diff --git a/CHANGES b/CHANGES index 449b5c9eb4..a1fc3623c2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,149 @@ +1.6-dev.146 Sat Jun 25 18:12:27 PDT 2011 + +- DNS mapping are now becoming invalid when an entry's TTL expires. + (Thomas Other) + +- Reworking how Bro tracks which scripts are already loaded. Rather + than paths, Bro now tracks inode numbers. (Jon Siwek) + +- New BiF netstats() to query packet capture statistics. The netstats + script now uses the new BiF to periocally report packets drops. The + net_stats_update() event and the heartbeat_interval global went + away. (Seth Hall) + +- Fixing bug with logging &optional records. Closes #476. (Robin + Sommer) + +- Fixing istate.events-ssl test failing because of expired cert. (Jon + Siwek) + +- A large number of improvements and fixes for Bro's doc mode. (Jon + Siwek) + +- Significant updates for RPC and NFS analyzers (Gregor Maier) + + * Unify semantics for UDP and TCP connections. + + * RPC can now log to a log file if desired. + + * Portmapper can now log general activity to a log file and also log + actual port mappings. + + * NFS analyzer now supports significantly more procedure calls as + as file name tracking and file content extraction. + +- NetBIOS fixes. (Jon Siwek) + +- A number of unit tests are more robust and portable. (Jon Siwek) + +- A new BiF unique_id() that returns a string that's unique across Bro + instaces with high probablity. (Robin Sommer) + +- Complete rewrite of the BinPAC SSL analyzer. (Seth Hall) + + * DER certificates are extracted as strings to be used with + corresponding BiFs. + + * x509_verify function to verify single certs and/or full + certificate chains. + + * Removed hand written SSL analyzer. + + * The ssl.bro script is just a place-holder for now. New version + will come with the other new scripts. + +- New syslog analyzer. (Seth Hall) + +- @load now supports loading a directory. With a directory "foo" + somewhere in BROPATH, "@load foo" now checks if there's a file + "foo/__load__.bro". If so, it reads that file in. (Robin Sommer) + +- ASCII logger now escapes non-printable characters. Closes #450. + (Robin Sommer) + +- Packaging tweaks and rewrite of 'dist' target. (Jon Siwek) + +- Changes to allow DEB packaging via CPack, addresses #458. (Jon + Siwek) + +- An extension to the ICMP analyzer to handle redirects. Julien + Sentier + +- Removing old istate test-suite. (Robin Sommer) + +- A hack to report missing GeoIP support only once. This closes #357, + but #455 captures the need for a more general solution. (Robin + Sommer) + +- Bugfix: vectors in records were not initalized. Closes #421. (Robin + Sommer) + +- If IPv6 default is not compiled in, the default BPF filters now + excludes IPv6 packets. (Robin Sommer) + +- New bif bro_has_ipv6() to check whether IPv6 support is compiled in. + (Robin Sommer) + +- Updating btests and a Makefile. "make" now runs all the tests. + (Robin Sommer) + +- Moving the test-scripts from the old test-suite over to btest. + (Robin Sommer) + +- Fix for major bug in POP3 analyzer, which didn't recognize '.' + terminators in multi-line replies if the terminator was bare (no + newline). This caused it to ignore the rest of the session that it's + analyzing. (Vern Paxson) + +- Fix compiler warning with gcc-4.4.4 (Gregor Maier) + +- Adding example documentation for a script's use of logging features. + (Jon Siwek) + +- Adding &log attribute to static attr_names array. (Jon Siwek) + +- Bro can now track packet and byte counts per connection. (Gregor + Maier) + + * If 'use_conn_size_analyzer' is true, the event engine tracks + number of packets and raw IP bytes per connection. If + report_conn_size_analyzer is true, these values are included as + four new columns into conn.log + + * I changed conn.bro so that the value of + report_conn_size_analyzer follows that of + use_conn_size_analyzer. For the new conn.log, we probably want + to get rid of report_conn_size_analyzer anyway. + +- Fixing numerous compiler warnings and portability issues. (All) + +- Switching vectors from being 1-based to 0-based. Note that this is a + change that break backwards-compatibility. (Robin Sommer) + +- Increasing serialization format version for the recent 64-bit + changes. (Robin Sommer) + +- Support for (mixed) MPLS and VLAN traffic, and a new default BPF + filter. (Seth Hall and Robin Sommer) + + - Merging in the patch from #264, which provides support for mixed + VLAN and MPLS traffic. + + - Changing Bro's default filter from being built dynamically to + being a static "ip or not ip". To get the old behaviour back + (i.e., the dynamically built filter), redef "all_packets" to + false. + + - print-filter.bro now always prints the filter that Bro is + actually using, even if overriden from the command line. (Robin + Sommer) + +- Changing the HTTP's analyzers internals to use 64-bit integers. + (Gregor Maier). + +- Fixing bug with deleting still unset record fields of table type. + (Robin Sommer) + 1.6-dev.99 Fri Apr 22 22:10:03 PDT 2011 - Extending the connection record with a unique identifier. (Robin diff --git a/VERSION b/VERSION index 359249d5d6..fd419c8cef 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev.99 +1.6-dev.146 diff --git a/aux/broccoli b/aux/broccoli index 8843da57dc..9866a00e78 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 8843da57dc8aee433550727dcbd1199824ca9da4 +Subproject commit 9866a00e78b088315e632960aaa230635bca326a diff --git a/policy.old/netstats.bro b/policy.old/netstats.bro index eca27cc9b5..606513bcd9 100644 --- a/policy.old/netstats.bro +++ b/policy.old/netstats.bro @@ -6,29 +6,27 @@ redef enum Notice += { DroppedPackets, # Bro reported packets dropped by the packet filter }; -global last_stat: net_stats; -global last_stat_time: time; -global have_stats = F; +const stats_collection_interval = 10secs; -event net_stats_update(t: time, ns: net_stats) +event net_stats_update(last_stat: NetStats) { - if ( have_stats ) + local ns = net_stats(); + local new_dropped = ns$pkts_dropped - last_stat$pkts_dropped; + if ( new_dropped > 0 ) { - local new_dropped = ns$pkts_dropped - last_stat$pkts_dropped; - if ( new_dropped > 0 ) - { - local new_recvd = ns$pkts_recvd - last_stat$pkts_recvd; - local new_link = ns$pkts_link - last_stat$pkts_link; - NOTICE([$note=DroppedPackets, - $msg=fmt("%d packets dropped after filtering, %d received%s", - new_dropped, new_recvd + new_dropped, - new_link != 0 ? - fmt(", %d on link", new_link) : "")]); - } + local new_recvd = ns$pkts_recvd - last_stat$pkts_recvd; + local new_link = ns$pkts_link - last_stat$pkts_link; + NOTICE([$note=DroppedPackets, + $msg=fmt("%d packets dropped after filtering, %d received%s", + new_dropped, new_recvd + new_dropped, + new_link != 0 ? + fmt(", %d on link", new_link) : "")]); } - else - have_stats = T; - - last_stat = ns; - last_stat_time = t; + + schedule stats_collection_interval { net_stats_update(ns) }; } + +event bro_init() + { + schedule stats_collection_interval { net_stats_update(net_stats()) }; + } \ No newline at end of file diff --git a/policy.old/stats.bro b/policy.old/stats.bro index b0a35c09a6..a4a4d7a8ac 100644 --- a/policy.old/stats.bro +++ b/policy.old/stats.bro @@ -15,58 +15,47 @@ redef notice_action_filters += { [[ResourceStats, OfflineResourceStats]] = file_notice }; -global last_stats_time = current_time(); -global last_stats_CPU_time = - resource_usage()$user_time + resource_usage()$system_time; - -# Global to store the last net_stats object received. -global last_packet_stat: net_stats; - -# Globals to store the results between reporting intervals -global stat_packets_received = 0; -global stat_packets_dropped = 0; -global stat_packets_link = 0; - -global last_packets_processed = 0; -global last_events_dispatched = 0; -global last_events_queued = 0; - # Interval in which the results are sent as a notice. If this is less # than heartbeat_interval, then it is set to heartbeat_interval, since # some of the reported statistics are only gathered via the heartbeat. global stats_report_interval = 10 sec &redef; -event check_stats() +event check_stats(last_time: time, last_ns: NetStats, last_res: bro_resources) { local now = current_time(); local lag = now - network_time(); - local report_delta = now - last_stats_time; + local report_delta = now - last_time; local res = resource_usage(); - local mem = res$mem; + local ns = net_stats(); + local total_CPU_time = res$user_time + res$system_time; - local CPU_util = (total_CPU_time - last_stats_CPU_time) / report_delta; + local last_CPU_time = last_res$user_time + last_res$system_time; + local CPU_util = ((total_CPU_time - last_CPU_time) / report_delta) * 100.0; + + local pkts_recvd = ns$pkts_recvd - last_ns$pkts_recvd; + local pkts_dropped = ns$pkts_dropped - last_ns$pkts_dropped; + local pkts_link = ns$pkts_link - last_ns$pkts_link; if ( bro_is_terminating() ) # No more stats will be written or scheduled when Bro is # shutting down. return; - local delta_pkts_processed = res$num_packets - last_packets_processed; - local delta_events = res$num_events_dispatched - last_events_dispatched; - local delta_queued = res$num_events_queued - last_events_queued; + local delta_pkts_processed = res$num_packets - last_res$num_packets; + local delta_events = res$num_events_dispatched - last_res$num_events_dispatched; + local delta_queued = res$num_events_queued - last_res$num_events_queued; local stat_msg = fmt("mem=%dMB pkts_proc=%d events_proc=%d events_queued=%d", - mem / 1000000, delta_pkts_processed, + res$mem / 1000000, delta_pkts_processed, delta_events, delta_queued); if ( reading_live_traffic() ) { stat_msg = fmt("%s et=%.2f lag=%fsec util=%.01f%% pkts_rcv=%d pkts_drp=%d pkts_link=%d", - stat_msg, report_delta, lag, CPU_util * 100.0, - stat_packets_received, stat_packets_dropped, - stat_packets_link); + stat_msg, report_delta, lag, CPU_util, + pkts_recvd, pkts_dropped, pkts_link); NOTICE([$note=ResourceStats, $msg=stat_msg]); } @@ -77,57 +66,15 @@ event check_stats() { # Remote communication only. stat_msg = fmt("mem=%dMB events_proc=%d events_queued=%d lag=%fsec util=%.01f%%", - mem / 1000000, delta_events, delta_queued, - lag, CPU_util * 100.0 ); + res$mem / 1000000, delta_events, delta_queued, + lag, CPU_util); NOTICE([$note=ResourceStats, $msg=stat_msg]); } - last_stats_time = now; - last_stats_CPU_time = total_CPU_time; - last_packets_processed = res$num_packets; - last_events_dispatched = res$num_events_dispatched; - last_events_queued = res$num_events_queued; - - stat_packets_received = 0; - stat_packets_dropped = 0; - - schedule stats_report_interval { check_stats() }; - } - -event net_stats_update(t: time, ns: net_stats) - { - if ( ns$pkts_recvd > last_packet_stat$pkts_recvd ) - stat_packets_received += - ns$pkts_recvd - last_packet_stat$pkts_recvd; - - if ( ns$pkts_dropped > last_packet_stat$pkts_dropped ) - stat_packets_dropped += - ns$pkts_dropped - last_packet_stat$pkts_dropped; - - if ( ns$pkts_link > last_packet_stat$pkts_link ) - stat_packets_link += ns$pkts_link - last_packet_stat$pkts_link; - - last_packet_stat = ns; - } - -event start_check_stats() - { - # Can't start reporting data until network_time() is up. - local zero_time: time = 0; - - if ( network_time() > zero_time ) - schedule stats_report_interval { check_stats() }; - else - schedule stats_report_interval { start_check_stats() }; + schedule stats_report_interval { check_stats(now, ns, res) }; } event bro_init() { - last_packet_stat$pkts_recvd = last_packet_stat$pkts_dropped = - last_packet_stat$pkts_link = 0; - - if ( stats_report_interval < heartbeat_interval ) - stats_report_interval = heartbeat_interval; - - schedule stats_report_interval { start_check_stats() }; + schedule stats_report_interval { check_stats(current_time(), net_stats(), resource_usage()) }; } diff --git a/policy/bro.init b/policy/bro.init index 3ce7b635ba..57bbb22832 100644 --- a/policy/bro.init +++ b/policy/bro.init @@ -105,6 +105,14 @@ type SYN_packet: record { SACK_OK: bool; }; +## This record is used for grabbing packet capturing information from +## the core with the :bro:id:`net_stats` BiF. All counts are cumulative. +type NetStats: record { + pkts_recvd: count &default=0; ##< Packets received by Bro. + pkts_dropped: count &default=0; ##< Packets dropped. + pkts_link: count &default=0; ##< Packets seen on the link (not always available). +}; + type bro_resources: record { version: string; # Bro version string debug: bool; # true if compiled with --enable-debug @@ -610,20 +618,8 @@ global discarder_check_udp: function(i: ip_hdr, u: udp_hdr, d: string): bool; global discarder_check_icmp: function(i: ip_hdr, ih: icmp_hdr): bool; # End of definition of access to packet headers, discarders. - -type net_stats: record { - # All counts are cumulative. - pkts_recvd: count; # pkts received by Bro - pkts_dropped: count; # pkts dropped - pkts_link: count; # pkts seen on link (not always available) -}; - - const watchdog_interval = 10 sec &redef; -## This interval defines how often the net_stats_update event is generated. -const heartbeat_interval = 10 sec &redef; - # The maximum number of timers to expire after processing each new # packet. The value trades off spreading out the timer expiration load # with possibly having to hold state longer. A value of 0 means diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index d179ccec49..3c800e1f30 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -63,6 +63,7 @@ public: protected: char* host; // if non-nil, this is a host request uint32 addr; + uint32 ttl; int request_pending; }; @@ -82,8 +83,8 @@ int DNS_Mgr_Request::MakeRequest(nb_dns_info* nb_dns) class DNS_Mapping { public: - DNS_Mapping(const char* host, struct hostent* h); - DNS_Mapping(uint32 addr, struct hostent* h); + DNS_Mapping(const char* host, struct hostent* h, uint32 ttl); + DNS_Mapping(uint32 addr, struct hostent* h, uint32 ttl); DNS_Mapping(FILE* f); int NoMapping() const { return no_mapping; } @@ -108,6 +109,9 @@ public: int Failed() const { return failed; } int