_target(${psd} utils/paths.bro)
|
||||
rest_target(${psd} utils/pattern.bro)
|
||||
rest_target(${psd} utils/strings.bro)
|
||||
rest_target(${psd} utils/thresholds.bro)
|
||||
|
||||
# create temporary list of all docs to include in the master policy/index file
|
||||
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/tmp_policy_index
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ Contents:
|
|||
builtins
|
||||
default
|
||||
bifs
|
||||
user
|
||||
policy/dns-index
|
||||
policy/ftp-index
|
||||
policy/http-index
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Other User-Facing Policy Scripts
|
||||
================================
|
||||
|
||||
|
|
@ -3,9 +3,11 @@
|
|||
#include <string>
|
||||
#include <list>
|
||||
#include <algorithm>
|
||||
#include <libgen.h>
|
||||
|
||||
#include "BroDoc.h"
|
||||
#include "BroDocObj.h"
|
||||
#include "util.h"
|
||||
|
||||
BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
||||
{
|
||||
|
|
@ -15,25 +17,19 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
|||
else
|
||||
source_filename = abs.substr(f_pos + 1);
|
||||
|
||||
if ( rel == abs )
|
||||
if ( rel[0] == '/' || rel[0] == '.' )
|
||||
{
|
||||
// The Bro script must have been loaded from an explicit path,
|
||||
// so just use the basename as the document title
|
||||
// The Bro script must not be on a subpath of the policy/ dir of
|
||||
// BROPATH, so just use the basename as the document title
|
||||
doc_title = source_filename;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Must have relied on BROPATH to load the script, keep the relative
|
||||
// directory as part of the source file name
|
||||
size_t ext_pos = rel.find_last_of('.');
|
||||
std::string rel_ext = rel.substr(ext_pos + 1);
|
||||
ext_pos = abs.find_last_of('.');
|
||||
std::string abs_ext = abs.substr(ext_pos + 1);
|
||||
|
||||
if ( rel_ext == abs_ext || std::string::npos == ext_pos )
|
||||
doc_title = rel;
|
||||
// keep the relative directory as part of the document title
|
||||
if ( rel.size() == 0 || rel[rel.size() - 1] == '/' )
|
||||
doc_title = rel + source_filename;
|
||||
else
|
||||
doc_title = rel + "." + abs_ext;
|
||||
doc_title = rel + "/" + source_filename;
|
||||
}
|
||||
|
||||
reST_filename = doc_title;
|
||||
|
|
@ -46,24 +42,6 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
|||
reST_filename = doc_title.substr(0, ext_pos);
|
||||
reST_filename += ".rst";
|
||||
|
||||
/*
|
||||
// if the bro source file is being loaded from a relative path,
|
||||
// re-create that directory tree to store the output
|
||||
size_t f_pos = reST_filename.find_last_of('/');
|
||||
if ( std::string::npos != f_pos )
|
||||
{
|
||||
std::string outdir = reST_filename.substr(0, f_pos);
|
||||
std::string subdir;
|
||||
while ( ! outdir.empty() )
|
||||
{
|
||||
size_t pos = outdir.find_first_of('/');
|
||||
if ( pos != std::string::npos ) pos++;
|
||||
subdir += outdir.substr(0, pos);
|
||||
outdir.erase(0, pos);
|
||||
ensure_dir(subdir.c_str());
|
||||
}
|
||||
}
|
||||
*/
|
||||
// Instead of re-creating the directory hierarchy based on related
|
||||
// loads, just replace the directory separatories such that the reST
|
||||
// output will all be placed in a flat directory (the working dir).
