btest/core/mmdb: Basic lookup_autonomous_system / lookup_location tests

2025-10-02 06:38:20 +00:00 · 2023-10-24 00:29:21 +02:00 · 2023-10-24 00:29:21 +02:00 · baf30288ca
commit baf30288ca
parent 05922132b3
6 changed files with 189 additions and 0 deletions
--- a/testing/btest/Baseline/core.mmdb.reopen/out
+++ b/testing/btest/Baseline/core.mmdb.reopen/out
@ -0,0 +1,17 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299466805.0, 1, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470395.0, 2, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470395.0, 2, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299470405.0, 3, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+1299473995.0, 4, 131.243.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299473995.0, 4, 131.243.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
--- a/testing/btest/Baseline/core.mmdb.reopen/reporter.log
+++ b/testing/btest/Baseline/core.mmdb.reopen/reporter.log
@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	(empty)
+1299473995.000000	Reporter::INFO	received termination signal	(empty)
--- a/testing/btest/Baseline/core.mmdb.temporary-error/out
+++ b/testing/btest/Baseline/core.mmdb.temporary-error/out
@ -0,0 +1,20 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+start
+1299466805.0, 1, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299466805.0, 1, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+corrupting db
+1299470395.0, 2, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299470395.0, 2, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299470405.0, 3, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299470405.0, 3, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking
+1299473995.0, 4, 128.3.0.1, asn, [number=<uninitialized>, organization=<uninitialized>]
+1299473995.0, 4, 128.3.0.1, location, [country_code=<uninitialized>, region=<uninitialized>, city=<uninitialized>, latitude=<uninitialized>, longitude=<uninitialized>]
+restoring backup db
+1299474005.0, 5, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299474005.0, 5, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+unlinking and restoring
+1299477595.0, 6, 128.3.0.1, asn, [number=16, organization=Lawrence Berkeley National Laboratory]
+1299477595.0, 6, 128.3.0.1, location, [country_code=US, region=<uninitialized>, city=Berkeley, latitude=37.751, longitude=-97.822]
+done
--- a/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
+++ b/testing/btest/Baseline/core.mmdb.temporary-error/reporter.log
@ -0,0 +1,19 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	level	message	location
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-ASN.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299470395.000000	Reporter::INFO	Modification time change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299470395.000000	Reporter::INFO	Failed to open MaxMind DB: .<...>/GeoLite2-City.mmdb [The MaxMind DB file contains invalid metadata]	<params>, line 1
+1299470395.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP ASN database (lookup_autonomous_system(128.3.0.1))	<...>/temporary-error.zeek, line 83
+1299473995.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299473995.000000	Reporter::ERROR	Failed to open GeoIP location database (lookup_location(128.3.0.1))	<...>/temporary-error.zeek, line 84
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-ASN.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Inode change detected for MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477595.000000	Reporter::INFO	Closing stale MaxMind DB [.<...>/GeoLite2-City.mmdb]	<params>, line 1
+1299477605.000000	Reporter::INFO	received termination signal	<params>, line 1
--- a/testing/btest/core/mmdb/reopen.zeek
+++ b/testing/btest/core/mmdb/reopen.zeek
@ -0,0 +1,37 @@
+# @TEST-DOC: Change the modification time of the mmdb database on every packet. This triggers reopening of the MMDB database.
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+	# Set MMDB's modification time to current network time.
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("touch -d @%s %s", network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	print network_time(), pkt, 131.243.0.1, "asn", lookup_autonomous_system(131.243.0.1);
+	print network_time(), pkt, 131.243.0.1, "location", lookup_location(131.243.0.1);
+
+	if ( pkt == 4 )
+		terminate();
+	}
--- a/testing/btest/core/mmdb/temporary-error.zeek
+++ b/testing/btest/core/mmdb/temporary-error.zeek
@ -0,0 +1,85 @@
+# @TEST-DOC: Test a few error and recovery cases (corrupted, removed and restored MMDB databases).
+#
+# @TEST-REQUIRES: grep -q "#define USE_GEOIP" $BUILD/zeek-config.h
+#
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb
+# @TEST-EXEC: cp -R $FILES/mmdb ./mmdb-backup
+# @TEST-EXEC: zeek -b -r $TRACES/rotation.trace %INPUT mmdb_dir=./mmdb >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+# @TEST-EXEC: zeek-cut -m < reporter.log > reporter.log.tmp && mv reporter.log.tmp reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff reporter.log
+
+@load base/frameworks/reporter
+
+redef mmdb_dir = "./mmdb";
+
+global pkt = 0;
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	++pkt;
+
+	local asn_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-ASN.mmdb");
+	local city_fn = safe_shell_quote(mmdb_dir + "/GeoLite2-City.mmdb");
+
+	local asn_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-ASN.mmdb");
+	local city_fn_backup = safe_shell_quote(mmdb_dir + "-backup/GeoLite2-City.mmdb");
+
+	if ( pkt == 1 )
+		{
+		print "start";
+		}
+	if ( pkt == 2 )
+		{
+		print "corrupting db";
+		if ( ! piped_exec(fmt("truncate --size=8 %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("truncate --size=8 %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 4 )
+		{
+		print "unlinking";
+		if ( ! piped_exec(fmt("rm %s", asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("rm %s", city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 6 )
+		{
+		# This should provoke an inode change.
+		print "unlinking and restoring";
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", asn_fn, asn_fn, asn_fn, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("mv %s %s.tmp; cp %s.tmp %s", city_fn, city_fn, city_fn, city_fn), "") )
+			exit(1);
+		}
+	else if ( pkt == 7 )
+		{
+		print "done";
+		terminate();
+		return;
+		}
+	else if ( pkt == 3 || pkt == 5 )
+		{
+		print "restoring backup db";
+		if ( ! piped_exec(fmt("cp %s %s", asn_fn_backup, asn_fn), "") )
+			exit(1);
+
+		if ( ! piped_exec(fmt("cp %s %s", city_fn_backup, city_fn), "") )
+			exit(1);
+		}
+
+	# Set MMDB's modification time to current network time for predictability.
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", asn_fn, network_time(), asn_fn), "") )
+		exit(1);
+
+	if ( ! piped_exec(fmt("test -f %s && touch -d @%s %s", city_fn, network_time(), city_fn), "") )
+		exit(1);
+
+	print network_time(), pkt, 128.3.0.1, "asn", lookup_autonomous_system(128.3.0.1);
+	print network_time(), pkt, 128.3.0.1, "location", lookup_location(128.3.0.1);
+	}