Added documentation for the pattern data type as well as btests for time, interval, and pattern.

2025-10-12 19:48:20 +00:00 · 2013-02-25 01:12:07 -05:00 · 2013-02-25 01:12:07 -05:00 · b53f701ffe
commit b53f701ffe
parent 1724784aad
9 changed files with 107 additions and 0 deletions
--- a/testing/btest/Baseline/doc.manual.data_type_interval/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_interval/.stdout
@ -0,0 +1,15 @@
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 132.0 msecs 97.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 177.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 2.0 msecs 177.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 33.0 msecs 898.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 35.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3
+     Time since last connection: 2.0 msecs 532.0 usecs
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2
+     Time since last connection: 7.0 msecs 866.0 usecs
--- a/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_pattern_01/.stdout
@ -0,0 +1,3 @@
+The 
+ brown fox jumped over the 
+ dog.
--- a/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_pattern_02/.stdout
@ -0,0 +1,2 @@
+equality and /^?(equal)$?/ are not equal
+equality and /^?(equality)$?/ are equal
--- a/testing/btest/Baseline/doc.manual.data_type_time/.stdout
+++ b/testing/btest/Baseline/doc.manual.data_type_time/.stdout
@ -0,0 +1,8 @@
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.118^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.3^J
+2011/06/18 19:03:08:  New connection established from 141.142.220.118 to 208.80.152.2^J
--- a/testing/btest/doc/manual/data_type_interval.bro
+++ b/testing/btest/doc/manual/data_type_interval.bro
@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+# Store the time the previous connection was established.
+global last_connection_time: time;
+
+# boolean value to indicate whether we have seen a previous connection.
+global connection_seen: bool = F;
+
+event connection_established(c: connection)
+	{
+    local net_time: time  = network_time();
+    print fmt("%s:  New connection established from %s to %s", strftime("%Y/%M/%d %H:%m:%S", net_time), c$id$orig_h, c$id$resp_h);
+    if (connection_seen)
+        {
+        print fmt("     Time since last connection: %s", net_time - last_connection_time);
+        }
+    last_connection_time = net_time;
+    connection_seen = T;
+	}
--- a/testing/btest/doc/manual/data_type_pattern_01.bro
+++ b/testing/btest/doc/manual/data_type_pattern_01.bro
@ -0,0 +1,14 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event bro_init()
+    {
+    local test_string = "The quick brown fox jumped over the lazy dog.";
+    local test_pattern = /quick|lazy/;
+    
+    if (test_pattern in test_string)
+        local results = split(test_string, test_pattern);
+        print results[1];
+        print results[2];
+        print results[3];
+    }
--- a/testing/btest/doc/manual/data_type_pattern_02.bro
+++ b/testing/btest/doc/manual/data_type_pattern_02.bro
@ -0,0 +1,14 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event bro_init()
+    {
+    local test_string = "equality";
+
+    local test_pattern = /equal/;
+    print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
+    
+    test_pattern = /equality/;
+    print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
+    }
+
--- a/testing/btest/doc/manual/data_type_time.bro
+++ b/testing/btest/doc/manual/data_type_time.bro
@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event connection_established(c: connection)
+	{
+    print fmt("%s:  New connection established from %s to %s\n", strftime("%Y/%M/%d %H:%m:%S", network_time()), c$id$orig_h, c$id$resp_h);
+	}