|
||||
|
|
@ -76,7 +54,7 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
|||
|
||||
#ifdef DEBUG
|
||||
fprintf(stdout, "Documenting absolute source: %s\n", abs.c_str());
|
||||
fprintf(stdout, "\trelative load: %s\n", rel.c_str());
|
||||
fprintf(stdout, "\trelative dir: %s\n", rel.c_str());
|
||||
fprintf(stdout, "\tdoc title: %s\n", doc_title.c_str());
|
||||
fprintf(stdout, "\tbro file: %s\n", source_filename.c_str());
|
||||
fprintf(stdout, "\trst file: %s\n", reST_filename.c_str());
|
||||
|
|
@ -93,12 +71,60 @@ BroDoc::~BroDoc()
|
|||
|
||||
void BroDoc::AddImport(const std::string& s)
|
||||
{
|
||||
size_t ext_pos = s.find_last_of('.');
|
||||
std::string lname(s);
|
||||
// first strip any .bro extension
|
||||
size_t ext_pos = lname.find(".bro");
|
||||
if ( ext_pos != std::string::npos )
|
||||
lname = lname.substr(0, ext_pos);
|
||||
|
||||
if ( ext_pos == std::string::npos )
|
||||
imports.push_back(s);
|
||||
const char* full_filename = "<error>";
|
||||
const char* subpath = "<error>";
|
||||
FILE* f = search_for_file(lname.c_str(), "bro", &full_filename, true,
|
||||
&subpath);
|
||||
|
||||
if ( f )
|
||||
{
|
||||
fclose(f);
|
||||
|
||||
char* tmp = copy_string(full_filename);
|
||||
char* filename = basename(tmp);
|
||||
extern char* PACKAGE_LOADER;
|
||||
|
||||
if ( streq(filename, PACKAGE_LOADER) )
|
||||
{
|
||||
// link to the package's index
|
||||
// TODO: check that this works
|
||||
string pkg(subpath);
|
||||
pkg += "/index";
|
||||
imports.push_back(pkg);
|
||||
}
|
||||
else
|
||||
imports.push_back(s.substr(0, ext_pos));
|
||||
{
|
||||
if ( subpath[0] == '/' || subpath[0] == '.' )
|
||||
{
|
||||
// it's not a subpath of policy/, so just add the name of it
|
||||
// as it's given in the @load directive
|
||||
imports.push_back(lname);
|
||||
}
|
||||
else
|
||||
{
|
||||
// combine the base file name of script in the @load directive
|
||||
// with the subpath of BROPATH's policy/ directory
|
||||
string fname(subpath);
|
||||
char* othertmp = copy_string(lname.c_str());
|
||||
fname.append("/").append(basename(othertmp));
|
||||
imports.push_back(fname);
|
||||
delete [] othertmp;
|
||||
}
|
||||
}
|
||||
|
||||
delete [] tmp;
|
||||
delete [] full_filename;
|
||||
delete [] subpath;
|
||||
}
|
||||
else
|
||||
fprintf(stderr, "Failed to document '@load %s' in file: %s\n",
|
||||
s.c_str(), reST_filename.c_str());
|
||||
}
|
||||
|
||||
void BroDoc::SetPacketFilter(const std::string& s)
|
||||
|
|
|
|||
|
|
@ -24,9 +24,11 @@ public:
|
|||
* If the filename doesn't end in ".bro", then ".rst" is just appended.
|
||||
* Any '/' characters in the reST file name that result from choice of
|
||||
* the 'rel' parameter are replaced with '^'.
|
||||
* @param rel A string representing the path relative to BROPATH off of
|
||||
* which the source file is loaded or generally any filesystem
|
||||
* path to a Bro script. May or may not have .bro file extension.
|
||||
* @param subpath A string representing a subpath of BROPATH's policy/
|
||||
* directory in which the source file is located. It can
|
||||
* also be full path to the file or a full path that's in BROPATH,
|
||||
* but in either of those cases, the parameter is essentially
|
||||
* ignored and the document title is just derived from file name
|
||||
* @param abs The absolute path to the Bro script for which to generate
|
||||
* documentation.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -343,7 +343,7 @@ vector<ParseLocationRec> parse_location_string(const string& s)
|
|||
plr.type = plrUnknown;
|
||||
|
||||
FILE* throwaway = search_for_file(filename.c_str(), "bro",
|
||||
&full_filename, true);
|
||||
&full_filename, true, 0);
|
||||
if ( ! throwaway )
|
||||
{
|
||||
debug_msg("No such policy file: %s.\n", filename.c_str());
|
||||
|
|
|
|||
|
|
@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file)
|
|||
uint32 ln=0;
|
||||
char buf[MAXLINE];
|
||||
char* p;
|
||||
FILE* c = search_for_file( file, "osf", 0, false);
|
||||
FILE* c = search_for_file( file, "osf", 0, false, 0);
|
||||
|
||||
if (!c)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ bool RuleMatcher::ReadFiles(const name_list& files)
|
|||
|
||||
for ( int i = 0; i < files.length(); ++i )
|
||||
{
|
||||
rules_in = search_for_file( files[i], "sig", 0, false);
|
||||
rules_in = search_for_file( files[i], "sig", 0, false, 0);
|
||||
if ( ! rules_in )
|
||||
{
|
||||
error("Can't open signature file", files[i]);
|
||||
|
|
|
|||
10
src/scan.l
10
src/scan.l
|
|
@ -348,7 +348,7 @@ when return TOK_WHEN;
|
|||
|
||||
// All we have to do is pretend we've already scanned it.
