policy: Import zeek-community-id scripts into protocols/conn frameworks/notice

Slightly adapted for indentation.
2025-10-02 14:48:21 +00:00 · 2023-04-21 19:24:02 +02:00 · 2023-04-21 19:24:02 +02:00 · b90351b7e6
commit b90351b7e6
parent 99de7b7526
8 changed files with 111 additions and 0 deletions
--- a/testing/btest/Baseline/scripts.policy.frameworks.notice.community-id/notice.log.cut
+++ b/testing/btest/Baseline/scripts.policy.frameworks.notice.community-id/notice.log.cut
@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+-	-	-	-	-	-	COMMUNITY_ID_INIT	Zeek initializing
+141.142.228.5	59856	192.150.187.43	80	tcp	1:yvyB8h+3dnggTZW0UEITWCst97w=	COMMUNITY_ID_CONN_ESTABLISHED	Connection establishment
--- a/testing/btest/Baseline/scripts.policy.protocols.conn.community-id-logging/conn.log.cut
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.community-id-logging/conn.log.cut
@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+141.142.228.5	59856	192.150.187.43	80	tcp	-	1:yvyB8h+3dnggTZW0UEITWCst97w=
--- a/testing/btest/scripts/policy/frameworks/notice/community-id.zeek
+++ b/testing/btest/scripts/policy/frameworks/notice/community-id.zeek
@ -0,0 +1,31 @@
+# This test verifies Community ID presence in the notice log, when
+# that part of the package is loaded. The test creates one notice
+# without connection state and one with, and verifies that the latter
+# includes the Community ID value for it.
+
+# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: zeek-cut id.orig_h id.orig_p id.resp_h id.resp_p proto community_id note msg < notice.log > notice.log.cut
+# @TEST-EXEC: btest-diff notice.log.cut
+
+@load protocols/conn/community-id-logging
+@load frameworks/notice/community-id
+
+redef enum Notice::Type += {
+	COMMUNITY_ID_INIT,
+	COMMUNITY_ID_CONN_ESTABLISHED,
+};
+
+event zeek_init()
+	{
+	# A notice without connection context
+	NOTICE([$note=COMMUNITY_ID_INIT,
+	        $msg="Zeek initializing"]);
+	}
+
+event connection_established(c: connection)
+	{
+	# A notice with connection context
+	NOTICE([$note=COMMUNITY_ID_CONN_ESTABLISHED,
+	        $msg="Connection establishment",
+	        $conn=c]);
+	}
--- a/testing/btest/scripts/policy/protocols/conn/community-id-logging.zeek
+++ b/testing/btest/scripts/policy/protocols/conn/community-id-logging.zeek
@ -0,0 +1,5 @@
+# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: zeek-cut id.orig_h id.orig_p id.resp_h id.resp_p proto service community_id < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+
+@load protocols/conn/community-id-logging