Merge remote-tracking branch 'origin/master' into topic/bernhard/even-more-ssl-changes

testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log

@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2014-04-09-16-44-53
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	set[string]
+1395939406.175845	CjhGID4nQcgTWjvg4c	192.168.56.1	59763	192.168.56.101	63988	tcp	ftp-data	0.001676	0	270	SF	-	0	ShAdfFa	5	272	4	486	(empty)
+1395939411.361078	CCvvfg3TEfuqmmG4bh	192.168.56.1	59764	192.168.56.101	37150	tcp	ftp-data	150.496065	0	5416666670	SF	-	4675708816	ShAdfFa	13	688	12	24454	(empty)
+1395939399.984671	CXWv6p3arKYeMETxOg	192.168.56.1	59762	192.168.56.101	21	tcp	ftp	169.634297	104	1041	SF	-	0	ShAdDaFf	31	1728	18	1985	(empty)
+#close	2014-04-09-16-44-54

testing/btest/Baseline/core.tcp.large-file-reassembly/files.log

@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	files
+#open	2014-04-09-16-44-53
+#fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted
+#types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string
+1395939406.177079	FAb5m22Dhe2Zi95anf	192.168.56.101	192.168.56.1	CjhGID4nQcgTWjvg4c	FTP_DATA	0	DATA_EVENT	text/plain	-	0.000000	-	F	270	-	0	0	F	-	-	-	-	-
+1395939411.364462	FhI0ao2FNTjabdfSBd	192.168.56.101	192.168.56.1	CCvvfg3TEfuqmmG4bh	FTP_DATA	0	DATA_EVENT	text/plain	-	150.490904	-	F	23822	-	5416642848	0	F	-	-	-	-	-
+#close	2014-04-09-16-44-54

testing/btest/Baseline/scripts.base.protocols.modbus.exception_handling/weird.log

@@ -3,9 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2013-08-26-19-36-36
+#open	2014-04-07-19-37-09
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1153491909.414066	-	-	-	-	-	truncated_IP	-	F	bro
 1153491912.529443	CXWv6p3arKYeMETxOg	192.168.66.235	2582	166.161.16.230	502	binpac exception: out_of_bound: WriteSingleRegisterRequest: 4 > 0	-	F	bro
-#close	2013-08-26-19-36-36
+1153491920.661039	CXWv6p3arKYeMETxOg	192.168.66.235	2582	166.161.16.230	502	TCP_ack_underflow_or_misorder	-	F	bro
+1153491929.715910	CXWv6p3arKYeMETxOg	192.168.66.235	2582	166.161.16.230	502	TCP_seq_underflow_or_misorder	-	F	bro
+#close	2014-04-07-19-37-09

testing/btest/core/tcp/large-file-reassembly.bro

@@ -0,0 +1,22 @@
+# @TEST-EXEC: bro -r $TRACES/ftp/bigtransfer.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff files.log
+# @TEST-EXEC: btest-diff conn.log
+
+# The pcap has been truncated on purpose, so there's going to be large
+# gaps that are there by design and shouldn't trigger the "skip
+# deliveries" code paths because this test still needs to know about the
+# payloads being delivered around critical boundaries (e.g. 32-bit TCP
+# sequence wraparound and 32-bit data offsets).
+redef tcp_excessive_data_without_further_acks=0;
+
+event file_chunk(f: fa_file, data: string, off: count)
+	{
+	print "file_chunk", |data|, off, data;
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_DATA_EVENT,
+	                    [$chunk_event=file_chunk]);
+	}