|
||||
const char* full_filename;
|
||||
FILE* f = search_for_file(new_file, "bro", &full_filename, true);
|
||||
FILE* f = search_for_file(new_file, "bro", &full_filename, true, 0);
|
||||
|
||||
if ( f )
|
||||
{
|
||||
|
|
@ -537,6 +537,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
const char* prefix = prefixes[i];
|
||||
|
||||
const char* full_filename = "<internal error>";
|
||||
const char* bropath_subpath = "<internal error>";
|
||||
FILE* f;
|
||||
|
||||
if ( streq(orig_file, "-") )
|
||||
|
|
@ -561,7 +562,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
else
|
||||
strcpy(new_filename, orig_file);
|
||||
|
||||
f = search_for_file(new_filename, "bro", &full_filename, true);
|
||||
f = search_for_file(new_filename, "bro", &full_filename, true, &bropath_subpath);
|
||||
delete [] new_filename;
|
||||
}
|
||||
|
||||
|
|
@ -576,6 +577,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
{
|
||||
fclose(f);
|
||||
delete [] full_filename;
|
||||
delete [] bropath_subpath;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -621,10 +623,12 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
|
||||
if ( generate_documentation )
|
||||
{
|
||||
current_reST_doc = new BroDoc(orig_file, full_filename);
|
||||
current_reST_doc = new BroDoc(bropath_subpath, full_filename);
|
||||
docs_generated.push_back(current_reST_doc);
|
||||
}
|
||||
|
||||
delete [] bropath_subpath;
|
||||
|
||||
// "orig_file", could be an alias for yytext, which is ephemeral
|
||||
// and will be zapped after the yy_switch_to_buffer() below.
|
||||
yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE));
|
||||
|
|
|
|||
81
src/util.cc
81
src/util.cc
|
|
@ -26,6 +26,7 @@
|
|||
#include <stdarg.h>
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <libgen.h>
|
||||
|
||||
#ifdef HAVE_MALLINFO
|
||||
# include <malloc.h>
|
||||
|
|
@ -881,7 +882,7 @@ const char* bro_prefixes()
|
|||
return p;
|
||||
}
|
||||
|
||||
static const char* PACKAGE_LOADER = "__load__.bro";
|
||||
const char* PACKAGE_LOADER = "__load__.bro";
|
||||
|
||||
// If filename is pointing to a directory that contains a file called
|
||||
// PACKAGE_LOADER, returns the files path. Otherwise returns filename itself.
|
||||
|
|
@ -915,11 +916,73 @@ FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs
|
|||
return f;
|
||||
}
|
||||
|
||||
// Returns the subpath of BROPATH's policy/ directory in which the loaded
|
||||
// file in located. If it's not under a subpath of policy/ then the full
|
||||
// path is returned, else the subpath of policy/ concatentated with any
|
||||
// directory prefix of the file is returned.
