Merge remote-tracking branch 'origin/master' into topic/johanna/table-on-change

testing/btest/Baseline/bifs.packet_sources/out

@@ -1 +1 @@
-[[live=F, path=/Users/jsiwek/pro/zeek/zeek/testing/btest/Traces/http/get.trace, link_type=1, netmask=4294967295]]
+[live=F, path=/Users/tim/Desktop/projects/zeek/testing/btest/Traces/http/get.trace, link_type=1, netmask=4294967295]

testing/btest/Baseline/language.expire_subnet/output

@@ -15,11 +15,11 @@ Accessed table nums: two; three
 Accessed table nets: two; zero, three
 Time: 7.0 secs 518.0 msecs 828.15361 usecs
 
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
+Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
-Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
-Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.018829 usecs

testing/btest/Baseline/scripts.base.frameworks.input.bad_patterns/.stderr

@@ -1,9 +1,9 @@
-error: input.log/Input::READER_ASCII: String '/cat/sss' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: String '/cat/sss' contained no parseable pattern.
 warning: input.log/Input::READER_ASCII: Could not convert line '2	/cat/sss' of input.log to Val. Ignoring line.
-error: input.log/Input::READER_ASCII: String '/foo|bar' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: String '/foo|bar' contained no parseable pattern.
 warning: input.log/Input::READER_ASCII: Could not convert line '3	/foo|bar' of input.log to Val. Ignoring line.
-error: input.log/Input::READER_ASCII: String 'this is not a pattern' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: String 'this is not a pattern' contained no parseable pattern.
 warning: input.log/Input::READER_ASCII: Could not convert line '4	this is not a pattern' of input.log to Val. Ignoring line.
-error: input.log/Input::READER_ASCII: String '/5' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: String '/5' contained no parseable pattern.
 warning: input.log/Input::READER_ASCII: Could not convert line '5	/5' of input.log to Val. Ignoring line.
 received termination signal

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/.stderrwithoutfirstline

@@ -0,0 +1,9 @@
+warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30' of ../input.log. Found 15 fields, want positions 17 and -1
+warning: ../input.log/Input::READER_ASCII: Tried to parse invalid/unknown protocol: whatever
+warning: ../input.log/Input::READER_ASCII: Bad address: 342.2.3.4
+warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41' of ../input.log. Found 1 fields, want positions 2 and -1
+error: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30' of ../input.log. Found 15 fields, want positions 17 and -1
+error: ../input.log/Input::READER_ASCII: Init failed
+error: ../input.log/Input::READER_ASCII: terminating thread
+received termination signal
+>>>

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out

@@ -1,4 +1,16 @@
 {
+[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242 HOHOHO, sc={
+2,
+4,
+1,
+3
+}, ss={
+BB,
+AA,
+CC
+}, se={
+
+}, vc=[10, 20, 30], ve=[]],
 [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242 HOHOHO, sc={
 2,
 4,
@@ -11,7 +23,7 @@ CC
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
-[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
+[-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
 2,
 4,
 1,

testing/btest/bifs/packet_sources.zeek

@@ -3,5 +3,5 @@
 
 event zeek_init()
 	{
-	print packet_sources();
+	print packet_source();
 	}

testing/btest/core/tunnels/gtp/pdp_ctx_messages.test

@@ -1,4 +1,4 @@
-# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/gtp_control_prime.pcap -r $TRACES/tunnels/gtp/gtp_create_pdp_ctx.pcap %INPUT >out
+# @TEST-EXEC: zeek -r $TRACES/tunnels/gtp/pdp_ctx_messages.trace %INPUT >out
 # @TEST-EXEC: btest-diff out
 
 event gtpv1_message(c: connection, hdr: gtpv1_hdr)

testing/btest/plugins/file-plugin/src/Foo.cc

@@ -1,5 +1,7 @@
 
 #include "Foo.h"
+#include "file_analysis/File.h"
+
 #include <events.bif.h>
 #include <file_analysis/Manager.h>
 

testing/btest/plugins/file-plugin/src/Plugin.cc

@@ -1,7 +1,8 @@
 
-#include "Plugin.h"
-
 #include "Foo.h"
+#include "Plugin.h"
+#include "file_analysis/Component.h"
+#include "file_analysis/File.h"
 
 namespace plugin { namespace Demo_Foo { Plugin plugin; } }
 

testing/btest/plugins/hooks-plugin/src/Plugin.cc

@@ -4,6 +4,7 @@
 #include <Func.h>
 #include <Event.h>
 #include <Conn.h>
+#include <Desc.h>
 #include <threading/Formatter.h>
 
 namespace plugin { namespace Demo_Hooks { Plugin plugin; } }

testing/btest/plugins/logging-hooks-plugin/src/Plugin.cc

@@ -4,6 +4,7 @@
 #include <Func.h>
 #include <Event.h>
 #include <Conn.h>
+#include <Desc.h>
 #include <threading/Formatter.h>
 
 namespace plugin { namespace Log_Hooks { Plugin plugin; } }

testing/btest/plugins/pktdumper-plugin/src/Foo.cc

@@ -1,9 +1,10 @@
 
+#include "Foo.h"
+#include "iosource/Packet.h"
+
 #include <fcntl.h>
 #include <stdio.h>
 
