diff --git a/testing/btest/Baseline/core.mmdb.reopen/out b/testing/btest/Baseline/core.mmdb.reopen/out new file mode 100644 index 0000000000..5641085ef3 --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.reopen/out @@ -0,0 +1,17 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299466805.0, 1, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299466805.0, 1, 131.243.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299470395.0, 2, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299470395.0, 2, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299470395.0, 2, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299470395.0, 2, 131.243.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299470405.0, 3, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299470405.0, 3, 131.243.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299473995.0, 4, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299473995.0, 4, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +1299473995.0, 4, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299473995.0, 4, 131.243.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] diff --git a/testing/btest/Baseline/core.mmdb.reopen/reporter.log b/testing/btest/Baseline/core.mmdb.reopen/reporter.log new file mode 100644 index 0000000000..91b9edb7f8 --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.reopen/reporter.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +ts level message location +1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] (empty) +1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] (empty) +1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] (empty) +1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] (empty) +1299473995.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] (empty) +1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] (empty) +1299473995.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] (empty) +1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] (empty) +1299473995.000000 Reporter::INFO received termination signal (empty) diff --git a/testing/btest/Baseline/core.mmdb.temporary-error/out b/testing/btest/Baseline/core.mmdb.temporary-error/out new file mode 100644 index 0000000000..7359472613 --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.temporary-error/out @@ -0,0 +1,20 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +start +1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +corrupting db +1299470395.0, 2, 128.3.0.1, asn, [number=, organization=] +1299470395.0, 2, 128.3.0.1, location, [country_code=, region=, city=, latitude=, longitude=] +restoring backup db +1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +unlinking +1299473995.0, 4, 128.3.0.1, asn, [number=, organization=] +1299473995.0, 4, 128.3.0.1, location, [country_code=, region=, city=, latitude=, longitude=] +restoring backup db +1299474005.0, 5, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299474005.0, 5, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +unlinking and restoring +1299477595.0, 6, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory] +1299477595.0, 6, 128.3.0.1, location, [country_code=US, region=, city=Berkeley, latitude=37.751, longitude=-97.822] +done diff --git a/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log b/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log new file mode 100644 index 0000000000..5ec6a3e3ec --- /dev/null +++ b/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log @@ -0,0 +1,19 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +ts level message location +1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] , line 1 +1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] , line 1 +1299470395.000000 Reporter::INFO Failed to open MaxMind DB: .<...>/GeoLite2-ASN.mmdb [The MaxMind DB file contains invalid metadata] , line 1 +1299470395.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 83 +1299470395.000000 Reporter::INFO Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] , line 1 +1299470395.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] , line 1 +1299470395.000000 Reporter::INFO Failed to open MaxMind DB: .<...>/GeoLite2-City.mmdb [The MaxMind DB file contains invalid metadata] , line 1 +1299470395.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 84 +1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] , line 1 +1299473995.000000 Reporter::ERROR Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1)) <...>/temporary-error.zeek, line 83 +1299473995.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] , line 1 +1299473995.000000 Reporter::ERROR Failed to open GeoIP location database (lookup_location(128.3.0.1)) <...>/temporary-error.zeek, line 84 +1299477595.000000 Reporter::INFO Inode change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb] , line 1 +1299477595.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb] , line 1 +1299477595.000000 Reporter::INFO Inode change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb] , line 1 +1299477595.000000 Reporter::INFO Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb] , line 1 +1299477605.000000 Reporter::INFO received termination signal , line 1 diff --git a/testing/btest/core/mmdb/reopen.zeek b/testing/btest/core/mmdb/reopen.zeek new file mode 100644 index 0000000000..d9c120c8dc --- /dev/null +++ b/testing/btest/core/mmdb/reopen.zeek @@ -0,0 +1,37 @@ +# @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database. +# +# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h +# +# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb +# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out +# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log + +@load base/frameworks/reporter + +redef mmdb_dir = "./mmdb"; + +global pkt = 0; + +event new_packet(c: connection, p: pkt_hdr) + { + ++pkt; + # Set MMDB's modification time to current network time. + local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb"); + local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb"); + + if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), city_fn), "") ) + exit(1); + + print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1); + print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1); + print network_time(), pkt, 131.243.0.1, "asn", lookup_autonomous_system(131.243.0.1); + print network_time(), pkt, 131.243.0.1, "location", lookup_location(131.243.0.1); + + if ( pkt == 4 ) + terminate(); + } diff --git a/testing/btest/core/mmdb/temporary-error.zeek b/testing/btest/core/mmdb/temporary-error.zeek new file mode 100644 index 0000000000..0a5102535c --- /dev/null +++ b/testing/btest/core/mmdb/temporary-error.zeek @@ -0,0 +1,85 @@ +# @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases). +# +# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h +# +# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb +# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb-backup +# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT mmdb_dir=./mmdb >out +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out +# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log + +@load base/frameworks/reporter + +redef mmdb_dir = "./mmdb"; + +global pkt = 0; + +event new_packet(c: connection, p: pkt_hdr) + { + ++pkt; + + local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb"); + local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb"); + + local asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb"); + local city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb"); + + if ( pkt == 1 ) + { + print "start"; + } + if ( pkt == 2 ) + { + print "corrupting db"; + if ( ! piped_exec(fmt("truncate --size=8 %s", asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("truncate --size=8 %s", city_fn), "") ) + exit(1); + } + else if ( pkt == 4 ) + { + print "unlinking"; + if ( ! piped_exec(fmt("rm %s", asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("rm %s", city_fn), "") ) + exit(1); + } + else if ( pkt == 6 ) + { + # This should provoke an inode change. + print "unlinking and restoring"; + if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", asn_fn, asn_fn, asn_fn, asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", city_fn, city_fn, city_fn, city_fn), "") ) + exit(1); + } + else if ( pkt == 7 ) + { + print "done"; + terminate(); + return; + } + else if ( pkt == 3 || pkt == 5 ) + { + print "restoring backup db"; + if ( ! piped_exec(fmt("cp %s %s", asn_fn_backup, asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("cp %s %s", city_fn_backup, city_fn), "") ) + exit(1); + } + + # Set MMDB's modification time to current network time for predictability. + if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", asn_fn, network_time(), asn_fn), "") ) + exit(1); + + if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", city_fn, network_time(), city_fn), "") ) + exit(1); + + print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1); + print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1); + }