|
||||
void get_policy_subpath(const char* dir, const char* file, const char** subpath)
|
||||
{
|
||||
// first figure out if this is a subpath of policy/
|
||||
const char* ploc = strstr(dir, "policy");
|
||||
if ( ploc )
|
||||
if ( ploc[6] == '\0' )
|
||||
*subpath = copy_string(ploc + 6);
|
||||
else if ( ploc[6] == '/' )
|
||||
*subpath = copy_string(ploc + 7);
|
||||
else
|
||||
*subpath = copy_string(dir);
|
||||
else
|
||||
*subpath = copy_string(dir);
|
||||
|
||||
// and now add any directory parts of the filename
|
||||
char full_filename_buf[1024];
|
||||
safe_snprintf(full_filename_buf, sizeof(full_filename_buf),
|
||||
"%s/%s", dir, file);
|
||||
char* tmp = copy_string(file);
|
||||
const char* fdir = 0;
|
||||
|
||||
if ( is_dir(full_filename_buf) )
|
||||
fdir = file;
|
||||
|
||||
if ( ! fdir )
|
||||
fdir = dirname(tmp);
|
||||
|
||||
if ( ! streq(fdir, ".") )
|
||||
{
|
||||
size_t full_subpath_len = strlen(*subpath) + strlen(fdir) + 1;
|
||||
bool needslash = false;
|
||||
if ( strlen(*subpath) != 0 && (*subpath)[strlen(*subpath) - 1] != '/' )
|
||||
{
|
||||
++full_subpath_len;
|
||||
needslash = true;
|
||||
}
|
||||
|
||||
char* full_subpath = new char[full_subpath_len];
|
||||
strcpy(full_subpath, *subpath);
|
||||
if ( needslash )
|
||||
strcat(full_subpath, "/");
|
||||
strcat(full_subpath, fdir);
|
||||
delete [] *subpath;
|
||||
*subpath = full_subpath;
|
||||
}
|
||||
|
||||
delete [] tmp;
|
||||
}
|
||||
|
||||
FILE* search_for_file(const char* filename, const char* ext,
|
||||
const char** full_filename, bool load_pkgs)
|
||||
const char** full_filename, bool load_pkgs,
|
||||
const char** bropath_subpath)
|
||||
{
|
||||
if ( filename[0] == '/' || filename[0] == '.' )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
{
|
||||
char* tmp = copy_string(filename);
|
||||
*bropath_subpath = copy_string(dirname(tmp));
|
||||
delete [] tmp;
|
||||
}
|
||||
return open_file(filename, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
char path[1024], full_filename_buf[1024];
|
||||
safe_strncpy(path, bro_path(), sizeof(path));
|
||||
|
|
@ -942,18 +1005,32 @@ FILE* search_for_file(const char* filename, const char* ext,
|
|||
"%s/%s.%s", dir_beginning, filename, ext);
|
||||
if ( access(full_filename_buf, R_OK) == 0 &&
|
||||
! is_dir(full_filename_buf) )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
get_policy_subpath(dir_beginning, filename, bropath_subpath);
|
||||
return open_file(full_filename_buf, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
safe_snprintf(full_filename_buf, sizeof(full_filename_buf),
|
||||
"%s/%s", dir_beginning, filename);
|
||||
if ( access(full_filename_buf, R_OK) == 0 )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
get_policy_subpath(dir_beginning, filename, bropath_subpath);
|
||||
return open_file(full_filename_buf, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
dir_beginning = ++dir_ending;
|
||||
}
|
||||
|
||||
if ( full_filename )
|
||||
*full_filename = copy_string(filename);
|
||||
if ( bropath_subpath )
|
||||
{
|
||||
char* tmp = copy_string(filename);
|
||||
*bropath_subpath = copy_string(dirname(tmp));
|
||||
delete [] tmp;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -189,8 +189,9 @@ extern int int_list_cmp(const void* v1, const void* v2);
|
|||
|
||||
extern const char* bro_path();
|
||||
extern const char* bro_prefixes();
|
||||
void get_policy_subpath(const char* dir, const char* file, const char** subpath);
|
||||
extern FILE* search_for_file(const char* filename, const char* ext,
|
||||
const char** full_filename, bool load_pkgs);
|
||||
const char** full_filename, bool load_pkgs, const char** bropath_subpath);
|
||||
|
||||
// Renames the given file to a new temporary name, and opens a new file with
|
||||
// the original name. Returns new file or NULL on error. Inits rotate_info if
|
||||
|
|
|
|||
|
|
@ -1,39 +1,39 @@
|
|||
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], eWnXpPX1c78
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], LgR69jMtmJe
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], KrFIsOCbrmk