-#include "Foo.h"
-
 using namespace plugin::Demo_Foo;
 
 Foo::Foo(const std::string& path, bool is_live)

testing/btest/plugins/pktdumper-plugin/src/Plugin.cc

@@ -2,6 +2,8 @@
 #include "Plugin.h"
 
 #include "Foo.h"
+#include "iosource/Component.h"
+
 
 namespace plugin { namespace Demo_Foo { Plugin plugin; } }
 

testing/btest/plugins/pktsrc-plugin/src/Foo.cc

@@ -1,9 +1,13 @@
 
+#include "Foo.h"
+
+extern "C" {
+#include <pcap.h>
+}
+
 #include <fcntl.h>
 #include <stdio.h>
 
-#include "Foo.h"
-
 using namespace plugin::Demo_Foo;
 
 Foo::Foo(const std::string& path, bool is_live)

testing/btest/plugins/pktsrc-plugin/src/Plugin.cc

@@ -2,6 +2,7 @@
 #include "Plugin.h"
 
 #include "Foo.h"
+#include "iosource/Component.h"
 
 namespace plugin { namespace Demo_Foo { Plugin plugin; } }
 

testing/btest/plugins/protocol-plugin/src/Plugin.cc

@@ -1,5 +1,6 @@
 
 #include "Plugin.h"
+#include "analyzer/Component.h"
 
 #include "Foo.h"
 

testing/btest/plugins/reporter-hook-plugin/src/Plugin.cc

@@ -4,6 +4,7 @@
 #include <Func.h>
 #include <Event.h>
 #include <Conn.h>
+#include <Desc.h>
 #include <threading/Formatter.h>
 
 namespace plugin { namespace Reporter_Hook { Plugin plugin; } }

testing/btest/plugins/writer-plugin/src/Foo.h

@@ -3,6 +3,7 @@
 
 #include "logging/WriterBackend.h"
 #include "threading/formatters/Ascii.h"
+#include "Desc.h"
 
 namespace logging { namespace writer {
 

testing/btest/scripts/base/frameworks/input/invalid-lines.zeek

@@ -1,6 +1,8 @@
 # @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
+# @TEST-EXEC: sed 1d .stderr | grep -v "queued" > .stderrwithoutfirstline
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderrwithoutfirstline
 
 redef exit_only_after_terminate = T;
 redef InputAscii::fail_on_invalid_lines = F;
@@ -8,11 +10,12 @@ redef InputAscii::fail_on_invalid_lines = F;
 @TEST-START-FILE input.log
 #separator \x09
 #path	ssh
-#fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
-#types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
-T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242 HOHOHO
+#fields	b	i	e	c	p	pt	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
+#types	bool	int	enum	count	port	string	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
+T	-41	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30
+T	-42	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
+T	-43	SSH::LOG	21	123	whatever	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242 HOHOHO
+T	-44	SSH::LOG	21	123	udp	10.0.0.0/24	342.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242 HOHOHO
 T	-41
 @TEST-END-FILE
 
@@ -32,7 +35,7 @@ type Val: record {
 	b: bool;
 	e: Log::ID;
 	c: count;
-	p: port;
+	p: port &type_column="pt";
 	sn: subnet;
 	a: addr;
 	d: double;

testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.zeek

@@ -21,7 +21,7 @@ redef Cluster::nodes = {
 @TEST-END-FILE
 
 redef Log::default_rotation_interval = 0secs;
-#redef exit_only_after_terminate = T;
+redef exit_only_after_terminate = T;
 
 @load base/frameworks/netcontrol
 
@@ -75,5 +75,9 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms
 event NetControl::rule_destroyed(r: NetControl::Rule)
 	{
 	if ( r$entity?$ip )
+		{
 		print "Rule destroyed", r$id, r$cid, |NetControl::find_rules_subnet(r$entity$ip)|;
+		if ( Cluster::local_node_type() == Cluster::WORKER )
+			schedule 2sec { terminate_me() };
+		}
 	}