Valid() const { return ! failed; } + bool Expired() const + { return current_time() > (creation_time + req_ttl); } + protected: friend class DNS_Mgr; @@ -119,6 +123,7 @@ protected: char* req_host; uint32 req_addr; + uint32 req_ttl; int num_names; char** names; @@ -146,21 +151,23 @@ static TableVal* empty_addr_set() return new TableVal(s); } -DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h) +DNS_Mapping::DNS_Mapping(const char* host, struct hostent* h, uint32 ttl) { Init(h); req_host = copy_string(host); req_addr = 0; + req_ttl = ttl; if ( names && ! names[0] ) names[0] = copy_string(host); } -DNS_Mapping::DNS_Mapping(uint32 addr, struct hostent* h) +DNS_Mapping::DNS_Mapping(uint32 addr, struct hostent* h, uint32 ttl) { Init(h); req_addr = addr; req_host = 0; + req_ttl = ttl; } DNS_Mapping::DNS_Mapping(FILE* f) @@ -663,6 +670,7 @@ Val* DNS_Mgr::BuildMappingVal(DNS_Mapping* dm) void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) { struct hostent* h = (r && r->host_errno == 0) ? r->hostent : 0; + u_int32_t ttl = r->ttl; DNS_Mapping* new_dm; DNS_Mapping* prev_dm; @@ -670,7 +678,7 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) if ( dr->ReqHost() ) { - new_dm = new DNS_Mapping(dr->ReqHost(), h); + new_dm = new DNS_Mapping(dr->ReqHost(), h, ttl); prev_dm = host_mappings.Insert(dr->ReqHost(), new_dm); if ( new_dm->Failed() && prev_dm && prev_dm->Valid() ) @@ -683,7 +691,7 @@ void DNS_Mgr::AddResult(DNS_Mgr_Request* dr, struct nb_dns_result* r) } else { - new_dm = new DNS_Mapping(dr->ReqAddr(), h); + new_dm = new DNS_Mapping(dr->ReqAddr(), h, ttl); uint32 tmp_addr = dr->ReqAddr(); HashKey k(&tmp_addr, 1); prev_dm = addr_mappings.Insert(&k, new_dm); @@ -833,9 +841,16 @@ const char* DNS_Mgr::LookupAddrInCache(dns_mgr_addr_type addr) { HashKey h(&addr, 1); DNS_Mapping* d = dns_mgr->addr_mappings.Lookup(&h); + if ( ! d ) return 0; + if ( d->Expired() ) + { + dns_mgr->addr_mappings.Remove(&h); + return 0; + } + // The escapes in the following strings are to avoid having it // interpreted as a trigraph sequence. return d->names ? d->names[0] : "<\?\?\?>"; @@ -844,9 +859,17 @@ const char* DNS_Mgr::LookupAddrInCache(dns_mgr_addr_type addr) TableVal* DNS_Mgr::LookupNameInCache(string name) { DNS_Mapping* d = dns_mgr->host_mappings.Lookup(name.c_str()); + if ( ! d || ! d->names ) return 0; + if ( d->Expired() ) + { + HashKey h(name.c_str()); + dns_mgr->host_mappings.Remove(&h); + return 0; + } + return d->AddrsSet(); } diff --git a/src/Func.cc b/src/Func.cc index 0f34da58a5..580a363d18 100644 --- a/src/Func.cc +++ b/src/Func.cc @@ -519,6 +519,7 @@ void init_builtin_funcs() { ftp_port = internal_type("ftp_port")->AsRecordType(); bro_resources = internal_type("bro_resources")->AsRecordType(); + net_stats = internal_type("NetStats")->AsRecordType(); matcher_stats = internal_type("matcher_stats")->AsRecordType(); var_sizes = internal_type("var_sizes")->AsTableType(); gap_info = internal_type("gap_info")->AsRecordType(); diff --git a/src/NetVar.cc b/src/NetVar.cc index 52f14d9dab..17560c56f3 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -20,10 +20,7 @@ EnumType* transport_proto; TableType* string_set; TableType* count_set; -RecordType* net_stats; - int watchdog_interval; -double heartbeat_interval; int max_timer_expires; int max_remote_events_processed; @@ -404,10 +401,7 @@ void init_net_var() ntp_session_timeout = opt_internal_double("ntp_session_timeout"); rpc_timeout = opt_internal_double("rpc_timeout"); - net_stats = internal_type("net_stats")->AsRecordType(); - watchdog_interval = int(opt_internal_double("watchdog_interval")); - heartbeat_interval = opt_internal_double("heartbeat_interval"); max_timer_expires = opt_internal_int("max_timer_expires"); max_remote_events_processed = diff --git a/src/NetVar.h b/src/NetVar.h index 90df40b6fd..ca28060e67 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -23,10 +23,7 @@ extern EnumType* transport_proto; extern TableType* string_set; extern TableType* count_set; -extern RecordType* net_stats; - extern int watchdog_interval; -extern double heartbeat_interval; extern int max_timer_expires; extern int max_remote_events_processed; diff --git a/src/Sessions.cc b/src/Sessions.cc index 881a6c171d..2cabaf5801 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -43,27 +43,6 @@ enum NetBIOS_Service { NetSessions* sessions; - -class NetworkTimer : public Timer { -public: - NetworkTimer(NetSessions* arg_sess, double arg_t) - : Timer(arg_t, TIMER_NETWORK) - { sess = arg_sess; } - - void Dispatch(double t, int is_expire); - -protected: - NetSessions* sess; -}; - -void NetworkTimer::Dispatch(double t, int is_expire) - { - if ( is_expire ) - return; - - sess->HeartBeat(t); - } - void TimerMgrExpireTimer::Dispatch(double t, int is_expire) { if ( mgr->LastAdvance() + timer_mgr_inactivity_timeout < timer_mgr->Time() ) @@ -105,9 +84,6 @@ NetSessions::NetSessions() udp_conns.SetDeleteFunc(bro_obj_delete_func); fragments.SetDeleteFunc(bro_obj_delete_func); - if ( (reading_live || pseudo_realtime) && net_stats_update ) - timer_mgr->Add(new NetworkTimer(this, 1.0)); - if ( stp_correlate_pair ) stp_manager = new SteppingStoneManager(); else @@ -1049,39 +1025,6 @@ void NetSessions::Drain() ExpireTimerMgrs(); } -void NetSessions::HeartBeat(double t) - { - unsigned int recv = 0; - unsigned int drop = 0; - unsigned int link = 0; - - loop_over_list(pkt_srcs, i) - { - PktSrc* ps = pkt_srcs[i]; - - struct PktSrc::Stats stat; - ps->Statistics(&stat); - recv += stat.received; - drop += stat.dropped; - link += stat.link; - } - - val_list* vl = new val_list; - - vl->append(new Val(t, TYPE_TIME)); - - RecordVal* ns = new RecordVal(net_stats); - ns->Assign(0, new Val(recv, TYPE_COUNT)); - ns->Assign(1, new Val(drop, TYPE_COUNT)); - ns->Assign(2, new Val(link, TYPE_COUNT)); - - vl->append(ns); - - mgr.QueueEvent(net_stats_update, vl); - - timer_mgr->Add(new NetworkTimer(this, t + heartbeat_interval)); - } - void NetSessions::GetStats(SessionStats& s) const { s.num_TCP_conns = tcp_conns.Length(); diff --git a/src/Sessions.h b/src/Sessions.h index a85af005f4..6adc333282 100644 --- a/src/Sessions.h +++ b/src/Sessions.h @@ -75,7 +75,7 @@ public: void DispatchPacket(double t, const struct pcap_pkthdr* hdr, const u_char* const pkt, int hdr_size, PktSrc* src_ps, PacketSortElement* pkt_elem); - + void Done(); // call to drain events before destructing // Returns a reassembled packet, or nil if there are still @@ -105,9 +105,6 @@ public: // that are still active. void Drain(); - // Called periodically to generate statistics reports. - void HeartBeat(double t); - void GetStats(SessionStats& s) const; void Weird(const char* name, @@ -177,7 +174,7 @@ protected: void NextPacket(double t, const struct pcap_pkthdr* hdr, const u_char* const pkt, int hdr_size, PacketSortElement* pkt_elem); - + void DoNextPacket(double t, const struct pcap_pkthdr* hdr, const IP_Hdr* ip_hdr, const u_char* const pkt, int hdr_size); @@ -185,7 +182,7 @@ protected: void NextPacketSecondary(double t, const struct pcap_pkthdr* hdr, const u_char* const pkt, int hdr_size, const PktSrc* src_ps); - + // Record the given packet (if a dumper is active). If len=0 // then the whole packet is recorded, otherwise just the first // len bytes. diff --git a/src/bro.bif b/src/bro.bif index 91602bd6c5..fa453ec46a 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -14,6 +14,7 @@ using namespace std; RecordType* ftp_port; +RecordType* net_stats; RecordType* bro_resources; RecordType* matcher_stats; TableType* var_sizes; @@ -1471,6 +1472,31 @@ function bytestring_to_hexstr%(bytestring: string%): string extern const char* bro_version(); %%} +function net_stats%(%): NetStats + %{ + unsigned int recv = 0; + unsigned int drop = 0; + unsigned int link = 0; + + loop_over_list(pkt_srcs, i) + { + PktSrc* ps = pkt_srcs[i]; + + struct PktSrc::Stats stat; + ps->Statistics(&stat); + recv += stat.received; + drop += stat.dropped; + link += stat.link; + } + + RecordVal* ns = new RecordVal(net_stats); + ns->Assign(0, new Val(recv, TYPE_COUNT)); + ns->Assign(1, new Val(drop, TYPE_COUNT)); + ns->Assign(2, new Val(link, TYPE_COUNT)); + + return ns; + %} + function resource_usage%(%): bro_resources %{ struct rusage r; diff --git a/src/event.bif b/src/event.bif index bf78f9649b..5b33df4eea 100644 --- a/src/event.bif +++ b/src/event.bif @@ -50,7 +50,6 @@ event icmp_echo_reply%(c: connection, icmp: icmp_conn, id: count, seq: count, pa event icmp_unreachable%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_time_exceeded%(c: connection, icmp: icmp_conn, code: count, context: icmp_context%); event icmp_redirect%(c: connection, icmp: icmp_conn, a: addr%); -event net_stats_update%(t: time, ns: net_stats%); event conn_stats%(c: connection, os: endpoint_stats, rs: endpoint_stats%); event conn_weird%(name: string, c: connection%); event conn_weird_addl%(name: string, c: connection, addl: string%); diff --git a/src/main.cc b/src/main.cc index 9201c991fc..2de6d07a41 100644 --- a/src/main.cc +++ b/src/main.cc @@ -886,7 +886,8 @@ int main(int argc, char** argv) UnserialInfo info(&s); info.print = stdout; info.install_uniques = true; - s.Read(&info, bst_file); + if ( ! s.Read(&info, bst_file) ) + error("Failed to read events from %s\n", bst_file); } exit(0); diff --git a/src/nb_dns.c b/src/nb_dns.c index 5033aadad4..225eb984cf 100644 --- a/src/nb_dns.c +++ b/src/nb_dns.c @@ -438,6 +438,7 @@ nb_dns_activity(struct nb_dns_info *nd, struct nb_dns_result *nr, char *errstr) register char **ap, **hap; register u_int16_t id; register const u_char *rdata; + register u_int32_t rttl; register struct hostent *he; register size_t rdlen; ns_msg handle; @@ -557,6 +558,7 @@ nb_dns_activity(struct nb_dns_info *nd, struct nb_dns_result *nr, char *errstr) rdata = ns_rr_rdata(rr); rdlen = ns_rr_rdlen(rr); + rttl = ns_rr_ttl(rr); switch (atype) { case T_A: @@ -603,10 +605,12 @@ nb_dns_activity(struct nb_dns_info *nd, struct nb_dns_result *nr, char *errstr) /* "Find first satisfactory answer" */ nr->hostent = he; + nr->ttl = rttl; return (1); } } nr->hostent = he; + nr->ttl = rttl; return (1); } diff --git a/src/nb_dns.h b/src/nb_dns.h index 41b5946e48..5787a3fdb0 100644 --- a/src/nb_dns.h +++ b/src/nb_dns.h @@ -11,6 +11,7 @@ struct nb_dns_result { void *cookie; int host_errno; struct hostent *hostent; + uint32_t ttl; }; typedef unsigned int nb_uint32_t; diff --git a/src/scan.l b/src/scan.l index 189333f2ca..c90615e10f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -8,6 +8,7 @@ #include #include #include +#include #include "input.h" #include "util.h" @@ -54,8 +55,9 @@ char last_tok[128]; if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \ error(fmt("read failed with \"%s\"", strerror(errno))); -// Files we have already scanned (or are in the process of scanning). -static PList(char) files_scanned; +// Files we have already scanned (or are in the process of scanning). They +// are tracked by inode number. +static std::list files_scanned; // reST documents that we've created (or have at least opened so far). std::list docs_generated; @@ -84,6 +86,19 @@ static const char* canon_doc_comment(const char* comment) return ( comment[0] == ' ' ) ? comment + 1 : comment; } +static ino_t get_inode_num(FILE* f, const char* filename) + { + struct stat b; + + if ( fstat(fileno(f), &b) ) + { + error("failed to fstat fd of %s\n", filename); + exit(1); + } + + return b.st_ino; + } + class FileInfo { public: FileInfo(string restore_module = ""); @@ -332,7 +347,18 @@ when return TOK_WHEN; const char* new_file = skip_whitespace(yytext + 7); // All we have to do is pretend we've already scanned it. - files_scanned.append(copy_string(new_file)); + const char* full_filename; + FILE* f = search_for_file(new_file, "bro", &full_filename, true); + + if ( f ) + { + ino_t i = get_inode_num(f, full_filename); + fclose(f); + delete [] full_filename; + files_scanned.push_back(i); + } + else + error("failed find file associated with @unload %s", new_file); } @prefixes{WS}("+"?)={WS}{PREFIX} { @@ -499,33 +525,10 @@ YYLTYPE GetCurrentLocation() static int load_files_with_prefix(const char* orig_file) { - loop_over_list(files_scanned, j) - { - if ( streq(files_scanned[j], orig_file) ) - return 0; - } - - // Be sure to copy "orig_file", since it could be an alias - // for yytext, which is ephemeral and will be zapped - // if we do a yy_switch_to_buffer() below. - char* file = copy_string(orig_file); - // Whether we pushed on a FileInfo that will restore the // current module after the final file has been scanned. bool did_module_restore = false; - files_scanned.append(file); - - // If the file has a .bro extension, add a second version to the list - // of known files which has it stripped. - char* ext = strrchr(file, '.'); - if ( ext && streq(ext, ".bro") ) - { - char* s = copy_string(file); - s[ext - file] = '\0'; - files_scanned.append(s); - } - // Note, we need to loop through the prefixes backwards, since // we push them onto a stack, with the last one we push on the // stack being the first one we will scan. @@ -536,7 +539,7 @@ static int load_files_with_prefix(const char* orig_file) const char* full_filename = ""; FILE* f; - if ( streq(file, "-") ) + if ( streq(orig_file, "-") ) { f = stdin; full_filename = ""; @@ -550,13 +553,13 @@ static int load_files_with_prefix(const char* orig_file) else { - int n = strlen(prefix) + strlen(file) + 2; + int n = strlen(prefix) + strlen(orig_file) + 2; char* new_filename = new char[n]; if ( prefix[0] ) - sprintf(new_filename, "%s.%s", prefix, file); + sprintf(new_filename, "%s.%s", prefix, orig_file); else - strcpy(new_filename, file); + strcpy(new_filename, orig_file); f = search_for_file(new_filename, "bro", &full_filename, true); delete [] new_filename; @@ -564,6 +567,21 @@ static int load_files_with_prefix(const char* orig_file) if ( f ) { + ino_t i = get_inode_num(f, full_filename); + std::list::const_iterator it; + + for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) + { + if ( *it == i ) + { + fclose(f); + delete [] full_filename; + return 0; + } + } + + files_scanned.push_back(i); + if ( g_policy_debug ) { // Add the filename to the file mapping diff --git a/testing/btest/Baseline/core.conn-id/output.cc b/testing/btest/Baseline/core.conn-id/output.cc deleted file mode 100644 index f03a74f541..0000000000 --- a/testing/btest/Baseline/core.conn-id/output.cc +++ /dev/null @@ -1,80 +0,0 @@ -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.conn-id/counts b/testing/btest/Baseline/core.conn-uid/counts similarity index 100% rename from testing/btest/Baseline/core.conn-id/counts rename to testing/btest/Baseline/core.conn-uid/counts diff --git a/testing/btest/Baseline/core.conn-uid/output b/testing/btest/Baseline/core.conn-uid/output new file mode 100644 index 0000000000..6db116d098 --- /dev/null +++ b/testing/btest/Baseline/core.conn-uid/output @@ -0,0 +1,39 @@ +[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf +[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 +[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS +[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c +[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja +[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc +[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 +[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e +[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 +[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 +[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd +[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 +[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 +[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj +[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 +[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti +[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 +[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk +[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE +[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b +[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 +[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h +[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 +[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.conn-id/output b/testing/btest/Baseline/core.conn-uid/output.cc similarity index 51% rename from testing/btest/Baseline/core.conn-id/output rename to testing/btest/Baseline/core.conn-uid/output.cc index 3f7256278e..f00b065849 100644 --- a/testing/btest/Baseline/core.conn-id/output +++ b/testing/btest/Baseline/core.conn-uid/output.cc @@ -1,78 +1,40 @@ [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf [orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.conn-id/output.cc2 b/testing/btest/Baseline/core.conn-uid/output.cc2 similarity index 50% rename from testing/btest/Baseline/core.conn-id/output.cc2 rename to testing/btest/Baseline/core.conn-uid/output.cc2 index 3f7256278e..6db116d098 100644 --- a/testing/btest/Baseline/core.conn-id/output.cc2 +++ b/testing/btest/Baseline/core.conn-uid/output.cc2 @@ -1,78 +1,39 @@ [orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf -[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf [orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 56gKBmhBBB6 -[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh [orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], 50da4BEzauh [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS [orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], WUjEZFOdSS -[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c [orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], ecqdozAET6c [orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], tdkrEYpj5ja -[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl [orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], F5XgctwO3Vl [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], nSEQzFk1LZc -[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 [orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], rmXOq6wncn1 [orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], 4YYJTjETe1i -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], R8BqVlcp23e -[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 [orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], duYdXg7bTa3 [orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe -[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], yzqaQTU9DXe [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti [orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], N6rbUGwigQ7 -[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd [orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], 8b9q7qPtzhd [orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], KOdlL7sC9z2 -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k [orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], FHu81uYujA9 -[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a [orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], 2M1wDTa0C7a [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk -[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], UZkBBvjF0r8 [orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], svqqNKN9CFj -[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OldlyspNIr7 [orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], j5w2LueK8Ti -[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 [orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], OPM7xFSDNw3 [orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], hvOo97vj60k -[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk [orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], OKiJdtzKWPk [orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], tpUWfNdSLE -[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b [orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], ra1C6ZLut4b [orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], UElDH5b9qA5 -[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h [orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], sO3mBXBav1h [orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], xAQqZE8Wdp4 -[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf [orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], zVecVnfOlsf diff --git a/testing/btest/Baseline/core.load-unload/output b/testing/btest/Baseline/core.load-unload/output new file mode 100644 index 0000000000..5bda7e456e --- /dev/null +++ b/testing/btest/Baseline/core.load-unload/output @@ -0,0 +1,12 @@ +loading /Users/jsiwek/tmp/bro/policy/bro.init + loading /Users/jsiwek/tmp/bro/build/src/const.bif.bro + loading /Users/jsiwek/tmp/bro/build/src/types.bif.bro + loading /Users/jsiwek/tmp/bro/build/src/strings.bif.bro + loading /Users/jsiwek/tmp/bro/build/src/bro.bif.bro + loading /Users/jsiwek/tmp/bro/policy/logging.bro + loading /Users/jsiwek/tmp/bro/build/src/logging.bif.bro + loading /Users/jsiwek/tmp/bro/policy/logging-ascii.bro + loading /Users/jsiwek/tmp/bro/build/src/event.bif.bro + loading /Users/jsiwek/tmp/bro/policy/pcap.bro + loading /Users/jsiwek/tmp/bro/policy/server-ports.bro +loading /Users/jsiwek/tmp/bro/testing/btest/.tmp/core.load-unload/load-unload.bro diff --git a/testing/btest/core/conn-id.bro b/testing/btest/core/conn-uid.bro similarity index 100% rename from testing/btest/core/conn-id.bro rename to testing/btest/core/conn-uid.bro diff --git a/testing/btest/core/load-normalization.bro b/testing/btest/core/load-normalization.bro new file mode 100644 index 0000000000..ff9ad3fb52 --- /dev/null +++ b/testing/btest/core/load-normalization.bro @@ -0,0 +1,14 @@ +# This tests bro's mechanism to prevent duplicate script loading. +# +# @TEST-EXEC: mkdir -p foo/bar +# @TEST-EXEC: echo "@load bar/test" >loader.bro +# @TEST-EXEC: cp %INPUT foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test.bro +# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader `pwd`/foo/bar/test.bro + +type Test: enum { + TEST, +}; diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.bro new file mode 100644 index 0000000000..701e415134 --- /dev/null +++ b/testing/btest/core/load-unload.bro @@ -0,0 +1,7 @@ +# This tests the @unload directive +# +# @TEST-EXEC: echo 'print "oops";' >dontloadmebro.bro +# @TEST-EXEC: bro -l %INPUT dontloadmebro >output 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +@unload dontloadmebro diff --git a/testing/btest/language/rare-events.bro b/testing/btest/language/rare-events.bro deleted file mode 100644 index 8dc56e26a0..0000000000 --- a/testing/btest/language/rare-events.bro +++ /dev/null @@ -1,37 +0,0 @@ -# @TEST-EXEC: bro %INPUT -# @TEST-EXEC: btest-diff notice.log - -# This is a test script whose job is to generate rarely-seen events -# (i.e., events that test traces might not include) to ensure that they're -# handled properly. - -# This is needed or else the output fails on the warning that -# Drop::restore_dropped_address is never defined. -redef check_for_unused_event_handlers = F; - -@load packet-filter/netstats - -function test_net_stats_update() - { - local t = current_time(); - - local s: net_stats; - s$pkts_recvd = 1234; - s$pkts_dropped = 123; - s$pkts_link = 9999; - - event net_stats_update(t, s); - - local s2: net_stats; - s2$pkts_recvd = 2341; - s2$pkts_dropped = 125; - s2$pkts_link = 19999; - - event net_stats_update(t + 33 sec, s2); - } - -event bro_init() - { - test_net_stats_update(); - } -