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], SVk7XftAIqb
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], pE4ZiaKtRel
|
||||
|
|
|
|||
|
|
@ -1,40 +1,39 @@
|
|||
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], eWnXpPX1c78
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], LgR69jMtmJe
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], KrFIsOCbrmk
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], SVk7XftAIqb
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], pE4ZiaKtRel
|
||||
|
|
|
|||
|
|
@ -1,39 +1,39 @@
|
|||
[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 50da4BEzauh
|
||||
[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], tdkrEYpj5ja
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], F5XgctwO3Vl
|
||||
[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], svqqNKN9CFj
|
||||
[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], UZkBBvjF0r8
|
||||
[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], OldlyspNIr7
|
||||
[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e
|
||||
[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], OPM7xFSDNw3
|
||||
[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], j5w2LueK8Ti
|
||||
[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], hvOo97vj60k
|
||||
[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9
|
||||
[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], tpUWfNdSLE
|
||||
[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], ra1C6ZLut4b
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 4YYJTjETe1i
|
||||
[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], rmXOq6wncn1
|
||||
[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], yzqaQTU9DXe
|
||||
[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], KOdlL7sC9z2
|
||||
[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 8b9q7qPtzhd
|
||||
[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OKiJdtzKWPk
|
||||
[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], UElDH5b9qA5
|
||||
[orig_h=173.192.163.128, orig_p=80/tcp, resp_h=141.142.220.235, resp_p=6705/tcp], zVecVnfOlsf
|
||||
[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], eWnXpPX1c78
|
||||
[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], LgR69jMtmJe
|
||||
[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], KrFIsOCbrmk
|
||||
[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], SVk7XftAIqb
|
||||
[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], pE4ZiaKtRel
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
loading /Users/jsiwek/tmp/bro/policy/bro.init
|
||||
loading /Users/jsiwek/tmp/bro/build/src/const.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/build/src/types.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/build/src/strings.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/build/src/bro.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/policy/logging.bro
|
||||
loading /Users/jsiwek/tmp/bro/build/src/logging.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/policy/logging-ascii.bro
|
||||
loading /Users/jsiwek/tmp/bro/build/src/event.bif.bro
|
||||
loading /Users/jsiwek/tmp/bro/policy/pcap.bro
|
||||
loading /Users/jsiwek/tmp/bro/policy/server-ports.bro
|
||||
loading /Users/jsiwek/tmp/bro/testing/btest/.tmp/core.load-unload/load-unload.bro
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history notice_tags
|
||||
952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - -
|
||||
1128727435.4509 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf -
|
||||
1278600802.06942 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF -
|
||||
1128727435.4509 50da4BEzauh 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf -
|
||||
1278600802.06942 WUjEZFOdSS 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF -
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ each of "columns", "event", "filter" depending on exactly what it's doing.
|
|||
|
||||
:Author: Jon Siwek <jsiwek@ncsa.illinois.edu>
|
||||
|
||||
:Imports: :doc:`notice </policy/notice>`
|
||||
:Imports: :doc:`frameworks/notice/index </policy/frameworks/notice/index>`
|
||||
|
||||
Summary
|
||||
~~~~~~~
|
||||
|
|
|
|||
|
|
@ -1,32 +1,32 @@
|
|||
2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0
|
||||
1st test-11-03-07_03.00.05.log test.log 11-03-07_03.00.05 11-03-07_04.00.05 0
|
||||
1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
|
||||
1st test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
|
||||
1st test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
|
||||
1st test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
|
||||
1st test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
|
||||
1st test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
|
||||
1st test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
|
||||
1st test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
|
||||
1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
|
||||
2nd test2-11-03-07_03.00.05.log test2.log 11-03-07_03.00.05 11-03-07_03.59.55 0
|
||||
2nd test2-11-03-07_03.59.55.log test2.log 11-03-07_03.59.55 11-03-07_04.00.05 0
|
||||
2nd test2-11-03-07_04.00.05.log test2.log 11-03-07_04.00.05 11-03-07_04.59.55 0
|
||||
1st test-11-03-07_04.00.05.log test.log 11-03-07_04.00.05 11-03-07_05.00.05 0
|
||||
2nd test2-11-03-07_04.59.55.log test2.log 11-03-07_04.59.55 11-03-07_05.00.05 0
|
||||
2nd test2-11-03-07_05.00.05.log test2.log 11-03-07_05.00.05 11-03-07_05.59.55 0
|
||||
1st test-11-03-07_05.00.05.log test.log 11-03-07_05.00.05 11-03-07_06.00.05 0
|
||||
2nd test2-11-03-07_05.59.55.log test2.log 11-03-07_05.59.55 11-03-07_06.00.05 0
|
||||
2nd test2-11-03-07_06.00.05.log test2.log 11-03-07_06.00.05 11-03-07_06.59.55 0
|
||||
1st test-11-03-07_06.00.05.log test.log 11-03-07_06.00.05 11-03-07_07.00.05 0
|
||||
2nd test2-11-03-07_06.59.55.log test2.log 11-03-07_06.59.55 11-03-07_07.00.05 0
|
||||
2nd test2-11-03-07_07.00.05.log test2.log 11-03-07_07.00.05 11-03-07_07.59.55 0
|
||||
1st test-11-03-07_07.00.05.log test.log 11-03-07_07.00.05 11-03-07_08.00.05 0
|
||||
2nd test2-11-03-07_07.59.55.log test2.log 11-03-07_07.59.55 11-03-07_08.00.05 0
|
||||
2nd test2-11-03-07_08.00.05.log test2.log 11-03-07_08.00.05 11-03-07_08.59.55 0
|
||||
1st test-11-03-07_08.00.05.log test.log 11-03-07_08.00.05 11-03-07_09.00.05 0
|
||||
2nd test2-11-03-07_08.59.55.log test2.log 11-03-07_08.59.55 11-03-07_09.00.05 0
|
||||
2nd test2-11-03-07_09.00.05.log test2.log 11-03-07_09.00.05 11-03-07_09.59.55 0
|
||||
1st test-11-03-07_09.00.05.log test.log 11-03-07_09.00.05 11-03-07_10.00.05 0
|
||||
2nd test2-11-03-07_09.59.55.log test2.log 11-03-07_09.59.55 11-03-07_10.00.05 0
|
||||
2nd test2-11-03-07_10.00.05.log test2.log 11-03-07_10.00.05 11-03-07_10.59.55 0
|
||||
1st test-11-03-07_10.00.05.log test.log 11-03-07_10.00.05 11-03-07_11.00.05 0
|
||||
2nd test2-11-03-07_10.59.55.log test2.log 11-03-07_10.59.55 11-03-07_11.00.05 0
|
||||
2nd test2-11-03-07_11.00.05.log test2.log 11-03-07_11.00.05 11-03-07_11.59.55 0
|
||||
1st test-11-03-07_11.00.05.log test.log 11-03-07_11.00.05 11-03-07_12.00.05 0
|
||||
2nd test2-11-03-07_11.59.55.log test2.log 11-03-07_11.59.55 11-03-07_12.00.05 0
|
||||
2nd test2-11-03-07_12.00.05.log test2.log 11-03-07_12.00.05 11-03-07_12.59.55 0
|
||||
1st test-11-03-07_12.00.05.log test.log 11-03-07_12.00.05 11-03-07_12.59.55 1
|
||||
2nd test2-11-03-07_12.59.55.log test2.log 11-03-07_12.59.55 11-03-07_12.59.55 1
|
||||
# t id.orig_h id.orig_p id.resp_h id.resp_p
|
||||
1299466805.0 10.0.0.1 20 10.0.0.2 1024
|
||||
|
|
|
|||
|
|
@ -6,18 +6,18 @@
|
|||
#
|
||||
# Without a seed, they should differ each time:
|
||||
#
|
||||
# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT tcp >output2
|
||||
# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT conn >output2
|
||||
# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts
|
||||
# @TEST-EXEC: btest-diff counts
|
||||
#
|
||||
# Make sure it works without the connection compressor as well.
|
||||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp use_connection_compressor=F >output.cc
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn use_connection_compressor=F >output.cc
|
||||
# @TEST-EXEC: btest-diff output.cc
|
||||
#
|
||||
# Make sure it works with the full connection compressor as well.
|
||||
#
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT tcp cc_handle_only_syns=F >output.cc2
|
||||
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn cc_handle_only_syns=F >output.cc2
|
||||
# @TEST-EXEC: btest-diff output.cc2
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# This tests the @unload directive
|
||||
#
|
||||
# @TEST-EXEC: echo 'print "oops";' >dontloadmebro.bro
|
||||
# @TEST-EXEC: bro -l %INPUT dontloadmebro >output 2>&1
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
|
||||
# @TEST-EXEC: echo 'print "oops12345";' >dontloadmebro.bro
|
||||
# @TEST-EXEC: bro -l %INPUT dontloadmebro >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@unload dontloadmebro
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q F
|
||||
#
|
||||
# @TEST-EXEC: bro -e '' >output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro PacketFilter::all_packets=F ssh >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro -f "port 42" -e '' >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace conn >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
# @TEST-REQUIRES: bro -e 'print bro_has_ipv6()' | grep -q T
|
||||
#
|
||||
# @TEST-EXEC: bro -e '' >output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro PacketFilter::all_packets=F ssh >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro -f "port 42" -e '' >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace conn >>output
|
||||
# @TEST-EXEC: cat packetfilter.log >>output
|
||||
# @TEST-EXEC: cat packet_filter.log >>output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT | egrep "test|test2" >out
|
||||
# @TEST-EXEC: bro -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out
|
||||
# @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
|
|
|
|||
|
|
@ -1,20 +1,21 @@
|
|||
# A basic test of the known-hosts script's logging and asset_tracking options
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=LOCAL_HOSTS
|
||||
# @TEST-EXEC: mv knownhosts.log knownhosts-local.log
|
||||
# @TEST-EXEC: mv known_hosts.log knownhosts-local.log
|
||||
# @TEST-EXEC: btest-diff knownhosts-local.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=REMOTE_HOSTS
|
||||
# @TEST-EXEC: mv knownhosts.log knownhosts-remote.log
|
||||
# @TEST-EXEC: mv known_hosts.log knownhosts-remote.log
|
||||
# @TEST-EXEC: btest-diff knownhosts-remote.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=ALL_HOSTS
|
||||
# @TEST-EXEC: mv knownhosts.log knownhosts-all.log
|
||||
# @TEST-EXEC: mv known_hosts.log knownhosts-all.log
|
||||
# @TEST-EXEC: btest-diff knownhosts-all.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=NO_HOSTS
|
||||
# @TEST-EXEC: test '!' -e knownhosts.log
|
||||
# @TEST-EXEC: test '!' -e known_hosts.log
|
||||
|
||||
@load conn/known-hosts
|
||||
@load site
|
||||
|
||||
redef local_nets += {141.142.0.0/16};
|
||||
redef Site::local_nets += {141.142.0.0/16};
|
||||
|
|
|
|||
|
|
@ -1,23 +1,24 @@
|
|||
# A basic test of the known-services script's logging and asset_tracking options
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=LOCAL_HOSTS
|
||||
# @TEST-EXEC: mv knownservices.log knownservices-local.log
|
||||
# @TEST-EXEC: mv known_services.log knownservices-local.log
|
||||
# @TEST-EXEC: btest-diff knownservices-local.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=REMOTE_HOSTS
|
||||
# @TEST-EXEC: mv knownservices.log knownservices-remote.log
|
||||
# @TEST-EXEC: mv known_services.log knownservices-remote.log
|
||||
# @TEST-EXEC: btest-diff knownservices-remote.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=ALL_HOSTS
|
||||
# @TEST-EXEC: mv knownservices.log knownservices-all.log
|
||||
# @TEST-EXEC: mv known_services.log knownservices-all.log
|
||||
# @TEST-EXEC: btest-diff knownservices-all.log
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=NO_HOSTS
|
||||
# @TEST-EXEC: test '!' -e knownservices.log
|
||||
# @TEST-EXEC: test '!' -e known_services.log
|
||||
|
||||
@load conn/known-services
|
||||
@load http
|
||||
@load ssh
|
||||
@load ftp
|
||||
@load site
|
||||
|
||||
redef local_nets += {172.16.238.0/24};
|
||||
redef Site::local_nets += {172.16.238.0/24};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue